FUNLAB PRIVACY POLICY

Welcome and thank you for visiting us.

We, Funlab Holdings Pty Limited (ACN 606 795 733) and our related entities, Holey Moley Australia Pty Ltd (ACN 613 584 571), Strike Australia Pty Ltd (ACN 606 795 788), Skyzone Australia Pty Ltd (ACN 606 795 939), Lucky & Sons Australia Pty Ltd (ACN 100 610 222), Archie Bros Australia Pty Ltd (ACN 621 886 922) and each of our other related entities that are incorporated from time to time (collectively, "Related Entities") shall be collectively referred to as "Funlab", “we”, “us”, or “our”.

Funlab Holdings Pty Limited and each Related Entity respectively are independent data controllers of the personal information collected and used pursuant to the Privacy Policy.

The website located at https://www.fun-lab.com/ and other related platforms (https://www.holeymoley.com.au/; https://www.strikebowling.com.au/; https://www.skyzone.com.au/; https://www.archiebrothers.com.au/; https://www.luckyandsons.com.au/ and https://www.funlabvirtual.com/), and digital properties made available on the website (collectively, "Sites") are owned and operated by us. You can find this Privacy Policy on these Sites.

Through these Sites, Funlab from time to time gathers information from its customers (“Customers”) and other parties with whom we deal for a variety of reasons including, in particular, to enable us to improve the nature of the services we provide.

We understand individuals' concerns regarding confidentiality and take seriously our obligations in respect of all information we gather. To safeguard that information, Funlab is committed to protecting your privacy through compliance with the Privacy Act 1988 (Cth) (“Privacy Act”), the Australian Privacy Principles (“APP”) and any related privacy codes including the General Data Protection Regulation (“GDPR”) (collectively, “Privacy Laws”). Please read this Privacy Policy carefully as it outlines how we collect, use, disclose and store your personal information.

By using our Sites or participating in our virtual experiences or competitions and prize draws, you acknowledge our collection, use, disclosure and storage of your personal information as outlined in this Privacy Policy.

This Privacy Policy, together with, without limitation, our Funlab Virtual - Terms and Conditions, Holey Moley Australia Pty Ltd – Terms & Conditions, apply to your use of the Sites and your participation in any of our services accessible to you, unless you are accessing our services via a third-party platform owned or operated by a third-party site, in which case a separate privacy policy or terms of use may also apply when using that site.

1. TYPES OF INFORMATION WE COLLECT

1.1 Type and Nature of Information

The information we collect in most cases relates to Customers but can relate to other users of our Sites; and natural person representatives of our suppliers, our subcontractors and other parties we deal with. Information is gathered for a range of primary purposes, including the provision of our Sites and services; ongoing Customer support and the compiling of Customer databases to enable us to more accurately market our goods and services.

Privacy Laws require us to manage Customers’ data in an open and transparent manner. We may collect the following personal information from Customers, Site visitors and users of our services. The types of personal information we collect include but are not limited to:

PERSONAL INFORMATION

“Personal Information” when used in this Privacy Policy has the meaning given to it in the GDPR, but it generally means any information that can be used to personally identify you. The type of Personal Information we collect includes things such as name, address, contact details (including email addresses and phone numbers), registration information, buying habits, opinions, product preferences, transactional/payment details including your credit card or direct debit account information (please note however that we do not store this information), and information voluntarily provided as part of virtual experiences such as a profile picture or user name.

PUBLIC DATA

On the Sites and during the use of our services, you may have the ability to share information with other users and comment or participate on blogs, discussion forums or other parts of the Site that allow you to post your comments (“Public Forums”). We may collect data from your use of Public Forums on our platform when you choose to comment or participate (“Public Data”). This Public Data includes information such as your comments, your time zone, and any information you input. Use of the Public Forums is entirely voluntary. You should be aware that any information you provide in this manner may be made broadly available for others including other users.

We do not systematically monitor the content of information that is published in the Public Forums. Any information published in Public Forums becomes available to the public. After publishing, we have no control over how such information is used or its further dissemination. We urge you to think carefully about what, if any, Personal Information you include in your posts on our Public Forums.

LOG DATA

We may receive information when you view content on or otherwise interact with our services (“Log Data”). We may receive this Log Data automatically.

This Log Data includes information such as Personal Information from your interaction with us and its content, our services and our advertising, including without limitation device identifiers, device type, geo-location information, connection information, statistics on page views, traffic to and from the Site, mobile network information, time, date, referring URL, the type of operating system and browser, ad data, IP address, server address, date and time of your visit to our Site, information of documents you download, pages visited, search terms, cookie information, and standard web log data.

The Log Data may be processed on the basis of our legitimate interests for the purposes of operating our Site, providing our services, ensuring the security of our Site and services, maintaining back-ups of our databases and communicating with you.

1.2 Legal Basis for Collection of Personal Information

As a provider of a wide range of services, Funlab frequently finds that it is necessary to collect Personal Information during the course of transactions. In accordance with the Privacy Laws, the legal basis for this collection is on the basis that the Personal Information that you provide to us is required in order for us to enter into or perform a contract with you. Accordingly, we may process the following Personal Information for this purpose:

  • activity booking and competition entry forms;

  • registration for and, attendance of, a virtual experience;

  • application forms (including online applications to access Wi-Fi internet at some of Funlab’s Related Entities’ entertainment precincts);

  • Personal Information from Funlab’s contractors, in relation to services operated by Funlab in conjunction with such contractors;

  • email;

  • websites (including, but not limited to, our Sites as well as social media sites such as LinkedIn, Facebook, and in some instances cookies);

  • online transactions;

  • networking functions (e.g.: business cards);

  • Personal Data provided over the phone;

  • credit card details via credit card purchases on our payment platforms and gateways; and

  • information collected from third parties.

1.3 “Sensitive Information”

We may be required from time to time to collect sensitive information from you, also known as “Special Categories of Personal Data” under the GDPR. We will not do so without an appropriate legal basis under the Privacy Laws. This type of information generally includes information or an opinion about an individual’s racial, religious or ethnic origin, physical and mental health information or political/philosophical affiliations or beliefs and sexual orientation/sex life. In some jurisdictions, information about criminal convictions/criminal history is treated akin to Special Categories of Personal Data.

1.4 Cookies and Other Similar Technologies

Subject to our obligations under the Privacy Laws, we may use cookies and similar technologies like pixels, web beacons and local storage to collect and store personal and non-personal information about how you use our Sites and our offerings.

Cookies are files that store information on the device on which you are using or accessing our Sites. Cookies also retain your details and preferences, so you can easily continue your browsing session upon return to our Sites. If you do not want to activate cookies, you can opt-out of receiving them by amending the settings of your Internet browser, although you may find that some parts of our Sites will consequently have limited functionality and personalisation if you do so.

We generally use this information to report statistics, analyse trends, administer our services, diagnose problems and target and improve the quality of our products and services. To the extent, this information consists of Personal Information, the collection of such information, whether by us or by data aggregators, is subject to the terms of this Privacy Policy.

ADVERTISING INFORMATION

Although we do not use cookies to create a profile of your browsing behaviour on third-party sites, we do use aggregate data from third parties to show you relevant, interest-based advertising. We may track your response to our advertisements, e-mails and content, determine your ability to receive HTML-based e-mail messages, learn how many users open an e-mail and allow our service providers to compile aggregated statistics about an e-mail campaign that we are running. This information may be shared, only when anonymised, with third parties to assist them in understanding the performance of advertising in our services.

1.5 Third-Party Analytics Tools

We may use third-party analytics tools to:

  • analyse usage trends on our Sites, including the tracking and reporting of Site traffic, ad conversion tracking, traffic analysis and marketing optimisation; and

  • collect this data in aggregate form so that it cannot identify any individual.

Third-party analytics tools collect information such as the web pages you visit, add-ons, and other analytics data that assists us in improving our products and services.

These tools might include, but are not limited to, Google Analytics, Google AdWords conversion tracking, Google Tag Manager or Facebook Ads conversion tracking. Third-party cookies may be placed on your device by a service provider to us, for example, to help us understand how our products or services are being used. Third-party cookies may also be placed on your device by our business partners to advertise the service to you elsewhere on the Internet.

We reserve our rights to modify, add or remove any third-party analytics tools. 1.6 What happens if Personal Information is not provided?

You can choose not to provide us with your Personal Information. However, this may mean that:

  • we will not be able to provide you with our services, or be limited in how we can do so;

  • we may be unable to process and open an account for you; and/or

  • we will not be able to properly investigate or resolve any complaint you submit.

2. WHY WE COLLECT, STORE AND USE YOUR PERSONAL INFORMATION

We collect, store and use your Personal Information through lawful and fair means, so we can perform our business activities and functions.

2.1 We also hold Personal Information which we use and/or disclose for purposes other than our primary purposes in point 1.2 (“secondary purposes”). These secondary purposes and associated lawful basis include the following:

  • for internal operations such as record keeping, database management, data analytics or training. We do this on the basis of our legitimate interests (to manage our business);

  • for registration and administration of virtual experiences. Unless we have a contract with you (please see point 1.1. above), we do this on the basis of our legitimate interests (to manage and/or provide our services);

  • to obtain assistance from a third party for the purpose of jointly running a virtual experience. We do this on the basis of our legitimate interests (to provide our services);

  • to send you marketing and promotional messages and other information that may be of interest to you by post, email, SMS, social media, phone and fax, including information sent by, or on behalf of, our business partners that we think you may find interesting. Where required by the Privacy Laws, we will ask for your consent at the time we collect your data to conduct these types of marketing. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt-out by contacting us using the contact details at point 12 below. Unless we can rely on legitimate interests (to keep you updated with news in relation to our products/services), we do this on the basis of your consent;

  • to manage, research and develop our products and services. We do this on the basis of our legitimate interests (to improve our business);

  • to maintain and develop our business systems and infrastructure, including testing and upgrading of these systems. We do this on the basis of our legitimate interests (to improve our business);

  • in relation to fraud prevention, we and other organisations may also access and use certain information to investigate and prevent fraud as may be required by applicable law, regulation and best practice at any given time. If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or by them. We do this on the basis of our legal obligations and legitimate interests (to allow us to ensure the legality of our services). Where this includes Special Categories of Personal Data, we rely on substantial public interest (prevention or detection of crime), legal claims, or very rarely where necessary, explicit consent;

  • to administer competitions, rewards, surveys, or other promotional activities or events sponsored or managed by us or our business partners. Unless we can rely on legitimate interests (to promote our business), we do this on the basis of your consent;

  • in the event that we: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a re-organisation, we may need to transfer some or all of your personal data to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or re-organisation. We may also need to transfer your personal data to that re-organised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this Privacy Policy. We do this on the basis of our legitimate interests (in order to allow us to change our business);

  • to communicate with you, including by email. We do this on the basis of our legitimate interests (to manage our business); and/or

  • to verify your identity, investigate any complaints about or submitted by you, or if we have reason to suspect that you are in breach of any of our Terms and Conditions, which can be found at the below links:

We do this on the basis of our legitimate interests (to manage our business) and legal obligations. Where this includes Special Categories of Personal Data we rely on substantial public interest (prevention or detection of crime), legal claims, or very rarely where necessary, explicit consent.

2.2 We may also use Personal Information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate:

  • under applicable law, which may include laws outside your country of residence;

  • to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; and

  • to protect our rights, privacy, safety, property, or those of other persons.

We do this on the basis of our legal obligations and legitimate interests (to cooperate with law enforcement and regulatory authorities). Where this includes Special Categories of Personal Data, we rely on substantial public interest (prevention or detection of crime), legal claims, or very rarely where necessary, explicit consent.

2.3 We may send you service-related emails (e.g. updates of Terms and Conditions, news, technical and security notices, and changes and/or updates to features of our offerings and this Privacy Policy). We do this on the basis of our legitimate interests (to manage our business).

3. HOW WE COLLECT, USE AND DISCLOSE YOUR PERSONAL INFORMATION

3.1 Funlab generally collects Personal Information from you in accordance with point 1 and 2 above.

3.2 We may also collect your Personal Information from third parties including:

  • service providers;

  • credit reporting bodies;

  • marketing companies;

  • referrals who may have referred you to us; and

  • organisations with whom we have an agreement to share information for marketing purposes.

3.3 We may allow you to deal with us anonymously where it is lawful or practical to do so, such as when you make a general enquiry about our services. We will allow our Customers to transact with us anonymously or by using a pseudonym wherever that is reasonable and practicable.

3.4 Funlab may use and disclose the Personal Information it collects for the primary and secondary purposes set out in points 1 and 2 of this Privacy Policy. We may disclose Personal Information for these purposes to the following parties on the lawful basis described above:

  • our employees, Related Entities and employees of those entities;

  • our business partners;

  • third parties and contractors who provide services to us, including Customer enquiries and support services, manufacturing services, shipping and freight services, debt-recovery functions, information technology service providers, marketing and advertising services;

  • payment systems operators;

  • our sponsors or promoters of any competition which we conduct;

  • any third parties authorised by you to receive information held by us; and

  • government, court, regulatory and law enforcement agencies as required, authorised or permitted by law.

3.5 Our retention periods for personal data are based on business needs and legal requirements. We retain Personal Information for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. We destroy or permanently de-identify Personal Information which is no longer needed for the purpose for which it was collected or any associated compatible purpose(s), unless we are otherwise required or authorised by law to retain the information for a period of time.

4. DATA QUALITY, SECURITY AND THIRD-PARTY INFORMATION

4.1 Data quality

Funlab takes reasonable precautions to ensure that the Personal Information it collects, uses, stores and discloses is accurate, complete, relevant and up-to-date. However, the accuracy of that information depends to a large extent on the information Customers provide. That is why we recommend that Customers:

  • let us know if there are any errors in their Personal Information; and

  • keep us up-to-date with changes to their Personal Information such as their name or address. Customers may change their personal details by using the relevant facility on our Sites or by contacting us via the contact details provided in point 12.

4.2 Data Security

We hold your Personal Information in electronic form in secure databases owned and operated by our third-party service providers. We manage the security of your Personal Information by using SSL encryption.

While we take reasonable steps to ensure your Personal Information is protected from loss, misuse, unauthorised access, modification or disclosure by using measures such as firewalls, data encryption, virus detection methods, and password restricted access, security measures over the Internet can never be guaranteed. In some circumstances, Funlab will attempt to match de-identified or anonymous data collected through surveys or such online devices as cookies with information identifying an individual in order to be informative, personal, and as user friendly as possible, and this processing helps us to achieve that goal.

Funlab requires its employees and contractors to perform their duties in a manner that is consistent with Funlab’s legal responsibilities in relation to privacy, including those in this Privacy Policy. We note that we take reasonable steps to ensure that Personal Information is only accessible by people who have a genuine "need to know" as well as "right to know."

4.3 Third-party information

This Privacy Policy applies only to the Sites and provision of Funlab services. Our Sites may contain links to other websites, apps and social media platforms operated, controlled or produced by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless stated otherwise, we are not responsible for the privacy practices of, or any content, on those linked websites, and have no control over or rights in them. The privacy policies that apply to third-party websites may differ substantially from this Privacy Policy, so we encourage you to read those privacy policies before using those websites.

5. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION

You may contact us to correct, delete or update your Personal Information. You also have the right to be provided with a copy of your Personal Information, to require us to transmit Personal Information we hold to a third party electronically, and to restrict how Personal Information is being used whilst a complaint is being investigated.

These rights may vary depending on where you are located, and the exercise of such rights may be subject to certain exemptions. We may need to obtain proof of your identity before implementing your request.

If the Customer believes that the Personal Information we hold about the Customer is incorrect, incomplete or inaccurate, then the Customer may request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment, then we will add a note to the Personal Information stating that the Customer disagrees with it.

If the Customer:

  • wishes to exercise a right associated with their Personal Information; or

  • is not satisfied with a response received in respect of their request,

the Customer may do so by contacting our Privacy Officer as per the details in point 12 below.

We will not normally charge a fee for processing an access request unless the request is complex or is resource intensive. We do, however, reserve the right to charge a fee as permitted under Privacy Laws.

Where we offer online account management facilities, Customers can use this capability to control aspects of their account, including amending or updating certain Personal Information.

Please see point 9 for further information about your rights in respect of direct marketing.

6. MINORS

Please note that a Customer must be eighteen (18) years of age or over to register for the services.

This section of the Privacy Policy explains our information collection, disclosure, parental consent practices and parental choice procedures with respect to information relating to children under the age of thirteen (13) (“Child” or “Children”). Please note that Funlab does not actively collect or process information relating to Children. Such information may be processed

The purposes of processing of any Children’s Personal Information and the associated lawful bases are set out at point 2 above. If Funlab needed the consent of a Child, Funlab would obtain consent from a parent or legal guardian.

7. COMPETITIONS

Personal Information gathered during competitions or any other means where your Personal Information is provided to us via one of the Sites run by Funlab will be governed by the principles set out in this Privacy Policy unless an express statement is made in relation to privacy in the conditions of entry for the competition or on the relevant Sites.

8. TRANSFERRING INFORMATION OVERSEAS

If you are visiting the Sites from outside Australia, please be aware that you are sending information (including Personal Information) to Australia where our servers are located. Such information may then be transferred within Australia or back out of Australia to other countries outside of your country of residence, depending on the type of information and how it is stored by us.

These countries (including Australia) may not necessarily have data protection laws as comprehensive or protective as those in your country of residence; however, our collection, storage and use of your Personal Information will at all times continue to be governed by this Privacy Policy.

If we send Personal Information overseas, we will take steps which are both reasonable and practicable to ensure that the overseas recipient handles such information in accordance with the Privacy Laws, such as by implementing European Commission-approved model contractual clauses.

We may disclose your Personal Information to entities located outside of Australia, including the following:

  • our data hosting and cloud-based IT service providers;

  • our offices (including their employees, staff, officers and agents) located in New Zealand and Singapore; and/or

  • other third parties operating in other jurisdictions, including New Zealand and Singapore.

We will only transfer Personal Information about an individual to someone who is in a foreign country if:

  • that country has been deemed by the European Commission and/or Information Commissioner’s Office to provide adequate protections to Personal Information;

  • we have taken such steps as are required by the Privacy Laws, such as implementing European Commission-approved model contractual clauses to ensure that the information which it has transferred will not be held, used or disclosed by the recipient of the information inconsistently with the principles of the GDPR; or

  • the individual has been expressly informed that they consent to the transfer.

9. DIRECT MARKETING

As mentioned at point 2 above, we may send you direct marketing communications and information about products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, fax, over the phone, via SMS, email or social media, in accordance with applicable marketing laws. Where required by the Privacy Laws, we will ask for your consent at the time we collect your data to conduct these types of marketing.

In addition, at any time, you may opt-out of receiving marketing communications from us by contacting us or by using the opt-out facilities provided (e.g. an unsubscribe link), or by updating your personal details on our website using the link provided on this page (if available). We will then ensure that your name is removed from our mailing list.

If you receive communications from us that you believe has been sent to you other than in accordance with this Privacy Policy, or in breach of any law, please contact us by using the details provided in point 12 below.

10. AUTOMATED INDIVIDUAL DECISION-MAKING (INCLUDING PROFILING)

If you reside in the European Union, the UK or EFTA States, you shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you; as long as the decision is not necessary for entering into, or the performance of, a contract between us, or is not authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is not based on your explicit consent. If you wish to exercise your rights please contact us.

11. CHANGES TO THE PRIVACY POLICY

We may update this Privacy Policy at any time and from time to time. Any changes will be effective when posted on these Sites. Your continued use of the Sites and receipt of the services will indicate your acceptance of any changes to the Privacy Policy. All Personal Information, collected both before and after any changes take effect, will be subject to the terms of the revised Privacy Policy (for which you will be taken to have provided consent) unless you indicate otherwise by contacting the office Funlab’s Privacy Officer as per the details in point 12. We urge you to refer back to this page regularly and especially prior to providing us with any Personal Information.

12. CONTACT US AND OPT-OUT

If you have any feedback or questions about this Privacy Policy, any privacy related dealings with us or a possible breach of your privacy, or would like further information about our information management practices, you can contact Funlab’s Privacy Officer via the following details:

Privacy Officer

Funlab Holdings Pty Limited

90-94 Nicholson Street

Abbotsford, VIC, 3067

Email: privacy@fun-lab.com

[If you are located in the UK, you can also contact our UK Representative as follows: privacy@fun-lab.com

You may notify us at any time that you do not wish to receive marketing or promotional material by contacting us directly or through the “Unsubscribe” mechanism in our marketing or promotional emails. Our contact details can be found above.

If you are located in the EEA, you may also contact your local data protection regulator if you are not satisfied with Funlab’s processing of your Personal Information or response to the exercise of your rights. A list of the EEA data protection regulators can be found at: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

If you are located in the UK, you may contact the Information Commissioner Officer on +44 (0)303 123 1113 or Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. For more information, please see https://ico.org.uk/global/contact-us/postal-addresses/.

© 2020 FUNLAB. ALL RIGHTS RESERVED.

This Privacy Policy was last updated on 25 March 2021.