Privacy Policy

Who we are

Our website address is: https://savvyrenter.com.au.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Our contact forms on this website asks for you to provide us with your name, email address and a message from you. This is used so that we can respond to your enquiry. The plugin that is used for this is Gravity Forms. The method of transmission of this information is to send the enquiry as an email to us. This email is then stored locally at our office on our computer system. The information is also stored on this website on the website hosting server for a period of time until it is removed. Filling out the contact forms on this website is not required in order to use our website.

Checkout forms

Our checkout forms on this website asks you to provide us with your first name, last name, country that you live in, street address, town, state and email address. The details collected are emailed to us so that we may process your order. They are also stored on the website hosting server. This server is located in a Sydney data centre.

We require these details in order to fulfill your order, process your order, and ship your order if applicable. We also require them so that we may contact you for any reason that directly relates to your purchase. These details are not used for any other purpose.

If you purchase a product from our website, you will provide us with additional personal data in the form of your credit card number, expiry date and the CVC number or similar in order to facilitate a transaction made on this website.

For this, we use the WooCommerce Stripe Gateway plugin. This plugin works by allowing us to take payments directly on the checkout page of this website via Stripe’s API. This sensitive data is transmitted directly to Stripe without passing through the server that hosts this website, which allows our checkout process to be PCI-DSS compliant. For more information, visit: https://stripe.com/docs/security.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me“, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Embedded content from other websites, or links to external websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites, or links to other external websites, behave in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

This website uses a Google Analytics code snippet and Facebook Pixel code snippet as part of aggregated visitor data. The personal data collected are cookies and usage data.

The purpose of collecting this data is to create reports on visitor statistics to this website.

Certain areas of this website also allow for interactions with social media platforms should you choose to do this, in the form of a Facebook share button, Twitter tweet button and a Pinterest pin button. These areas will collect cookies and usage data should you choose to use these buttons.

Website hosting

Certain personal data we collect is retained on the website server with this website. This website is hosted with Cloudways, and on their servers located within Sydney, Australia. Any personal data we collect that is stored on this website is stored on this server in Australia.

If you purchase a product from our website, you provide us with additional personal data in the form of your credit card number, expiry date and the CVC number or similar in order to facilitate a transaction made on this website. This particular information is NEVER stored locally on our website or received via our website. This information is stored with Stripe.com and all card numbers are encrypted on disk with AES-256 and decryption keys are stored on separate machines. For more information, see How we protect your data further down.

The credit card payment facility on this website is an embedded secure credit card processing form that is hosted directly with Stripe and all transactions are conducted directly with Stripe.

Website backups

We may perform website backups via our hosting provider from time to time, and these will also be stored on the same hosting server or server in the same physical location as the server that hosts this website, and are usually retained for 4 weeks or less.

In addition, manual backups can be made. These manual backups can also be stored with the hosting server as the website, and also be downloaded to our local computer systems located in our office in Brisbane, Queensland, Australia, and downloaded as a packaged zip file containing the website files and database information.

Any website backups made will contain the same personal data that is stored on the website server at the time that the backup has been made.

Only the most recent backups are retained, and as a new backup is made, the oldest backup is deleted.

Who we share your data with

Your data is shared with Stripe at such time a purchase is made.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Any other information we collected such as through our contact forms, check out forms or payment gateway is stored for as long as your account is active, your information is required to provide you with services, or as required to fulfill our legal obligations.

If you have requested to join our email newsletter, your personal data (your name and email address) will be stored for the length of time that you remain an active subscriber to our newsletter.

You can request to update this information, correct this information, or be provided with a copy of all the personal data we hold by emailing hello@savvryrenter.com.au.

You also have the right to have all personal data deleted or removed, and you can so by emailing hello@savvryrenter.com.au.  You do not need to know what personal data we hold if you request to have all of your personal data deleted or deleted, unless you have requested to receive a copy. It is our responsibility to fulfill your request for full deletion or removal.

When we receive a request to delete or remove personal data, it will be deleted or anonymized.

With regard to personal data collected to provide a sale, we may delete or be required to anonymize any personal data relating to your sale once we no longer have a business need to process your information relating to your sale.

What does anonymize data mean

If we anonymize data, we do this in order to retain certain information for legal or tax reasons. For example, we will need to keep certain information relating to sales such as the product purchased, price of the sale, and any application sales tax, in order to meet our own reporting obligations for tax purposes, as well as other legal reasons. To anonymize this data means that all personal data relating to that sale is completely deleted so that it becomes non identifiable. We are legally required to do this under the General Data Protection Regulation (GDPR) for EU citizens, and it is the policy we have adopted to all users of our website outside of the EU.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

You reserve the right to do the following easily by sending an email request to hello@savvryrenter.com.au.

• You can ask us for a copy of all the information we hold about you. When we receive this request we have to provide you with any information stored on this website, any information you have emailed to us that contains personal data that is still stored locally on our computer systems, and any information, if applicable, that is stored on the third party Data Processors outlined in the policy, which is Stripe.
• You can ask us to correct any information that you think may be incorrect that we hold about you, even if you have not requested to see it first.
• You can request to have any personal data we hold about you, to be deleted or removed completely. You can do this even if you have not requested to see it first.
• In order to comply with these requests, we may need to ask you to confirm your identity.
• We are legally obliged to comply with any of the above requests.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Payment processing requests will be sent to Stripe to process transaction

How we protect your data

SSL Certificate

Verified by: Let’s Encrypt

Connection Encryption TLS_AES_GCM_SHA384, 256 bit keys, TLS 1.3

Security of online payments

Payments processed are done via Stripe payment gateway and comply with the Payment Card Industry Data Security Standards (PCI DSS). Anyone involved with processing, transmitting, or storage of credit card data must comply with the PCI DSS). Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. More information about this can be found here: https://stripe.com/docs/security

The Stripe Credit Card field is hosted on Stripe’s servers and displayed on the payment page of this website using an iframe only. Credit card details are collected securely and directly by Stripe and transmitted over HTTPS connection to their processing servers. Those Stripe collected details are not stored with the entry data on this website. Stripe is also SCA (Strong Customer Authentication) ready. More information about this can be found here: https://stripe.com/docs/strong-customer-authentication

This information is transmitted directly to Stripe and does not pass through the server that hosts this website. It is never stored on the server with this website. We do not have access to this information at all. This information is stored with Stripe.com and all card numbers are encrypted on disk with AES-256 and decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist.

Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure and doesn’t share any credentials with Stripe’s primary services (API, website, etc.) For more information, you can visit Stripe’s security policy for more information here.

Contact Information

Contact information, owner and data controller

SavvyRenter Pty Ltd

Email: hello@savvryrenter.com.au