PRIVACY COLLECTION STATEMENT
PRIVACY COLLECTION STATEMENT
PRIVACY COLLECTION STATEMENT
Introduction
Introduction
Introduction
In this Privacy Collection Statement, references to ‘GLX’, 'we', 'us' and 'our' are references to GLX Digital Limited (a company registered in Australia) and GLX Pte Ltd (a company registered in Singapore).
In this Privacy Collection Statement, references to ‘GLX’, 'we', 'us' and 'our' are references to GLX Digital Limited (a company registered in Australia) and GLX Pte Ltd (a company registered in Singapore).
The information GLX collects, and all other information provided by you at the request of GLX (which includes your name, email address and information about your position and your organisation) will be used by GLX and its staff to provide you with our services, information about our services and answer any enquiries that you may have.
The information GLX collects, and all other information provided by you at the request of GLX (which includes your name, email address and information about your position and your organisation) will be used by GLX and its staff to provide you with our services, information about our services and answer any enquiries that you may have.
Purpose
Purpose
Purpose
The primary purpose for which we collect personal information from you is to provide you with the licensed services and for the purposes of system notifications, authentication and support. We may also use or disclose the personal information to provide you with updates on our products and services and to invite you to events that may interest you. You may choose not to receive such communications at any time.
The primary purpose for which we collect personal information from you is to provide you with the licensed services and for the purposes of system notifications, authentication and support. We may also use or disclose the personal information to provide you with updates on our products and services and to invite you to events that may interest you. You may choose not to receive such communications at any time.
How will GLX use my personal data?
How will GLX use my personal data?
How will GLX use my personal data?
Our usual process for collecting information varies however generally we will deal with your personal information in the following ways:
Our usual process for collecting information varies however generally we will deal with your personal information in the following ways:
Your name and your email address will be recorded against your organisation profile to enable us to:
(a) correspond with you and provide information and resources to you in relation to the licensed services;
(b) engage in direct marketing activities via email (if you have registered your email address with us and have not "opted-out").
All personal information such as names, email and optionally mobile (for notifications) recorded in the Licensed Services are stored in an encrypted database and only used for the purposes of system notifications and authentication (e.g. password resets).
We will also keep records in your account history about communications we have had with you.
We will not make any attempt to identify you or your browsing activities from the collection of this information.
We may disclose your personal information:
(a) to our service providers (such as our IT service providers) solely for the purpose of providing and/or maintaining the Licensed Services;
(b) if you have expressly consented to the disclosure; or
(c) if required or authorised by or under an Australian law or a court/tribunal order.
We may disclose personal information to overseas recipients where necessary to provide the Licensed Services, including to our third party service providers who support our infrastructure, hosting, authentication, communications and related functions. Where we transfer personal information outside your jurisdiction, we implement appropriate safeguards (such as Standard Contractual Clauses, adequacy decisions or equivalent protections) to ensure your information remains protected.
Our third-party service providers (data-processors) may store personal information overseas when providing services,
Our usual process for collecting information varies however generally we will deal with your personal information in the following ways:
Our usual process for collecting information varies however generally we will deal with your personal information in the following ways:
Why do we need your personal data, what is our legal basis for processing it?
Why do we need your personal data, what is our legal basis for processing it?
Why do we need your personal data, what is our legal basis for processing it?
The personal data processed by us, or processed on our behalf, is needed for the purpose of providing the GLX Products and Services and to communicate with you in relation to your enquiries and employment related matters (as applicable). If you choose not to provide your personal data, it may not be possible for GLX to engage with you and otherwise provide you with access to Products and Services you are requesting.
The personal data processed by us, or processed on our behalf, is needed for the purpose of providing the GLX Products and Services and to communicate with you in relation to your enquiries and employment related matters (as applicable). If you choose not to provide your personal data, it may not be possible for GLX to engage with you and otherwise provide you with access to Products and Services you are requesting.
We consider that the lawful basis for the processing of your personal data is necessary to provide you with the Products/Services you are requesting. In some cases, we may also rely on our legitimate interests (such as improving our services, maintaining platform security, and sending permitted direct marketing communications) or your consent where required by law.
We consider that the lawful basis for the processing of your personal data is necessary to provide you with the Products/Services you are requesting. In some cases, we may also rely on our legitimate interests (such as improving our services, maintaining platform security, and sending permitted direct marketing communications) or your consent where required by law.
We will obtain your consent for specific use of your personal data not covered by this Collection Statement, which we will collect from you at the appropriate time. You can withdraw your consent to our specific use of such data at any time.
We will obtain your consent for specific use of your personal data not covered by this Collection Statement, which we will collect from you at the appropriate time. You can withdraw your consent to our specific use of such data at any time.
If GLX does not collect this personal information for such purposes, then GLX will be unable to process your enquiry or supply you with information in relation to your enquiry, and be unable to send you direct marketing communications (unless you have otherwise consented to receive those communications). You may unsubscribe from receiving these communications at any time by emailing us at privacy@glxdigital.com or by using the unsubscribe mechanism included in our communications.
If GLX does not collect this personal information for such purposes, then GLX will be unable to process your enquiry or supply you with information in relation to your enquiry, and be unable to send you direct marketing communications (unless you have otherwise consented to receive those communications). You may unsubscribe from receiving these communications at any time by emailing us at privacy@glxdigital.com or by using the unsubscribe mechanism included in our communications.
In some instances we may collect personal information from you which is unsolicited. To the extent reasonable, we will delete or de-identify any unsolicited personal information.
In some instances we may collect personal information from you which is unsolicited. To the extent reasonable, we will delete or de-identify any unsolicited personal information.
We retain personal information for as long as necessary to provide the Licensed Services, comply with our legal obligations, resolve disputes and enforce our agreements. We may retain limited account information for a reasonable period after account closure for audit, security and compliance purposes.
We retain personal information for as long as necessary to provide the Licensed Services, comply with our legal obligations, resolve disputes and enforce our agreements. We may retain limited account information for a reasonable period after account closure for audit, security and compliance purposes.
Who will GLX share my personal data with?
Who will GLX share my personal data with?
Who will GLX share my personal data with?
GLX may share your information with its Related Bodies Corporate (as defined in the Corporations Act 2001 (Cth)) and GLX’s third party service providers inside and outside of Australia who act as data processors to assist GLX in providing its products and services to you (such as software service providers); and any other organisation covered in GLX’s Privacy Policy.
GLX may share your information with its Related Bodies Corporate (as defined in the Corporations Act 2001 (Cth)) and GLX’s third party service providers inside and outside of Australia who act as data processors to assist GLX in providing its products and services to you (such as software service providers); and any other organisation covered in GLX’s Privacy Policy.
We take reasonable steps to ensure that those parties will handle the personal information in accordance with the Australian Privacy Principles.
We take reasonable steps to ensure that those parties will handle the personal information in accordance with the Australian Privacy Principles.
Where required, we will ensure that overseas recipients provide a level of protection for personal information that is substantially similar to the requirements of applicable privacy laws (including the APPs, GDPR/UK GDPR, nFADP and PDPA). Where this is not possible, we will obtain your consent or implement appropriate safeguards before transferring your personal information.
Where required, we will ensure that overseas recipients provide a level of protection for personal information that is substantially similar to the requirements of applicable privacy laws (including the APPs, GDPR/UK GDPR, nFADP and PDPA). Where this is not possible, we will obtain your consent or implement appropriate safeguards before transferring your personal information.
We also implement technical and organisational measures to protect personal information, including access controls, audit logging and secure hosting within AWS environments.
We also implement technical and organisational measures to protect personal information, including access controls, audit logging and secure hosting within AWS environments.
Our Privacy Policy sets out how you can access and correct any of your personal information and how you may make a complaint if you consider that we have not complied with the Privacy Act when handling your personal information.
Our Privacy Policy sets out how you can access and correct any of your personal information and how you may make a complaint if you consider that we have not complied with the Privacy Act when handling your personal information.
Our Privacy Policy
Our Privacy Policy
Our Privacy Policy
We will otherwise collect, hold, use and disclose your personal information in accordance with our Privacy Policy, which sets out how you may access and correct the personal information that we hold about you and how to complain about a suspected breach of your privacy or about how we have handled your personal information.
We will otherwise collect, hold, use and disclose your personal information in accordance with our Privacy Policy, which sets out how you may access and correct the personal information that we hold about you and how to complain about a suspected breach of your privacy or about how we have handled your personal information.
What are my individual rights?
What are my individual rights?
What are my individual rights?
In addition to your rights to access and correct your personal data and lodge a complaint relating to how we handle your personal data as set out in this policy, if the GDPR or other jurisdiction’s data and privacy law applies, you may, under certain conditions, have the following rights available:
In addition to your rights to access and correct your personal data and lodge a complaint relating to how we handle your personal data as set out in this policy, if the GDPR or other jurisdiction’s data and privacy law applies, you may, under certain conditions, have the following rights available:
to object to any processing of your personal data that we process on the lawful basis of legitimate interests, unless our reasons for the underlying processing outweighs your interests, rights and freedoms;
to withdraw your consent where we have processed any of your personal data based on consent;
to object to direct marketing (including any profiling) at any time;
to ask us to delete personal data that we no longer have lawful grounds to process; and
to object to the use of automated decision making.
You may also have the right to:
You may also have the right to:
request the restriction of processing of your personal data;
request the transfer of your personal data to you or another organisation (data portability)
lodge a complaint with your local data protection authority; and
receive information about how long we retain your personal data or the criteria used to determine retention periods.
Who can I contact if I have any questions about how my personal data is being used or how I can exercise my rights?
Who can I contact if I have any questions about how my personal data is being used or how I can exercise my rights?
Who can I contact if I have any questions about how my personal data is being used or how I can exercise my rights?
Email: privacy@glxdigital.com
Post: Attention
The Privacy Officer
GLX Digital Ltd
PO Box 131
Subiaco WA 6904
Email: privacy@glxdigital.com
Post: Attention
The Privacy Officer
GLX Digital Ltd
PO Box 131
Subiaco WA 6904
This Privacy Collection Statement was last updated in February 2026 and may change from time to time. Any updated versions will be posted on this website and will be effective from the date of posting.
This Privacy Collection Statement was last updated in February 2026 and may change from time to time. Any updated versions will be posted on this website and will be effective from the date of posting.
Incident Reporting Guidelines
Incident Reporting Guidelines
Incident Reporting Guidelines
If GLX becomes aware of any unauthorized or unlawful breach of security or unauthorized disclosure of or access to Customer Data, on systems managed or otherwise controlled by GLX (Security Incident) GLX shall notify the affected Customer/s without undue delay, and in any case, where feasible, notify the Customer within seventy-two (72) hours after becoming aware of the relevant Security Incident.
If GLX becomes aware of any unauthorized or unlawful breach of security or unauthorized disclosure of or access to Customer Data, on systems managed or otherwise controlled by GLX (Security Incident) GLX shall notify the affected Customer/s without undue delay, and in any case, where feasible, notify the Customer within seventy-two (72) hours after becoming aware of the relevant Security Incident.
Notification to Data Subjects in the EU and UK
Notification to Data Subjects in the EU and UK
Notification to Data Subjects in the EU and UK
In the event that a Security Incident that impacts personal data and is likely to result in a high risk to the rights and freedoms of natural persons, GLX as Data Controller, shall communicate the breach to the data subject without undue delay.
In the event that a Security Incident that impacts personal data and is likely to result in a high risk to the rights and freedoms of natural persons, GLX as Data Controller, shall communicate the breach to the data subject without undue delay.
The communication to the data subject shall describe in clear and plain language the nature of the personal data breach and contain at least the following information:
The communication to the data subject shall describe in clear and plain language the nature of the personal data breach and contain at least the following information:
(a) communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
(a) communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
(b) describe the likely consequences of the personal data breach;
(b) describe the likely consequences of the personal data breach;
(c) describe the measures taken or proposed to be taken by GLX to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
(c) describe the measures taken or proposed to be taken by GLX to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
Notification to Supervisory Authorities in the EU and UK
Notification to Supervisory Authorities in the EU and UK
Notification to Supervisory Authorities in the EU and UK
In the case of a Security Incident that impacts personal data, GLX as Data Controller, shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Supervisory Authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
In the case of a Security Incident that impacts personal data, GLX as Data Controller, shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Supervisory Authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
Notification to Data Controllers (i.e.Customers) in the EU and UK
Notification to Data Controllers (i.e.Customers) in the EU and UK
Notification to Data Controllers (i.e.Customers) in the EU and UK
GLX as a Data Processor shall notify the Customer, as Data Controller, without undue delay after becoming aware of a Security Incident which impacts personal data. The notification shall:
GLX as a Data Processor shall notify the Customer, as Data Controller, without undue delay after becoming aware of a Security Incident which impacts personal data. The notification shall:
(a) describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
(a) describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
(b) communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
(b) communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
(c) describe the likely consequences of the personal data breach;
(c) describe the likely consequences of the personal data breach;
(d) describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
(d) describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay.
Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay.
GLX shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken.
GLX shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken.
Unlock your cargo management potential
Experience the future of cargo management today.
By clicking Request Demo you're confirming that you agree with our Terms and Conditions.
Unlock your cargo management potential
Experience the future of cargo management today.
By clicking Request Demo you're confirming that you agree with our Terms and Conditions.
Unlock your cargo management potential
Experience the future of cargo management today.
By clicking Request Demo you're confirming that you agree with our Terms and Conditions.
By subscribing you agree to with our Privacy Policy
Certificates:
ISO 27001
Certified
ITGOV40241
Partnerships:
© GLX DIGITAL 2025. All rights reserved.
Designed and developed by Summit Tech.
By subscribing you agree to with our Privacy Policy
Certificates:
ISO 27001
Certified
ITGOV40241
Partnerships:
© GLX DIGITAL 2025. All rights reserved.
Designed and developed by Summit Tech.
By subscribing you agree to with our Privacy Policy
Certificates:
ISO 27001
Certified
ITGOV40241
Partnerships:
© GLX DIGITAL 2025. All rights reserved.
Designed and developed by Summit Tech.