Who we are
Boodle Limited (Boodle) is an online community and Personal Financial Management (PFM) App that helps newly single, separated and divorced women manage their finances and improve their financial literacy.
At Boodle Limited (Boodle, we, us, our), we take privacy very seriously and recognise that we have a duty of care to those persons whose personal information we hold (you, your).
All such information will only be collected, held, used and disclosed by Boodle in accordance with this privacy policy (Policy) and all applicable privacy laws.
The purpose of this Policy is to communicate to you, in a concise, transparent, intelligible and easily accessible way, how we treat your personal information.
We encourage you to read this Policy carefully. It will help you make informed decisions about sharing your personal information with us.
The defined terms used in this Policy, unless otherwise defined in this Policy, have the same meanings as in our Terms of Service, which you should read together with this Policy.
By using our Services, you consent to the terms of this Policy and agree to be bound by this Policy and our Terms of Service.
1. Applicability of this Policy
This Policy applies to Boodle, the Services, the Platform and all other interactions (such as customer service inquiries) that you may have with Boodle. If you do not agree with the terms of this Policy, do not access the Platform or use the Services.
This Policy applies to and governs all of Boodle’s activities, whether under the Privacy Act 2020 of New Zealand (in relation to its operations in New Zealand) (NZ Privacy Act), the Privacy Act 1988 of Australia (in relation to its operations in Australia) (AU Privacy Act) or otherwise, relating to our use of your personal information, from its collection through to its storage and disposal and everything in between.
This Policy does not apply to any third-party applications or software that integrates with Boodle, or any other third-party products, services or businesses.
2. What information do we use?
2.1 Boodle collects your personal information
Boodle helps you access your bank and other financial accounts and cards (Accounts) directly from your computer or mobile device, allowing you to manage your finances from one centralised Platform rather than in multiple proprietary apps.
The Platform allows you to:
• Get Account balances in real time
• Make transfers and otherwise manage your funds
• View your transactions and statements
• Pay your bills / manage billers
• Manage your credit / debit cards
As such, the Services involve the storage of data about you which can include personal information:
• For our customers in Australia:
o “personal information” is information or an opinion about an identified individual or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not. To put it more simply, if the information or opinion reasonably allows someone to be identified, this would be considered
o “personal information”. For example, an individual’s name, address or e-mail address, together with records about Boodle’s dealings with that individual.
o Personal information also includes “sensitive information” which includes more delicate categories of information about an individual – for examples of this see paragraph 2.2 below.
• For our customers in New Zealand, personal information also means information about an identifiable individual, but does not include an express sub-category of “sensitive information”.
Nevertheless, the sensitive nature of any personal information will be relevant to the issue of notifiable privacy breaches (see paragraph 4.1 below).
In either case, if an individual cannot be identified from the personal information held by Boodle (for example, when it has been aggregated and anonymised – see paragraph 3.3 below) then this Policy does not apply.
2.2 Boodle may collect your personal information which is given to or received by us
• You may give us personal information about you when you access the Platform or use the Services and when you communicate with us. This includes information you input during registration by answering specific questions on our Platform, providing us with feedback, participating in surveys, and when you report a problem.
The information you give us may include:
o Your banking provider(s)
o Monthly expenditure
o Personal information or documents required to identify you
o Financial goals and budgets
o Lifestyle information
• You may also be asked to verify your identity (including by providing identity / address verification documents) although in some cases it may be provided by a third party where you have given consent for them to share it with us.
• We will also receive personal information about you from your Account providers (Account Providers).
We work closely with third parties (including, for example, business partners, service providers, advertising networks, analytics providers, search information providers, social media) and may receive information from them, which could include:
o your Account type and details
o Account / branch number
o Account balance
o Account transactions (incoming and outgoing)
o card balances
o card transactions (incoming and outgoing)
o other details from your Account, such as standing orders or direct debits
• Boodle records information from you when using the Services or the Platform, such as:
o Metadata – Boodle records key actions users take on the Platform.
o Logging – Boodle servers log visitors and visitor activity, including but not limited to web pages visited, IP address connected, browser type, phone operating system, IMEI number and other settings.
o Device information – Boodle may collect device information such as screen size or operating system.
o Location information – Boodle may receive information from you or your internet provider about your approximate location.
o Cookies – Boodle uses cookies and similar technologies on our Platform.
These are required in order to login and use the Platform and are also used to provide analytic and usage information.
Boodle also records information about your visit to the Platform using tools such as [Google Analytics]. See further information on cookies at paragraph 5.2 below.
• Sensitive information – Boodle may also receive more sensitive personal information which may include your race, ethnic origin, political views, religion, trade union membership, genetics, biometrics, health and sexual orientation. With the exception of the photo ID you provide so we can verify your identity, we do not process this category of data. However, it is possible that we may hold special category data when you provide it to us. For example, if it is included on documentation (your ID documents) or when third parties provide it to us (details of criminal activities from the police). When this is the case, we will only process this information in strict accordance with the law. You may, at your sole discretion, choose to provide this information to Boodle. We will never require this type of information from you in order to provide you our Services.
You can always choose not to provide your personal information to Boodle, but it may mean that we are unable to provide you with the Services and/or may have to restrict your access to the Platform.
2.3 Boodle may receive personal information from you about others
Through your use of the Services, Boodle may also collect information from you about someone else. If you provide Boodle with personal information about someone else, you must ensure, and hereby warrant to Boodle, that you are authorised to disclose that information to Boodle and that, without Boodle taking any further steps required by applicable data protection or privacy laws, Boodle may collect, use and disclose such information for the purposes described in this Policy.
This means that you must take reasonable steps to ensure the individual concerned is aware of and/or has given his or her informed consent to the various matters detailed in this Policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that information, Boodle’s identity, and how to contact Boodle.
Where requested to do so by Boodle, you must also assist Boodle with any requests by the individual to access or update the personal information you have collected from them and entered into the Platform.
3. For what purposes does Boodle collect, hold, and use your personal information?
3.1 Boodle collects, holds, and uses your personal information for limited purposes
Boodle collects your personal information so that we can provide you with the Services and any related services you may request.
In doing so, Boodle may use the personal information we have collected from you for purposes related to the Services including to:
• To provide, update, maintain and protect our Services, the Platform and our business, including information to support delivery of the Services or address service errors, security or technical issues, analyse and monitor usage, trends and other activities or your request.
• As required by applicable law, legal process or regulation.
• To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your Other Information to respond.
• To develop and provide better productivity tools and additional features. Boodle is constantly improving, we use the data to make the tools and interfaces better, to customize a Services experience or create new productivity features and products.
• To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services, such as security and fraud notices. These communications are considered part of the Services and you may not opt out of them without opting out of the Services as a whole.
• For billing, Account management and other administrative matters Boodle may need to contact you for invoicing, Account management and similar reasons and we use Account data to administer Accounts and keep track of billing and payments.
• To investigate and help prevent security issues and abuse.
• Aggregate non-personally identifiable data as disclosed below.
• If you opt-in to receive information about our other products, services or promotional offers and/or newsletters from us, or information about third-party products and services we feel may interest you, we may use such personal information to contact you by email and/or post with the information you have opted to receive.
• Information you give us or we collect from third parties. We will use this information to also:
o analyse and report on your Account and transaction data that we obtain from your Account Provider(s);
o contact you to ask you to refresh your consent for us to access your Accounts with your Account Provider(s) or to inform you that your access to the Platform and/or the Services will be revoked due to your consent having lapsed;
o pre-fill application forms of financial or other products you choose to apply for;
o verify your identity as part of our identity authentication process;
o notify you about changes to our Services;
o ensure that content from our Platform is presented in the most effective manner for you and your device;
o undertake analysis and profiling of your financial information in order to identify and inform you of financial products that we consider are likely to interest you or be suited to your credit circumstances or to enhance our services;
o to ensure compliance with your requests for the exercise of your rights;
o contact you via “push” notifications with relevant information about Boodle, such as notifications about renewing your consent for us to access your Accounts;
o to manage our communications with you in relation to your queries or complaints.
• Information we collect about you from your use of the Platform. We will use this information also:
o to administer the Platform and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
o to improve the Services we offer you such as understanding the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
o as part of our efforts to keep our Platform safe and secure and to prevent fraud;
o to make recommendations about products or services that may be of interest.
• Data analytics. We will use the information we hold about you to conduct an analysis of it for the following purposes:
o analysis of information about you on a personalised or aggregated basis to further tailor the experience to you and for marketing purposes;
o verify the accuracy of data that we hold about you and create a better understanding of you as a Boodle user;
o use information about you, your spending and your use of the Services with information in conjunction with other user’s information to identify patterns (provided that, when it is used in conjunction with other user’s data, it will be in an anonymised format);
o to provide you with better Services by conducting statistical analysis and system testing to understand your needs; and
o network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
By using the Services, you consent to your personal information being collected, held and used in this way and for any other use you authorise. Boodle will only use your personal information for the purposes described in this Policy or with your express permission.
3.2 Who we may share your personal information with?
We may need to disclose your personal information to others to ensure the provision to you of the Services and any information you request.
We will share your personal information where we have your permission to do so in accordance with this Policy or where we believe it is necessary for a legitimate reason connected to our Services and/or the Platform.
• Related companies. We may share your personal information with any of our related companies, which means our subsidiaries, our ultimate holding company and its subsidiaries.
• Our business partners. We may share your personal information with providers of products on our Platform, such as our business partners (who may offer you cards, loans, finance, mortgages, insurance, pensions, investments and other related products), to fulfil the following purposes:
o to assess your probability of being accepted for a product;
o to allow us or the partner to conduct analysis with the intent to better understand the market or to provide you with better products and services in the future, and/or for segmentation purposes;
o pre-fill an application form with the product provider;
o assess your affordability for a product;
o to conduct income or identity verification; and
o for fraud prevention purposes.
• Selected third parties. We may also share your information with selected third parties including:
o third parties which enable us to provide you with the Services such as cloud back-up and server hosting providers, IT software and third parties that provide communication services;
o if we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets (or the buyer or seller’s advisers);
o if we or part or all of our assets are acquired by a third party, in which case personal information held by us about our customers will be one of the transferred assets;
o if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our Terms of Services and other agreements; or to protect the rights, property, or safety of Boodle, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
o advertisers that require data, to perform services on our behalf, including selecting and serving relevant adverts;
o market research organisations engaged by us to undertake customer satisfaction surveys and market research;
• Fraud prevention agencies. If false or inaccurate information is provided and fraud is identified, details of this fraud will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.
3.3 Boodle can aggregate your anonymised data
By using the Services, you agree that Boodle can access, aggregate and use anonymised data Boodle has collected from you. This is a set of data about many people that excludes personal identifiers such as names, addresses and phone numbers. It protects your privacy because it will in no way identify you or any other individual.
Boodle may use this aggregated anonymised data for purposes such as internal and external reporting, and to make decisions about how to manage Boodle or the Platform and how to deliver the Services. For example, we may use aggregated anonymised data to:
• assist us to better understand how our customers are using the Services,
• provide our customers with further information regarding the uses and benefits of the Services,
• enhance business productivity, including by creating useful business insights from that aggregated data and allowing you to benchmark your business’ performance against that aggregated data, and
• otherwise to improve the Services.
We may also use aggregated anonymised data to provide insights to other organisations such as our advertisers, customers and partners and may provide aggregated anonymised data to third-party data analytics service providers.
4. Protection of personal information
4.1 Boodle takes steps to protect your personal information
Boodle is committed to protecting the security of your personal information and we take all reasonable precautions to protect it from unauthorised access, modification or disclosure.
Your personal information is stored on secure servers that have SSL Certificates issued by leading certificate authorities and all personal information transferred between you and the Services is encrypted.
However, the Internet is not in itself a secure environment and we cannot give an absolute assurance that your information will be secure at all times.
Transmission of personal information over the Internet is at your own risk and you should only enter, or instruct the entering of, personal information to the Services within a secure environment.
We will advise you as soon as reasonably practicable and in any event within 72 hours upon discovering or being advised of a security breach where your personal information is lost, stolen, accessed, used, disclosed, copied, modified, or disposed of by any unauthorised persons or in any unauthorised manner.
Boodle will also comply with its mandatory notification obligations (a) (in relation to our New Zealand customers) to the New Zealand Privacy Commissioner (OPC), affected individuals and/or the public (as applicable) under the NZ Privacy Act in relation to all “notifiable privacy breaches” (b) (in relation to our Australian customers) to the Office of the Australian Information Commissioner (OAIC) in relation to “notifiable data breaches”.
4.2 Boodle only discloses your personal information in limited circumstances
Boodle will only disclose the personal information you have provided to us to entities outside the Boodle group of companies in accordance with paragraph 3.2 above or if it is otherwise necessary and appropriate to facilitate the purpose for which your personal information was collected pursuant to this Policy, including the provision of the Services.
Boodle will not otherwise disclose your personal information to a third party unless you have provided your informed consent. However, you should be aware that Boodle may be required to disclose your personal information without your consent in order to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities, if such disclosure is required by law.
Where possible and appropriate, we will notify you if we are required by law to disclose your personal information.
5. Your rights and responsibilities
It’s your personal information and you have certain rights and responsibilities under New Zealand or Australian law (as applicable) relating to it.
Pursuant to the laws and regulations of other jurisdictions, individuals in those jurisdictions may have additional data subject rights enabling them to opt-out of third party sharing or selling, to delete or remove, or request to access and receive a copy of their personal information in Boodle’s possession or for which Boodle is otherwise responsible. Boodle will comply with all applicable laws to which it is subject in relation to such rights.
It is your responsibility to ensure that the personal information you provide to us is accurate, complete and up-to-date. You may request access to the information we hold about you, or request that we update or correct any personal information we hold about you, by setting out your request in writing and emailing it to the Boodle privacy officer (details are provided at the end of this Policy).
Boodle will process your request as soon as reasonably practicable and no later than 20 working days (or such shorter period as may be prescribed by applicable law) from the date we receive your request, provided we are not otherwise legally prevented from doing so.
If we are unable to meet your request, we will let you know why in writing. For example, it may be necessary for us to deny your request if it would have an unreasonable impact on the privacy or affairs of other individuals, or if it is not reasonable and practicable for us to process your request in the manner you have requested.
In relation to the personal information Boodle holds you have rights to:
• know what personal information Boodle holds about you, and make sure it’s correct
• request a copy of your personal information, or ask Boodle to restrict processing your personal information or delete it
• object to our continued processing of your personal information
• withdraw your consent where we are relying on it to use your personal information, for example where we are relying on your consent to send you marketing information.
You can make these requests at any time by emailing the Boodle privacy officer (details are provided at the end of this Policy).
5.1 How long we will keep your personal information?
We’ll keep your personal information only for as long as we require it for the purposes for which it was collected (see paragraph 3 above).
In regards to your Accounts information, we will retain it in the following manner:
• If you allow your consent to lapse without revoking or renewing it, we will retain your Accounts information for a period of 9 months after the date your consent lapsed, after which your bank information will be permanently erased or fully anonymised. You can always renew your consent before the end of the 9 month period;
• If you actively opt to revoke your consent and unlink your Account from the Platform, we will immediately erase all Account information;
• If you continue to renew your consent at the appropriate times, we will retain your bank information for no more than 7 years from the date of the original consent.
Your other personal information collected in accordance with this Policy will be kept for a period of 7 years after it is no longer required to provide you with the Services.
We will, however, keep your information indefinitely in the event it is required by applicable law (even if you exercise your right to request the erasure of your data) or if it is permitted under applicable law to retain your information so long as the necessary protections are applied.
5.2 Boodle uses cookies
To deliver a tailored and smooth experience, Boodle uses “cookies” and similar tracking technologies in providing our services.
A cookie is a small text file that is stored on your computer for record-keeping purposes. A cookie does not identify you personally or contain any other information about you but it does identify your computer.
We and some of our affiliates and third-party service providers may use a combination of ‘persistent cookies’ (cookies that remain on your hard drive for an extended period of time) and ‘session ID cookies’ (cookies that expire when you close your browser) on the Platform to, for example, track overall site usage, and track and report on your use and interaction with ad impressions and ad services.
You can set your browser to notify you when you receive a cookie so that you will have an opportunity to either accept or reject it in each instance.
However, you should note that refusing cookies may have a negative impact on the functionality and usability of the Platform.
5.3 You can opt-out of any marketing or email communications
Boodle sends billing information, product information, updates and notifications relating to the Services to you via email or the Platform.
Our emails or notifications will contain clear and obvious instructions describing how you can choose to be removed from any mailing list not essential to the Services. Boodle will remove you at your request.
Boodle may communicate with you via email or on-Platform message based on your user profile or company profile. For example, if your Boodle account has no connection to an accounting system, we may email you with advice and suggestions on how to connect. You can opt-out of these filtered or profile-based messages at any time by emailing the Boodle privacy officer (details are provided at the end of this Policy).
Please note that if you withdraw your consent, (a) this will not render unlawful any use which we made of your personal information before you withdrew your consent and (b) it may mean that we are unable to provide you with the Service in whole or in part.
5.4 You are responsible for transfer of your data to third-party applications
The Services may allow you to transfer your data, including your personal information, electronically to and from third-party applications.
While Boodle will comply with all applicable consumer data right / data portability laws to which it is subject, Boodle has no control over, and takes no responsibility for, the privacy practices or content of these third-party applications.
You are responsible for checking the privacy policy of any such applications so that you can be informed of how they will handle personal information.
5.5 Age Limit
To the extent prohibited by applicable law, Boodle does not allow use of our Services or the Platform by anyone younger than [16] years old. If you learn that anyone younger than [16] has unlawfully provided us with personal information, please contact us and we will take steps to delete such information.
6. Servers, data processing and data storage of your personal information
Boodle is hosted in Amazon AWS, using servers located in Australia.
When you use the Services your data will be stored and processed on Amazon AWS servers within Amazon AWS’ data centres in Australia.
Amazon AWS is a top-tier server infrastructure and managed server provider that complies with important international data protection standards such as:
• EU-U.S. Privacy Shield Framework
• EU Data Protection Directive
• Compliance and GDPR
By entering personal information into the Services, you consent to that personal information being hosted on servers located in Australia.
While your personal information will be stored on servers located in Australia, it will remain within Boodle’s effective control at all times.
Each data hosting provider’s role is limited to providing a hosting and storage service to Boodle, and we’ve taken steps to ensure that our data hosting providers do not have access to, and use the necessary level of protection for, your personal information.
They do not control, and are not permitted to access or use your personal information, except for the limited purpose of storing the information. This means that (a) for the purposes of s 11 of the NZ Privacy Act, such personal information is treated as held by Boodle because it is held by Amazon AWS as Boodle’s agent and not for use or disclosure for Amazon AWS’s own purposes, and (b) for the purposes of Australian privacy legislation and Australian users, Boodle does not currently ‘disclose’ personal information to third parties located overseas.
If you do not want your personal information to be transferred to a server located in Australia, you should not provide Boodle with your personal information or use the Service.
7. Boodle has a privacy complaints process
If you wish to complain about how we have handled your personal information, please provide us with full details of your complaint and any supporting documentation by e-mailing the Boodle privacy officer (details are provided at the end of this Policy).
We will endeavour to:
• provide an initial response to your query or complaint within 10 business days, and
• investigate and attempt to resolve your query or complaint within 30 business days or such longer period as is necessary and notified to you.
If you are not satisfied with our response you may complain to (a) if in New Zealand the OPC via the OPC website (www.privacy.org.nz) (b) if in Australia the OIAC via the OIAC website (www.oaic.gov.au).
7.1 This Policy may be updated from time to time
Boodle reserves the right to change this Policy at any time, and any amended Policy is effective upon posting to the Platform.
Boodle will make every effort to communicate any significant changes to you via email or notification via the Platform.
Your continued use of the Services will be deemed acceptance of any amended Policy.
7.2 Contact details:
Boodle Limited is incorporated in New Zealand with number 8496886 and has its registered office address at Level 4, The Textile Centre
117-125 St Georges Bay Road
Parnell
Auckland 1052.
You may contact the Boodle privacy officer by email at privacy@boodleco.com.
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Who we share your data with
If you request a password reset, your IP address will be included in the reset email.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.