1. We respect your privacy
We respect your right to privacy and are committed to safeguarding the privacy of our customers and website visitors. This policy sets out how we collect and treat your personal information.
We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and to the extent applicable, the EU General Data Protection Regulation (‘GDPR’).
‘Personal information’ is information we hold which is identifiable as being about you. This includes information such as your name, email address, identification number, or any other type of information that can reasonably identify an individual, either directly or indirectly.
2. What personal information is collected?
We will, from time to time, receive and store personal information you submit to our website, provided to us directly, or given to us in other forms.
The kinds of information we may collect include the following:
Your date of birth;
Your telephone number(s);
Your email address;
Your username and password;
Details about your earnings (if you are buying products using a finance plan);
Information contained on identification documents (such as driving licences) and, in some specific cases, copies of such identification documents, where we require these to verify your identity;
Information on how you use our products and services;
Your Internet Protocol (‘IP’) address, server address, domain name and information on your browsing activity when visiting one of our websites;
Your username for social networking sites that you use, to refer to, or in conjunction with, our goods and services; and
Personal preferences regarding products and services.
We may collect additional information at other times, including but not limited to, when you provide feedback, when you provide information about your personal or business affairs, change your content or email preference, respond to surveys and/or promotions, provide financial or credit card information, or communicate with our customer support.
Additionally, we may also collect any other information you provide while interacting with us.
3. How we collect your personal information
We collect personal information from you in a variety of ways, including:
When you or your employer provides us the information for delivering this service;
When you order goods or services from us (either online, in-store or over the telephone);
When you collect goods that you have ordered from us;
When you set up an account with us;
When you pay for goods on a trading account by cheque;
When you subscribe to our catalogues or mailing lists;
When you join any of our loyalty or reward programs;
When you enter competitions or promotions that we run;
When you provide us your details for customer care purposes;
When you browse one of our websites;
When you submit an enquiry using one of our websites;
When you complete a survey or provide online feedback or product reviews; and
When you publicly comment about us on social media sites (for example so that we can answer questions about our products).
4. How we use your personal information
We may use personal information collected from you to provide you with information about our products or services. We may also make you aware of new and additional products, services, and opportunities available to you.
We will use personal information only for the purposes that you consent to. This may include to:
provide you with products and services during the usual course of our business activities;
administer our business activities;
manage, research, and develop our products and services;
provide you with information about our products and services;
communicate with you by a variety of measures including, but not limited to, by telephone, email, SMS or mail; and
investigate any complaints.
If you withhold your personal information, it may not be possible for us to provide you with our products and services or for you to fully access our services.
If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases.
5. Disclosure of your personal information
6. General Data Protection Regulation (GDPR) for the European Union (EU)
We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.
We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.
We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
We do not collect or process any personal information from you that is considered ‘Sensitive Personal Information’ under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.
7. Your rights under the GDPR
If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. We will comply with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU.
Except as otherwise provided in the GDPR, you have the following rights:
to be informed how your personal information is being used;
access your personal information (we will provide you with a free copy of it);
to correct your personal information if it is inaccurate or incomplete;
to delete your personal information (also known as “the right to be forgotten”);
to restrict processing of your personal information;
to retain and reuse your personal information for your own purposes;
to object to your personal information being used; and
to object against automated decision making and profiling.
We may ask you to verify your identity before acting on any of your requests.
8. Hosting and International Data Transfers
Information that we collect may from time to time be stored, processed in or transferred between, parties or sites located in countries outside of Australia. These may include but are not limited to United States of America, Canada, India, UK, and Hong Kong.
We and our other group companies have offices and/or facilities in United States of America, Canada, India, UK, Hong Kong and Australia. Transfers to each of these countries will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website; the use of binding corporate rules, a copy of which you can obtain from our Data Protection Officer.
The hosting facilities for our website and supporting databases are situated in United States of America, Canada, India, UK, Hong Kong and Australia. Transfers to each of these countries will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website; the use of binding corporate rules, a copy of which you can obtain from our Data Protection Officer.
Our Suppliers and Contractors are situated in United States of America, Canada, India, UK, Hong Kong and Australia. Transfers to each of these countries will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website; the use of binding corporate rules, a copy of which you can obtain from our Data Protection Officer.
You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
9. Security of your personal information
We are committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification, and disclosure.
Where we employ data processors to process personal information on our behalf, we only do so on the basis that such data processors comply with the requirements under the GDPR and that have adequate technical measures in place to protect personal information against unauthorised use, loss and theft.
10. Access to your personal information
You may request details of personal information that we hold about you in accordance with the provisions of the Privacy Act 1988 (Cth), and to the extent applicable the EU GDPR. If you would like a copy of the information which we hold about you or believe that any information we hold on you is inaccurate, out of date, incomplete, irrelevant, or misleading, please email us at firstname.lastname@example.org.
We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act or any other applicable law.
11. Complaints about privacy
If you have any complaints about our privacy practices, please feel free to send in details of your complaints to email@example.com. We take complaints very seriously and will respond shortly after receiving written notice of your complaint.
When you visit our website, we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.
Our site may, from time to time, have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that we are not responsible for the privacy practices of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.