Privacy Policy

Last updated 28 August 2024

1 Overview 

Business for Good Network (BFGN) is an innovative social platform and application offering access to support, curate content and learning resources, and extensive networking possibilities. It allows users to participate in, or host, communities of practice within the BFGN ecosystem. In order to provide you with the best user experience and protect your interests, we require all users of the social platform and/or application to comply with the following Terms of Use and the Privacy Policy. 

This privacy policy (‘Privacy Policy’) sets out how Business for Good Network Pty Ltd (ABN 99 678 735 763) of 32 Cambridge Street, Red Hill QLD 4509 (‘Business for Good Network’, ‘us’, ‘we’) collects, stores, uses, protects and shares your personal information. It applies to our website (http://bfgn.co/) and all related websites, applications, services and tools (together the ‘Platform’). By visiting or using the Platform you agree to the collection, storage, usage and disclosure of your personal information by Us in the manner described in this Privacy Policy. Unless we obtain your written consent, we will not sell, disclose, licence or rent your personal information to a third party for that third party’s marketing purposes. You must be over 18 years of age to use the Platform or have express parental/guardian consent, whereby your parent/guardian is also agreeing to abide by our policies and terms and indemnify us for your breach of any policies or terms.

We comply with the Australian Privacy Principles and, for the benefit and security of our international customers, we also give consideration to privacy requirements of other countries.  

GDPR

In some circumstances, the European Union General Data Protection Regulation (GDPR) provides additional protection to individuals located in Europe. The fact that you may be located in Europe does not, however, on its own entitle you to protection under the GDPR. Our Platform does not specifically target customers located in the European Union and we do not monitor the behaviour of individuals in the European Union, and accordingly, the GDPR does not apply.  However, we use best endeavours to be considerate of privacy standards set within the GDPR principles nonetheless.

Indonesia

We also comply with the privacy laws enacted in Indonesia, being Law No. 27 of 2022 regarding Personal Data Protection effective on 17 October 2022 (“PDP Law”). PDP Law specifies two subjects, with two separate functions, responsible for personal data, being: (i) Controller, any party (including individuals, public bodies and international organisations) who determines the purpose and controls the processing of personal data; and (ii) Processor, any party who processes personal data. The distinction of Controller and Processor would be relevant in their respective obligations, liabilities and compliance requirements. You would be the Controller of your personal information and we act as the Processor.  As the Controller, you essentially determine the purpose of data processing based on lawful grounds and as the Processor, we must conduct our services as directed by you, i.e. only use that information for those purposes stipulated in this Privacy Policy as agreed and approved by you by engaging in the Platform.

Europe

In the event of our expansion into Europe, we intend to use Standard Contractual Clauses approved by the European Commission for transfers to United States, Japan, India, Canada, Australia and South Korea in providing the services.  

Asia-Pacific

Our privacy processes comply with the Asia-Pacific Economic Cooperation (‘APEC’) and Cross Border Privacy Rules (‘CBPR’) system, which provides a framework for organisations to ensure protection of personal data transferred among participating APEC economies, and the PRP demonstrates an organisation’s ability to provide effective implementation of a personal data controller’s privacy obligations related to the processing of personal information. More information about the APEC framework can be found here.

By using any part of the Platform, you consent to the terms of this Privacy Policy. If you don’t agree to any part of this Privacy Policy or our Terms of Use, do not access the Platform or use any of our services as access and usage is conditional upon your acceptance of these terms as updated from time to time.

We reserve the right to amend this Privacy Policy at any time by posting the amended terms on the Platform. If we make material changes to this Privacy Policy, we will notify you by and/or other means so that you access and review the changes. If you object to any changes, you may close your account or discontinue use of the Platform. By continuing to use the Platform after notice of changes has been sent to you or published on the Platform, you are deemed to have consented to the changes. 

The Privacy Act 1998 (Cth) (Privacy Act) defines types of information, including Personal Information and Sensitive Information.

“Personal Information” means information that can be associated with a specific person and can be used to identify that person and includes your Information. Information that has been made anonymous or aggregated so that it cannot be used, whether in combination with other information or otherwise, to identify a specific user is not personal information.  Personal Information may also include information or an opinion about an identified individual or an individual who is reasonably identifiable:

• whether the information or opinion is true or not; and

• whether the information or opinion is recorded in a material form or not.

If the information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as “Personal Information” and will not be subject to this privacy policy.

Sensitive Information is defined in the Privacy Act as including information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.  Sensitive Information will be used by us only:

• for the primary purpose for which it was obtained;

• for a secondary purpose that is directly related to the primary purpose; and

• with your consent or where required or authorised by law.

You understand that many online software support platforms including, but not limited to, Microsoft,  Google and Xero, store data in facilities which may not be wholly or in part, based on Australian shores, and therefore may not fall under the jurisdiction of the Australian Privacy Principles.  We and any third parties or software providers we engage now and in the future, will take all reasonable steps to provide for the security of such stored data to the extent possible and act in accordance with the terms as provided by those third parties and software packages.  You may refuse to work with us where you deem the risk of data breach to be greater than the convenience and cost effectiveness of the solution provided. To withdraw your information from the Platform, please notify us in writing and we will take measures to remove your details from our system.

2 Collection of Information 

We collect Personal Information in a number of ways, including:

• when you provide information directly to us in person, by phone or in writing (whether electronic, via the Platform or otherwise);

• when you visit and/or use the Platform, in which case, we record information sent to us by your computer, mobile device or other access device; 

• from third parties such as our related entities, other users of the Platform, service providers to Us, operators of linked platforms, websites, applications and advertising on the Platform; 

• when you enter and share information about your business activities and resources on the Platform; 

• when you use communication tools within the Platform; 

• when you are communicating with us regarding the Platform. 

Third parties we integrate with may also collect personal information in a number of ways, and this will be dealt with in their own privacy policies which you accept when engaging their services and integrating.  Such collection may include the above information we collect plus:

• collecting information relating to communications between you and your team; or between your team and the third party; 

• collecting information generated when using the Platform or other software applications; 

• collecting information specific to their own privacy policy and system requirements for provision of services or engagement that may be different and in excess of the information requirements we have to enable service provision.  

3 What we collect 

We collect the following types of personal information in order to provide you with access to and use of the Platform and for the purposes provided for in this Privacy Policy:

• your name, telephone number, email address, physical address and other contact information; 

• information you provide through our customer support;

• the type and volume of services you are using; 

• what type of integrations you are using;

• your IP address, cookies and other tracking information;

• information about you, your role with a company or position in a company, your security level within that company and whether that enables you to enter into a contract on behalf of that company when engaging and/or using the Platform;

• information we may receive from third party providers or integrated systems; 

• financial information such as credit card or bank account numbers provided by you, though note any information stored in Stripe is not stored with us nor collected by us personally;

• other services linked to your account such as a Microsoft account or any account with those parties noted in this policy as a third party;

• what devices you use for interacting with the Platform;

• pricing information for use in reporting once deidentified; 

• records and content of communications with us or any other person including when using the Platform’s communication tools; 

• personal information based on your activities on the Platform;

• personal information you provide to us through any discussions boards, correspondence, user information pages, disputes, or shared by you from other social applications, services or websites;

• to the extent permitted by law, other personal information provided by or obtained from third parties (such as a credit bureau or credit reporting agency) including navigation and demographic data and credit check information;

• additional personal information we ask you to provide to verify your identity or when we suspect that you are in breach of our Terms and Conditions, this Privacy Policy or other policies (including your personal ID and your answers to any questions we pose to you); and

• personal information from your interaction with the Platform and its content and advertising, including device identifiers, device type, geo-location information, connection information, statistics on page views, traffic to and from the Platform, mobile network information, time, date, referring URL, the type of operating system and browser, ad data, IP address and standard web log data.

We generally don’t collect sensitive information, but if for any reason we do collect it at some point in the future, such information will be treated appropriately in accordance with the Australian Privacy Principles.

4 Data you may provide to third parties

When interacting with us, you may be asked by third party providers to provide the following types of personal information in order to provide you with access to and use of the Platform and for the purposes provided for in this Privacy Policy.  We do not store this information and when you are providing this information, you are doing so in accordance with and acceptance of the Privacy Policy and terms of use of each of the third party providers including but not limited to:

• Stripe for payments – here is their privacy policy and terms of use;

• ConvertKit for communication - here is their privacy policy and terms of use;

• Mighty Networks for the App – here is their privacy policy and terms of use;

• Quaderno when necessary for invoicing - here is their privacy policy and terms of use.

5 How personal information is used

Our principal purpose in collecting, using and storing your personal information is to provide you with access to and use of the Platform in a personalised, safe and efficient manner. You consent to us collecting, using, storing and sharing your personal information to:

• operate the Platform and any associated application, generate content and provide customer support and billing services (including updates and improvements);

• provide the services requested by you;

• provide you with information via blogs, general email and online correspondence and newsletters;

• research, develop and improve the Platform; 

• to conduct surveys to determine use and satisfaction with the Platform;

• to generate statistics in relation to the Platform;

• detect, investigate and prevent potentially unlawful acts or omissions or acts or omissions with the potential to breach our Terms and Conditions, this Privacy Policy or other policies;

• enforce our Terms and Conditions, this Privacy Policy or other policies; 

• verify information for accuracy or completeness (including by way of verification with third parties);

• report internally and to investors regarding revenue and financial metrics of NFGB; 

• combine or aggregate your personal information with information we collect from third parties and use it for the purposes set out this Privacy Policy;

• contact you at your contact details we have collected, by way of voice call, post, text message or email;

• aggregate and/or make anonymous your personal information, so that it cannot be used, whether in combination with other information or otherwise, to identify you;

• collect fees, resolve disputes and to identify, test and resolve problems;

• notify you about the Platform and associated applications, and any updates to either or to our policies and Terms and Conditions from time to time; or

• supply you with generalised, targeted or personalised marketing, advertising and promotional notices, offers and communications based on your preferences, and measure and improve our marketing, advertising and promotions based on your ad customisation preferences.

6 How we store and secure your personal information

While we use best endeavours to implement safeguards in an effort to protect your Personal Information, given the nature of the internet, no security system is impenetrable.  We cannot provide any guarantees of absolute safety of that information from others, when the information is being stored with us or transmitted through integrated systems. 

We will not collect your identification documents i.e. drivers licence or passport, your date of birth or bank account details, therefore if you do get an email bearing our logo or similar identifying mark, this is highly likely to be a phishing scam and you should not respond. If you have concerns or queries, contact us to discuss. [KR1] 

It is your responsibility for securing storage and access to the information you provide when using the Platform, not ours. You should speak with your Information Technology division around using Secure Socket Layer and two factor authentication, and any other methods of security in your own systems, along with using caution when integrating into the Platform.

7 How we transfer your Personal Information

In the event that we need to transfer and/or store your collected information outside of your country of residence, generally for the purpose of enabling services to be provided via third party integrations you have selected, we take care in protecting that information within our control. Given privacy laws may vary from region to region, we not only comply with the privacy laws of Australia, but also take guidance from those in the region your information may be transferred to, to a reasonable extent, given the type and sensitivity of information being transferred.

Our Platform is delivered on Mighty Networks, a service of Mighty Software Inc. based in the United States and your Personal Information may be transferred and stored in the United States for this purpose. The United States has data protection laws that protect Personal Information in a way which is substantially similar to the Australian Privacy Principles, and there will be mechanisms available to you to enforce the protection of your Personal Information under that overseas law. In these circumstances, we do not require the overseas recipients to comply with the Australian Privacy Principles and we will not be liable for a breach of the Australian Privacy Principles if your Personal Information is mishandled. You can view Mighty Networks Inc’s privacy policy here. 

8 How to access and control your Personal Information & Opting Out 

You have the right to request a copy of your information and for your information to be deleted or restricted at any time. Given we store limited information, you may be required to make the same request from those third parties who you have integrated into our services also and this will be your responsibility to communicate directly with those third parties given such information is not in our control nor do we have any rights to supply it to you, or amend or delete it in any way.

You can access your Personal Information from your profile.  You may deactivate your account at any time however please note that we are legally required to retain some information for record keeping purposes and may be required to retain information to finalise provision of services provided to you.

If you think your Personal Information has been used by another person to provide our services, you may request that we delete your account. You are solely responsible for ensuring the safety and security of your account and your storage of passwords. Should you make a request to delete your account, we reserve the right to investigate the matter prior to deleting the account, to ensure the integrity and safety of the Platform and to provide information on the unauthorised access if legally required of us.

You may opt out of personalised communications, though even after opting out, you may still receive some general communications. You will be responsible for opting out of communications sent by third parties as we are unable to make this request on your behalf, and opting out may impact the services that can be provided to you. You may request to opt out from third parties who subscribe to the Digital Advertising Alliance's Self-Regulatory Principles for Online Behavioural Advertising or are members of the Network Advertising Initiative or. You can find out more here: http://www.youronlinechoices.eu, http://www.aboutads.info and http://optout.networkadvertising.org/. 

9 Disclosure to third parties

Notwithstanding section 6 above, you agree that we may disclose your Personal Information to:

• enable you to use the Platform that integrates with third parties;

• enforce our Terms and Conditions, this Privacy Policy and other policies;

• comply with any applicable law, request by a governmental agency or regulatory authority or legally binding court order;

• respond to or resolve claims that a member has violated the rights of others;

• protect a person’s rights, property or safety; 

• report to, train, work with and/or obtain advice from our directors, staff, contractors, professional advisers and related entities; 

• engage with outsourced service providers who assist us to provide its services such as information technology providers and marketing advisers (including in relation to fee collection, fraud investigations and the Platform operations);

• engage with third parties to whom you expressly ask us to send, or consent to us sending, your personal information;

• work with credit reporting agencies (including regarding missed and late payments or other defaults or breaches on your account); or

• work with and report to such entities that we propose to merge with or be acquired by and in such case, we will require that the new entity following the merger or acquisition adhere to this Privacy Policy. 

10 Use of Cookies

• We (or a third party providing services to us) may use cookies, pixel tags, "flash cookies”, or other local storage provided by your browser or associated applications (each a Cookie and together Cookies). A Cookie is a small file that stays on your computer or device until, depending on whether it is a sessional or persistent cookie, you turn your computer or device off or it expires (typically between 7 and 30 days depending on user settings). 

• Cookies may be used to provide you with our range of services including to identify you as a user or member of the Platform, remember your preferences, customise and measure the effectiveness of the Platform and our promotions, advertising and marketing, analyse your usage of the Platform, and for security purposes.

• Cookies may collect and store your personal information. This Privacy Policy applies to Personal Information collected via cookies. You may adjust your internet browser to disable cookies. If Cookies are disabled, We may not be able to provide you with the full range of the Platform.

• You also may encounter Cookies used by third parties and placed on certain pages of the Platform that we do not control and have not authorised (such as webpages created by another user). We are not responsible nor liable for the use of such Cookies.

• The Platform may also include links to third party websites or applications (including links created by users or members) and applications and advertising delivered to the Platform by third parties (Linked Sites). Organisations who operate Linked Sites may collect personal information including through the use of Cookies. We are not responsible nor liable for Linked Sites and recommends that you read the privacy policies of such Linked Sites before disclosing your Personal Information.

If you wish to restrict or block cookies you can set your internet browser to do so - click on the following link for more information: www.aboutcookies.org.

11 No Spam, Spyware or Spoofing

• You are prohibited from engaging in spam, spyware or spoofing type activities, regardless of whether directed towards us or other users the Platform.

• You must not use the Platform to send, upload or distribute spam, viruses or malicious, illegal or prohibited content to the Platform or otherwise send content that would breach our Terms and Conditions or this Privacy Policy.

• You are not permitted to add a user or member to our mailing list (postal or email details included) without the written consent of a user or member. 

• We may (or we may engage a third party service provider to) take steps to scan and filter messages to check for spam, viruses, phishing attacks and other malicious activity or unlawful or content prohibited by this Privacy Policy and our Terms and Conditions.

• To report spam, spyware or spoof activities to us, please email us on the details below.  

12 Storage and security 

• We store and process your Personal Information on our host’s servers, currently located in multiple locations around the world. You consent to the transfer, storage and retention of that information onto the servers of our host provider used from time to time by us, regardless of the location of those servers. 

• We have taken steps to protect your Personal Information by contracting with a third party to provide technical and security measures. These measures are designed to mitigate, but do not guarantee against, the risk of loss, misuse, unauthorised access, disclosure and alteration.

• The third party providers will advise in their own policies and terms where data is stored.  Where possible, we will use best endeavours to store data in the country where your business operations are, for example if you are an Australian company, we will consider Australia the better option for storage of your data, however we reserve the right to store the data in any location that is secure and deemed the right option by us from time to time. 

13 Contact Us

If you have a question regarding this Privacy Policy, would like to amend your Personal Information stored securely by us or you would like to make a complaint, please contact the Privacy Manager at:  

Email: admin@bfgn.co 

Phone: +61 401 267 112

Address: 32 Cambridge St, Red Hill, Qld, 4059, Australia

Contact: Javier Casanova