ROLLER’S PRIVACY STATEMENT

Last Revised: 16 May 2018
NOTICE: The Privacy Policy below will become effective May 25, 2018

 
1. Who We Are.

1.1 ROLLER Services.

Welcome to ROLLER! We are software platform used by amusement, leisure and entertainment venues to facilitate ticketing, entry management and point-of-sale transactions. Through our platform, mobile apps and services, we enable venues all over the world to manage their operations digitally, and create great experiences for their customers.

ROLLER’s products, features and offerings are available (a) online through various ROLLER properties, (b) off platform, including without limitation, RFID, entry management, sponsorship and marketing or distribution services; and (c) through mobile applications, webpages, application programming interfaces, and subdomains (“Applications”). (a), (b), and (c) are collectively referred to as “ROLLER Properties” or our “Services”.

1.2 Who’s Who.

When this Privacy Policy uses the term “Venue” we mean entities that use the Services to create and sell offerings to consumers. Venues, Consumers and third parties using our Services are all referred to in these Terms collectively as “Users”, “you” or “your”.

ROLLER Networks Pty Ltd is an incorporated entity with its principal place of business at 380 City Road, Southbank 3006, Australia (“ROLLER,” “us,” “we” or “our”). If you are resident in the EEA or Switzerland, ROLLER Networks Pty Ltd is the responsible party with respect to Personal Data (defined below) collected through the Services. ROLLER’s representative for European data protection law purposes has its principal place of business at 1 Primrose St, London, EC2A 2EX, United Kingdom.
If you have any questions or concerns at any time, please do not hesitate to contact us at the address above or by contacting us at info@roller.net.au.

2. Our Privacy Statement.

2.1 Application.

This Privacy Policy sets forth our policy with respect to information that can be associated with or which relates to a person and/or could be used to identify a person (“Personal Data”) that is collected from Users on or through the Services. We take the privacy of your Personal Data seriously. Because of that, we have created this Privacy Policy. Please read this Privacy Policy as it includes important information regarding your Personal Data and other information.

“Non-Personal Data” as used in this Privacy Policy is therefore any information that does not relate to a person and/or cannot be used to identify a person. When you interact with the Services, we may collect Non-Personal Data. The limitations and requirements in this Privacy Policy on our collection, use, disclosure, transfer and storage/retention of Personal Data do not apply to Non-Personal Data.

3. Personal Data That We Collect.

When you use or interact with us through the Services, we may collect Personal Data. Sometimes this will be on our own behalf and other times this will be on behalf of Venue using our Services. This is an important distinction for EU data protection law purposes and is explained in more detail in Section 16 below.
If you are using ROLLER to purchase offerings created and made available by a Venue who is using the Services, the Personal Data that may be collected includes without limitation your name, address, email address and other information that can enable Users to be personally identified.

The main reason this this information is collected is so you can be contacted in the case of any change to your booking. This information is also needed in order to process your payment.
ROLLER will not collect, use or disclose any sensitive information unless:

  • we receive your express consent;
  • we are required to by law;
  • it is necessary to prevent or lessen a serious or imminent threat to the life or health of an individual who is physically incapable of giving or communicating that consent; or
  • it’s necessary for the establishment, exercise or defence or a claim.

3.1 All Users.

For all Users we collect Personal Data when you voluntarily provide such information to the Services, such as when you register for access to the Services, contact us with inquiries, respond to one of our surveys or browse or use certain parts of the Services.

We also automatically collect certain technical data that is sent to us from the computer, mobile device and/or browser through which you access the Services (“Automatic Data”). Automatic Data, includes without limitation, a unique identifier associated with your access device and/or browser (including, for example, your Internet Protocol (IP) address) characteristics about your access device and/or browser, statistics on your activities on the Services.

When you register for the Services or otherwise submit Personal Data to us, we may associate other Non-Personal Data (including Non-Personal Data we collect from third parties) with your Personal Data. At such instance, we will treat any such combined data as your Personal Data until such time as it can no longer be associated with you or used to identify you.

3.2 Venues.

As a Venue we will collect additional Personal Data from you.

In some cases, we may collect your billing information, some of which may constitute Personal Data, to secure certain payments. In addition, if you use our payment processing services, we will collect financial information from you (e.g., your bank account information or an address to send checks) as necessary to facilitate payments and information required for tax purposes.

We may also collect or receive Personal Data from third party sources, such as third party websites, your bank, our payment processing partners and credit reporting agencies.

3.3 Consumers.

As a Consumer we will collect additional Personal Data from you, sometimes for our own purposes and other times on behalf of an Venue (see Section 16 below for more information).

If you register for a paid offering through the Services, you will provide financial information some of which may constitute Personal Data. In addition, Venues can set up event registration pages to collect virtually any information from Consumers. ROLLER does not control a Venue’s registration process nor the Personal Data that they collect using the Services. Personal Data collected on behalf of Venues is provided to the Venue of the applicable offering in accordance with “How We Disclose and Transfer Your Personal Data: Venues” below.

Information we obtain from other sources: We may also collect or receive Personal Data from third party sources, such as Venues, other Consumers, social media or other third party integrations, your credit card issuing bank, our payment processing partners or other third parties.

4. Internal Business Purposes.

We may use your Personal Data for internal business purposes, including without limitation, to help us improve the content and functionality of the Services, to better understand our Users, to improve the Services, to protect against, identify or address wrongdoing, to enforce our Terms of Service, and to generally manage the Services and our business.

4.1 Specific Reason.

If you provide Personal Data for a certain purpose, we may use the Personal Data in connection with the purpose for which it was provided. For instance, if you contact us by e-mail, we will use the Personal Data you provide to answer your question or resolve your problem and will respond to the email address from which the contact came.

4.2 Access and Use.

If you provide Personal Data in order to obtain access to or use of the Services or any functionality thereof, we will use your Personal Data to provide you with access to or use of the Services or functionality and to analyze your use of such Services or functionality. For instance, if you supply Personal Data relating to your identity or qualifications to use certain portions of the Services, we will use that information to make a decision as to granting you access to use such Services and to assess your ongoing qualification to use such Services.

4.3 Internal Business Purposes.

We may use your Personal Data for internal business purposes, including without limitation, to help us improve the content and functionality of the Services, to better understand our Users, to improve the Services, to protect against, identify or address wrongdoing, to enforce our Terms of Service, and to generally manage the Services and our business.

4.4 Marketing Communications.

Where it is in accordance with your marketing preferences, your Personal Data maybe used by Venues to contact you in the future for marketing and advertising purposes, including without limitation, to inform you about services or events they believe might be of interest to you, or to develop promotional or marketing materials and provide those materials to you. See “Opt Out from Electronic Communications” below on how to opt out of ROLLER Marketing Communications.

4.5 Venue Emails.

We allow Venues to use our email tools to contact Consumers for their current and past events, so you may receive emails from our system that originate with such Venues and that we send on their behalf. If you registered for an event on the Services, your email address is available to that Venue. However, Venues may also import the email addresses they have from external sources and send communications through the Services to those email addresses, and we will deliver those communications to those email addresses on the Venue’s behalf. The Venue and not ROLLER is responsible for sending these emails. See “Opt Out from Electronic Communications” below on how to opt out of Venue initiated communications.

4.6 Other Purposes.

If we intend to use any Personal Data in any manner that is not consistent with this Privacy Policy, you will be informed of such anticipated use prior to or at the time the Personal Data is collected or we will obtain your consent subsequent to such collection but prior to such use.

4.7 Aggregated Personal Data

In an ongoing effort to understand and serve our Users better, we often conduct research on our customer demographics, interests and behavior based on Personal Data and other information that we have collected. This research is typically conducted on an aggregate basis only that does not identify you. Once Personal Data is in an aggregated form, for purposes of this Privacy Policy, it becomes Non-Personal Data.

5. How We Disclose And Transfer Your Personal Data.

5.1 No Sale.

We are not in the business of selling your Personal Data. We consider this information to be a vital part of our relationship with you. Therefore, we will not sell your Personal Data to third parties, including third party advertisers. There are, however, certain circumstances in which we may disclose, transfer or share your Personal Data with certain third parties without further notice to you, as set forth below.

5.2 Business Transfers.

As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganisation, dissolution or similar event, Personal Data may be part of the transferred assets. You acknowledge and agree that any successor to or acquirer of ROLLER (or its assets) will continue to have the right to use your Personal Data and other information in accordance with the terms of this Privacy Policy.

5.3 Parent Companies, Subsidiaries, and Affiliates.

We may also share your Personal Data with our parent companies, subsidiaries and/or affiliates for purposes consistent with this Privacy Policy. Our parent companies, subsidiaries and affiliates will be bound to maintain that Personal Data in accordance with this Privacy Policy.

5.4 Agents, Consultants, and Service Providers.

We may share your Personal Data with our contractors and service providers who process Personal Data on behalf of ROLLER to perform certain business-related functions. These companies include our marketing agencies, database service providers, backup and disaster recovery service providers, email service providers and others. When we engage another company to perform such functions, we may provide them with information, including Personal Data, in connection with their performance of such functions.

5.5 Venues.

When you purchase offerings made available by a Venue through use of our Services, we provide the Personal Data entered on the applicable page to the Venues responsible for creating and making available those offerings. It is important that you review the applicable policies of the Venues, before providing Personal Data or other information in connection with an offering or service made available by them.

Similarly, if you are a member of a Venue’s organisation within ROLLER, your Personal Data will be available to the Venue.

5.6 Legal Requirements.

We may disclose your Personal Data if required to do so by law in order to (for example) respond to a subpoena or request from law enforcement, a court or a government agency (including in response to public authorities to meet national security or law enforcement requirements), or in the good faith belief that such action is necessary to (a) comply with a legal obligation, (b) protect or defend our rights, interests or property or that of third parties, (c) prevent or investigate possible wrongdoing in connection with the Services, (d) act in urgent circumstances to protect the personal safety of Users of the Services or the public, or (e) protect against legal liability.

6. How We Store Your Personal Data.

We may store Personal Data itself or such information may be stored by third parties to whom we have transferred it in accordance with this Privacy Policy. We take what we believe to be reasonable steps to protect the Personal Data collected via the Services from loss, misuse, unauthorised use, access, inadvertent disclosure, alteration and destruction. However, no network, server, database or Internet or e-mail transmission is ever fully secure or error-free. Therefore, you should take special care in deciding what information you send to us electronically. Please keep this in mind when disclosing any Personal Data.

7. How You Can Access, Update, Correct, or Delete Your Personal Data.

You can request access to some of your Personal Data being stored by us. You can also ask us to correct, update or delete any inaccurate Personal Data that we process about them.

If you are a registered User, you can exercise these rights by logging in and clicking on the Settings menu in the Venue Manager, and then navigating to the Staff page. Both registered and unregistered Users may also exercise these rights by contacting us directly by email or at the address specified below.

If a Consumer initiates a data deletion request, ROLLER is authorised to delete or anonymize Personal Data of the requesting Consumer from the Services even if that means removing its availability to the Venue through the Services. However, if you are a Consumer, you understand that even if you ROLLER deletes or anonymizes your Personal Data upon your request or pursuant to this Policy, your Personal Data may still be available in the Venue’s own databases if transmitted to the Venue prior to ROLLER receiving or taking action on any deletion or anonymization activity.

We will consider and respond to all requests in accordance with applicable law.

8. How Long We Retain Your Personal Data.

We may retain your Personal Data as long as you are registered to use the Services. ROLLER also stores Personal Data on behalf of Venues that use the Services until such time as the Venue is no longer a user of the Services and they have instructed us to either return or destroy the data. If a Customer requests that their Personal Data be either returned or destroyed, we will act on that instruction within 30 days from receipt of the request from either a Customer or Venue. In certain circumstances, there may also be an additional period that Personal Data is stored, as is permitted or required under applicable laws. Even if we delete your Personal Data it may persist on backup or archival media for an additional period of time for legal, tax or regulatory reasons or for legitimate and lawful business purposes.

9. Cookies, Pixels Tags, Local Shared Objects, Web Storage And Similar Technologies.

Cookies are small text files placed onto your computer or device as you browse the Internet. Cookies can be used to collect, store and share bits of information about your activities across websites, including on ROLLER’s websites that link to this Policy (“Websites”). They also allow us to remember things about your visit to our Websites, such as your preferred language and other choices/settings and generally make the site easier for you to use.
Why does ROLLER use cookies and similar technologies?
ROLLER uses cookies and similar technologies, such as web beacons, browser cookies, pixel tags, or local shared objects (“flash cookies”), to deliver, measure, and improve our services in various ways. As we adopt additional technologies, we may also gather additional information through other methods.

We use cookies for the following purposes:

  • Authentication and security:
    • To log you into our Services;
    • To protect your security; and
    • To help us detect and fight spam, abuse, and other activities that violate ROLLER’s user agreements and terms.
    • For example, these technologies help authenticate your access to our Services and prevent unauthorized parties from accessing your accounts.
  • Preferences:
    • To remember information about your browser and your preferences; and
    • To remember local settings and other choices you have made.
    • For example, cookies help us remember your preferred language or the country that you are in. We can then provide you with content in your preferred language without having to ask you each time you visit.
  • Analytics and research:
    • To help us improve and understand how people use our Services.
    • For example, cookies help us test different versions of our Services to see which particular features or content users prefer. We might also optimize and improve your experience on our Websites by using cookies to see how you interact with our Websites, such as when and how often you use them and what links you click on.
    • To help us better understand how people use our Websites, we work with a number of analytics partners, including Google Analytics and Hotjar. These providers use cookies and similar technologies to help us analyze how users use the Websites, including by noting the third-party websites from which you arrive. The information collected will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Websites. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-Out Browser by clicking here, and you may also use Hotjar opt out by clicking here.
    • We don’t release the information collected from our own cookies to any third parties, other than to our service providers who assist us in these cookie activities.
  • Personalized content:
    • To customize our Websites with more relevant content.

You have a number of options to control or limit how we and our partners use cookies. When you first access our Services, we recommend reviewing our Privacy Policy in full, including this section regarding our use of Cookies – by continuing to use or access our Services, you are consenting to our use of cookies and related technologies as described in this Policy.
Most browsers automatically accept cookies, but you can modify your browser setting to decline cookies by visiting the Help portion of your browser’s toolbar. For general information about cookies and how to disable them, please visit www.allaboutcookies.org.

10. Your Choices.

You have several choices available when it comes to your Personal Data:

10.1 Limit the Personal Data You Provide.

You can browse the Services without providing any Personal Data (other than Automatic Data to the extent it is considered Personal Data under applicable laws) or with limiting the Personal Data you provide. If you choose not to provide any Personal Data or limit the Personal Data you provide, you may not be able to use certain functionality of the Services. For instance, in order to purchase offerings as a Consumer, your name and email address will be required by the Venue.

10.2 Opt Out from Electronic Communications.

(a) ROLLER Marketing Communications.

Where it is in accordance with your marketing preferences, ROLLER may send you electronic communications marketing or advertising the Services themselves or events on the Services, to the extent you have registered for the Services or purchased an offering made available by a Venue via the Services. You can also “opt out” of receiving these electronic communications by clicking on the “Unsubscribe” link at the bottom of any such electronic communication.

(b) Venue Initiated Communications.

Venues may use our email tools to send electronic communications to those on their email subscription lists, including Consumers who have registered for their offerings on the Services in the past. Although these electronic communications are sent through our system, ROLLER does not determine the content or the recipients of these electronic communications. ROLLER provides an “Unsubscribe” link on each of these emails, which allows recipients to “opt out” of electronic communications from the particular Venue.

(c) Transactional or Responsive Communications.

Certain electronic communications from ROLLER are responsive to your requests. For instance, if you are a Consumer, we must email you your ticket or registration on behalf of the Venue when you purchase such ticket or registration. As a further example, if you email our customer support department, we may return your email. Notwithstanding any unsubscribe election that you have made, you will still receive these transactional or responsive emails. You can stop receiving these types of emails only by contacting us.

(d) Retention.

It may take up to forty-eight (48) hours for us to process an unsubscribe request. Even after you opt out of all electronic communications, we will retain your Personal Data in accordance with this Privacy Policy, however, we will no longer use it to contact you. However, Venues who have received your Personal Data in accordance with this Privacy Policy may still use that Personal Data to contact you in accordance with their own privacy policies.

10.3 Do Not Track.

We currently do not participate in any “Do Not Track” frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your Personal Data.

11. Exclusions.

11.1 Personal Data Provided to Others.

This Privacy Policy does not apply to any Personal Data that you provide to another User or visitor through the Services or through any other means, including to Venues or information posted by you to any public areas of the Services.

11.2 Third Party Links.

This Privacy Policy applies only to the Services. The Services may contain links to other websites not operated or controlled by us (the “Third Party Sites”). The policies and procedures we described here do not apply to the Third Party Sites. The links from the Services do not imply that we endorse or have reviewed the Third Party Sites. We suggest contacting those sites directly for information on their privacy policies.

12. Children – Children’s Online Privacy Protection Act.

We do not knowingly collect Personal Data from children under the age of thirteen (13). If you are under the age of thirteen (13), please do not submit any Personal Data through the Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data through the Services without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Data to us through the Services, please contact us and we will endeavour to delete that information from our databases.

13. International Privacy Laws.

If you utilize our Services from a country other than the country where our servers are located, your communications with us may result in transferring your personal data across international borders. Also, when you communicate with us, we may provide you with support from one of our global locations outside your country of origin. In these cases, your personal data is handled according to this Privacy Policy.

14. Changes To This Privacy Policy.

The Services and our business may change from time to time. As a result, at times it may be necessary for us to make changes to this Privacy Policy. We reserve the right, in our sole discretion, to update or modify this Privacy Policy at any time (collectively, “Modifications”). Modifications to this Privacy Policy will be posted to the Site with a change to the “Updated” date at the top of this Privacy Policy. In certain circumstances ROLLER may, but need not, provide you with additional notice of such Modifications, such as via email or with in-Service notifications.
Please review this policy periodically, and especially before you provide any Personal Data. This Privacy Policy was updated on the date indicated above. Your continued use of the Services following the effectiveness of any Modifications to this Privacy Policy constitutes acceptance of those Modifications. If any Modification to this Privacy Policy is not acceptable to you, you should cease accessing, browsing and otherwise using the Services.

15. Dispute Resolution.

If you have a complaint about ROLLER’s privacy practises you should write to us at:

Roller Networks Pty Ltd, 380 City Road, Southbank 3006, Australia, or by email. We will take reasonable steps to work with you to attempt to resolve your complaint.

16. EEA, SWITZERLAND AND UK ONLY.

The EU General Data Protection Regulation (GDPR)

In May 2018, a new data privacy law known as the EU General Data Protection Regulation (or the “GDPR”) becomes effective. The GDPR requires ROLLER and Venues using the Service to provide Users with more information about the processing of their Personal Data.

Here is what you need to know:

Legal grounds for processing your Personal Data

The GDPR requires us to tell you about the legal ground we’re relying on to process any Personal Data about you. The legal grounds for us processing your Personal Data for the purposes set out in Section 4 above will typically be because:

  • you provided your consent;
  • it is necessary for our contractual relationship;
  • the processing is necessary for us to comply with our legal or regulatory obligations; and/or
  • the processing is in our legitimate interest as a provider of Venue management software (for example, to protect the security and integrity of our systems and to provide you with customer service, etc.).

Transfers of Personal Data

As ROLLER is a global company, we may need to transfer your Personal Data outside of the country from which it was originally provided. This may be intra-group or to third parties that we work with who may be located in jurisdictions outside the EEA, Switzerland and the UK which have no data protection laws or laws that are less strict compared with those in Europe.
Whenever we transfer Personal Data outside of the EEA, Switzerland or the UK, we take legally required steps to make sure that appropriate safeguards are in place to protect your Personal Data.

Personal Data Retention

We retain your Personal Data for as long as necessary to provide you with our Services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements.

If you have an account with us, we will typically retain your Personal Data for a period of 90 days after you have requested that your account is closed or if it’s been inactive for 7 years.

Your Rights

Data protection law provides you with rights in respect of Personal Data that we hold about you, including the right to request a copy of the Personal Data, request that we rectify, restrict or delete your Personal Data, object to profiling and unsubscribe from marketing communications.

You can contact us regarding the exercise of these data protection rights by writing to us at Roller Networks Pty Ltd, 380 City Road, Southbank 3006, Australia, or by email. Please note however, that such requests will be assessed by us on a case-by-case basis. There may be circumstances where we are not legally required to comply with your request because of the laws in your jurisdiction or because of exemptions provided for in data protection legislation.

If you have a complaint about how we handle your Personal Data, please get in touch with us as set forth in Section 15 to explain. If you are not happy with how we have attempted to resolve your complaint, you may contact the relevant data protection authority.

ROLLER as a data controller and a data processor

EU data protection law makes a distinction between organisations that process Personal Data for their own purposes (known as “data controllers”) and organisations that process personal data on behalf of other organisations (known as “data processors”). If you have a question or complaint about how your Personal Data is handled, these should always be directed to the relevant data controller since they are the ones with primary responsibility for your Personal Data.

ROLLER may act as either a data controller or a data processor in respect of your Personal Data, depending on the circumstances.

For example, if you are a Venue using the Services, ROLLER will be a data controller in respect of the Personal Data that you provide as part of your account. We will also be a data controller of the Personal Data that we have obtained about the use of the Applications or ROLLER Properties. We use this to conduct research and analysis to help better understand and serve Users of the Services
However, if you purchase or respond to an offering made available via a Venue who is using the Services, as a Consumer, we will process your Personal Data to help administer that offering behalf of the Venue (for example, sending confirmation, promotional and feedback emails, processing payments, etc.). In these circumstances, ROLLER merely provides the “tools” for Venues; ROLLER does not decide what Personal Data to request on registration forms, nor is it responsible for the continued accuracy any Personal Data provided. Any questions that you may have relating to your Personal Data and your rights under data protection law should therefore be directed to the Venue as the data controller, not to ROLLER.