1. Purpose of this Policy
Subject to exceptions, the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs) govern the handling of personal information in Australia. If you are located in, or are a citizen of the European Union, you may have additional rights under the European Union General Data Protection Regulation (GDPR). If you are located in another jurisdiction, additional local requirements will comply. In addition to the above, we also comply with the Australian Spam Act 2003 (Cth) (Spam Act), which deals with restrictions on sending unsolicited emails.
We are committed to complying with our obligations detailed above. This Policy sets out:
(a) how and why we collect and use your personal information when you use our website; and
(b) what controls you have over your personal information in our possession.
2. Information we collect
When you purchase something from our store, we collect personal information in order to provide you the best possible service. In particular, we may collect:
(a) identity data including your name, company name and username or similar identifier;
(b) contact data including your contact details such as your billing and delivery address, email address and telephone number;
(c) transaction data including details about payments to and from you and other details of products and services you have purchased from us;
(d) technical data including your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website;
(e) profile data including your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
(f) usage data including information about how you use our website, products and services; and
(g) marketing and communications data including your preferences in receiving marketing from us and our third parties and your communication preferences.
3. How we collect personal information
We may collect personal information from you when you:
(a) register on our website;
(b) communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites; or
(c) otherwise interact with our website, services, content and advertising.
4. Why we collect, hold, use and store your personal information
We will generally collect, use and hold your personal information if it is reasonably necessary for or directly related to the performance of our services, and for the purposes of:
(a) enabling you to access and use our website;
(b) communicating with you;
(c) responding to your enquiries and information requests;
(d) providing you with promotional material and information about other services that we, our related entities and other organisations that we have affiliations with, offer that may be of interest to you;
(e) facilitating our internal business operations, including the fulfilment of any legal requirements;
(f) analysing our services and customer needs with a view to developing new or improved services; and
(g) payment and billing purposes.
Unless you inform us that you opt out, we may use your personal information for the purposes of sending you emails to keep you updated with regards to our new products and specials. However, we will not disclose your personal information for the purposes of third-party direct marketing.
5. Using our website and cookies
While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
We may also use google analytics and 'cookies' in order to enhance the website experience for our customers. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.
We hold all personal information in electronic form through Shopify, a third party data storage facility. We retain all rights to the personal information and all personal information stored electronically is only accessible by us through our secure network.
We take all reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. However, we cannot guarantee the security of information transmitted via the internet. As such, transmission of personal information via the internet is at your own risk.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Links to third-party websites may appear on our website. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and we make no representations or warranties regarding third parties’ privacy practices.
7. Overseas Disclosure
We may disclose your personal information to third parties overseas for the purposes for which we collect and use that information. This will generally be limited to third party providers of services such as payment processing, website hosting, data storage, electronic communications and data analysis. Any such disclosure will be done in accordance with the Privacy Act.
We will attempt to ensure that persons to whom the disclosed personal information relates have comparable rights in relation to that information once disclosed overseas.
8. GDPR Compliance
If your personal information is governed by the GDPR, you may have additional rights as set out below:
(a) Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
(b) Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
(c) Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios:
(i) If you want us to establish the information’s accuracy.
(ii) Where our use of the information is unlawful but you do not want us to erase it.
(iii) Where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims.
(iv) You have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
(d) Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
(e) Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
9. Accessing, correcting and updating your information
You have the right to access the information that you provide to us.
If you wish to access, correct, amend or delete any personal information we have about you,, please contact us at email@example.com.
If you think we have breached the Privacy Act, the European Union General Data Protection Regulation or other related legislation or you wish to make a complaint about the way we have handled your personal information, you can contact us at firstname.lastname@example.org.
Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
11. Contact us