Privacy Policy

Instant Checkout Pty Ltd

|

Last Updated

Instant Checkout Pty Ltd (ABN 50 642 933 462) (Instant, we, our, us) provides marketing technology and retention services to e-commerce businesses (Merchants). For the purposes of this Privacy Policy, we refer to the websites or digital properties of our Merchants as Merchant Websites, and individuals who visit or interact with those websites or services as Customers.

This Privacy Policy explains how we collect, use, disclose and otherwise handle personal information in connection with our websites, products and services (the Instant Products).

We are committed to handling personal information in accordance with applicable privacy and data protection laws, including the Australian Privacy Act 1988 (Cth), the EU and UK GDPR, and the California Consumer Privacy Act.

If we update this Privacy Policy, we will publish the updated version on this page.

1. Our role

  1. When Merchants use the Instant Products, we process personal data on their behalf and in accordance with their instructions. In these cases, the Merchant is responsible for how personal data is collected and used, including the legal basis for processing and communications sent to their Customers.

  1. This includes the Instant Products that help Merchants recognise and communicate with their Customers across Merchant Websites, devices and marketing channels using identifiers such as email addresses, cookies, device identifiers and similar technologies.

  1. We also process personal data as a controller for our own business operations, including operating our website, managing Merchant accounts, providing support, billing, marketing the Instant Product, maintaining security and complying with legal obligations.

2. Consents

  1. Our Merchants are required to comply with all applicable privacy laws.

  2. Our agreement in place with each Merchant requires each Merchant to obtain all relevant privacy consents, approvals and authorisations required by law in order for us and our suppliers to collect and process the personal information about their Customers on each Merchant Website. We require each Merchant to electronically verify that they have obtained their Customers’ consent to the collection and processing of Customers’ personal information by us and our suppliers. 

  3. Our Merchants are not permitted to access or use personal information that is collected about their Customers via the Instant Products unless they have obtained all consents required by applicable law.

  4. We encourage each of our Merchants to ensure that their Customers are familiar with their privacy policy so that their Customers will understand how the Merchant will collect, use and otherwise process personal information about them, via Instant Products or otherwise. 

3. The types of personal and other information that we collect and hold

  1. We collect and hold the following types of personal information about Customers:

    1. Personal information, including first name, last name, phone number, email address, delivery address, billing information, products and services ordered from a Merchant Website, and payment details. We do not process Customer payments for purchases on Merchant Websites but we do enable the processing of such payment by providing the Customer’s payment details to a payment gateway provider that is responsible for processing such payments.  

    2. Behavioural data, including browsing data collected by Instant Checkout or Instant Audiences from the Customers device, which may include session data, pages you access, your computer IP address, device identifiers, the type of operating system you are using, your location including geolocation, mobile network information, standard web log data and other information.

    3. Personal information about Customers generated by Instant’s profile building technology such as information about the Customer’s shopping habits, what types of hobbies they might have, or demographic information (eg inferred income or age range, household size, or home ownership) as determined by those algorithms.

    4. Marketing engagement data including data collected through emails and marketing campaigns sent via Instant AI, such as email open rates, click-through rates, and engagement metrics.

      Some of the above information may be inferred and we may combine any of the information we collect or receive with other information.

  2. We collect and hold the following types of personal information about current and potential Merchants and their personnel:

    1. Personal information, including first name, last name, phone number, email address, delivery address, billing information, products and services ordered from a Merchant Website, and payment details. We do not process Customer payments for purchases on Merchant Websites but we do enable the processing of such payment by providing the Customer’s payment details to a payment gateway provider that is responsible for processing such payments.  

    2. We may also obtain information about a current or potential Merchant and their personnel from third parties including Instant Merchants, third party suppliers and commercial partners (together, Partners), as well as credit reporting bodies and identity verification services, and publicly or commercially available sources for the purposes of complying with relevant legislation (e.g. anti-money laundering laws).

    3. Current Merchants and their personnel may provide us with access to certain personal information about them held by third parties such as social media sites (e.g., Facebook and Twitter). The information we may receive varies by site and is controlled by that site. By associating an account held with a third party with your Instant account that is set up for you when you first register with us, and authorising us to have access to this information, each Merchant and their personnel agrees that we may collect, store and use this information in accordance with this Privacy Policy.

  3. We may also collect an individual’s personal information if they interact with our website or participate in a competition or promotion that we offer (either directly or through our marketing agents or our Partners).

  4. We may collect personal information about our Partners and other third party suppliers and their personnel from our Partners and third-party suppliers or directly from their personnel. The information we collect about our Partners and third party service providers and their personnel may include name, position, contact details and training records.

  5. In addition to the personal information described above, we may collect publicly available information from Merchant Websites, including logos, images, design elements, and other brand assets, for the purposes of generating and sending marketing communications and services.

4. How we collect personal information

  1. Our policy is to not collect personal information by means that are unfair or unreasonably intrusive in the circumstances. We only collect personal information that is necessary to provide the functionality of the Instant Products and to otherwise operate our business.

  2. We collect personal information about Customers when it is transmitted to us via Instant Products in accordance with our obligations pursuant to a contract in place with the Merchant. We also collect personal information entered by the Customer into our website, which the Customer is taken to when they click on the “Buy Now” button that has been installed on the Merchant Website. We also collect personal information about each Customer that is collected via a pixel containing a third-party JavaScript agent and the related code used in the Instant JavaScript library, which allows our third-party service providers to collect data about the Customer’s interactions with each Merchant Website.  

  3. We also use cookies to collect personal information. We use cookies that identify when a Customer interacts with a Merchant Website that has Instant Products operating on it. We use a number of different cookies on our own website, the details of which are set out below.

  4. We also collect personal information when a Customer voluntarily discloses it on the Merchant Website (via an Instant Product, surveys, online forms or otherwise). 

  5. Our Merchants are responsible for ensuring that all Customer consents, approvals and authorisations have been obtained or provided by them as required by law for the lawful collection of the personal information that we collect from them. We receive personal information about Customers from each Merchant via the Instant Checkout or Instant Audiences functionality installed on each Merchant Website. 

  6. In the event that any personal information is provided to us which is unsolicited by us, we will review such personal information on an individual basis before destroying or de-identifying the information. 

  7. We collect personal information about current and potential Merchants and their personnel when they voluntarily disclose it to us or when we collect it about them when they order or use an Instant Product. We collect personal information about current and potential Customers and their personnel when they enter into a contract with us, order an Instant Product from us, register an end user account on an Instant Product, contact us to enquire about our products or services, to request technical support and/or when they otherwise voluntarily provide it to us.

  8. We collect personal information about current and potential Partners and other service providers and their respective personnel when they voluntarily disclose it to us or when they negotiate or enter into a contract with us, contact us to enquire about engaging them and to provide us technical support.

5. How we use personal information

  1. How we use the personal information that we collect and process.

Category

How we use and process personal information that we collect

Category

Personal information about Customers

  • To provide the functionality of the Instant Products to Customers and Merchants;

  • To build profiles of Customers who engage with Merchant Websites and insights about them;

  • To determine which Customers or prospective Customers are most likely to be interested or disinterested in certain offers

  • To perform data analytics including to improve our and our third party providers’ services;

  • To send personal information to our Merchant’s third party marketing service providers, for them to use for the purpose of marketing campaigns directed at Customers that have engaged with the Merchant Website;

  • To send SMSs to Customers with a link to checkout for products they considered purchasing but abandoned on a Merchant Website;

  • To generate and send personalised marketing communications to Customers on behalf of Merchants, including for abandoned purchases on a Merchant Website and campaigns;

  • To optimise the content and delivery of personalised marketing communications based on performance and engagement data;

  • In order to store personal information in databases and systems in our hosting environments at third party data centres;

  • To provide technical support in respect of the Instant Products to Merchants;

  • When backing up and restoring data that includes Customer personal information;

  • To improve and develop the Instant Products and for general product and business development;

  • To carry out security audits, investigate security incidents and implement security processes and procedures that require access to personal information; and

  • To handle complaints.

  • Required for Merchants and Customers to receive the benefit of the Instant Products;

  • To enable Merchants and Instant on behalf of Merchants to retarget marketing content to Customers;

  • Necessary for our legitimate interests, including in order to operate and grow our business, in order to administer and allow the Merchants to operate the Instant Products, to enable us to operate our IT systems and networks, manage our hosting environments, and ensure the successful delivery of the Instant Products;

  • To provide statistical analysis of de-identified personal information;

  • To assist Merchants to detect and prevent fraud and provide “validation” or data hygiene services, e.g., by verifying or removing or correcting old, incorrect or outdated information or evaluating whether an email address recently has been active.

  • For our accounting, billing and other internal administrative purposes;

  • To comply with our legal and statutory obligations; and

  • Required in order to determine which privacy law applies to the individual.

Personal information about current and potential Merchants and their personnel

  • To manage, provide and support the Instant Products for use by Merchants and their personnel;

  • To inform, market and promote our products and services to potential Merchants and negotiate contracts with them;

  • In order to store personal information in databases and systems in our hosting environments at third party data centres;

  • To create and manage your user account or other user profiles;

  • To provide technical support in respect of Instant Products to Merchants and their personnel;

  • To send newsletters and other communications to current and potential Merchants and their personnel concerning Instant Products, events and education opportunities, unless you opt-out of receiving them;

  • When backing up and restoring data that includes personal information about Merchants and their personnel;

  • To improve and develop the Instant Products and for general product and business development;

  • To carry out security audits, investigate security incidents and implement security processes and procedures that require access to personal information; and

  • To handle complaints.

  • Required for Merchants to receive the benefit of the Instant Products;

  • Necessary for our legitimate interests, including in order to operate and grow our business, in order to administer and allow the Merchants to operate Instant Products, to enable us to operate our IT systems and networks, manage our hosting environments and ensure the successful delivery of the Instant Products;

  • For our accounting, billing and other internal administrative purposes;

  • To comply with our legal and statutory obligations including for the purpose of confirm your identity for the purposes of anti-money laundering and counter-terrorism laws and assess applications and your suitability for Instant Products; and

  • Required in order to determine which privacy law applies to the individual.

Personal information about current and potential Partners and other third party suppliers and their personnel

  • To inform, market and promote our products and services to, and to engage, potential Partners and third party suppliers and negotiate contracts with them; 

  • When backing up and restoring data that includes personal information about Partners and other third party suppliers and their personnel;

  • To carry out security audits, investigate security incidents and implement security processes and procedures that require access to personal information; and

  • To handle complaints.

  • Required for Merchants and Customers to receive the benefit of the Instant Products;

  • Necessary for our legitimate interests, including in order to operate and grow our business, in order to administer and allow the Merchants to operate Instant Products, to enable us to operate our IT systems and networks, manage our hosting environments and ensure the successful delivery of the Instant Products;

  • For our accounting, billing and other internal administrative purposes;

  • To comply with our legal and statutory obligations including for the purpose of confirm your identity for the purposes of anti-money laundering and counter-terrorism laws and assess applications and your suitability for Instant Products;

  • Required in order to determine which privacy law applies to the individual.

6. Legal basis for processing

  1. Where we act as a controller, we rely on the following legal bases to process personal data:

    1. Contract: we process personal data where it is necessary to provide our services, manage accounts, process payments, provide customer support, and meet our contractual obligations.

    2. Legitimate interests: we process personal data where it is reasonably necessary for our legitimate interests, including operating and improving our services, ensuring security, preventing fraud, communicating with customers, and promoting our services, provided these interests are not overridden by your rights.

    3. Legal obligations: we may process personal data where required to comply with legal and regulatory obligations, including record-keeping, responding to lawful requests, and enforcing our terms and policies.

    4. Consent: where required by law, we rely on consent, for example for certain marketing communications or the use of cookies and similar technologies. You may withdraw consent at any time.

  2. When we process personal data on behalf of our customers as a processor, we do so only on their documented instructions and in accordance with our Data Processing Agreement.

7. De-identified data analysis

  1. Personal information may also be de-identified by us and used for statistical analysis. All such data is not held in a form that could reasonably be expected to identify an individual.

  2. We use de-identified personal information to help us review, enhance and improve the Instant Products (for statistical or research purposes) and to develop case studies and marketing material without identifying any individual. 

8. How we hold and secure personal information

  1. We hold and store personal information that we collect in our offices, computer systems and third party owned and operated hosting facilities.

  2. We take reasonable steps to protect personal information that we hold using such security safeguards as are reasonable in the circumstances to protect against loss, unauthorised access, modification and disclosure and other misuse, and we implement technical and organisational measures to ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or otherwise processed by us.

  3. We:

    1. only use reputable cloud hosting providers to host personal information;

    2. implement passwords and access control procedures, anti-virus, firewall and security controls for email and other applicable computer software and systems; 

    3. maintain files, in both hardcopy and electronic form, at our offices and other access-controlled premises;

    4. operate online records managements systems on secure networks;

    5. regularly perform security testing;

    6. maintain physical security measures in our buildings and offices such as visitor access management, cabinet locks, surveillance systems and alarms to ensure the security of information systems (electronic or otherwise);

    7. require our employees, agents and contractors to comply with privacy and confidentiality provisions in their employment and subcontractor agreements that we enter into with them;

    8. use SSL encryption on our systems;

    9. have data backup archiving and disaster recovery processes in place;

    10. if appropriate in the circumstances taking into account the state of the art, the costs of implementation and the nature, scope, content and purpose of the processing, we will encrypt personal information; and 

    11. with respect to personal information that we no longer require or where we are otherwise required to destroy it under applicable law, we ensure that such personal information is securely destroyed.

9. Disclosure and sharing of personal information

  1. We will disclose personal information to our employees, officers, professional advisors, suppliers, agents and/or related entities who assist us in the delivery and performance of the Instant Products. We ensure that they are aware of their information security responsibilities, are appropriately trained to meet those responsibilities and have entered into agreements which require them to comply with privacy and confidentiality obligations which apply to personal information that we provide to them.

  2. We disclose personal information that we collect as follows:

    1. To Merchants, being data about their Customers;

    2. To our Partners and other third party suppliers, so that they can provide goods or services to us that we rely on to provide the Instant Products to Merchants. This includes our data storage and software providers who host our databases and information on our behalf and suppliers who support our business operations including in relation to fraud prevention, identity verification, payment collection, marketing, customer service, and technology services (which otherwise assist us to provide, develop, maintain, and improve our services and the Instant Products). This also includes our third party SMS providers for the purpose of supplying Instant SMS to Merchants (all of the above third party providers and suppliers, together, the Service Providers);

    3. when providing information to our legal, accounting or financial advisors or insurers, or to our debt collectors for debt collection purposes or when we need to obtain their advice, or where we require their representation in relation to a legal dispute;

    4. where a person provides written consent to the disclosure of their personal information; 

    5. where we become aware that specific personal information needs to be disclosed to protect the safety or vital interests of any person. Please note that while we may monitor personal information entered into, or generated via the Instant Products from time to time, we do not review all such information and do not represent that we will monitor any person’s use of the Instant Products; 

    6. if we are contacted by any person who represents to us that they are a Customer, Merchant or their personnel, for security purposes, we will only discuss the personal information that we hold about them with them if they correctly identify themselves as such according to our security measures;

    7. our affiliates and related companies (Affiliates);

    8. financial institutions that we may partner with to jointly create and offer a product;

    9. credit reporting bodies and collection agencies, including to report account information, as permitted by law. When we share your personal information with credit reporting bodies we authorise them to use that information for the purposes of providing their credit reporting services. To request a credit report, we will provide information to the credit reporting body that identifies you;

    10. banking partners as may be required by credit card association rules for inclusion on their list of terminated merchants;

    11. companies that we plan to merge with, be acquired by, acquire, or who may invest in us;

    12. to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences;

    13. for the enforcement of a law imposing a pecuniary penalty;

    14. for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); and

    15. to police and other governmental bodies or regulatory authorities.

  3. We will only share your personal information with third parties as described in this Privacy Policy or as otherwise notified to you at the time of collection or with your consent.

  4. Providing personal data is generally necessary for us to provide our services, manage accounts, process payments, provide support, and meet our legal obligations. If you do not provide personal data where it is required, we may not be able to provide our services, respond to enquiries, or fulfil our contractual obligations. Where we process personal data on behalf of our Merchant customers, providing personal data is at the discretion of the Merchant and is subject to their privacy practices.

  5. If a Merchant subscribes to Instant Products directly on a third party website or via a third party application, any information that the Merchant enters on that website or application (and not directly on Instant’s website) will be shared with the owner of the third party website or application. These sites are governed by their own privacy policies and Merchants are encouraged to review their privacy policies before providing them with any personal information. 

10. Interacting with us without disclosing personal information

  1. If you do not provide us with your personal information, you can only have limited interaction with us. For example, you can browse our website without providing us with personal information, such as the pages that generally describe Instant that we make available, and our Contact Us page. However, when you submit a form on our website or order an Instant Product, we need to collect personal information from you in order to identify who you are, so that we can provide you with the Instant Products, and for the other purposes described in this Privacy Policy.

  2. You have the option of not identifying yourself or using a pseudonym when contacting us to enquire about Instant or Instant Products but not if you wish to actually engage Instant, use the Instant Products or any part thereof. It is not practical for us to provide you with access to or use of the Instant Products (or any part thereof) if you refuse to provide us with personal information.

11. Third party products and websites 

  1. Our website and the Instant Products may include links to third party websites or applications and integrations with third party products and services. Our linking to those websites or applications does not mean that we endorse or recommend them. We do not warrant or represent that any third party complies with applicable data protection laws. Merchants, Customers and other data subjects should consider the privacy policies of any relevant third party prior to disclosing personal information to them.

12. International and overseas transfers

  1. We are based in Australia and may transfer personal data to our contractors, service providers, and related companies who help us operate and provide our services. These recipients may be located in Australia, the United States, and other countries where our providers operate.

  2. If you are located in the European Union, the United Kingdom, or Switzerland, your personal data may be transferred outside your country. Where required, we use approved safeguards such as the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum to protect your data.

  3. Where we disclose personal information overseas, we take reasonable steps to ensure recipients handle it in line with the Australian Privacy Principles or are subject to substantially similar privacy protections.

13. Retention of personal information

  1. We will usually store the personal data we collect about you for no longer than necessary for the purposes set out in this Privacy Policy, and in accordance with our legal obligations and legitimate business interests.

  2. Where we process personal data on behalf of Merchants, we retain the data in accordance with our agreements with those Merchants and their instructions.

  3. When personal information is no longer required, we take reasonable steps to delete or de-identify it.

14. Your rights and how to access and correct personal information

  1. You may request access to, correction of, or deletion of personal information we hold about you by contacting us using the details set out below or submitting a Privacy Request. If you are a Merchant or authorised user, you may also access and update certain personal information directly through your account where this functionality is available.

  2. If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, you have the following rights under applicable data protection laws:

    1. Access – to request a copy of your personal data.

    2. Correction – to request correction of inaccurate or incomplete data.

    3. Erasure – to request deletion of your personal data in certain circumstances.

    4. Restriction – to request restriction of processing in certain circumstances.

    5. Data portability – to receive your personal data in a structured, commonly used and machine-readable format.

    6. Object to processing – to object to processing based on our legitimate interests.

    7. Withdraw consent – where we rely on consent, you may withdraw it at any time.

  3. Where we process personal data on behalf of a Merchant as a processor, we will forward your request to the relevant Merchant unless we are legally required to respond directly. You also have the right to lodge a complaint with your local data protection supervisory authority. 

  4. We may need to verify your identity before responding to your request. We do not charge a fee for exercising your data protection rights unless a request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request where permitted by law. We will respond to requests within the timeframes required by applicable law.

15. Marketing and opt-out choices

  1. We may send marketing communications to Merchants about our products and services that we think they may be interested in. If a Merchant signs up to receive newsletters or other marketing communications from us, they can opt-out any time by clicking the unsubscribe link at the bottom of the message or by logging into their account on the Instant Products to update their marketing preferences at any time.‍

  2. Even after a Merchant opts-out of receiving marketing materials from us, please allow us sufficient time to process such changes. Unless otherwise required by law, it may take up to 5 days to process an opt-out request in relation to the receipt of electronic marketing materials such as emails and SMS, and up to 30 days for all other marketing-related requests.

  3. Even after a Merchant opts-out of receiving marketing communications from us, we may still contact the Merchant for transactional or informational purposes. These include, for example, customer service issues, returns or product-related inquiries, outstanding payment inquiries, surveys or recalls, or any questions regarding a specific order.

  4. We may use personal information about Customers to send marketing communications to Customers on behalf of Merchants about Merchant products and services that the relevant Merchant thinks they may be interested in. Marketing communications sent to Customers by Instant are sent using personal information provided or authorised by the relevant Merchant and may be sent from the Merchant’s domain, but are facilitated by Instant. If a Customer signs up to receive marketing communications from us on behalf of a Merchant, they can opt-out at any time by clicking the unsubscribe link at the bottom of the message, or by logging into their account on Instant Checkout to update their marketing preferences (if applicable).  Customers may also opt out of receiving marketing communications sent by Instant on behalf of Merchants by contacting us at help@instant.one. We will action such requests on behalf of the relevant Merchant.

  5. Even after a Customer opts-out of receiving marketing communications from us, please allow us sufficient time to process such changes. Unless otherwise required by law, it may take up to 5 days to process an opt-out request in relation to the receipt of electronic marketing communications such as SMS, and up to 30 days for all other marketing-related requests.

16. Cookies and third-party analytical services

  1. We use cookies to improve our website and the Instant Products, as well as to enhance Customer’s checkout experience.

  2. When you access our website or use Instant Products, we may place small data files on your computer or other device. These data files may be cookies, pixel tags, flash cookies, or other local storage provided by your browser or associated applications (collectively Cookies). We use Cookies to ascertain which web pages are visited and how often, to make our website more user friendly, to give you a better experience when you attend at a Merchant Website and to target advertising to you that we think you may be interested in.

  3. Cookies allow us to save your password and Instant Products account information so you do not have to re-enter it every time you complete an action, like make a purchase via Instant Checkout.

  4. We use two main categories of cookie:

    1. Strictly Necessary Cookies: These cookies are set by us or a third party on our behalf, and are essential to enable you to use the features of our website, such as technically delivering content and experiences, setting your privacy preferences, logging in, making payments or filling in forms. Without these cookies, our website may not work properly.

    2. Optional Cookies: Optional cookies may be 'first party cookies' or 'third party cookies'. First party cookies set directly by us or by a third party at our request. Third party cookies are set directly by a third party or set by us at the request of a third party, such as our analytics or advertising service providers.

  5. Most web browsers automatically accept Cookies. You can find information specific to your browser under the “help” menu. You are free to decline our Cookies if your browser or browser add-on permits, unless our Cookies are required to prevent fraud or ensure the security of websites we control. However, declining our Cookies may interfere with your use of our website and the Instant Products.

17. Controlling Cookies
  1. Your browser may give you the ability to control Cookies. How you do so, however, depends on your browser and the type of cookie. Certain browsers can be set to reject all browser cookies. If you configure your computer to block all cookies, you may disrupt certain web page features, and limit the functionality we can provide when you visit or use our website and/or Merchant Websites. If you block or delete Cookies, not all of the tracking that we have described in this policy will stop. If you continue without changing your settings, we will assume that you are happy to receive all cookies on our website. You can change your cookie settings at any time. Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. These browser features are still not uniform and we are not currently set up to respond to those signals.
18. Automated decision‑making and AI
  1. We may use automated systems, including artificial intelligence (AI), and profiling techniques to help deliver, improve, and personalise our services.

    1. analysing how Customers interact with Merchant Websites and digital services (eg through cookies and similar technologies); and

    2. automatically selecting, generating, or sending marketing communications to Customers on behalf of Merchants.

  2. These processes are used to help Merchants deliver more relevant and timely communications and to improve the performance and effectiveness of our services. This may affect the content, timing, and nature of the marketing messages you receive.

  3. We do not use AI or other automated decision-making to make legal, financial, or similarly significant decisions about individuals without human involvement.

  4. Where we carry out these activities on behalf of Merchants, we do so as a processor in accordance with their instructions.

  5. You can request more information about our use of automated decision‑making and profiling by contacting us at help@instant.one.

19. Children’s privacy
  1. We do not knowingly collect information from children under the age of 16. If you are under the age of 16, please do not provide any information through the Instant Products. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Privacy Policy by instructing their children to never provide any information on this website or any other website without their permission. If you have reason to believe that a child under the age of 16 has provided their information, please email us at help@instant.one, and we will endeavor to delete that information from our databases.
20. Contact us
  1. Any person who wishes to contact us for any reason regarding our privacy practices or the personal information that we hold about them, or make a privacy complaint, may contact us as follows:
    Contact: Privacy Representative
    Email: help@instant.one

  2. We endeavour to resolve any privacy complaint with the complainant within a reasonable time frame given the circumstances. This may include working with the complainant on a collaborative basis or otherwise resolving the complaint.

  3. If the complainant is not satisfied with the outcome of a complaint or they wish to make a complaint about a breach of the Australian Privacy Principles, they may refer the complaint to the Office of the Australian Information Commissioner who can be contacted using the following details:
    Telephone: 1300 363 992
    Email: enquiries@oaic.gov.au
    Address: GPO Box 5218, Sydney NSW 2001
21. EEA and UK Representative

  1. We have appointed representatives in the EEA and the UK. You may contact them directly regarding the processing of your personal data or to exercise your data protection rights.

    EEA Representative

    Instant EU GDPR Representative Limited
    Office 2, 12A Lower Main Street
    Lucan, Co. Dublin
    K78 X5P8
    Ireland

    Phone: +353 015 549 700
    Email: contact@gdprlocal.com
    Website: www.gdprlocal.com

    UK Representative

    GDPRLocal Ltd.1st Floor Front Suite27–29 North StreetBrighton, England BN1 1EBUnited KingdomPhone: +44 1772 217 800Email: contact@gdprlocal.comWebsite: www.gdprlocal.com

22. Additional disclosures for residents of certain jurisdictions
California Privacy Rights

If you are a resident of California, the following additional rights and disclosures apply to you under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).



Do Not Sell or Share My Personal Information

We do not sell personal information. We may allow certain advertising partners to collect information through cookies or similar technologies on our website for advertising and analytics purposes. California residents may exercise their privacy rights by submitting a request through our Privacy Request page or contacting us at help@instant.one.


Personal Information We Collect

Under California law, you have the right to request information about the categories of personal information we have collected about you, the sources from which it was collected, the business or commercial purposes for collecting it, and the categories of third parties with whom we share it.


Your California Privacy Rights

Subject to applicable law, California residents may request:

  • Disclosure of personal information collected about you in the past 12 months;

  • Deletion of your personal information, subject to certain exceptions;

  • Correction of inaccurate personal information;

  • Access to the categories and specific pieces of personal information we have collected about you;

  • Disclosure of CCPA/CPRA categories of personal information sold or shared, if any;

  • Limit the use of your sensitive personal information to what is necessary to provide services.

You may exercise these rights by contacting us using the contact details in this policy or via any opt-out mechanisms we provide.

We will not discriminate against you for exercising your CCPA/CPRA rights.

Authorized Agent

You may designate an authorized agent to make a request on your behalf. We may require verification directly from you before responding to requests made by an agent.

How to Submit a Request

To exercise your California privacy rights, please contact:

  • Privacy Support: help@instant.one

  • Subject line: “California Privacy Rights Request”

We will verify your identity and respond within the timeframes required by law.

Canada Privacy Disclosures Addendum

This section applies to the collection, use, and processing of personal information subject to the Personal Information Protection and Electronic Documents Act (PIPEDA).


Service Provider Role

Where Instant processes personal information of individuals located in Canada, we do so solely on behalf of and under the direction of our Merchant customers, who determine the purposes for which that personal information is collected and used. Instant does not use such personal information for its own purposes.


Cross-Border Transfers

Personal information may be transferred outside of Canada (including to Australia and the United States), where it is subject to the laws of those jurisdictions. Instant implements safeguards to protect such personal information in accordance with PIPEDA.


Your Rights Under PIPEDA

Individuals in Canada may have the right to request access to, or correction of, their personal information. These requests should be directed to the Merchant who collected your information. Instant supports its Merchant customers in fulfilling these requests where applicable.


Contacting Us

For any questions about our privacy practices under PIPEDA, you may contact us at: help@instant.one.

Mexico Privacy Disclosures Addendum

This section applies to the processing of personal information subject to the Ley Federal de Protección de Datos Personales en Posesión de los Particulares (Mexican Data Protection Law or LFPDPPP).


Identity and Address of the Data Processor
Instant Checkout Pty Ltd (Instant), located at 23 Foster Street, Surry Hills NSW 2010, Australia, acts as a service provider that processes personal information on behalf of its clients (Merchants). Instant processes personal information only under the instructions of the relevant Merchant, who is responsible for determining the purposes and means of processing personal information.


Processing on Behalf of Merchants
Instant provides services to Merchants and processes personal information solely for the purposes specified by the Merchant and in accordance with applicable agreements. Instant does not independently determine the purposes or means of processing.


Rights of Individuals (ARCO Rights)
Under the Mexican Data Protection Law, individuals may have rights to access, rectify, cancel, or oppose (ARCO Rights) the processing of their personal information. Because Instant acts only as a service provider, requests to exercise ARCO Rights should be directed to the relevant Merchant (the data controller). Upon request by a Merchant, Instant will assist in facilitating the response to any such rights in accordance with our contractual obligations.


Transfers of Personal Information
Instant may engage trusted subprocessors to support the delivery of our services. Any transfer of personal information to subprocessors is conducted in compliance with applicable legal requirements, and subprocessors are required to provide equivalent protections to those described in this Privacy Policy.


Security of Personal Information
Instant implements appropriate administrative, technical, and physical safeguards designed to protect the personal information we process against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

For questions about our data handling practices in Mexico, you may contact us at help@instant.one.

Japan Privacy Disclosures Addendum

This section applies to the collection, use, and processing of personal information subject to Japan’s Act on the Protection of Personal Information (APPI).


Entrusted Data Processing
Where Instant processes personal information on behalf of a Merchant acting as a business operator (controller), Instant does so as an "entrusted party" under APPI. Instant processes such personal information solely in accordance with the Merchant’s instructions and the relevant service agreement.


Purposes of Use
We process personal information for the purposes described in the section titled "How We Use Personal Information." We do not use personal information for any purpose other than those notified or reasonably related purposes as permitted under APPI.


Cross-Border Transfers
Your personal information may be transferred to and stored in countries outside of Japan, including but not limited to the United States and Australia. These countries may not have personal data protection laws equivalent to those in Japan. In such cases, we take appropriate measures to ensure that your personal information is handled securely and in accordance with this Privacy Policy.


Your Rights under APPI
If you are located in Japan, you may have the right to request access to your personal information, request corrections, or request suspension of use or deletion where appropriate. These rights may be exercised by contacting us using the details below.


Contacting Us
If you have any questions about how your personal information is handled under Japanese law, or if you wish to exercise any of your rights, please contact us at: help@instant.one.

Brazil Privacy Disclosures Addendum

This section applies to the processing of personal information subject to Brazil’s General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, or LGPD).


Service Provider Role
Where Instant processes personal information of individuals located in Brazil, we do so solely on behalf of and under the instructions of our Merchant customers, who act as the “controller” (controlador) under LGPD. Instant does not use such personal information for its own purposes.


Purposes and Legal Basis
The legal basis for processing personal information is determined by the Merchant as the controller. Instant processes data for the limited purposes of providing its services to the Merchant and in accordance with the contract between Instant and the Merchant.


International Transfers
Personal information may be transferred to countries outside of Brazil, including Australia and the United States. These transfers are made under contractual safeguards to ensure the protection of personal information consistent with LGPD requirements.


Data Subject Rights
If you are a resident of Brazil, you may have the right to access, correct, delete, or object to the processing of your personal information. These rights should be exercised through the Merchant who collected your information. Instant supports its Merchant customers in fulfilling these rights upon request.


Contacting Us
If you have questions about our processing of personal information under LGPD, you may contact us at: help@instant.one.

Singapore Privacy Disclosures (PDPA)

This section applies to the processing of personal data subject to Singapore’s Personal Data Protection Act 2012 (PDPA).

Data Intermediary Role
Where Instant processes personal data of individuals in Singapore, we do so solely on behalf of and under the instructions of Merchants, who act as the “organisation” under the PDPA. Instant is a “data intermediary” under the PDPA and does not collect, use, or disclose such personal data for its own purposes.

Consent and Responsibilities
Merchants are responsible for obtaining any required consent from individuals and for providing access to rights under the PDPA. Instant supports Merchants in fulfilling these obligations where applicable and permitted.

International Transfers
Personal data may be transferred outside of Singapore, including to Australia and the United States, where it may be subject to the laws of those jurisdictions. Instant applies reasonable administrative, technical, and contractual safeguards to ensure that personal data remains protected in accordance with Singapore law.

Contacting Us
If you have questions about how we support our Merchant customers under the PDPA, please contact us at help@instant.one