Privacy Policy

General
This Privacy Policy (“Privacy Policy”) applies to all Personal Data collected by Candlon (referred to as “Candlon”, “we”, “our” and “us”). This Privacy Policy does not apply to websites operated by Candlon that do not link to this Privacy Policy.

Candlon is committed to complying with its obligations under applicable Data Protection Laws. BY ACCESSING AND USING THE SERVICES OR ENGAGING IN COMMUNICATIONS WITH US, YOU AGREE TO THE PROCESSING OF YOUR PERSONAL DATA AS DESCRIBED IN THIS PRIVACY POLICY AND TO BE BOUND BY THE TERMS OF THIS PRIVACY POLICY.

If you are an Australian individual, the Privacy Act 1988 (as amended, the “AU Privacy Act”) and the Australian Privacy Principles (“APP”) may apply to Personal Data about you.

If you are located in, or are a resident of the United States of America, federal and state laws and requirements in the United States may apply to Personal Data about you.

If you are accessing our Websites and Services from another jurisdiction, additional local requirements may apply.

In this Privacy Policy, we explain how and why we collect Personal Data about you, how we use, share and protect it, and what controls you have over our use of it. Please read this Privacy Policy carefully. If you do not agree with the terms and conditions of this Privacy Policy, please do not use our Websites and Services.

Definitions
In this Privacy Policy:

Account means an account you need to register on our Websites or establish with our representatives to place orders, access certain password protected portions of our Websites, or receive our Services.

AI Products means artificial intelligence and machine learning tools that we use in connection with collecting, reviewing and verifying forms and photos of you that you submit to us, to improve the efficiency of our Website and Services (as applicable);

American CAN-SPAM Act means the *Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003*.

Data Protection Laws means the laws that are designed to protect your Personal Data and privacy that are applicable to Candlon. For the purpose of this Privacy Policy, these include:

  • the AU Privacy Act; and

  • applicable federal and state privacy and data protection laws in the United States.

Government Related Identifiers means an identifier assigned to any individual by an agency, a State or Territory authority, an agent of an agency, or State or Territory authority, acting in its capacity as agent; or a contracted service provider for a Commonwealth contract, or a State contract, acting in its capacity as contracted service provider for that contract.

OAIC means the Office of the Australian Information Commissioner.

Payment Processors and Payment Facilitators refers to third-parties that process your payments for the Services.

Personal Data means information or data that constitutes “personal data,” “personal information,” or similar information governed by applicable Data Protection Laws.

Processing, including process, refers to the broad terms for collection, storage, transfer, use, or other action related to your Personal Data.

Sensitive Information means information or data that constitutes “sensitive information” (as defined in the AU Privacy Act), “sensitive personal information”, or similar information governed by Data Protection Laws.

Services refers to services provided by Candlon to you, which may include, but are not limited to, the promotion, sourcing, ordering, delivering, and provision of products, services, solutions, and supporting services.

Websites means each of the following websites and platforms available at our official website or any other Candlon website that has a link to this Privacy Policy from time to time from which the Services are offered, promoted and/or delivered.

You or your means you as an individual using our Websites, Services or otherwise contacting us (on your own behalf, or for another individual or entity).

Types of Personal Data We Collect
We may collect, use, store and transfer various types of Personal Data, including:

  • Identity Data including your name, address, gender, date of birth, and photos of you submitted to us;

  • Contact Data including billing address, email address for primary and secondary contacts and telephone number;

  • Financial Data including bank account and payment card details, including credit card number and expiry date and security code (CVC);

  • Transaction Data including details about payments made to and from you in connection with the Services, identity of customers, resellers or suppliers (as applicable), details of activities listed, booked, or otherwise dealt with through our Services, electricity connection information and all other information and forms convenient in relation to the provision of our Services;

  • Technical Data including internet protocol (IP) address, your login data, browser type and version, access times, webpage you are directed from, webpage(s) or content you historically accessed for us, time zone settings and location, browser plug-in versions and types, operating system and websites, and other technology in devices used to access our Websites and/or Services or the users of our Services;

  • Account Profile Data including your username and password that you may set to establish an Account with us, any documentation required to verify credentials of suppliers (including electrician licences, as applicable), and your portal preferences;

  • Usage Data including information about your usage of our Websites and Services including information retrieved from cookies;

  • Marketing and Communications Data including your preferences for receiving communications about our activities, events, and publications from us and certain third parties, and details about how you engage with our communications;

  • Feedback including information you provide when you contact us with questions, feedback, or otherwise correspond with us online or offline;

  • Social Network Data including information from your profile on a third-party social network, including YouTube®, LinkedIn® and other platforms, if you choose to connect with us through such social media sites. Personal Data that we may collect in this context may include your name, username, and email address, among others. In addition, our Websites may offer features that allow you to share information to and from a social media site. If you decide to use such features, they may allow the sharing and collection of information both to and from such websites so you should check the privacy policy of each social media site before using such features;

  • Event Registration Data, information that may be related to an online or offline interactions, your Account, or an offline event you register for; and

  • any other Personal Data that may be required in order to facilitate your dealings with us.

Where we solicit Personal Data, we only collect:

  • non-Sensitive Information, if it is reasonably necessary for our Services;

  • Sensitive Information, if it is reasonably necessary for or directly related to our Services and you have consented to its collection, or its collection and use is permitted or authorised by law.

We may collect various other types of Personal Data, including Sensitive Information, in the course of conducting our business where it is provided to the users of the Services or other persons without being solicited, in accordance with clause 11.

How We Collect Personal Data
We may collect Personal Data about you through any of the following methods:

  • Direct interactions. Where you provide us with Identity Data, Account Profile Data, Contact Data, Feedback, Social Media Data, Event Registration Data, Financial Data and/or Transaction Data through completing documentations, web forms or establishing an Account with us, or communicating with us by phone, email, post mail, online or offline. This includes Personal Data that is provided to us when you:

    • access or use our Websites;

    • request or participate in our Services;

    • request marketing information from us;

    • provide us with feedback; or

    • communicate with us in person or via email, telephone, SMS, our Website, or social media; and

    • otherwise deal with us in the course of our business.

  • Automated means. Where you interact with our Websites and/or Services, we automatically collect Technical Data, Usage Data and Marketing or Communications Data. We may collect this type of Personal Data using third party service providers. To improve your experience on our Websites, we may use “cookies” (small data files that are served by our platform and stored on your device). These are used by us or third parties for a variety of purposes including to operate and personalise the Websites. Cookies may be used for recording preferences, conducting internal analytics, conducting research to improve our offering, assisting with our marketing activities and delivering certain website functionality. In addition to cookies, we may use other automatic data collection technologies that work similarly to cookies, such as internet tags, web beacons (clear gifs, pixel tags, and single-pixel gifs), and navigational data collection (log files, server logs, etc.) that collect your Personal Data as you navigate through and interact with our Websites.
    You may refuse to accept cookies by selecting the appropriate setting on your internet browser. However, please note that if you do this, you may not be able to use the full functionality of our Websites.

  • Third parties or publicly available sources. We may also obtain Personal Data about you from publicly available sources (e.g., websites or publicly accessible databases), third-party data vendors and third-party partners and collaborators. This includes:

    • Technical Data from advertising networks, search information providers and analytics providers;

    • Contact Data, Financial and Transaction Data from technical and payment services connected to our Services;

    • Identity Data and Contact Data made available from public sources, law enforcement or government entities in other jurisdictions (as applicable); and

    • Identity Data and Contact Data from third-party applications where the Services require the import of information about users and their clients to fulfil activities and facilitate payments.

If we solicit Personal Data, we will generally solicit it directly from the person it relates to or their agents, unless it is unreasonable or impracticable for us to do so. Where we collect Personal Data about you from a third party without your prior consent, we will take reasonable steps to inform you that we have collected Personal Data. We may combine Personal Data from multiple online and off-line sources.

It is voluntary to provide Personal Data to us, but if you choose not to provide certain Personal Data, we may not be able to provide the requested Services. You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

Where we need to collect Personal Data by law, or under the terms of a contract we have with you, and you fail to provide that information when requested or withdraw your consent to us processing your Personal Data (where applicable) we may not be able to perform the contract we have or are trying to enter with you. In this case, we may have to cancel a product or Service you have with us, but we will notify you if this is the case at the time.

How We Store and Protect Personal Data
We prioritise the security of your Personal Data whilst it is in our possession. We may hold Personal Data in various forms, including but not limited to physical documents, electronic records, visual records, and audio recordings. We use commercially reasonable efforts to keep physical files securely inside our access-controlled premises and store electronic files securely on protected information systems. Electronic files are only accessible through our secure network. Our staff members and contractors are bound by confidentiality agreements or professional confidentiality responsibilities.

We take reasonable steps to:

  • ensure that Personal Data we collect is accurate, up-to-date, complete and relevant, other than where it is only collected to provide advice in respect of a particular point in time, in which case we will seek to ensure it is accurate, complete and relevant as at that particular point in time;

  • ensure that Personal Data we use or disclose is accurate, up-to-date, complete and relevant, having regard to the purposes for which Personal Data is used or disclosed;

  • protect Personal Data from misuse, interference, and loss, and from unauthorised access, modification, or disclosure; and

  • destroy or de-identify Personal Data which we no longer need for the purposes for which it was collected, except where it is necessary to retain it in order to maintain ongoing records for our clients.

We cannot guarantee the security of information transmitted via the internet. As such, transmission of Personal Data via the internet is at your own risk and we cannot be held responsible for the security of such information.

We will notify you and/or any applicable supervisory authority of a data security breach where the Data Protection Laws in that jurisdiction require us to do so, and within the timeframe required by the relevant Data Protection Laws.