Commission Factory Pty Ltd (ACN 149 765 631) ("Commission Factory", "Us", "We", "Our", "Company") is a provider of performance marketing software that gives online retailers, agencies and affiliates real-time visibility of an affiliate marketing campaign performance.
We want to get you to the information that is relevant to you as easily as possible. For this purpose, please scroll to the relevant table below or click the relevant category here:
Questions?
If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us using the details set out below:
Privacy Officer
by e-mail at info@commissionfactory.com, or
by phone on +61 2 9229 7000
Providing our services
We provide our Affiliates and Advertisers with an account in our network interface to access our services. You will need to register there in order to obtain access to our technologies. We will collect all data which has been provided by you (both via the interface or otherwise), this will likely include your name, (company) address, telephone number or email address.
We may collect information on the device you are using to enter our interface pages such as your IP address, operating system and browser of your device.
We will use such information for providing and/or making our services available under the terms of use of our services or in the pursuit of our legitimate interest of the proper administration of our business.
Marketing to you or your company
We use various forms of marketing to provide you with promotional materials about our services or those of advertisers and affiliates operating on the network. We may process contact information that you provide to us (either via our website, through business cards, or through use of our services) for the purposes of marketing in accordance with our legitimate interests to promote our business. You can always request to be removed from the mailing lists by unsubscribing at the bottom of any marketing email or by contacting us.
Improving and optimising usability for you and others
Our network interface uses cookies and other mechanisms, to collect analytical information to help analyse how the interface is used. We process this information to improve our understanding and to compile statistical reports regarding that activity. This information is not used by us to develop a personal profile of you.
How do we use data to administer our business?
We process personal information for the legitimate interests of ensuring that use of our services is lawful and non-fraudulent, does not disrupt the operation of our services, does not harass our staff or other individuals, and to enforce our legal rights and comply with our legal obligations.
Where we reasonably believe that you are or may be in breach of any of the applicable laws, we may use your personal information to inform relevant third parties such as your email/internet provider or law enforcement agencies about the content.
With whom do we share your information?
Group members, personnel, service providers: We keep your information confidential, but disclose it to our group members, our personnel, suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this Privacy Policy. However, this is on the basis that they do not make independent use of the information and have agreed to safeguard it. Activities that are carried out by third party service providers include: website hosting, website analytics, customer relationship management, email marketing, and IT support.
Third parties: We may disclose your personal information to third parties and service providers located overseas in connection with any purpose, including to overseas cloud computing hosts. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information. We are not responsible for the privacy or security practices of any third party, including third parties that we are permitted to disclose an individual's personal information to in accordance with this Privacy Policy or any applicable laws. The collection and use of an individual's information by such third parties may be subject to separate privacy and security policies. Such third parties include YouTube API Services (for further information on this tool we direct you to their Terms of Service and Privacy Policy; you can visit the Google security settings page to revoke the access to your data).
Merger or acquisition: If we are involved in a merger, acquisition or sale of all or a portion of our assets.
Required by law: In addition, we disclose your information to the extent that we are required to do so by law (e.g. to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).
Enforcement: We disclose your personal information to third parties in order to enforce or apply the terms of agreements, to investigate potential breaches or to protect the rights, property or safety of Commission Factory, our customers or others.
How do we keep your data safe?
We will take all reasonable technical and organisational precautions to prevent the loss misuse or alteration of your personal information.
Please be aware that, although we endeavour to provide security for information we process and maintain, no security system can prevent all potential security breaches.
For how long do we keep your data?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
What rights do you have in respect of your data?
We will honour your rights under applicable data protection laws. These rights are not absolute, and they do not always apply in all cases. You may:
Please send your requests to info@commissionfactory.com.
If you are unhappy with the way we are processing your personal data, please let us know by contacting us. If you do not agree with the way we have processed your data or responded to your concerns, you can submit a complaint to a Data Protection Supervisory Authority.
How do we apply external laws?
If you are:
then in addition to our obligations under the privacy laws, we are required to comply with the General Data Protection Regulation (EU) 2016.679 ("GDPR") with respect to your Personal Information.
If you are a resident of California USA, the California Consumer Privacy Act provides California consumers with the right to obtain information about the personal information that we collect, use, and disclose. You can exercise your by contacting us. If you choose to exercise your privacy rights, you have the right to not to receive discriminatory treatment or a lesser degree of service.
We take the security and privacy of your personal information seriously and have prepared this Privacy Policy and taken measures to collect, process and hold all personal information in compliance with United States privacy laws and GDPR regardless of the user. Therefore, no additional terms for GDPR users are required.
What happens when we make changes to this Privacy Policy?
This Privacy Policy may be updated from time to time. We will notify you of any changes by posting the new policy here and, where feasible, by letting you know by email.
To address your enquiries
If you contact us about our services, the forms you complete or the emails you send may include information about you, such as your name, your email address and your enquiry.
In line with the legitimate interest we have in promoting and operating our business, we will process your enquiries to reply and provide you with information about the services we offer.
To send you news and updates
If you ask to be added to our mailing list, we will keep you updated with information on news by email unless you would like to be removed from that list (in which case please let us know by clicking unsubscribe at the bottom of any marketing email that you receive or by contacting us).
Social plugins
Commission Factory participates in and markets via social networks and has implemented certain social plugins on our websites. All social media plugins are used in the pursuit of our legitimate interest of marketing our business and communicating with our business partners and the public.
When you enter a page on our website that contains a social network plugin, your browser or app will establish a direct connection to the social network's servers. The information that your browser has visited the Commission Factory page will be transmitted to the social network, even if you do not have an account with that social network or are not logged into your account. If you are logged in to your account at the same time, a page impression may be assigned to your profile there.
How do we use data to administer our business?
We process personal information for the legitimate interests of ensuring that use of our services is lawful and non-fraudulent, does not disrupt the operation of our services, does not harass our staff or other individuals, and to enforce our legal rights and comply with our legal obligations.
Where we reasonably believe that you are or may be in breach of any of the applicable laws, we may use your personal information to inform relevant third parties such as your email/internet provider or law enforcement agencies about the content.
With whom do we share your information?
Group members, personnel, service providers: We keep your information confidential, but disclose it to our group members, our personnel, suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this Privacy Policy. However, this is on the basis that they do not make independent use of the information and have agreed to safeguard it. Activities that are carried out by third party service providers include: website hosting, website analytics, customer relationship management, email marketing, and IT support.
Third parties: We may disclose your personal information to third parties and service providers located overseas in connection with any purpose, including to overseas cloud computing hosts. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information. We are not responsible for the privacy or security practices of any third party, including third parties that we are permitted to disclose an individual's personal information to in accordance with this Privacy Policy or any applicable laws. The collection and use of an individual's information by such third parties may be subject to separate privacy and security policies. Such third parties include YouTube API Services (for further information on this tool we direct you to their Terms of Service and Privacy Policy; you can visit the Google security settings page to revoke the access to your data).
Merger or acquisition: If we are involved in a merger, acquisition or sale of all or a portion of our assets.
Required by law: In addition, we disclose your information to the extent that we are required to do so by law (e.g. to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).
Enforcement: We disclose your personal information to third parties in order to enforce or apply the terms of agreements, to investigate potential breaches or to protect the rights, property or safety of Commission Factory, our customers or others.
How do we keep your data safe?
We will take all reasonable technical and organisational precautions to prevent the loss misuse or alteration of your personal information.
Please be aware that, although we endeavour to provide security for information we process and maintain, no security system can prevent all potential security breaches.
For how long do we keep your data?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
What rights do you have in respect of your data?
We will honour your rights under applicable data protection laws. These rights are not absolute, and they do not always apply in all cases. You may:
Please send your requests to info@commissionfactory.com.
If you are unhappy with the way we are processing your personal data, please let us know by contacting us.
If we have a dispute regarding an individual's personal information, we both must first attempt to resolve the issue directly between us. If we become aware of any unauthorised access to an individual's personal information, we will inform them and any supervisory authority as required, at the earliest practical opportunity once we have established what was accessed and how it was accessed.
How do we apply external laws?
If you are:
then in addition to our obligations under the privacy laws, we are required to comply with the General Data Protection Regulation (EU) 2016.679 ("GDPR") with respect to your Personal Information.
If you are a resident of California USA, the California Consumer Privacy Act provides California consumers with the right to obtain information about the personal information that we collect, use, and disclose. You can exercise your by contacting us. If you choose to exercise your privacy rights, you have the right to not to receive discriminatory treatment or a lesser degree of service.
We take the security and privacy of your personal information seriously and have prepared this Privacy Policy and taken measures to collect, process and hold all personal information in compliance with United States privacy laws and GDPR regardless of the user. Therefore, no additional terms for GDPR users are required.
What happens when we make changes to this Privacy Policy?
This Privacy Policy may be updated from time to time. We will notify you of any changes by posting the new policy here.
As part of any recruitment process, we collect and process personal data relating to job applicants. Such information includes:
We may collect this information in a variety of ways. For example, it might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment, including online tests.
We need to process this information to take steps at your request prior to entering into an employment contract with you. We also have a legitimate interest in processing personal information during the recruitment process and for keeping records of the process.
Processing data from job applicants allows us to manage the recruitment process, assess and confirm an applicant's suitability for employment and decide to whom to offer a job.
How do we use data to administer our business?
We process personal information for the legitimate interests of ensuring that use of our services is lawful and non-fraudulent, does not disrupt the operation of our services, does not harass our staff or other individuals, and to enforce our legal rights and comply with our legal obligations.
Where we reasonably believe that you are or may be in breach of any of the applicable laws, we may use your personal information to inform relevant third parties such as your email/internet provider or law enforcement agencies about the content.
With whom do we share your data?
Group members, personnel, service providers: We keep your information confidential, but disclose it to our group members, our personnel, suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this Privacy Policy. However, this is on the basis that they do not make independent use of the information and have agreed to safeguard it. Activities that are carried out by third party service providers include: website hosting, website analytics, customer relationship management, email marketing, and IT support.
Third parties: We may disclose your personal information to third parties and service providers located overseas in connection with any purpose, including to overseas cloud computing hosts. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information. We are not responsible for the privacy or security practices of any third party, including third parties that we are permitted to disclose an individual's personal information to in accordance with this Privacy Policy or any applicable laws. The collection and use of an individual's information by such third parties may be subject to separate privacy and security policies.
Merger or acquisition: If we are involved in a merger, acquisition or sale of all or a portion of our assets.
Required by law: In addition, we disclose your information to the extent that we are required to do so by law (e.g. to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).
Enforcement: We disclose your personal information to third parties in order to enforce or apply the terms of agreements, to investigate potential breaches or to protect the rights, property or safety of Commission Factory, our customers or others.
How do we keep your data safe?
We will take all reasonable technical and organisational precautions to prevent the loss misuse or alteration of your personal information.
Please be aware that, although we endeavour to provide security for information we process and maintain, no security system can prevent all potential security breaches.
For how long do we keep your data?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
As a general rule, your personal information collected as part of your recruitment process will be retained for [6 months] following the notification on an unsuccessful application. In case of a successful application, your personal information will be retained as part of your personnel records and subsequent employee data retention periods will apply.
What rights do you have in respect of your data?
We will honour your rights under applicable data protection laws. These rights are not absolute, and they do not always apply in all cases. You may:
Please send your requests to info@commissionfactory.com.
If you are unhappy with the way we are processing your personal data, please let us know by contacting us. If we have a dispute regarding an individual's personal information, we both must first attempt to resolve the issue directly between us. If we become aware of any unauthorised access to an individual's personal information, we will inform them and any supervisory authority as required, at the earliest practical opportunity once we have established what was accessed and how it was accessed.
How do we apply external laws?
If you are:
then in addition to our obligations under the privacy laws, we are required to comply with the General Data Protection Regulation (EU) 2016.679 ("GDPR") with respect to your Personal Information.
If you are a resident of California USA, the California Consumer Privacy Act provides California consumers with the right to obtain information about the personal information that we collect, use, and disclose. You can exercise your by contacting us. If you choose to exercise your privacy rights, you have the right to not to receive discriminatory treatment or a lesser degree of service.
We take the security and privacy of your personal information seriously and have prepared this Privacy Policy and taken measures to collect, process and hold all personal information in compliance with United States privacy laws and GDPR regardless of the user. Therefore, no additional terms for GDPR users are required.
What happens when we make changes to this Privacy Policy?
This Privacy Policy may be updated from time to time. We will notify you of any changes by posting the new policy here and, where feasible, by letting you know by email.
Commission Factory primarily uses end user data for the purpose of tracking an end user from an Affiliate to an Advertiser. Tracking enables us to see that an end user has visited an Affiliate's service, found a product, and clicked the link to be taken to the Advertiser's service to review or purchase the product.
The purpose of tracking is to attribute sales and marketing effort by an Affiliate to a particular transaction, to enable Advertisers to reward Affiliates on a per transaction basis. Tracking also allows Commission Factory to provide Affiliates and Advertisers with related reports. The majority of these reports contain only aggregated statistical data.
Commission Factory doesn't know who the end user is, simply that the same end user started their journey with the Affiliate and completed it with the Advertiser and that the affiliate marketing campaign was therefore successful in respect of that end user.
By maintaining a limited user profile which does not reveal an end user's name or identity, Commission Factory can also understand an end user journey when it starts on one device and ends on a different device. Through this functionality, Commission Factory can understand whether a referral is commenced on one device and completed on another device. The profile is only used to attribute sales and marketing effort to an Affiliate, even if the end user has changed devices before completing a transaction.
Commission Factory permits Affiliates to enquire as to whether an action by a user ought to have generated a commission for that Affiliate. This necessitates the sharing of information, between Affiliates and Advertisers. Advertisers use the information provided by Affiliates to verify against their own records. Commission Factory enables this data sharing and the payment of any commission due to the Affiliate as a result.
How do we collect data from end users?
The main technologies used for Commission Factory's tracking are Tracking Domain Cookies, Journey Tags and Device Fingerprinting.
Commission Factory Tracking Domain Cookies: These are cookies served by Commission Factory's own domain when an end user clicks on an advertisement displayed by an Affiliate. We use this information to understand which end users are referred by which Affiliates to which Advertiser. Please find some general information on cookies here.
Advertiser Journey Tag: This is JavaScript code integrated into the Advertiser's service to enable Commission Factory to receive transactional information from Advertisers. Commission Factory uses this information to record, validate and report the completion of transactions, for the purposes of apportioning commissions to Affiliates.
Fingerprinting: This is a method by which Commission Factory can uniquely identify a device by considering certain attributes of the browser or the device (incl. screen size/resolution and user configurations).
What data do we collect from end users?
We take care not to collect data that we don't need. The majority of the data Commission Factory uses is machine generated. It lets us single out a person, but it does not reveal who that person is. We do not use this data to make predictions or evaluations of users' interest or personalities.
Commission Factory is one part of the affiliate marketing ecosystem (see our Agreement with Advertisers and Affiliates below) and does not always have absolute control over the personal data that it receives from users, Affiliates or Advertisers.
Commission Factory stores an individual sequence of figures in respect of a transaction that does not reveal the name of a particular end user and contains information on the Advertiser's campaign, the Affiliate, the end user action (i.e. a click or a view and in which country it occurred), and the device that is used.
Commission Factory also receives limited transactional information via the Journey Tag, to confirm that a transaction has occurred and carry out accurate commission allocating, billing and reporting. Such information includes the order value, whether a voucher has been used, product type, and sales channel.
Commission Factory's data processing activities relating to end user data, do not require the direct identification of an individual and therefore Commission Factory mostly holds what is known as "pseudonymous" data in this respect. Pseudonymisation is privacy-enhancing. It is the separation of data from direct identifiers so that data can no longer be attributed to a specific individual without the use of additional information.
Pseudonymisation, therefore, reduces the risks associated with data processing, while also maintaining the data's utility.
Does Commission Factory have legitimate interest in using data?
We have carried out a balancing exercise and have identified legitimate interests as a basis for processing user data for the purposes set out in this section of the Privacy Policy.
When assessing Commission Factory's legitimate interest, the interests of the full affiliate ecosystem were considered. A balancing test was carried out and it was confirmed that tracking carries no risk or a very low risk of undue negative impact on the end user's interests or fundamental rights and freedoms. Legitimate interests are not limited to the interests of Commission Factory but can be legitimate interests of a third party or to society as a whole. In the context of our service, we consider that:
What is our arrangement with Affiliates and Advertisers on our network?
Commission Factory's affiliate marketing network connects Advertisers and Affiliates, so that they can work together to run affiliate marketing campaigns.
In running the campaign each party plays their part in pursuing the common purposes and each party can make certain decisions about the way data is used.
Commission Factory contractually requires that its whole network is compliant with data protection law and that they each fulfil their obligations to respond to requests to exercise data subject rights. You can approach each party, if you intend to exercise your rights in respect of the data which that party controls.
Commission Factory works with these Advertisers. For guidance on how to make a request to an Affiliate or an Advertiser, please check their respective privacy notices. For more information of how to make a request to Commission Factory, "What rights do you have in respect of user data" below.
For how long do we keep end user data?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
As a general rule, Commission Factory retains tracking data for 5 years after collection.
What rights do you have in respect of user data?
We will honour your rights under applicable data protection laws. These rights are not absolute, and they do not always apply in all cases. If you wish to make a request in respect of your user data, as described in this section of the Privacy Policy, please contact info@commissionfactory.com You may:
Please note that, as described under "What data do we collect from users?", Commission Factory mostly holds what is known as "pseudonymous" data in respect of users. Pseudonymisation means that we may not be in a position to identify the individual behind the data we hold and that we therefore cannot provide them with access, rectification, erasure or data portability without the provision of additional information (for example your IP address, or Device ID).
How do we use data to administer our business?
We process personal information for the legitimate interests of ensuring that use of our services is lawful and non-fraudulent, does not disrupt the operation of our services, does not harass our staff or other individuals, and to enforce our legal rights and comply with our legal obligations.
Where we reasonably believe that you are or may be in breach of any of the applicable laws, we may use your personal information to inform relevant third parties such as your email/internet provider or law enforcement agencies about the content.
With whom do we share your information?
Group members, personnel, service providers: We keep your information confidential, but disclose it to our group members, our personnel, suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this Privacy Policy. However, this is on the basis that they do not make independent use of the information and have agreed to safeguard it. Activities that are carried out by third party service providers include: website hosting, website analytics, customer relationship management, email marketing, and IT support.
Third parties: We may disclose your personal information to third parties and service providers located overseas in connection with any purpose, including to overseas cloud computing hosts. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information. We are not responsible for the privacy or security practices of any third party, including third parties that we are permitted to disclose an individual's personal information to in accordance with this Privacy Policy or any applicable laws. The collection and use of an individual's information by such third parties may be subject to separate privacy and security policies.
Merger or acquisition: If we are involved in a merger, acquisition or sale of all or a portion of our assets.
Required by law: In addition, we disclose your information to the extent that we are required to do so by law (e.g. to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).
Enforcement: We disclose your personal information to third parties in order to enforce or apply the terms of agreements, to investigate potential breaches or to protect the rights, property or safety of Commission Factory, our customers or others.
How do we keep your data safe?
We will take all reasonable technical and organisational precautions to prevent the loss misuse or alteration of your personal information.
Please be aware that, although we endeavour to provide security for information we process and maintain, no security system can prevent all potential security breaches.
How do we apply external laws?
If you are:
then in addition to our obligations under the privacy laws, we are required to comply with the General Data Protection Regulation (EU) 2016.679 ("GDPR") with respect to your Personal Information.
If you are a resident of California USA, the California Consumer Privacy Act provides California consumers with the right to obtain information about the personal information that we collect, use, and disclose. You can exercise your by contacting us. If you choose to exercise your privacy rights, you have the right to not to receive discriminatory treatment or a lesser degree of service.
We take the security and privacy of your personal information seriously and have prepared this Privacy Policy and taken measures to collect, process and hold all personal information in compliance with United States privacy laws and GDPR regardless of the user. Therefore, no additional terms for GDPR users are required.
What happens when we make changes to this Privacy Policy?
This Privacy Policy may be updated from time to time. We will notify you of any changes by posting the new policy here.