Table of Contents

    Franchise Lab Pty Ltd

    Privacy Policy

     

    This policy (“Privacy Policy”) explains how Franchise Lab Pty Ltd ACN 651 807 180 (“Franchise Lab”, “we” or “us”)  seeks to protect the Personal Information of prospective and existing “Franchisees” (being, an individual or company that holds a franchise for the sale of goods or the operation of services and includes any applicants applying to become a Franchisee) (“Franchisee Information”)  and Personal Information of “Franchisors” (being, an individual or company that sells or grants a franchise for the sale of goods or the operations of a service).

    We are committed to protecting the safety and security of the personal information of individuals whose information we have access to including, but not limited to, Franchisors, prospective and existing Franchisees and other persons with whom we interact with (collectively, a “User” or “you”).  We use information received from Users to effectively run our Software that aims to assist Franchisors in growing their businesses, including without limitation, by providing them with tools that help them assess the viability of prospective and existing Franchisees and manages an assessment process and associated services (“Services”).  We endeavour to take all necessary and reasonable steps to comply with the relevant Privacy Laws and to deal with inquiries or complaints from individuals about compliance with the relevant Privacy Laws.

    The Privacy Policy has been developed in accordance with the Privacy Act 1988 (Cth) (“Act”) and to the extent applicable, the European Union General Data Protection Regulation (Regulation 2016/679) (“GDPR”) (collectively, “Privacy Laws”).

    Under the Act, “Personal Information” is defined as: “Information or an opinion about an identified individual, or an individual who is reasonably identifiable:

    1. whether the information or opinion is true or not; and
    2. whether the information or opinion is recorded in a material form or not.
    With respect only to residents of the European Union, Schedule 1 of this Privacy Policy provides additional terms for the protection of “Personal Data” under the GDPR. Personal Data should be considered fundamentally interchangeable with the Australian expression “Personal Information” for the purposes of this Privacy Policy.

    Please read this Privacy Policy carefully in order to understand how your Personal Information is collected, held, used, or otherwise processed by us.

    We reserve the right to make changes or updates to this Privacy Policy from time to time. If this happens, we will update this Privacy Policy and notify you of any changes, most likely via email. However, you should also periodically check this Privacy Policy for any updates.

    1. About Franchise Lab

    We are a software company that provides software to assist Franchisors in growing their businesses, including without limitation, by providing tools that help Franchisors assess the viability of prospective and existing Franchisees and manage an assessment process (“Software”). While we offer a range of Services in connection to the provision of the Software we do not, ourselves, make any decisions relating to whether a Franchisor will accept a prospective Franchisee or not.

    In providing the  Services, we are sensitive to Users’ concerns about the safety of their Personal Information, be it Franchisee Information or otherwise. We have developed our privacy framework to assist Users, and to comply with privacy legislation and regulations applicable to us and our management of your Personal Information.

    In essence, we will typically only:

    • collect, use or share your Personal Information with your consent (unless it is not reasonable in the circumstances to obtain your consent and it is legally permissible for us to do so) or when required by a legal obligation; and
    • interact with your Personal Information in order to: (a) provide you or a Franchisor with the Services and (b) help us improve and develop the Services.

    2. How Franchise Lab collects your personal information

    We collect Personal Information from individuals in one of three main ways:

    1. Directly from Users,when they interact with us in instances including, but not limited to:
      1. when a Franchisor provides to us information for the purposes of accessing the Services; or
      2. the collection of information of prospective Franchisees so that Franchisors can access the Services;
    2. Passively from Users, when they interact with our website, online platforms and digital presence; and
    3. From third parties in certain,specific circumstances (e.g., in assessing whether we think the Services will be suitable for a particular individual or where you have consented to us getting a third-party to disclose information to us (e.g., if a Franchisor requires credit history information or criminal history checks as part of the Services)).

    If collecting Personal Information directly from Users, we will always clearly identify ourselves to respondents by providing them with Franchise Lab details.

    The specifics of Personal Information collected in each situation is discussed further below.

    3. When Franchise Lab collects information from users and what we collect

     

    1. Personal Information collected directly via our website or platform.When a User makes an enquiry or sends us an expression of interest on our website or other digital property, we may collect the following types of Personal Information directly and consensually:

      • Basic contact information, including your name, email, and phone number; and
      • Enquiry information,such as the franchise operated by a Franchisor, the potential number of Franchisees that may be asked to respond to the Software and Services, and information that has been requested by a prospective Applicant about a Franchisor.

      When you provide us with unsolicited feedback or otherwise interact with us on your own accord (either as a Franchisor or via a Franchisor providing you access) we may collect any contact information you provide (including Personal Information), as well as your feedback.

      When you make an application for employment at Franchise Lab, we may collect any Personal Information provided within that application, such as the contents of a personal statement made in support of your application.

    2. Personal Information collected directly from a Franchisee

      Once a prospective or existing Franchisee has been approved by a Franchisor to access the Software and the Services for the benefit of the Franchisor we may collect the following types of Personal Information directly and consensually from the Franchisee or from the Franchisor, as long as the Franchisee has provided consent to do so, for the provision of the Services to the Franchisor:

      • Information and evidence of a general nature about you, such as your name, address, email, phone number and emergency contact information;
      • Information and evidence relating to your education, work experience, employment history, nationality or citizenship details;
      • Information and evidence relating to your financial position and history such as your credit history, assets and liabilities, income and expenses that the Franchisor requires as part of the Services.

      We may also seek to collect sensitive personal information, such as psychometric and behavioural information (based on surveys collected as part of the Services). In any such instance we will request direct consent from the Franchisee or, if the information has previously been collected by a Franchisor, that the Franchisor has previously obtained such consent.

      When a prospective Franchisee responds to a survey we may directly and consensually collect the Personal Information disclaimed and explained on the survey form.

      As noted, we use all Franchisee Information solely for the purposes of providing the  Services to our customers, the Franchisors. To the extent permissible at law, we will uphold the privacy of all Franchisee Information but take no responsibility for how Franchisors use that information. As noted in our Terms of Use, all prospective Franchisee applicants consent to their Personal Information being provided to the relevant and applicable Franchisor for the purposes of providing the Services.

    3. Personal Information collected directly from a Franchisor or its authorised users

      Once a Franchisor has registered to use the Software or the Services we may collect the following types of Personal Information directly and consensually from the Franchisor and its authorised users:

      • Personal information, such as name, address, email, phone number and emergency contact information, and if applicable, curriculum vitae, passport or citizenship details;
      • Incidental information relating to the Franchise, such as its terms and conditions that are relevant for the prospective positions to be offered to prospective Franchisee;
      • If applicable, payment information that is required as part of the subscription process (e.g. credit card information); and
      • Credit information, such as credit history or financial health information we need to be aware of prior to providing the Services.

      When Franchisors request additional services or special applications (e.g. applications for special services outside the ordinarily offered Service), we may directly and consensually collect the Personal Information outlined in the relevant application.

      When a User responds to an assessment we may directly and consensually collect the Personal Information disclaimed and explained within the assessment form.

    4. Personal Information collected passively

      As you use the online and digital components of the Software and Services(e.g. accessing our website, logging into your account, or interacting with our Software, assessments or Services) we may collect the following types of Personal Information about your usage:

      • The following types of browser, system and device information regarding Franchise Lab and other devices you use to access our digital content;
      • Locational information, such as in the form of the IP address from which you access the Services, particularly when accessing via the internet; and
      • Web data tracking information, such as data from cookies stored on your device, including cookie IDs and settings, as well as logs of your usage of our
    5. Personal Information collected from third parties

      In certain specific situations, we will collect Personal Information about you from third-parties. The types of Personal Information collected may include:

      • verification of identity;
      • verification of nationality and residency status;
      • criminal history records;
      • financial information, such as your credit history or information relating to any outstanding liabilities; and
      • web data tracking information that fit certain parameters of who we think could become Franchise Lab clients (e.g. heat maps developed through Google Analytics; which track patterns of user interactions with our web pages).

    4. Why Franchise Lab collects your personal information and what we use it for

    Although we collect Personal Information from Users in a number of circumstances, we will only collect this information in order to provide and develop the Services. Outlined below are the main ways we use Personal Information to achieve these objectives.

    Communicating with Users and delivery of Services

    Franchise Lab will use Franchisee Information  to assist in preparing reports for a Franchisor who has issued assessments to an existing or potential Franchisee. The Franchisor will utilise this information in part to make decisions relating to the performance or suitability of a potential or current Franchisee and for other administrative purposes related to the specific reason for which the Personal Information was collected.

    Franchise Lab will use data provided by Franchisors in order to provide the Services and optimise the Software, and for other administrative purposes related to the specific reason for which the Personal Information was collected.

    If Users have consented, we will also use these types of Personal Information to share relevant news and updates about Franchise Lab and the Services.

     

    Administration of Services

    Franchise Lab will use Franchisee and Franchisor information to engage with Users for administrative purposes (e.g. resetting account password or approving special consideration applications) and to effectively and efficiently provide them with the Services (e.g. to set and receive surveys required under Software and Services).

     

    Research and development

    Franchise Lab will use assessment information to provide the Services as well as develop, test and improve the quality and usability of the Services and Software. Our preference will be to de-identify this information first, and then use it for this purpose in conjunction with de-identified browser and device information (see section 6 below for an explanation of what we mean by “de-identified”).

     

    Marketing

    Where Users have expressly consented, we may use basic contact information to provide Users with relevant marketing materials and offers. Such contact information includes website usage but does not include any Franchise Information obtained through one of our assessments. Users can always opt out of this through the functionality provided in each marketing communication (e.g. by clicking “unsubscribe” at the bottom of an email).

     

    We will also use passively collected web data tracking information to display marketing materials and offers on third-party websites (e.g. if you have visited an Franchise Lab program page, we may use cookies to later display banner advertisements to Users on LinkedIn). Users can stop or manage web data tracking information through their browser preferences.

    5. Franchise Lab disclosure of personal information

    Other than as previously stated in this policy, Franchise Lab does not disclose Personal Information to any third parties except:

    • Service providers we engage to help us provide and develop the Services (e.g. cloud service providers or consultants);
    • with respect to Franchisee Information to the relevant Franchisor that a Franchisee is applying to work with; and
    • Law enforcement agencies, or another party that has a legitimate legal right to access the information.

    The above disclosures will only be made in circumstances where the recipient has provided an undertaking that they will maintain the confidentiality of the information and that they recognise the appropriate limitations placed on the use of the information. Disclosures will also always be in accordance with this Privacy Policy. In the case of Users’ organisations, we will seek the explicit consent of the User before disclosing their information.

    Overseas Disclosure

    Some of the third parties we will disclose Personal Information to are located or have locations overseas. This is particularly the case for our cloud technology service providers which are provided their services from various global locations.

    As with disclosures to third-party service providers, overseas disclosures are always made once we have taken all reasonable steps to determine the information will be treated at least as required under the Act, other applicable privacy laws and our own data security principles.

    6. Franchise Lab treatment and storage of information

    Franchise Lab general approach

    Franchise Lab will keep your Personal Information confidential and not sell or knowingly divulge User information to any external third parties, unless:

    • We believe, in good faith, that we are required to share the Personal Information with a third party in order to comply with legitimate legal obligations;
    • The disclosure is to a third-party processor of Personal Information that acts on our behalf and/or under our instruction in order to enable us to deliver the Services (e.g. a cloud service provider);
    • The disclosure is to employees or contractors of Franchise Lab;
    • The disclosure is to other entities which may acquire ownership or operation of Franchise Lab or the Services; and/or
    • It protects the safety of Users, and the security our Services.

    We will endeavour to seek the informed and voluntary consent of individuals whenever we collect their information, or as soon as possible after.

    Users can always refuse or revoke this consent, but sometimes this will affect our ability to provide them, or a relevant Franchisor, with the Services. We will advise Users if this is the case.

    For the avoidance of doubt, a Franchisee can revoke their consent to Franchise Lab holding their Personal Information and request that they delete their Personal Information from Franchise Lab’s records. In such an instance, Franchise Lab will be unable to provide the Services with respect to that Franchisee. To the extent that a Franchisor ends their relationship with us we will retain all relevant Personal Information (including that of any Franchisee referred to our Services by that Franchisee) for a period of up to three months unless we are requested to terminate prior to this date. After this date we will de-identify all information in accordance with the below.

    Franchisee Information may be provided directly to a Franchisor who must, in turn, have their own privacy policy in place. If a Franchisee wishes to revoke their consent to the relevant Franchisor they must do so in accordance with the relevant Franchisor’s policy.

    De-identification

    De-identified information refers to information that cannot reasonably be used to identify a particular individual.

    De-identified information that will never be able to personally identify particular individuals is referred to as anonymised information (e.g. statistics that show 90% of Users were happy with the Services). Additionally, de-identified information that can identify individuals only if it is combined with another, separate piece of information is referred to as pseudonymised information.

    Where possible we will aim to collect, store and use anonymised information as a first preference, and if not, then pseudonymised information.

    However, sometimes it will be impractical for User information to be de-identified or treated in this way, and in this case, Franchise Lab will continue to use and hold the information in a personally identifiable state. For example, if we need to reply to a User enquiry we will have to use the contact information provided.

    Security

    Franchise Lab is committed to information security. We will use all reasonable endeavours to keep the Personal Information we collect, hold and use in a secure environment. To this end we have implemented technical, organisational and physical security measures that are designed to protect Personal Information, and to respond appropriately if it is ever breached.

    When information is collected or used by us and is stored on third-party service providers (e.g.  AWS cloud servers), we take reasonable steps to ensure these third-parties use industry standard security measures that meet the level of information security we owe our Users.

    We endeavour to routinely review our security policies and procedures and consider the appropriateness of new technologies and methods.

    7. Franchise Lab’s retention of information

    Franchise Lab retains Personal Information until it is no longer needed to provide or develop the Services, three months after the relevant Franchisor terminate their engagement with us or until the individual who the Personal Information concerns asks us to delete it, whichever comes first. It may take up to 30 days to delete Personal Information from our systems following a valid request for deletion.

    However, we will retain:

    • Personal Informationin circumstances where we have legal and regulatory obligations to do so (e.g. for law enforcement purposes, employment law, corporate or tax record keeping, and where the information is relevant to legitimate legal proceedings, or in keeping with its’ requirements under other Australian record keeping legislation such as the Public Records Act 1973 (Vic)); and
    • Anonymised informationfor analytic and service development purposes.

    The information we retain will be handled in accordance with this Privacy Policy.

    8. Specific rights of European residents

    Users who are habitually located in the European Union (‘EU Residents’) have additional rights in respect of their Personal Data (a term that is fundamentally interchangeable with Personal Information).

    Users who are EU Residents should refer to Schedule 1 for more information regarding how Franchise Lab’s privacy practices in relation to their Personal Data.

    9. Managing personal information

    Accessing and ensuring the accuracy of Personal Information

    Franchise Lab takes reasonable steps to ensure that the Personal Information we collect and hold is accurate, up to date and complete.

    Users have a right to access and request the correction of any of Personal Information we hold about them at any time. Any such requests should be made by directly contacting us at the details set out below. We will grant access to the extent required or authorised by the Act and applicable laws and will take all reasonable steps to correct the relevant Personal Information where appropriate.

    There may be circumstances in which we cannot provide Users with access to information. We will advise you of these reasons if this is the case.

    Contacting Franchise Lab

    Franchise Lab has appointed a Privacy Officer to be the first point of contact for all privacy related matters and to assist in ensuring our compliance with our privacy obligations.

    Privacy Officer

    Luis Nejo
    PO Box H334

    Australia Square NSW 1215

    privacy@franchiselab.com

    If you have any queries or wish to make a complaint about a breach of this policy or the Act, you can contact or lodge a complaint to our Privacy Officer using the contact details above. You will need to provide sufficient details regarding your complaint as well as any supporting evidence and/or information.

    The Privacy Offer will respond to your query or complaint as quickly as possible. Franchise Lab will contact you if we require any additional information from you and will notify you in writing (which includes electronic communication via email) of the relevant determination. If you are not satisfied with the determination you can contact us to discuss your concerns or complain to the Australian Privacy Commissioner via http://www.oaic.gov.au.

    This Privacy Policy was last updated on 12th October 2021.

    Schedule 1

    Specific rights of European residents

    Franchise Lab is committed to ensuring its compliance with the European Union General Data Protection Regulation (‘GDPR’).

    Although our Privacy Policy explains how Franchise Lab meets all of its’ obligations for Australian Users, Franchise Lab also has some Users who are habitually located in the European Union (‘EU Residents’) that have additional rights in respect of their Personal Data.

    Personal Data is defined as: “Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”. This should be considered fundamentally interchangeable with the Australian expression “Personal Information” for the purposes of this Privacy Policy.

    Under the GDPR, Franchise Lab is primarily a “controller” of Personal Data, as opposed to being a “processor”. As part of its’ GDPR compliance, Franchise Lab provides the Services in a way that ensures:

    Personal Data (i.e. Personal Information) is:

    • processed fairly, lawfully and in a transparent manner; and
    • collected and processed only for specified and lawful purposes.

    (NB see sections 2 - 5 of this Privacy Policy).

    Processed Personal Data (i.e. Personal Information that is used, held or disclosed by Franchise Lab) is:

    • adequate, relevant and not excessive;
    • accurate and, where necessary, kept up to date;
    • kept secure, and not longer than necessary;
    • not transferred to countries outside the European Union without adequate protection; and
    • treated in accordance with individuals’ legal rights.

     

    Whilst Franchise Lab strives to provide all Users with appropriate access and control over their data, individuals covered by the GDPR are also able to:

    • Prescriptively restrict, limit or otherwise provide instructionsto Franchise Lab regarding how we can use their Personal Data. This includes being able to object to how and why their Personal Data is used (e.g. by the removal of their consent for particular functions);
    • Verbally request the erasure(i.e. deletion) of their information;
    • Request Franchise Lab provides all Personal Data held about them in a portable format, meaning in a way that is structured, commonly used and machine-readable; and
    • Users who exercise this right to data portabilityare also able to direct Franchise Lab to transmit this data to other entities who they intend to allow to process their Personal Data.

    Franchise Lab will allow and assist Users that are EU Residents to exercise these rights, unless we have compelling and legitimate legal grounds not to (e.g. a legal obligation under Australian legislation, or if the Personal Data has been fully anonymised).