1. Your privacy is important
‘Personal data’ means any information capable of identifying an individual. It does not include anonymised or de-identified data.
2. Kinds of personal data we collect and the purposes for which we process it
We collect, hold and process personal data about our customers and potential customers, contractors and other people who come into contact with us (you or your).
The following table sets out the kinds of personal data about you that we may collect, hold and process, along with our legal basis for doing so.
Communication Data includes data derived from any communication that you may send to us, whether through our website, through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. Our lawful basis for processing Communication Data is our legitimate interests, which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.
Customer Data includes data relating to any purchases of goods and/or services and may include data such as your name, title, billing address, delivery address, email address, phone number, contact details, purchase details and your credit card details. We process this data to supply our goods and/or services to you and to keep records of such transactions. Our lawful basis for processing Customer Data is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.
User Data includes data about how you use our website and any services we provide together with any data that you post for publication on our website or through our services. We process this data to operate our website and our online services, to ensure relevant content is provided to you, to ensure the security of our website, to maintain back-ups of our website and/or databases, and to enable publication and administration of our website, our business and any other online services that we may provide. Our lawful basis for processing User Data is our legitimate interests which in this case are to enable us to properly administer our website, our online services and our business.
Technical Data includes data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. We may source this data from our analytics tracking system. We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our online services and advertising. Our lawful basis for processing Technical Data is our legitimate interests, which in this case are to enable us to properly administer our website, our online services and our business, and to grow our business and to decide our marketing strategy.
Marketing Data includes data about your preferences in receiving marketing from us and our third parties and your communication preferences. We may process this data to enable you to partake in any of our promotions, to deliver relevant website content and advertisements to you, and to measure or understand the effectiveness of this advertising. Our lawful basis for processing Marketing Data is our legitimate interests, which in this case are to study how customers use our products/services, to develop them, to grow our business and to decide our marketing strategy.
We may also use any of the above data categories to deliver relevant content and advertisements to you (which may include Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you. Our lawful basis for this processing is legitimate interests which is to grow our business. We may also use such data to send other marketing communications to you. Our lawful basis for this processing is either consent or legitimate interests (namely to grow our business). Please see section 9 below for more information on marketing communications.
We will only use and process your personal data for the purpose for which it was collected (including as set out above), for a reasonably compatible purpose if necessary, or as otherwise required or permitted by law. For more information on how we process personal data, please contact us using the contact details set out below.
We do not knowingly collect any sensitive data about you, or any information about criminal convictions and offences.
‘Sensitive data’ refers to data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
3. How we collect personal data
We collect information you provide directly to us. We will generally collect personal data about you directly by way of forms and other documents or information you submit to us (whether in paper or electronic form), correspondence you provide to us, or between you and us, and telephone calls with you. We may also automatically collect certain data from you as you use our website or our services by using cookies and similar technologies.
If we are unable to collect personal data relating to you, we may be unable to provide you with certain of our goods or services or continue our relationship with you.
4. How we disclose personal data
Before we disclose your personal data to any third party, we require each third party to respect the security of your personal data and to comply with all applicable laws in handling your personal data.
We may disclose personal data about you to:
- other companies in our group who provide services to us;
- professional advisers, such as lawyers, bankers, auditors and insurers;
- service providers and partners, who assist us in operating our business;
- third parties to whom we sell, transfer, or merge parts of our business or our assets;
- any industry body, tribunal and/or court in connection with any complaint made by you about us;
- government bodies that require us to report processing activities;
- any other organisation or person with your consent or as required or permitted by law.
5. International transfers
For transfers of personal data outside of Australia
We may disclose your personal data to recipients located outside Australia (for example, where our data hosting provider’s servers are located outside Australia). Where we disclose personal data to a third party located outside Australia, we will ensure certain safeguards are in place to ensure your personal data remains protected.
For transfers of personal data outside the European Economic Area (EEA)
For individuals in the European Economic Area (EEA), we may transfer your personal data to recipients located outside of the EEA. Where your personal data is transferred to a third party outside of the EEA, we put certain safeguards in place to ensure your data is subject to a similar degree of security to the provisions of the EU General Data Protection Regulations. As such:
- we may transfer such of your personal data to countries that have been approved as providing an adequate level of protection for such data by the European Commission; or
- if we use US-based providers that are part of EU-US Privacy Shield, we may transfer such of your personal data to them, as they have equivalent safeguards in place; or
- where we use certain service providers who are established outside of the EEA, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give your personal data the same protection it has under the General Data Protection Regulations.
We may request your prior express consent to a specific transfer of your personal data outside of the EEA where none of the above safeguards are available. You may withdraw this consent at any time.
6. How we hold personal data and data security
We are committed to protecting your personal data. We implement appropriate technical and organisational measures to help protect the security of your personal data; however, please note that no system is ever completely secure. We have implemented various policies to guard against unauthorised access and unnecessary retention of personal data in our systems.
We may hold personal data in different ways, including in paper form, electronic form and/or in other mediums. While we have taken steps that are reasonable in the circumstances to protect the personal data we hold from misuse, interference and loss and from unauthorised access, modification or disclosure, we cannot guarantee that such misuse, interference, loss, or unauthorised access, modification or disclosure will not occur.
We may also allow our employees and partners to access your personal data where they have a business need to know such data. We require such employees and partners to only process such data on our instructions and to keep it confidential.
We retain personal data only as long as necessary to fulfil the purpose it was collected for, to provide you with our services, for our legitimate and essential business purposes (such as maintaining the performance of our services), for complying with our legal obligations, and for resolving disputes. Following this period, we will destroy or de-identify the relevant personal data.
8. De-identified information
We may de-identify your personal data or aggregate it in such a way that it cannot be used to identify you. We may disclose de-identified information for any purpose we see fit, including to advertisers and other third-parties for their commercial, marketing, research and promotional purposes.
Our de-identification procedure involves:
- removing personal identifiers;
- removing or altering other information that may allow you to be identified; and
- continuously assessing and managing the risk of re-identification.
9. Direct marketing communications
From time to time we may process your personal data to provide you with marketing materials in relation to offers, specials, products and services that we consider may be of interest to you via email, SMS and social channels. Our lawful basis of processing your personal data for this purpose is either your consent or our legitimate interests (namely to grow our business).
We will not disclose your personal data to a third party for their own marketing purposes unless we have your prior express consent.
If you do not want to receive direct marketing materials from us you may notify us by following the ‘opt out’ or ‘unsubscribe’ links on any marketing messages we send to you or by emailing us using the contact details set out below.
10. Third party links
12. Your rights
Under data protection laws, you have certain rights in relation to your personal data, which may include rights to access, correct or delete your personal data, have it sent to another organisation, restrict or object to its processing or complain to a regulator about how it is handled. To exercise these rights (as available), please contact us using the contact details set out below.
13. How to obtain access to your personal data
You may request access to personal data which we hold about you by contacting us using the contact details set out below. When you request copies of your personal data held by us we will endeavour to provide you with such copies as soon as reasonably practicable.
We may require you to verify your identity and specify what personal data you require. There may be occasions when access to personal data we hold about you is denied. Such occasions would include (without limitation) where release of the information would have an unreasonable impact on the privacy of others.
14. Accuracy and completeness of personal data
We assume that any personal data provided by you is accurate and complete. If you believe the personal data we hold about you is inaccurate, incomplete or out of date, please notify us immediately. You may request that we update or vary personal data that we hold about you by contacting us using the contact details set out below.
15. Providing your personal data to us is voluntary
Providing your information to us is voluntary. If your personal data is collected based on your consent, you may also withdraw that consent. If you choose not to provide your personal data, or if you withdraw consent, we may not be able to provide you with some or all of our services. To understand the consequences of deciding not to provide your personal data, contact us using the contact details set out below.
16. How to make a complaint about a breach of your privacy rights by us
If you are of the view we have breached the Privacy Act 1988 (Cth), the Australian Privacy Principles or any related privacy code (to the extent that they are applicable to us) in dealing with your personal data, you may make a complaint by writing to us using the contact details set out below and we will take reasonable steps to investigate the complaint and respond to you within a reasonable time frame.
You can also make a complaint to your local data protection authority (they will be able to advise you on how to submit such a complaint). Before you do so, we ask that you contact us first so that we can try to resolve the issue for you.
17. Anonymity and pseudonyms
You have the option of not identifying yourself or using a pseudonym when dealing with us in relation to privacy matters unless we are required by law or a court/tribunal to deal with individuals who have identified themselves or it is impractical for us to deal with you if you have not identified yourself in the circumstances.
18. Contact us
19. Changes to this policy
LAST UPDATED: April 2023