Privacy Policy Statement

We may collect Personal Information (PI) from the following groups of people & data subjects – visitors, users, & subscribers of our Website/OR, our customers, employees, contractors, job applicants, third-party vendors, volunteers, & affiliates.

For residents from Australia who engage with our Website/OR, we collect PI & voluntarily comply with AU privacy legislation obligations outlined below.

Residents of California and EU who engage with our Website/OR, whose PI was obtained while they were in California or a GDPR jurisdiction, respectively, have certain additional rights outlined below.

For residents from EU jurisdictions, as defined below, and some US state privacy laws, SBMarketer is the “Data Controller” responsible for your personal data. For residents of California, SBMarketer is a “Business.”

PI generally means information that can be used to identify you or that can be easily linked to you personally or your business (e.g. your name, address, telephone number, email address, driver’s license, passport number, & DOB).

For compliance with the California Consumer Privacy Act (“CCPA”) or the EU General Data Protection Regulation (“GDPR”), if we have customers or prospects in these regions, our use of the phrase “PI” includes the unique elements required by such laws.

We take all reasonable security precautions to protect your Personal Information (PI) provided via our Website/OR, against security threats.

We have adopted security practices that includes technical, administrative, & other security measures designed to protect PI, inline with accepted industry standards, and applicable law.

To ensure data security of our Website/OR, website forms, & the data provided via these forms, we use SMTP, & quality managed hosting. Some key security measures are:

Postmark SMTP

1. SSL/TLS Encryption: Postmark uses SSL/TLS encryption for all data in transit, ensuring that emails sent through their service are secure;
2. Data Center Security: Data centers comply with rigorous international standards like ISO 27017, ISO 27018, SOC 1, SOC 2, & SOC 3;
3. Access Control: Only authorised employees, contractors, and agents have access to personal data;
4. Redundancy: Postmark provides fully redundant servers for API, SMTP, inbound, & web interfaces to ensure uptime & data safety;
5. Email Authentication: Postmark supports DKIM, SPF, & DMARC to help control your domain’s reputation & reduce the risk of email spoofing.

 
Rocket.net Managed Hosting

1. GDPR Compliance: Rocket.net hosting services comply with GDPR regulations, which include robust data protection measures;
2. SSL Certificates: Rocket.net provides SSL certificates to encrypt data between the server & clients, ensuring secure communication;
3. Regular Updates: They keep WordPress, PHP, & other software up to date to patch vulnerabilities and enhance security;
4. Data Encryption: Rocket.net encrypts data at rest & in transit, protecting sensitive information from unauthorised access.
5. Security Audits: Regular security audits & monitoring help identify & mitigate potential threats.

 
While we take data security seriously by using quality service providers, we cannot guarantee that your information, whether during transmission, or while stored on our systems, or third party systems, or otherwise in our care, will be free from unauthorised access, or that loss, misuse, destruction, or alteration will not occur from data hackers/bad actors.

We disclaim all liability for any such theft or loss of, unauthorised access or damage to, or interception of any data or communications including PI from data hackers/bad actors.

When you access your account on the Website/OR, you have the option to change information about yourself, e.g. your billing, shipping address, & phone number.

If you have subscribed, requested a lead-magnet, or purchased a product or service, you have consented to receive direct marketing from us, via email & other channels if provided, e.g. SMS & Push.

If we’re using your PI to send you newsletters, lead-magnets, or follow-up communications, and you no longer want to receive them, you may opt out by following the instructions in the email or other message (e.g., reply text “STOP”, or use unsubscribe link), or by emailing us with a request to opt out.

When we receive your request, we will take steps to remove your name from our distribution lists. Please understand it may take time to remove your name from our lists, and you may still receive materials for a short period. 

Alternatively you could change your communication preferences from lead-magnet to newsletter, by following a link in the footer of all marketing email messages or by emailing us. Or request to access, amend, or delete your PI.

Some communications from us are transactional or service communications (e.g. account notifications, billing information & purchase receipts). 

To ensure you have accurate information about your account and purchases, you do not have the option to unsubscribe from these messages.

We generally use your PI to respond to your inquiries & provide you with the products & services requested, amongst other uses as described below. 

Affiliates
In the future we may share your PI within our family of companies. Those companies should use such information in generally the same manner as we do under this privacy policy statement which includes sending you information about their products, services, or initiatives that interest you.

Legal Disclosures
We may disclose your PI to government authorities and other third parties when compelled to do so by such government authorities, or at our discretion, or otherwise as required or permitted by law, including but not limited to responding to court orders and subpoenas.

To Prevent Harm
We may disclose your PI when we have reason to believe that someone is causing injury to or interference with our rights or property, other users of the OR, or anyone else that could be harmed by such activities.

Business Transfer
If we or any of our affiliates are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganisation, consolidation, or liquidation, PI may be one of the transferred assets.

We do not and will never sell or rent your PI to third party data vendors or marketing companies.

Some browsers have a “do not track” feature that lets you tell websites that you do not want to have your online activities tracked.

If you prefer your browsing activity is not tracked, you can activate this browser setting or use incognito mode when accessing the Online Resources.

Please understand that activating “do not track” or using incognito mode usually results in a less personalised and less efficient experience, but can be useful when purchasing airline tickets or gifts for partners.

Both these methods can also affect information that is being dynamically served on a page, as you’re considered a new visitor by the browser, so your history of watching YouTube or listening to podcasts are no longer available.

1. Capacity to Consent: The Privacy Act requires organisations to assess whether a child has the capacity to understand and consent to the collection of their PI on a case-by-case basis. Generally, children over the age of 15 are presumed to have this capacity, unless there is reason to believe otherwise;
2. Parental Consent: If a child is deemed not to have the capacity to consent, parental or guardian consent is required;
3. Privacy Policies: Organisations must have clear and comprehensive privacy policies that explain how they handle PI, including that of children;
4. Special Considerations: While the Privacy Act provides the same protections for children as it does for adults, there are no additional specific protections for children under federal law. However, state or territory laws may impose additional requirements.

1. Age Limit: COPPA applies to children under 13 years old;
2. Parental Consent: Operators must obtain verifiable parental consent before collecting PI from children;
3. Privacy Policy: Websites must have a clear privacy policy detailing their data collection practices;
4. Data Security: Adequate security measures must be in place to protect children’s data;
5. Parental Rights: Parents have the right to review and delete their children’s PI.

1. Age Limit: CCPA applies to children under 16 years old;
2. Opt-In Requirement: For children under 13, parental consent is required. For children aged 13-16, the child’s consent is needed;
3. Data Rights: Parents and children have the right to know what PI is collected, request deletion, and opt-out of the sale of PI.

1. Parental Consent: For children under the age of 16, parental consent is required to process their personal data. Some EU Member States may set this age threshold lower, but it cannot be below 13 years;
2. Clear Communication: Any information addressed to children must be in clear and plain language that they can easily understand;
3. Age Verification: Operators must make reasonable efforts to verify that the consent given is genuine. This might involve age-verification measures, such as asking questions that only adults would know or requiring parental email verification;
4. Data Minimisation: Only the minimum amount of data necessary for the purpose should be collected and processed;
5. Special Protections: Children’s data is given additional protection under the GDPR because they are less aware of the risks and consequences of sharing their data.

You may authorise someone to make a privacy rights request on your behalf (an authorised agent). Authorised agents need to demonstrate that you’ve authorised them to act on your behalf, or must demonstrate they have power of attorney pursuant to applicable probate law.

We retain the right to request confirmation directly from you, confirming that the agent is authorised to make such a request, or to request additional information to confirm the agent’s identity.

An authorised agent is prohibited from using a consumer’s PI, or any information collected from, or about the consumer, for any purpose other than to fulfil the consumer’s requests for verification or for fraud prevention.

If you are a United States resident, you may take advantage of certain privacy rights pursuant to your own state regulations, e.g. for Virginia residents, Virginia Code 59.1-577. Under this code you may request to access, correct, or delete your PI. 

It is important to understand because “selling” PI and engaging in “targeted advertising” are defined in Virginia law, you may also exercise your right to opt-out of such sales practices or targeted advertising.

To take advantage of your rights under state law, please write to us and we may ask you to fill out a request form to verify your identity. 

We can only act on your request if we can verify your identity, and or your authority to make the request, so you will need to follow our instructions for identity verification. 

If you make a verifiable request per the above, we will confirm our receipt and respond in the time frames prescribed by state law.

If we collect PI from California residents, we become subject to the “CCPA”, and those residents have rights under the California Consumer Privacy Act.

If you are a California resident, you have the right to request the following:

• Access: Up to two times per year, you may request the following;
• • The categories & pieces of PI that we have collected from you;
  • The sources of that PI collection;
  • The business or commercial purpose for the collection;
  • The categories of PI we have disclosed for a commercial purpose.

   

• Deletion: You may request we delete any PI that we have collected from or about you. However, there may be instances where we will not be able to fully comply with your request;
• • e.g. if we need the PI to complete a transaction for you;
  • to detect and protect against fraudulent and illegal activity;
  • to exercise our rights, for our internal purposes;
  • or to comply with a legal obligation.

 
It’s important you know that if you exercise these rights, we will not “discriminate” against you by treating you differently from other California residents who did not exercise their rights.

To exercise your rights under California law, contact us in writing, and we may ask you to fill out a request form and verify your identity.

The CCPA only allows us to act on your request if we can verify your identity or your authority to make the request, so you will need to follow our instructions for identity verification.

If you make a verifiable request per the above, we will confirm our receipt and respond in the time frames prescribed by the CCPA.

We may collect or obtain Personal Information (PI) from data subjects located in the GDPR Jurisdictions. In such case we will fulfill our GDPR obligations with respect to our customers, followers & users, from inception & in the form GDPR & local law requires.

Additionally, we will fulfill our GDPR obligations with respect to our vendors, affiliates, and business partners through separate notices, contracts, or terms provided to them at inception, & in the form GDPR & local law requires.

We collect from you the categories off PI and NI already described. The lawful basis on which we rely for such collection, later use and disclosure, is what the GDPR refers to as “legitimate interest”. We do not sell any of your PI to third parties nor do we use it for automated decision making.

If we transfer PI from the GDPR Jurisdictions to a location that has not been deemed by the European Commission to have adequate privacy protections, we do so in the manner the GDPR permits.

While we attempt to allow all customers, followers & users of our Website/OR to exercise control over their PI, under the GDPR we have a legal obligation to do so for you (for consent, data security, & ID verified access).

With respect to PI collected from you while you were in a GDPR Jurisdiction, you have these rights: transparency, access, correction & deletion, portability, who, what, why, where, & restriction or objection.

If you would like to exercise any of these rights, please write to us. Your ability to exercise these rights is subject to certain conditions and exemptions that you can read about in Articles 12 to 23 of the Chapter 3 GDPR (learn more).

Among those conditions is our right to decline part or all a request, if we cannot satisfy reasonable doubts about your identity, to help us minimise the risk that unauthorised persons might use a GDPR request to access your PI.

We will respond to all requests without undue delay, and in accordance with the time frames prescribed by the GDPR. 

If you’re not satisfied with how we use your PI or respond to requests, you can complain to your national data protection authority (learn more).