About this policy
We recognise the importance of your privacy and respects your right to control how your personal information is collected and used.
In this policy “Personal Information” means any information that may identify you, or by which your identity might be reasonably determined. The information you provide us may include, amongst other things, your name, address, email address, and phone number.
The purpose for which we collect personal information is to provide you with the best service experience possible on the website and for our internal business purposes that form part of normal business practices. Some provision of personal information is optional. However, if you do not provide us with certain types of personal information, you may be unable to enjoy the full functionality of the website.
To provide our services to you, we may collect Personal Information, such as your contact details, including your name, email address and contact phone number, your business or company name; your payment and billing information, which we use to bill you for the Services and to process your payments, including credit card details. We may also collect details of conversations we have had with you or any other information relevant to us.
We automatically collect through our Site and Services, information that is often not personally identifiable, such as the website from which visitors came to our Site, IP address, browser type and other information relating to the device through which they access the Site. We may combine this information with the Personal Information we have collected about you.
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application.
They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here https://www.shopify.com.au/.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Use & Disclosure
Personal information collected by us will generally only be used and disclosed for the purpose it was collected. This includes maintaining your account and contact details, providing you with our products and services and processing payments. We may disclose your personal information to third parties or contractors who are integral to the provision of our services.
We may from time to time use personal information for another purpose where it would be reasonably expected by you or if permitted by the Act, including to effectuate or enforce a transaction, procuring advice from legal and accounting firms, auditors and other consultants. We may also disclose your personal information in circumstances where we are compelled by Australian legislation or a court of law to do so.
We may also (for reward) use and share aggregate or non-personally identifying information about clients for market analysis, research, marketing or other purposes.
We will not disclose, sell, share or trade your Personal Information to any third parties unless we first receive your consent.
In the event that we sell our business, or engage in a transfer, mergers, restructure or change of control or other similar transactions, customer information (containing personal information) is generally one of the business assets that forms part of the transaction. Your personal information may be subject to such a transfer. In the unlikely event of insolvency, personal information may be transferred to a trustee or debtor in possession and then to a subsequent purchaser.
Access & Accuracy
You can access and/or correct information we hold about you at any time by contacting us at firstname.lastname@example.org. We encourage you to contact us to keep your Personal Information up to date.
We will respond to your request for Personal Information within a reasonable time. We reserve the right to charge an administration fee to cover the costs of responding to your request, for example, where Personal Information is held in storage.
If required by law or where the information may relate to existing or anticipated legal proceedings, we may deny your request for access to your information. We will respond to your request, setting out the reasons for our refusal in writing.
Storage & Security
We will take reasonable steps to protect your personal information from misuse, loss, unauthorised access and modification or disclosure. We use commercially reasonable physical, technical and administrative measures to protect Personal Information that we hold, including, where appropriate, password protection, encryption, and SSL to protect our Site.
Despite taking appropriate measure to protect personal information used and collected by us, please be aware that no data security measures can guarantee 100% security all of the time. We cannot guarantee the security of any information transmitted to us via the internet and such transmission is at your risk.
If we no longer require the use of your personal information, we will take reasonable steps to destroy or permanently de-identify it.
Personal information may be stored electronically through third party data centres, which may be located overseas, or in physical storage at our premises or third-party secure storage facilities.
You are solely responsible for the maintaining the secrecy of any passwords and other account information pertaining to our Platform, apps or services.
Data Breach Notification Scheme
If we have reason to suspect a data breach has occurred, we will undertake an assessment in accordance with the Notifiable Data Breach Scheme. If we determine there has been an eligible data breach, we will notify you as soon as reasonably practicable.
Employment applications and resumes collected by us are safely and securely stored and only used for the purposes for which they were collected.
Cookies, web beacons and analytics
Third-party websites and links
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our Site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
We may send you direct marketing emails and information about products and services that we consider may be of interest to you. These communications will only be sent via email and in accordance with applicable marketing laws, such as the Spam Act 2004 (Cth) as you consented to upon registering for our Services. If, at any time, you would like to stop receiving these promotional emails, you may follow the opt-out instructions contained in any such email. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails or promotions from us, we still may send you email about your account, your account or any Services you have requested or received from us, or for other customer service purposes. We do not provide your personal information to other organisations for the purposes of direct marketing.
Consent to international transfer
We may transfer your Personal Information to organisations in other countries. Recipients may include our related entities or employees, external service providers such as administration providers or information technology providers such as cloud storage and data processing. We only transfer information where we reasonably believe that the recipient is legally or contractually bound to principles that are substantially similar to the Australian Privacy Principles.
Changes to this policy
Complaints and Enquiries
If you are not satisfied with our response you are entitled to contact the Office of the Australian Information Commissioner, by phoning 1300 363 992 or writing to the Director of Complaints, Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 1042.