1.1 INTERPRETATION OF THIS DOCUMENT AND GENERAL OVERVIEW
Defining specific terms:
“EU” means the European Union.
“GDPR” means the EU’s General Data Protection Regulation.
“Personal information” has the meaning given to that term in the Privacy Act 1988 (Cth) and includes information that is capable of identifying an individual such as name, address and date of birth and sensitive information (if applicable) and, if the GDPR applies, includes personal data and special categories of personal data (if applicable).
“Sensitive information” has the meaning given to that term in the Privacy Act 1988 (Cth) and includes information relating to health or religion, racial or ethnic origin.
“We”, “us” and “our” refer to Carla Florencia.
“APPs” refer to the Australian Privacy Principles set out in Schedule 1 to the Privacy Act 1988 (Cth).
In respect of the collection, use and disclosure of personal information, Carla Florencia is subject to the Australian Privacy Principles and, if applicable, the GDPR. All personal information received on behalf of Carla Florencia is at all times respected, including the protection and security of all personal records.
1.2 PURPOSE OF THIS POLICY
2. TYPE OF INFORMATION WE COLLECT AND HOLD
Carla Florencia collects a range of personal information, such as your name, address, telephone number, email address, your age, date of birth and purchasing history. We need this information to deliver necessary and effective services to all our clients and to understand and forecast our business.
We may also collect information about you from your access to our website for statistical purposes. This information is usually anonymous, and we do not use it to identify individuals. However, due to the nature of internet protocols, such information might contain details that may identify you, such as your IP address, internet service provider, the web page directing you and your activity on our website.
3. HOW WE COLLECT YOUR INFORMATION
We may collect your personal information from a variety of sources, including:
an online order you complete and submit to us or an order you place over the telephone with us;
a telephone or in-person inquiry or discussion about our products, services and accounts;
mail correspondence, emails or other electronic means (including by accessing our website and use of the "contact us" form);
publicly available sources of information; and
point of sales systems and reports.
We may also collect information from a friend or someone who refers our services to you, the vendor of any business we acquire, a wholesale service provider who provides services to you, a marketing bureau or third party contractor (including any of our dealers or resellers) and a credit reporting agency (where we undertake a credit check).
We collect personal information directly from you, unless it is unreasonable or impracticable to do so.
We collect data from our website using various technologies, including “cookies”. Put simply, a “cookie” is a text file that our website sends to your browser which is stored on your computer as an anonymous tag identifying your computer (but not you) to us. You can set your browser to disable cookies. However, some parts of our website may not function properly (or at all) if cookies are disabled.
4. EFFECT OF NON-PROVISION OF PERSONAL INFORMATION, ANONYMITY AND PSEUDONYMITY
From time to time you may be able to deal with us anonymously or by using a pseudonym. For example, without limitation, if you have a general inquiry about us, and/or our goods and services, we may be able to respond to your inquiry on an anonymous or pseudonymous basis.
However, if the personal information we request for the provision of our goods and/or services is not provided to us, or you provide the information anonymously or pseudonymously, then we may be unable to provide the goods and/or services to you.
Further, we may need to verify your identify as part of our response to a request to access and/or correct personal information we hold about you, or as part of our complaints handling procedure. If we are unable to verify your identify, or you continue to engage with us in an anonymous or pseudonymous basis, then we may be unable to complete your request or pursue our complaints handling procedure.
5. PURPOSE FOR WHICH WE COLLECT AND DEAL WITH YOUR INFORMATION
As a general principle, we only use personal information for the primary purpose for which we collect the information or a secondary purpose related to the primary purpose for which you would reasonably expect us to use the collected information or otherwise as permitted or authorised by law (including the APPs).
We will not use your information for an unrelated secondary purpose unless we obtain your written consent or an exception applies, such as it is impracticable to obtain your consent and we believe that collecting, using or disclosing your information is necessary to lessen a serious threat to the life, health or safety of any individual or property.
We collect, hold and use personal information for the following purposes:
fulfilling an agreement with you or a party related to you (such as your employer) for our supply of our goods and/or services;
processing your transaction and administering your account, including by processing of invoices, bills, statement of accounts and related financial matters necessary for our providing of your goods and/or services;
addressing queries, warranty claims or resolving complaints;
advising you of developments or changes to our products and/or services as well of special offers made available on a limited basis;
marketing, advertising or otherwise promoting our products and/or services, including by way of holding competitions;
seeking your participation (on a voluntary basis) in advertising campaigns, events, launches, customer testimonials and focus groups;
undertaking market research in relation to our products and services;
undertaking and completing our internal business functions and operations, including decisions on employment applications and engagement of contractors;
maintaining and developing our internal business systems;
improving our website and our products and services;
complying with our obligations under any regulatory, tax, insurance or other requirements and applicable laws;
Investigating a complaint; and
automatically processing your personal information and your activity on our website, in order to provide more tailored and relevant services and products to you.
We may disclose your personal information to third parties, such as our dealers and resellers, any marketing agency we engage to facilitate our promotions, banks, professional advisers, courts, tribunals, regulatory authorities, other companies and individuals for the purpose of:
complying with our obligations owed to you under any contract between us and you, or as required by law;
undertaking credit checks and collecting debts on overdue and outstanding payments owed to us; and
enabling those third parties to perform services on our behalf, such as delivering packages, addressing warranty claims, sending correspondence and processing payments.
They will have access to your personal information required to perform these services, but we will not authorise them to use your information for any other purpose.
We also disclose your information to third parties that provide services to us, such as auditors, financial services, our employees, officers, professional advisers, agents, suppliers, subcontractors or insurance companies, for them to complete their obligations owed to us under agreements that we have entered into for the purpose of undertaking our business operations and activities.
This information may include scrambled credit card details; although these will only be used with your consent for any transactions with them.
We may also disclose personal information if there is a change of control in our business, to prospective investors in or purchasers of some or all of our business or our assets, We reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases.
In addition, we may provide statistics (with personal identifiers removed) about our customers, readers, sales, traffic patterns and related site functions to reputable third parties primarily for the purpose of assisting us to improve our service offering.
You have the right to tell us that you do not wish us to send information to you other than for the primary purpose for which we collect your personal information. We will always attempt to ensure our disclosure of personal information to other organisations is carried out in a manner which does not personally identify individuals.
We may hold your personal and non-personal information for the duration required by regulatory, tax, insurance or other requirements in accordance with applicable laws.
6. DIRECT MARKETING
We may directly market our products and services to you on the basis that you would reasonably expect us to do so, where we have collected your personal information from you already. We may directly market to you by post, email, sms or other electronic means. Where we collect your personal information from a third party, we will not use your personal information to directly market to you without your consent.
Please note that we will also comply with other laws that are relevant to marketing in Australia, including the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth) and the Competition and Consumer Act 2010 (Cth).
All direct marketing communications you receive will include an easy opt-out procedure if at any time you wish us to cease sending you information.
7. THE CONSEQUENCES OF NOT PROVIDING US WITH PERSONAL INFORMATION
Your withholding of personal information from us might mean we are unable to perform some essential functions related to our products and/or services, including one or all of the purposes listed above in section 5.
8. CROSS BORDER TRANSFER OR DISCLOSURE OF INFORMATION
We may also disclose, store, process and/or transfer your personal information to our affiliates in China, overseas suppliers and our technology infrastructure may make use of cloud infrastructure or servers located in Asia Pacific.
In the event we disclose, store, process and/or transfer your personal information overseas, we will ensure that reasonable adequate security mechanisms are in place to protect your information, this may include data protection clauses with that third party.
Wherever reasonably practicable, we will first seek your consent to such cross-border disclosure. Please note that where you consent to such cross-border disclosure, we will be exempt from the requirements of the Act in relation to such disclosed information. Where it is not reasonably practicable for us to obtain your consent we will otherwise comply with the requirements of the Act.
You acknowledge that your personal information for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal information by others.
9. MAINTAINING THE INTEGRITY, CURRENCY AND SAFETY OF YOUR PERSONAL INFORMATION.
This section explains how Carla Florencia holds your personal information, how you can access and update your personal information, complain about an alleged breach of the APPs or make any related enquiry.
9.1. MAINTAINING CURRENCY OF YOUR INFORMATION
Carla Florencia relies on accurate and reliable information to deliver necessary and effective services. If we are satisfied that any of the information we have about you is inaccurate, out-of-date, irrelevant, incomplete or misleading, or you request we correct any information, we will take reasonable steps to ensure the information held by us is accurate, up-to-date, complete, relevant and not misleading.
The practical measures by which Carla Florencia avoids having an incorrect record of an individual’s information include asking you to complete the appropriate forms and requesting that you periodically update this information in writing.
If we disclose your personal information that is later corrected, we will, or else you may ask us to, notify the entity that received the incorrect information about that correction.
Should we refuse to correct the information, we will explain the reasons for refusal. We will also provide you with information about our complaint procedure if you wish to lodge a formal complaint about our refusal.
9.2. SAFETY OF YOUR INFORMATION
All personal information is securely stored using appropriate physical and/or electronic security technology, settings and applications, managerial procedures and by ensuring staff dealing with personal information are trained in our privacy policies and procedures.
These policies are designed to protect personal information from unauthorised access, modification or disclosure; and from misuse, interference and loss.
Our website may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that Carla Florencia is not responsible for the privacy practises of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal information.
10 ACCESSING YOUR INFORMATION OR LODGING A COMPLAINT
10.1 ACCESSING AND CORRECTING INFORMATION
You are entitled at any time, upon request, to access your personal information held by us. We will respond within a reasonable time after the request is made and give access to the information in the manner requested by you, unless it is impracticable to do so. We are entitled to charge you a reasonable administrative fee for giving you access to the information requested.
Should you be refused access to your information, we will explain the reasons for refusal - any exceptions under the Privacy Act or other legal basis relied upon as the basis for such refusal – and, if you wish to lodge a formal complaint about our refusal, we will explain the complaint procedure.
10.2 LODGING A COMPLAINT
If you wish to complain about an alleged breach of the privacy of your personal information, or an alleged breach of the APP’s, the complaint should be made by emailing our Privacy Officer at email@example.com
We will acknowledge receipt of your complaint and we will endeavour to deal with your complaint and provide you with a response within a reasonable time following our receipt of your complaint (generally 30 days of our receipt of your complaint). Where a complaint requires a more detailed investigation it may take longer to resolve and/or to respond. If this is the case, we will provide you with progress reports.
We will verify your identify and seek, where appropriate, information from you in connection with the complaint.
Where required by law, we will acknowledge your complaint in writing and provide information in writing on how we will deal with your complaint. Further, if required to do so by law, we will provide our determination on your complaint to you in writing.
We may refuse to investigate and deal with a complaint if we consider it to be vexatious or frivolous.
If you are dissatisfied with the outcome of your complaint, you may seek an internal review of our decision, which will be completed by an officer not previously involved in your complaint. If you remain dissatisfied, you may escalate your complaint to the Office of the Australian Information Commissioner.
11. GDPR FOR THE EUROPEAN UNION
If you are a resident of the European Union for the purposes of the GDPR, then in addition to what is set out above, the following applies to you. Terms used are as defined in the GDPR.
We process your personal information and personal data as a processor and/or to the extent that we are, a controller.
We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.
We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
We also process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
We do not collect or process any personal information from you that is considered "Sensitive Personal Information" under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.
Where we employ data processors to process personal information on our behalf, we only do so on the basis that such data processors comply with the requirements under the GDPR and that have adequate technical measures in place to protect personal information against unauthorised use, loss and theft.
We retain your personal information for as long as you have an open account with us or as otherwise necessary to provide you with services and/or products. In some cases we retain personal information for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. Afterwards, we may retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.
11.1 YOUR RIGHTS UNDER THE GDPR
If it is applicable, Carla Florencia complies with your rights under the GDPR as to how your personal information is used and controlled. Except as otherwise provided in the GDPR, you have the following rights:
(a) to be informed how your personal information is being used;
(b) to access your personal information (we will provide you with a free copy of it, in a portable and machine readable form);
(c) to correct or update your personal information if it is inaccurate or incomplete;
(d) to delete your personal information and account (also known as "the right to be forgotten");
(e) to restrict processing of your personal information;
(f) to retain and reuse your personal information for your own purposes;
(g) to object to your personal information being used;
(h) to object against automated decision making and profiling;
(i) to request that we share your personal information with a third party;
(j) the right to complain to a supervisory authority within the meaning of the GDPR (including the right to complain to the Office of the Australian Information Commissioner).
Please contact our data protection officer directly via e-mail: firstname.lastname@example.org at any time to exercise your rights under the GDPR.