This Privacy Policy applies to all personal information that MagicBrief Pty Ltd (ABN 91 663 661 541), a company incorporated in New South Wales, Australia (we, us, our) collects in connection with the operation of our online platform called MagicBrief. You can read more about MagicBrief at https://magicbrief.com/.
We provide MagicBrief across a number of different countries therefore we may be subject to different privacy and data protection laws depending on the locations of the individuals identified below under ‘Who we collect personal information from’ (you, your). We may be required to comply with one or more of the Australian Privacy Principles (APPs) contained in Schedule 1 to the Australian Privacy Act 1988 (Cth) (Privacy Act AU), the New Zealand Privacy Act 2020 (Privacy Act NZ), the Information Privacy Principles (IPPs) contained in Part 3 of the Privacy Act NZ, the UK GDPR and Data Protection Act 2018 (UK Data Protection Law) or the California Consumer Privacy Act 2018 amended by Proposition 24, California Privacy Rights Act 2020 (CPRA).
We are committed to complying with our obligations under all applicable privacy and data protection laws that apply to the collection, disclosure and processing of your personal information.
We collect personal information from:
MagicBrief is not aimed at persons under the age of 18 and we do not knowingly collect data from or about such individuals.
We will only use personal information in a manner that is lawful for us to do so. In most cases, we only use personal information for the purpose for which it was collected, or where we reasonably consider that we need to use the personal information for another reason and that reason is compatible with or related to the original purpose.
If we need to use your personal information for an unrelated purpose, where required by applicable law, we will notify you and explain the legal basis which allows us to do so.
We set out in the table below a description of the ways we use or intend to use your personal information, and the legal bases we rely on to do so.
Please note that we may process your personal information for more than one lawful ground, depending on the specific purpose for which we are using your data. Please contact us if you require details about the specific legal grounds we are relying on to process your personal information where more than one ground has been specified in the table below.
You may receive marketing communications from us if you have requested information from us or purchased products and/or services from us and you have not opted out of receiving that marketing communication from us.
We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
We also collect, use and share Aggregated Data such as statistical or demographic data for our business purposes. Aggregated Data could be derived from personal information but is not considered personal information because it is not capable, directly or indirectly, of revealing a person’s identity. For example, we may aggregate user usage data to calculate the percentage of users accessing a specific feature of MagicBrief. However, if we combine or connect Aggregated Data with other information so that it can directly or indirectly identify a person, we treat the combined data as personal information, and will only use it in accordance with this Privacy Policy.
We do not collect any ‘special categories of personal information’ (for the purposes of the UK Data Protection Law) or ‘sensitive personal information’ (for the purposes of the Privacy Act AU) about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. Please do not enter any such information into MagicBrief.
Users of MagicBrief are required to comply with all applicable privacy laws.
We rely on our users to obtain all relevant privacy consents and authorisations from any person required by law, in order for the personal information that is entered by our users into MagicBrief to be collected, disclosed and otherwise processed by us in accordance with this Privacy Policy.
We also rely on users to ensure that all personal information about data subjects entered into MagicBrief by such users that is held by us is accurate, up to date, complete, relevant and not misleading.
When you provide us with the personal information of any other person, you must ensure that:
It is not feasible to access MagicBrief on an anonymous basis.
Where we need to collect personal information by law, under the terms of a contract we have with a customer, or in order to identify you as a user of MagicBrief, and you do not provide that personal information when requested, we may not be able to perform the contract we have in place with the customer. In this case, you will not be able to continue to use MagicBrief.
However, in certain cases, you may object to providing us with certain information. For example, if you are providing us with general feedback about MagicBrief or making a sales enquiry about MagicBrief, you may choose to use a pseudonym.
Our policy is to not collect personal information by means that are unfair or unreasonably intrusive in the circumstances. It is also our policy to collect personal information directly from the data subject about whom the personal information relates, where it is practicable for us to do so, for example, where you enter personal information of another individual into MagicBrief. We use different methods to collect data from and about users including through:
You may provide us with your personal information by completing forms or by corresponding with us by post, phone, email or otherwise. This includes personal information you provide when you:
As you interact with our websites and platform, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal information by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites that use our cookies. Further details about our use of cookies are provided below.
We may receive personal information about you from various third parties, who may be based outside of your jurisdiction, including:
We may obtain information about your general internet usage by using cookies. A cookie is a small file which is stored on the hard drive of your computer. They help us to improve our websites and platform and to deliver a better and more personalised service.
You may block cookies by activating settings on your browser which allow you to refuse the setting of some or all cookies. If you do choose to block all cookies or essential cookies, you may not be able to access all or some parts of our websites or platform.
Most cookies we use are known as session cookies. These cookies will expire whenever you close your browser or shut down your computer. Other cookies used for a specific purpose will expire when that purpose is no longer required.
We use the following cookies:
We may share your personal information with the parties set out below. We will require all such third parties to respect the security of your personal information and to treat it in accordance with applicable law.
There may be circumstances where we need to disclose personal information that we hold to overseas recipients, including our third-party service providers.
We will only do so in respect of overseas recipients who agree to comply with applicable privacy legislation.
Our service providers act as processors and provide us with services that we use to:
We may collect and disclose your personal information using the following services:
You may receive marketing communications from us if you have requested information from us or purchased products and/or services from us and you have not opted out of receiving that marketing communication from us.
We may supply personal information to our lawyers, bankers, auditors and insurers who provide consulting, banking, legal, insurance and accounting services, where they need to know the information in order to provide their services to us.
We may supply personal information to regulators and other authorities where applicable law requires us to provide the information to them.
We may supply personal information to actual or potential third parties that we may elect to sell, transfer or merge parts of our business or assets to or with.
We may also supply personal information to other third parties with your consent.
We may also provide your personal information to our lawyers, insurers and professional advisors and any court or administrative body, for one or more of the following purposes:
We have put in place industry standard security measures to prevent personal information from being lost, used, misused, accessed in an unauthorised way, altered or disclosed.
Although we take all reasonable steps to ensure that personal information is stored in a secure operating environment, we cannot guarantee the absolute security of personal information during its transmission or its storage on our systems.
Further, while we make every effort to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party hackers from illegally obtaining access to personal information.
We have procedures to deal with any suspected or actual personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We use Microsoft Azure provided by Microsoft Corporation to host personal information in Australia. Microsoft’s privacy policy can be found here: https://privacy.microsoft.com/en-US/PrivacyStatement.
We will only retain your personal information for as long as reasonably necessary while we have a business relationship with you (or your company), and thereafter where we have an ongoing business need to retain it, as required under law or to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information in the event of a complaint or if we reasonably believe there is a prospect it will be required for the purposes of litigation.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of the personal information, the purposes for which we process the personal information and whether we can achieve those purposes through other means, and any applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances, you can ask us to delete your data: see ‘Your legal rights’ below for further information.
We may, where permitted by applicable law, de-identify your personal information (so that it can no longer be associated with you, and is therefore no longer personal information) for research or statistical purposes.
We will handle all requests for access to personal information in accordance with our statutory obligations. You can request a copy of your personal information by contacting us using the contact details set out below.
Individuals whose personal information is governed by the Privacy Act NZ are entitled to seek access to and correction of it in accordance with that legislation, including making a request for urgent access, receiving assistance or transfer to another agency that holds your personal information.
If your personal information is governed by the Privacy Act AU or the Privacy Act NZ or where otherwise permitted by applicable law, we may require payment of a reasonable fee by any person who requires access to their personal information that we hold, except where such a fee would be contrary to applicable law. We will not charge you for the making of any request for access.
We rely on the individuals who provide us with personal information to provide us with accurate, up to date and reliable data, and to update us when personal information that we hold about them is not accurate, up to date or reliable.
You may contact us to make corrections to your personal information. In certain circumstances, our website and platform allow users to update the personal information about them and other data subjects that we hold.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Our websites or platform may include links to third-party websites, plug-ins and applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites, plug-ins or applications and are not responsible for their privacy practices. We encourage you to read their privacy policies so that you understand how they may collect and process your personal information.
You have the right to make a complaint about our handling of your personal information, or where you are not satisfied with our handling of your complaint by contacting the relevant privacy or information related agency in your jurisdiction:
If a data subject wishes to make a complaint about a breach of the EU GDPR, they may refer the complaint to the relevant national Data Protection Authority that can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.
Before you make a complaint to the relevant agency, we would appreciate the opportunity to address your concerns, so please contact us in the first instance. We will endeavour to respond to your complaint as soon as possible and in any event within 30 calendar days.
Please feel welcome to contact our Privacy Compliance Officer if you have any questions about this Privacy Policy using the following details:
Email: support@magicbrief.com
Attention: George Howes
Post: L13, 333 George St, Sydney, NSW 2000, Australia
We may update or replace this Privacy Policy from time to time. We encourage you to periodically review this page for the latest information on our privacy practices.
This section only applies to individuals whose personal information is governed by the UK Data Protection Law. However, we may also elect to apply this section to personal information governed by other law.
Under certain circumstances, individuals whose personal data is governed by the UK Data Protection Law have the following rights in relation to personal information about them:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us.
You will not usually have to pay a fee to exercise your rights as a data subject. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
Alternatively, we could refuse to comply with your request in these circumstances.
We aim to respond to all legitimate requests within 30 days. Occasionally it could take us longer than this period if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
This section only applies to individuals whose personal information is governed by the CPRA. However, we may also elect to apply this section to personal information governed by other law.