We will use the information that we collect about you in accordance with the following depending on your jurisdiction:
- The Data Protection Act 2018, UK
- The Privacy Act 1988, Australia
- The EU General Data Protection Regulation (Regulation EU 2016/679), (‘GDPR’) which becomes effective from 25 May 2018
What personal information do we collect from the people that visit our blog, website or app?
When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, credit card information or other details to help you with your experience.
- Identity Data includes first name, maiden name, last name, username or similar identifier.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Transaction Data includes details about payments to and from you and other details of services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
- Profile Data includes your username and password, purchases or orders made by you, settings, feedback and survey responses (where applicable).
- Usage Data includes information about how you use our website, products and services.
- Special Categories of Personal Data - Your image, classified as biometric data and data that might reveal your race and ethnic origins, obtained with your permission when you record video messages using our platform to your elected recipients.
- Marketing and Communications Data includes your preferences in receiving emails and communications from us. This also includes us making a note of conversations we have had with you in person and/or communications you sent to us through our CRM or other platforms. This helps us to manage our relationship with you and ensures you only receive communications from us that are relevant and timely.
According to the GDPR legislation we will process Special Categories of Personal Data about you as an unavoidable consequence of the intrinsic nature of the Bonjoro service. Specifically your image - classified as biometric data. In allowing you to send video communication to your recipients we send data that could be used to identify you and your race or ethnic background. We do not use this information for any other purpose than the operation of the platform in allowing you to send video messages and fulfilling our contract with you. By opting in to an account and using the Bonjoro service, you give permission for us to process this information and send videos to your elected recipients that contain images of you. We give you control of the video by restricting download of the videos on the recipient end and giving you complete control to delete any video stored by Bonjoro at request.
When do we collect information?
We collect information from you, with your permission, when you register on our site, start a subscription, Open a Support Ticket or enter information on our site.
How do we collect information about you:
How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
- To quickly process your transactions.
- To follow up with them after correspondence (live chat, email or phone inquiries)
Specifically the use of your information is almost always used in executing contracted activities for you - i.e. the sending of Bonjoros to your elected recipients, executing subscription payments, responding to support requests. Please see the table below for more information:
Type of data
Lawful basis for processing including basis of legitimate interest
To register you as a new customer
(a) Identity (b) Contact
(a) Performance of a contract with you
To process and deliver your subscription purchase including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us
(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us)
(a) Identity (b) Contact (c) Profile (d) Marketing and Communications
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To enable you to use the core platform functionality - send video messages to your elected recipients
(a) Identity (b) Contact (c) Profile (d) Usage (e) Special Categories of Personal Data - your image
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business ,to track interaction on your behalf with your communications and pass that information to and from your account)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Identity (b) Contact (c) Technical
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
To use data analytics to improve our website, products/services, marketing and communications with you, customer relationships and experiences
(a) Technical (b) Usage
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
How do we protect your information?
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology. We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information. All transactions are processed through a gateway provider (Stripe) and are not stored or processed on our servers. Your videos and personal information is stored using a GDPR ready 3rd party provider AWS ( https://aws.amazon.com/compliance/gdpr-center/) in a controlled environment with limited access.
Do we transfer data internationally?
- Payment processing
- Providing customer service
- Sending marketing communications
- Conducting research and analysis
- Providing cloud computing infrastructure
- Video processing and transcoding
For most recipients of your data this involves only your email address, profile photo and the bio you enter into your account settings. These functions are vital for us to deliver the Bonjoro service for your use. We have audited these providers and they have all publicly expressed that they are GDPR compliant.
Upon request Bonjoro will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by logging into your account or by contacting us at the contact information below. We will respond to your request within a reasonable timeframe. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service. Bonjoro Pty Ltd acknowledges that you have the right to access your personal information. Bonjoro has no direct relationship with the individuals - primarily our Users nominated Bonjoro recipients - whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the Bonjoro's Client (the data controller). If requested to remove data we will respond within a reasonable timeframe. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.
Do we use 'cookies'?
- Understand and save user's preferences for future visits.
- Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser's Help Menu to learn the correct way to modify your cookies.
If users disable cookies in their browser:
If you turn cookies off, some features will be disabled. Some of the features that make your site experience more efficient and may not function properly. However, you will still be able to place orders The Web Portal.
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information (PII) unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when it's release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Voluntary Disclosure of Personally Identifiable Information
When using Bonjoro, Users elect to send PII to their own nominated recipients in the form of; i) their email address and ii) their likeness in the form of self-recorded video. We will not repurpose this content in any way without authorisation. We do reserve the right to scan video material for abusive, illegal, or other content that violates our Terms of Service. The User cannot hold Bonjoro accountable for the subsequent use of transmitted PII by the recipient.
Recipient PII handling and disclosure
While using Bonjoro the System will capture the email address of your recipients, as well as publicly available information from social media and other internet sources. We do not sell, trade, or otherwise transfer to outside parties this information, it is solely for the purpose of providing the Service. This information will be retained on our servers, as well as a record of the Bonjoro sent to the recipient for tracking and reporting. E can delete this information on request. You are responsible for the distribution and publishing of any testimonial content collected using our testimonials tool. Permissions should be sought and confirmed using the functionality included in the Service or through other channels. Bonjoro will not use, sell or share any testimonial content you collect. You agree to hold harmless and indemnify Bonjoro from and against any third party claim arising from your use of the testimonial content you collect. Requests regarding the Service Data. If we receive a request from a Testimonial Provider (data subject) asking to exercise data subject’s rights with regard to their submission, we will forward such a request to the respective data controller (You). This could be a request to, but not limited to, temporarily to permanently delete their testimonial, cease publication, or alter the testimonial in some way.
How do We handle your Social Logins?
Our Service offers you the ability to register and login using your third-party social media account details (like your Google logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, profile picture as well as other information you choose to make public on such social media platform. We will use the information we receive only for the purposes that are described in this privacy notice or that are otherwise made clear to you on the relevant Website. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use and share your personal information, and how you can set your privacy preferences on their sites and apps.
We do not include or offer third-party products or services on our website.
We have implemented the following:
- Demographics and Interests Reporting
We, along with third-party vendors such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together Track engagement with the site and service
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.
California Online Privacy Protection Act
According to CalOPPA, we agree to the following:
Can change your personal information:
- By logging in to your account
How does our site handle Do Not Track signals?
We don't honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place. We don't honor them because: It's required for Account Holders to use the service
Does our site allow third-party behavioral tracking?
It's also important to note that we do not allow third-party behavioral tracking
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online. We do not specifically market to children under the age of 13 years old.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information. In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur: We will notify you via email within one calendar month We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions
- Process orders and to send information and updates pertaining to orders.
- Send you additional information related to your product and/or service
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CANSPAM, we agree to the following:
- Not use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can email us at
- Follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.