GLX Privacy Collection Statement

In this Privacy Collection Statement, references to ‘GLX’, 'we', 'us' and 'our' are references to GLX Digital Limited ABN 38 608 905 308 and GLX Pte Ltd Registration no. 201605068K. The information GLX collects, and all other information provided by you at the request of GLX (which includes your name, email address and information about your position and your organisation) will be used by GLX and its staff to provide you with our services, information about our services and answer any enquiries that you may have.

The primary purpose for which we collect personal information from you is to provide you with the licensed services and for the purposes of system notifications, authentication and support. We may also use or disclose the personal information to provide you with updates on our products and services and to invite you to events that may interest you. You may choose not to receive such communications at any time.

Our usual process for collecting information varies however generally we will deal with your personal information in the following ways:

The personal data processed by us, or processed on our behalf, is needed for the purpose of providing the GLX Products and Services and to communicate with you in relation to your enquiries and employment related matters (as applicable).If you choose not to provide your personal data, it may not be possible for GLX to engage with you and otherwise provide you with access to Products and Services you are requesting.

We consider that the lawful basis for the processing of your personal data is necessary to provide you with the Products/Services you are requesting. We will obtain your consent for specific use of your personal data not covered by this Collection Statement, which we will collect from you at the appropriate time. You can withdraw your consent to our specific use of such data at any time.

If GLX does not collect this personal information for such purposes, then GLX will be unable to process your enquiry or supply you with information in relation to your enquiry, and be unable to send you direct marketing communications (unless you have otherwise consented to receive those communications). You may unsubscribe from receiving these communications at any time by emailing us at privacy@glxdigital.com.

In some instances we may collect personal information from you which is unsolicited. To the extent reasonable, we will delete or de-identify any unsolicited personal information.

GLX may share your information with its Related Bodies Corporate (as defined in the Corporations Act 2001 (Cth)) and GLX’s third party service providers inside and outside of Australia who act as data processors to assist GLX in providing its products and services to you (such as software service providers); and any other organisation covered in GLX’s Privacy Policy.

We take reasonable steps to ensure that those parties will handle the personal information in accordance with the Australian Privacy Principles. We are not required to take such steps if we believe that the overseas recipient is already subject to a law that has the effect of protecting personal information in a substantially similar way to the relevant law in Australia, or with your consent. You consent to your information being disclosed to a destination outside Australia for this purpose, including but not limited to: Singapore and the United States and you understand and acknowledge that Australian Privacy Principle 8.1 will not apply to such disclosures of your personal information.

Our Privacy Policy sets out how you can access and correct any of your personal information and how you may make a complaint if you consider that we have not complied with the Privacy Act when handling your personal information.

We will otherwise collect, hold, use and disclose your personal information in accordance with our Privacy Policy, which sets out how you may access and correct the personal information that we hold about you and how to complain about a suspected breach of your privacy or about how we have handled your personal information.

In addition to your rights to access and correct your personal data and lodge a complaint relating to how we handle your personal data as set out in this policy, if the GDPR or other jurisdiction’s data and privacy law applies, you may, under certain conditions, have the following rights available:

Email: privacy@glxdigital.com

Post: Attention
The Privacy Officer
GLX Digital Ltd
Level 3, 435 Roberts Road Subiaco
PERTH WA 6008

This Privacy Collection Statement was last updated in May 2023 and may change from time to time. Any updated versions will be posted on this website and will be effective from the date of posting

If GLX becomes aware of any unauthorized or unlawful breach of security or unauthorized disclosure of or access to Customer Data, on systems managed or otherwise controlled by GLX (Security Incident) GLX shall notify the affected Customer/s without undue delay, and in any case, where feasible, notify the Customer within seventy-two (72) hours after becoming awareof the relevant Security Incident.

In the event of a Security Incident that impacts personal data and is likely to result in a high risk to the rights and freedoms of natural persons, GLX as Data Controller, shall communicate the breach to the data subject without undue delay.

The communication to the data subject shall describe in clear and plain language the nature of the personal data breach and contain at least the following information:

(a) communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;

(b) describe the likely consequences of the personal data breach;

(c) describe the measures taken or proposed to be taken by GLX to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

In the case of a Security Incident that impacts personal data, GLX as Data Controller, shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Supervisory Authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

GLX as a Data Processor shall notify the Customer, as Data Controller, without undue delay after becoming aware of a Security Incident which impacts personal data. The notification shall:

(a) describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;

(b) communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;

(c) describe the likely consequences of the personal data breach;

(d) describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay.

GLX shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken.