1.2 A reference to you, your or user is a reference to someone who has accessed the App.
1.3 We care about how your information is used and shared. We take protecting your privacy very seriously.
2.3 We endorse fair information handling practices and uses of information in compliance with our obligations under the privacy laws in force in Australia from time to time.
2.4 We will treat all Personal Information in a manner consistent with this Policy unless you have provided your express consent otherwise.
3.1 We do not collect any Personal Information from users.
3.2 The App may however automatically receive technical information relating to your usage of the App such as your operating system, device, features used, content viewed and downloaded, the dates and times of your interactions with the App and other information. The user hereby consents to use of this information to understand, customise and improve user experience with the App. For example, we may engage analytics services to analyse this information in order to help us understand how visitors engage with and navigate the App, how and when features within the App are used and by how many users.
4.1 We collect Personal Information for:
a) replying to correspondence from users;
b) processing orders and sending information and updates pertaining to orders to users;
c) advertising products or services being offered by us or any of our related companies or business partners; and
4.2 When we use Personal Information to send you a commercial electronic message, we will:
a) always identify who has sent you the message;
b) never use false or misleading subjects or email addresses;
c) allow users to unsubscribe; and
d) honour opt-out/unsubscribe requests within five business days.
4.3 We may also use Personal Information we collect for related purposes such as:
a) to record information about a user’s usage, preferences and behaviour, as well as any feedback provided by users;
b) to perform statistical analyses of user behaviour;
c) to optimise marketing activities, user experience, and content;
d) protecting individuals and users from fraud; and
e) any other use for which we obtain express permission from you.
5.1 Access to Personal Information by our employees, subcontractors, suppliers and affiliates is governed by any agreements we may have in place with those parties and those parties’ obligations under the Privacy Act, General Data Protection Regulation (EU) 2016/679 (GDPR) and any other relevant law. Our agreements with employees, subcontractors, suppliers and affiliates require those parties to comply with these laws.
5.2 When sharing your Personal Information with service providers, we may be sharing this information outside Australia such as to the United States and other countries.
6.1 Our servers are hosted in Australia. We take all reasonable steps to manage data stored on our servers
to ensure data security and to prevent the loss, misuse or alteration of Personal Information.
Notwithstanding the above, we are not responsible for any third-party access to Personal Information as a
a) interception while it is in transit over the internet;
b) spyware or viruses on the device (such as a computer or phone) from which you access the Site; or
c) as a result of your failure to adequately protect their user name or password (if applicable).
6.2 We are also not responsible for any losses, expenses, damages and costs, including legal fees or virtual currency in the App, resulting from such third-party access.
6.3 If we have reasonable grounds to believe that your Personal Information may be subject to unauthorised access or disclosure (eligible data breach), we will investigate and assess the suspected eligible data breach to determine whether the eligible data breach is likely to result in serious harm to you (Notifiable Data Breach). If a Notifiable Data Breach occurs, then we will notify you and the Australian Information Commissioner as soon as practicable after we become aware of the Notifiable Data Breach in accordance with our obligations under the Privacy Act 1988. We will comply in every way with our obligations under Part IIIC – “notification of eligible data breaches” of the Act.
6.4 Any information collected through the App will be sent to a secure Postgres database stored in a data centre. Your user data is tied to a unique user ID (UUID).
6.5 User passwords will be encrypted in the user database table using a hash. Data is sent to the App via a REST API that is secured using an SSL https connection.
6.6 All data is coded; accordingly, it will not be readily identifiable.
6.7 Access to the App on your smartphone is protected by your password you selected after you downloaded the App.
6.8 You should take all necessary steps to prevent unauthorised access to your account and Personal Information by protecting your ID and pass code and limiting access to your smartphone.
7.1 We will retain your Personal Information for as long as is required to provide you with our services or assist you with your query and to comply with legal requirements.
7.2 If we no longer require Personal Information for any purpose, including legal purposes, we will take reasonable steps to securely destroy or permanently de-identify the Personal Information.
8.1 Through the App, you may access, edit or delete information you have provided to us. You may stop all collection of information by the App at any time by uninstalling the App.
8.2 You can access the Personal Information held about you at any time by contacting our Privacy Officer at [email protected].
8.3 We will always endeavour to meet requests for access. However, in some circumstances we may decline a
request for access. This includes the following circumstances:
a) we no longer hold or use the Personal Information;
b) providing access would have an unreasonable impact on the privacy of other persons;
c) the request is frivolous or vexatious;
d) the Personal Information relates to existing or anticipated legal proceedings and would not normally be disclosed as part of those proceedings;
e) providing access would be unlawful;
f) providing access would be likely to prejudice the detection, prevention, investigation and prosecution of possible unlawful activity; and
g) the Personal Information would reveal other user’s commercially sensitive information.
8.4 If we decline a request for access, we will provide reasons for our decision when we respond to the request.
8.5 We reserve the right to charge you a reasonable fee for access to your Personal Information. These charges will be limited to the cost of recouping our expenses for providing you with your Personal Information, such as document retrieval, photocopying, labour and delivery.
8.6 We will take reasonable steps to ensure that Personal Information is accurate, complete and up to date at the time of collecting the Personal Information from you or during other interactions with you.
8.7 If you believe that any Personal Information, we hold about you is inaccurate, incomplete or out-of-date, you may contact our Privacy Officer.
9.2 If you have a complaint in relation to the way we have handled your Personal Information, your complaint should be made in writing to [email protected] in the first instance. We will investigate the complaint and prepare a response to you in writing within a reasonable period of time.
9.3 If you are located in a jurisdiction where the GDPR applies, you may have the right to request that we help you move your Personal Information to other companies or organisations where this is technically feasible provided that the Personal Information was collected by automatic means. If you would like to make such a request, you should contact [email protected]. If we are required to do so at law, we will take reasonable steps to process your request.