We deal with your personal information in accordance with the Privacy Act 1988 (Cth) (“the Act”) and the Australian Privacy Principles (APPs) set out in the Act. We also comply with the Spam Act 2003 (Cth) which imposes various restrictions on sending emails. We also comply with the General Data Protection Regulations (“GDPR”) in relation to collection of personal information of EU citizens.
WHAT PERSONAL INFORMATION DO WE COLLECT?
We may collect and hold the following personal information:
- Your name, contact details, address, phone number and email;
- Your personal details such as DOB, place of birth, drivers license no. and gender;
- Your job title, opinion, work, business;
- Your browsing history on our website; and
- Records of your communications with us.
HOW DO WE COLLECT THE PERSONAL INFORMATION?
Generally we collect your personal information directly from you, including when you use our social media sites, or our website, or when you call us or email us. However, in some instances we may collect personal information from third parties, for example when we perform a credit check on you. We also use software like cookies to tell us how you use our website. Cookies are tiny digital identifiers that are automatically stored on your computer and help us to personalise our service to you. You can turn them off or delete these at any time in your website browser settings. We need your personal information to provide you with some or all of our services.
WHY DO WE COLLECT AND HOLD YOUR PERSONAL INFORMATION?
We collect and hold your personal information to:
- Communicate with you regarding your enquiry, or use of our website and services;
- Perform services for you where relevant;
- Comply with our obligations under the law in terms of record keeping;
- Provide information relevant to you;
- Analyse your interaction with our services to produce statistical information that we can use to optimise the information, services and any advertising we provide to you; and
- Provide information to third parties as authorised or required by law.
WHEN DO WE DISCLOSE IT?
We do not sell your personal information, and we do not use your personal information or disclose it to another organisation unless:
- It is reasonably necessary for one or more of the purposes described above;
- Because of the nature of the information or collection, we believe you would expect us to use the information or disclose it;
- It is required or authorised by law, or we suspect something unlawful and it is necessary for us to take action;
- It is necessary to protect the rights, property, health or personal safety of a customer, client, us or the public and it is impracticable to obtain your consent;
- You have provided your consent or it is for a purpose expressly permitted under the Act; and/or
- It is necessary to obtain third party services, such as analytics, data storage or payment service providers.
WHAT IF YOU DON'T WANT IT DISCLOSED?
If you don't want your personal information to be disclosed, please contact us at firstname.lastname@example.org . Provided the disclosure is not required by law we will assist.
STORAGE AND SECURITY AND CREDIT CARD DATA
We will take reasonable precautions to protect your personal information, including against loss, unauthorised access, disclosure, misuse or modification. We will ensure that organisations to whom disclosure is made are compliant with the Act.
We use the Shopify Inc platform to provide you with our products and services. Your data is stored through Shopify’s data storage, databases and the general application, and is stored on a secure server behind a firewall.
If you complete a purchase with us using the direct payment gateway, Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
YOUR RIGHTS TO ACCESS AND DISCLOSURE
There are some other circumstances where we may withhold your personal information including:
- Where the request is frivolous or vexatious;
- Where providing access would have an unreasonable impact on the privacy of another person;
- Where we believe that withholding the personal information is necessary to protect the rights, property, health or personal safety of a customer, client, us or the public; or
- Where the information relates to negotiations or anticipated legal proceedings between you and us.
Except where we are permitted or required by law to withhold your personal information, you have the right to access it. Please email us at email@example.com . to access, correct or delete your personal information.
ADDITIONAL PROVISIONS FOR EUROPEAN CITIZENS
If you are a resident of the European Economic Area (“EEA”) you have certain rights and protections under the GDPR regarding the processing of your personal information. We are a controller under the GDPR as we collect, use and store your personal information to enable us to provide you with our website services and information about them. We rely on the following lawful means of processing your personal information:
- Where you have given us valid express consent to use your personal information we will rely on that consent, and only use the personal or sensitive information for the specific purpose for which you have given consent.
- Where we need comply with the law, or act to in an emergency, we will rely on that lawful means of processing your personal information.
If you are an EEA resident, you have various rights including the right to be informed; right of access; right to rectification; right to object; right to restriction of processing; right to erasure or to be forgotten; right to data portability; and right not to be subject to automated processing.
Access and deletion
If you want to access personal information we hold about you, or ask if that the information be corrected, please contact us at firstname.lastname@example.org . In some circumstances, you also have a right to object to or ask that we restrict certain processing activities or delete your personal information. If you would like to limit or request deletion of your personal information or exercise any other rights you can do so by contacting us.
You can withdraw your consent to our collection or processing of your personal information. You can do so by contacting us at email@example.com or by opting out of email newsletter communications by following the instructions in those emails or by clicking unsubscribe. If you withdraw your consent to the use of your personal information, you may not have access to our services, and we might not be able to provide you with our services. In some circumstances where we have a legal basis to do so we may continue to process your information after you have withdrawn consent, for example if it is necessary to comply with an independent legal obligation or if it is necessary to do so to protect our legitimate interest in keeping our services secure.
All personal information stored on our website platform is treated as confidential. It is stored securely and is accessed by authorized personnel only. Our collection is limited in relation to what is necessary, for the purpose for which the personal information is processed, and kept only for so long as is necessary for the purpose for which the personal information was collected. We implement and maintain appropriate technical, security and organisational measures to protect personal information against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure. We ensure the encryption and pseudonymisation of personal information and we have adequate cyber security measures in place. By providing us with your personal information you consent to us disclosing it to third parties who reside outside the EEA countries. We will ensure that those third parties are GDPR compliant.