Privacy Policy This document is the privacy policy for Maker&Son Australia and New Zealand, which, along with the Terms, form the terms and conditions for www.makerandson.com.au through which Maker&Son Australia and New Zealand provides its Services (the Site). This privacy policy, along with the Terms, apply to the use of the Site and the Services. Who are we? We are Maker&Son Australia and New Zealand a trading name of Crafted Furniture Pty Ltd. When you initially engage with us As part of improving user experience Maker&Son Australia and New Zealand collects users and customers unique identifying information, such as name, address, and other information. Examples of collecting your information when you first engage with Maker&Son Australia and New Zealand are: During the sign-up process. On any registration or application form. Where you visit the Site, and we capture your IP address. Where we collect information in person at our show-home or in one of our mobile showrooms. When you engage with us via our adverts or social media channels. We collect your information strictly under the General Data Protection Regulation and the UK Data Protection Act 2018 which applies across the European Union and in the United Kingdom. We are responsible as ‘controller’ of that personal information for those laws. This privacy policy aims to give you information on how Maker&Son Australia and New Zealand collects and processes your data. Maker&Son Australia and New Zealand data collection includes the collection of the personal data you supply when you submit an enquiry or request, order a magazine or samples, or when you purchase a product or service. You must read this privacy policy together with any other privacy policy or fair processing policy. This privacy policy overrides all previous privacy policies, supplements and notices. Information collected by us While providing the Service, we collect the following personal information when you provide it to us: (i) Master ID Data: first name and surname, job title, address, email address. (ii) Usage Data: meta-data, device data, log data, geographic/regional location, tracking and web analytics, IP addresses, job postings, demographics. (iii) Transactional Data: invoices, any transactional records containing unique identifying information. (iv) Profile Data: including your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses. (v) Marketing and Communications Data including your preferences in receiving marketing from our third parties and us and your communication preferences. (vi) Warranty Data: including claims data and supplementary data needed for effective warranty management. (vii) Financial Data: first name and surname, dependents, occupation, employer, income, bank account details, credit cards, debts together your “Personal Data”. (viii) Aggregated Data: means statistical or demographic data for any purpose. Information collected by other sources We also obtain personal information from other sources as follows: We may collect and use information from your social networks including information about social media users’ names, ages, genders, hometown locations, languages, and of your social connections (e.g., friends or followers). We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We may receive information about you from them. We use Microsoft Clarity to better understand how our website is used We capture behavioural metrics, heat maps, and session replays to diagnose technical issues and to better understand how our customers use and interact with our website to create the easiest-to-use and most accessible place to shop, for fraud/security purposes and advertising. We do this by using cookies and other tracking technologies. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement via their website. How we use your personal information We use your data for the purposes listed below. We can do so only under specific strict legal grounds for processing data which are also below. We use your personal information for commercial and non-commercial purposes, as follows: Master ID Data Registration: Upon your completion of the sign-up process to provide you with a username and password to access the Site. Usage and Profile Data We will only use the information internally for web site analysis. Marketing and Communications Data The information helps us optimise our brand communications, to improve customer satisfaction, retain existing customers and win new business, and measure outcomes to determine what is successful. Transactional Data The information enables us to process your transactions via the Site. Warranty Data and Financial Data The information helps you to use our services which include warranties and consumer credit facilities. We may share an anonymised aggregated version of the data with third parties. Aggregated Data Information derived from aggregated data is not personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, when we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, it is subject to this privacy policy. Reasons we can collect and use your personal information Master ID Data; Usage and Profile Data; Marketing and Communications Data We rely on consent and processing for our legitimate business interests as the lawful basis for processing on which we collect and use your Master ID Data; Usage and Profile Data; Marketing and Communications Data. Marketing and Communications Data We strive to provide you with choices regarding specific personal data uses, particularly around marketing and advertising. Please do contact us if you would like to make decisions about your personal data use. We want to show you products, services and offers that are most relevant to your interests at particular times. To help us form a better, overall understanding of you as a customer, we combine your data gathered across our Site and social media channels. We will use this to inform the marketing communications we send you, including what adverts you see across our Site and on social media platforms. For more information on how we collect this data and target our advertising, please see our Cookie Policy. You will receive marketing communications from us if you have requested information from us or purchased goods from us and you have not opted out of receiving that marketing. Marketing communications will include marketing phone calls, emails, and text messages. To opt-out, please email [email protected]. Transactional Data and Warranty and Financial Data We rely on processing that is necessary for the performance of the contract you have entered with us for processing your Transactional Data and Warranty and Financial Data. Master ID Data; Usage Data; Profile Data; Marketing Data; Communications Data; Transactional Data; Warranty Data; Financial Data are together known as Personal Data. With whom do we share your personal information? We require all third parties to respect the security of your personal data and to treat it following the law. We do not allow our third-party service providers to use your personal data for their purposes and only permit them to process your personal data for specified purposes following our instructions. To protect your privacy, we will: Only provide the information necessary to perform their specific services Only use their data for the exact purpose we specify in our contract with them Work closely with them to ensure their privacy is respected and protected at all timesWe share your information with: Our website developers. Operational companies such as delivery couriers and fulfilment companies. Manufacturers and suppliers who create our products. IT companies who support our website and business systems. Administrators of our furniture insurance policy (currently Stainguard). Google, Facebook, Pinterest and AdRoll to show you products that might interest you while you’re browsing the internet. Direct marketing companies who help us manage our electronic communications with you, including Mailchimp. Our Customer Relations Management System, Zendesk or Pipedrive, where our customer’s personal details are stored. Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. To prevent fraud we may share data about individuals with law enforcement bodies. Law enforcement or a Government body may also require that we disclose your data. These requests are assessed on a case-by-case basis and consider the privacy of our customers. We work with HTML Pro, a company which acts as our data processor to maximise website user engagement. We share with HTML Pro, information about you and how you use our website, including any information that you provide to us. This information is then used for the purposes of providing you with marketing which is more relevant to you and your interests. We may also share certain limited information with companies who assist us with other services. Such companies would, for example, analyse our customer data to understand better, profile and monitor customer patterns so we can consistently improve our products and services and understand what may be of interest to you and other customers. They will only be allowed to use your information in the way in which we instruct them and as permitted by the Data Protection Act or the GDPR. To opt-out of having your data used in this way, please email [email protected]. We will also use your data to identify other internet users who share similar interests. We identify other users with similar interests through your acceptance of cookies on our website. For more information about the cookies we use, please see Cookie Policy. We may also share your details, such as your email address with third parties, such as Pinterest, Facebook and Google, for targeted online advertising. To opt-out from this form of email-based advertising, please email [email protected]. International data transfers We share your personal data within the Maker&Son Licences Ltd Group. This will involve transferring your data outside the European Economic Area (EEA). We ensure your personal data is protected by requiring all our group companies to follow the same rules when processing your personal data. These rules are called “binding corporate rules”. We will share personal information with law enforcement or other authorities if required by applicable law. We will not share your personal information with any other third party. How long will Maker&Son Australia and New Zealand keep your personal information? Maker&Son Australia and New Zealand will retain your Personal Data for as long as necessary for the purposes stated in this Policy or as long as required by law or to defend potential legal claims. Notwithstanding we will not keep Data for longer than 6 years after your transaction via the Site. If you wish to obtain additional information concerning the duration of the data retention, please contact us at [email protected]. Your rights Under the General Data Protection Regulation you have several important rights free of charge. In summary, those include rights to: fair processing of information and transparency over how we use your use personal information access to your personal information III. require us to correct any mistakes in your information which we hold require the erasure of incorrect personal data concerning you receive the personal data concerning you which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to a third party in certain situations object at any time to processing of personal information concerning you for direct marketing VII. object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you VIII. object in certain other situations to our continued processing of your personal information otherwise, restrict our processing of your personal information in certain circumstances For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation. If you would like to exercise any of the above rights, write to Maker&Son Australia and New Zealand, or email [email protected]. If you would like to unsubscribe from any email newsletter, you can send us an email to [email protected]. Removing your subscription may take up to 2-3 business days. Keeping your personal information secure We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. How to complain We hope that we can resolve any query or concern you raise about our use of your information. The General Data Protection Regulation also gives you the right to complain to a supervisory authority, in particular in the European Union or European Economic Area where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner’s Office who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113 Changes to this privacy notice This privacy notice was published on 16 March 2023 and last updated on 18 April 2023. We may change this privacy notice from time to time. When we do, we will inform you via email address. How do you contact us? Please contact our Data Protection Officer, if you have any questions about this privacy notice or the information, we hold about you. Or email: [email protected]