Last updated: 15 September 2023
Caleb and Brown Pty Ltd and its related entities (collectively, "Caleb & Brown", "we", "us", and "our") understand that your privacy is paramount and are committed to protecting your privacy.
1) What personal information do we collect?
When we refer to personal information, we mean information or an opinion about an individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in material form or not.
The kinds of personal information that we collect and hold about you depends on your dealings with us. Examples of personal information we collect and hold include:
- date of birth;
- e-mail address;
- cryptocurrency wallet ID, address, contents and transactions;
- mobile phone number;
- copies of, or details from identification documents;
- the purpose of your cryptocurrency transactions and source of funds;
- financial information (such as your bank account details and statements);
- if relevant, politically exposed persons match results; and
- qualifications and employment history, in the event you are applying for a job or contract with us.
We may also collect other personal information we consider is reasonably necessary for one or more of our functions and activities such as personal information that we request from you or that you or a third party provide to us, and which we are authorised or required by law to collect.
We may also collect sensitive information about you if you consent to us doing so and the information is reasonably necessary for one or more of our functions or activities, or where otherwise permitted or required by law, or when the collection is otherwise allowed under the Privacy Act 1988 (Cth).
The kinds of sensitive information that we collect and hold about you depends on your dealings with us. Examples of sensitive information we collect and hold include biometric data, or information on your racial or ethnic origin which is apparent from identity documents.
Where we collect sensitive information, we’ll only process it:
- to perform a contract with you or to carry out our business in relation to that contract;
- where we have legitimate interests to process the personal data or and they’re not overridden by your rights;
- in accordance with a legal obligation; or
- where we have your consent.
2) How we collect your personal information
We will usually collect your personal information directly from you, such as by telephone, video call, standard form, letter, email, or you visiting our website or mobile application.
We may collect your personal information from a related entity or from a third party or a publicly available source where it is unreasonable or impractical to collect the personal information directly from you or if necessary to satisfy our legal obligations. For example, we may collect know-your-customer or anti-money laundering information about you from our identity-verification services provider(s). We also often collect your name, address, proof of address and date of birth from our identity-verification services provider(s).
We may also collect your personal information (such as your name, address, date of birth, biometric information) during telephone or video calls by recording or transcribing the call.
If you are a company director or shareholder of a trust or company that uses our website, then we may collect your personal information (such as name, address and date of birth) from the relevant corporate regulator.
If you apply for a position or contract as an employee or service provider with us, we may also collect personal information about you from your nominated referees.
There may be occasions when we receive unsolicited personal information about you. In such instances, unless it is reasonably necessary for one or more of our functions or activities, or we are otherwise permitted or required by law to retain it, we will de-identify or destroy it as soon as reasonably practicable provided it is lawful and reasonable to do so.
If we don’t collect your personal information, we may be unable to provide you with all of our services, and some functions and features on our website may not be available to you.
3) Our website
Our web servers may automatically collect information when you visit our websites, including:
- your IP address;
- the date and time of your visit;
- the parts of our website you access during your visit;
- your actions on our website; and
- the operating system and browser you are using.
Most devices automatically accept cookies but you can choose to reject cookies by changing your device settings. However, please note that rejecting cookies may mean that some or all of the functions on our website will not be available to you.
Sometimes our websites contain links to other websites. When you access a website other than our websites, we are not responsible for the privacy practices of that site. We recommend that you review the privacy policies of each website you visit.
4) Our mobile application
In using our mobile platform, we may collect and receive information about you from the IOS or Android app stores and other vendors, such as the IP address of your mobile device, the mobile operating system, the type of mobile internet browsers you use, and the information about the way you use our mobile application. Our mobile application may send information to us that you authorised them to provide.
When you come to our application we may collect certain information such as mobile unique device ID, the IP address of your mobile device, mobile operating system, the type of mobile internet browsers you use, and information about the way you use the Application. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.
Most devices automatically accept cookies but you can choose to reject cookies by changing your device settings. However, please note that rejecting cookies may mean that some or all of the functions on our mobile application will not be available to you.
Sometimes our mobile application contains links to other applications or websites not controlled by us. When you access an application or website other than our websites, we are not responsible for the privacy practices of that site. We recommend that you review the privacy policies of each application or website you visit.
When you visit the mobile application, we may use GPS technology (or other similar technology) to determine your current location in order to determine the city you are located within and display a location map with relevant advertisements. We will not share your current location with other users or partners.
5) How we use your personal information
In order to provide our services to you, we are required to collect and process your personal information (including Sensitive Information) for our Know Your Customer ("KYC") obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and other applicable laws and regulations.
Personal information we collect may also be used for the following purposes:
To communicate with you: This may include:
- to facilitate and process your orders and transactions;
- providing you with information you’ve requested from us or information we are required to send to you;
- operational communications, like changes to our websites and services, security updates, or assistance with using our websites and services;
- to send notifications to you (via email, SMS/text message or by other means) related to your orders, transactions and security alerts; and
- asking you for feedback or to take part in any research or survey we are conducting (which we may engage a third party to assist with).
To market to you: This may include marketing communications (about calebandbrown.com or another product, service, or information we think you might be interested in) via any medium including email, SMS, telephone or other media (though we will always allow you to unsubscribe from such marketing or promotional communications).
To protect you: So that we can detect and prevent any fraudulent or malicious activity, and make sure that everyone is using our websites and services fairly and in accordance with our terms and conditions.
To support you: This may include assisting with the resolution of technical support issues or other issues relating to the websites or services, whether by email, in-app support or otherwise.
To hire you: We may use your personal information to assess your application for a position or contract as an employee or service provider with us.
To enhance our websites and services and develop new ones: For example, by tracking and monitoring your use of our websites and services so we can keep improving, or by carrying out technical analysis of our websites and services so that we can optimise your user experience and provide you with more efficient tools.
To resolve disputes: We may use transcripts or call recordings (which contain personal information) between you and us in order to investigate and help resolve any disputes or complaints you may have.
To analyse, aggregate and report: We may use your personal information (whether obtained directly or from third parties) to produce aggregated and anonymised analytics and reports, which we may share publicly or with third parties.
To make decisions in relation to your use of our website and services: We may use your IP address to determine which country you are from and, based on such IP address, make a decision about whether or not to allow you access to our website and/or our services. We may also use automated decision-making processes to identify scam or fake data amongst emails.
6) How we hold your personal information
We typically hold your personal information in computer systems, including computer systems operated for us by our service providers. We take reasonable steps to safeguard personal information and ensure its protection from misuse, interference, loss, unauthorised access, modification or disclosure, including having appropriate security measures in place to protect electronic materials. Additionally, we require our service providers to also have appropriate security measures in place.
We secure electronic records within our network databases, and through third party data storage providers. This includes, but is not limited to, ensuring that personal information within our network is password protected, with access appropriately limited and monitored. Our service providers, including third party data storage providers, are required to protect personal information in accordance with applicable laws and take appropriate technical and organisation measures against unauthorised or unlawful use of personal information or its accidental loss, destruction or damage.
7) How we share your personal information
Disclosure to third parties
At times, we may provide your personal information to trusted third parties, including to provide all the functionalities that we offer through our website or mobile application. Third parties with whom we may share your personal information include:
- our related entities;
- third party suppliers who assist us in performing our functions and activities, such as identity-verification, customer service ticketing, IT and electronic marketing services providers;
- financial institutions for payment services;
- parties to whom you have requested we disclose personal information; and
- government, regulatory or law enforcement agencies.
Where information is shared with these third parties, we will take all reasonable steps to ensure that third parties observe the confidential nature of such information and are prohibited from using any or all of this information beyond what is necessary to assist us.
When we share personal information, it may be transferred to, and processed in, countries other than the country you live in. Some of our service providers and related companies are located outside of Australia.
Rest assured, where we disclose personal information to a third party in another country, we put safeguards in place requiring the third party to ensure your personal information remains protected. These safeguards usually include contractual obligations placed on the recipient to ensure that they comply with all applicable laws (such as the Australian Privacy Principles) in relation to their handling of such personal information. Please contact us if you would like further details regarding these obligations.
Disclosure to law enforcement or government agencies
We may disclose your personal information to law enforcement or government agencies where we are required to do so by law or under court order. Where permitted by law, we will attempt to give prior notice to our customers whose data is requested by any government or law enforcement agency. If we are unable to provide prior notice, then we will endeavour to give notice as soon as reasonably practicable.
We may not notify you if it is prohibited by law and in certain exceptional circumstances at our sole discretion, such as emergencies, when notice could result in danger or personal harm, or when notice would be counterproductive (for example, when the user’s account has been hacked).
Disclosure of de-identified information
We may share aggregated or de-identified information with third parties for research, marketing, analytics and other purposes, provided that this information does not identify particular individuals.
8) Accessing and correcting your personal information
In certain jurisdictions, you have rights relating to your personal information. When it comes to marketing communications, you may follow the unsubscribe instructions contained in the marketing communication, or send a request to opt out of receiving these communications to [email protected].
Depending on the country in which you reside, you may also have rights to:
Withdraw consent or object to process. In certain circumstances, applicable law may allow you to object to our processing of your personal information. Further, if you provided your consent to our processing of your personal information, you may withdraw such consent, though doing so will not affect the lawfulness of our processing based on consent before your withdrawal.
Know and access what personal data we hold about you. Subject to the exceptions set out under applicable law, you may obtain confirmation from us as to whether or not we process your personal information, and, if so, obtain access to the personal information we hold about you. You may be required to put your request in writing for security reasons. We may in certain circumstances charge you a reasonable fee to meet our costs in providing you with details of the personal information we hold about you if your request requires a material effort on our part.
If we refuse to provide you with access to the information, we will provide you with reasons for the refusal and inform you of any exceptions relied upon under the APPs (unless it would be unreasonable to do so).
Correct or update your personal information. We take reasonable steps to ensure that your personal information is accurate, complete, and up-to-date whenever we collect or use it. If you believe that the personal information we hold about you is out of date, incomplete or incorrect, you may request that the personal information be updated or amended. We will take reasonable steps to either correct this information, or if necessary, discuss alternative action with you.
Ask us to restrict processing your personal data or delete it. In accordance with applicable law, you may also be entitled to request that your personal information be erased.
You can exercise these rights at any time by sending an email to [email protected].
If you are dissatisfied with our response, you have the right to make a complaint to the Office of the Australian Information Commissioner by phoning 1300 363 992 or by email at [email protected].
10) Our contact details