We respect your rights to privacy under the Privacy Act 1988 (Cth) (Privacy Act) and so in accordance with this Act, we are compliant with its requirements in respect of the collection, management and disclosure of your personal information.
We also uphold your rights to privacy if you are based in the European Union, in accordance with the General Data Protection Regulation (EU) (GDPR).
If you do not wish to provide personal information to us, then you do not have to do so. However, this may affect your use of this Site or any products and services offered on it.
We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website.
INFORMATION WE MAY COLLECT
We may collect the following personal information from you:
- current mailing or residential address;
- email address;
- telephone number;
- profession or occupation; and
- banking details required for processing payment.
Sensitive information is defined in the Privacy Act and GDPR to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Sensitive information will be used by us only:
- for the primary purpose for which it was obtained;
- for a secondary purpose that is directly related to the primary purpose; or
- with your consent; or where required or authorised by law.
HOW DO WE COLLECT YOUR PERSONAL INFORMATION
We collect your personal information directly from you unless it is unreasonable or impracticable to do so. When collecting personal information from you, we may collect in ways including:
- when you make an enquiry about our services;
- through your access and use of our website, including when you register as a member of our website;
- during conversations between you and our representatives;
- when you ask to be placed on one of our subscription/mailing lists;
- when you become a client or customer of ours or otherwise use our products or services; or
- when you voluntarily provide us with feedback and customer information collected in the process of conducting customer surveys for market research purposes.
WHAT HAPPENS IF WE CAN’T COLLECT YOUR PERSONAL INFORMATION
If you do not provide us with the personal information described above, some or all of the following may happen:
- we may not be able to provide our products or services to you, either to the same standard or at all;
- we may not be able to provide you with information about services that you may want, including information about special promotions; or
- we may be unable to tailor the content of our website to your preferences and your experience of our website may not be as enjoyable or useful.
SITE USER TRACKING EXPERIENCE
We may use tracking software to review and improve your experience of our Site. In particular, we may use Google Analytics Advertising products: Remarketing with Google Analytics and Google Analytics Demographics and Interest Reporting. Google Analytics collects data about our Site traffic via Google Advertising cookies and anonymous identifiers. Data collected via these Google products is not linked with any personally identifiable information you submit while on our Site. If you wish to opt out of the Google Analytics data collection, you may do so on Google’s Site at https://tools.google.com/dlpage/gaoptout/.
As our website is linked to the Internet, and the Internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the Internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case, we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.[NM2]
YOUR CONSENT TO THE COLLECTION, HOLDING, USE AND DISCLOSURE OF YOUR PERSONAL INFORMATION
ACCESS TO AND CORRECTING YOUR PERSONAL INFORMATION
On receipt of your written request we will provide you with the personal information we have collected about you. If you wish to update your personal information you should send an email to firstname.lastname@example.org advising us of any corrections. If you have an account on our Site, you may also view, correct and/or update your personal information by accessing your account on the Site.
HOW WE WILL USE YOUR PERSONAL INFORMATION
DISCLOSING YOUR PERSONAL INFORMATION
We may disclose your personal information in special cases when we have reason to believe that disclosing this information is necessary to identify, contact, or bring legal action against someone who may have breached our Terms and Conditions or who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users of our Site, or anyone else who could be harmed by such activities. We may also disclose your personal information when we reasonably believe that the law requires it. If we engage third party agents, subsidiaries, affiliates and joint venturers to perform functions on our behalf, such as credit card processing, shipping or stocking orders, providing customer service, and health professionals etc. we will disclose your personal information to them, as required for them to perform their functions. If our business or substantially all our business assets are sold or transferred, your personal information may be one of the business assets disclosed to the purchaser or transferee. We may hold and use individual or aggregated information automatically collected from you to track how our visitors use the Site, study traffic patterns, run and maintain the Site. We may provide targeted advertisements to you based on such data. Although we do not currently engage in such practices, we may share aggregated data with our advertisers.
If there is a change of control of our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases. This information may be disclosed to a potential purchaser. We would seek to only disclose information in good faith and where we have sought to maintain confidentiality.
We may need to disclose your personal information to entities located outside Australia for the purpose of us providing our services to you. We will take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles or GDPR, including satisfying ourselves as to the practices of the overseas entity and the security measures that are used by the overseas entity to protect your personal information.
PROTECTION OF YOUR PERSONAL INFORMATION
We will take all reasonable steps in the circumstances to ensure your personal information is kept secure and is protected from unauthorised use or disclosure. Unfortunately, information transmitted on the Internet and/or stored on systems attached to the Internet are not 100% secure. As such, we provide no warranty or guarantee as to the security or integrity of your personal information. To the extent permitted by law, you release us from any liability for the disclosure of any information due to errors in transmission or the unauthorised acts of third parties and indemnify us in respect of any claims arising from such disclosure.
HOW LONG DO YOU RETAIN MY PERSONAL DATA FOR
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By Law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for five years for Australian tax law purposes.
In some circumstances you can ask us to delete your data; see your legal rights below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
IF I AM BASED IN THE EU, WHAT ARE MY LEGAL RIGHTS UNDER THE GDPR
If the General Data Protection Regulation applies to you because you are in the European Union, you have rights under data protection laws in relation to your personal data:
- The right to be informed – the obligation for us to inform you how we use your personal data;
- The right of access – the right to make a ‘data subject access request’ for copy of the personal data we hold about you;
- The right to rectification – the right to make us correct personal data about you that may be incomplete or inaccurate;
- The right to erasure – also known as the ‘right to be forgotten’ where in certain circumstances you can ask us to delete the personal data we have about you (unless there’s an overriding legal reason we need to keep it);
- The right to restrict processing – your right in certain circumstances to ask us to suspend processing personal data;
- The right to data portability – the right for you to ask us for a copy of your personal data in a common format (for example, a .csv file);
- The right to object – the right for you to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
- Rights in relation to automated decision making and profiling – the right you have for us to be transparent about any profiling we do, or any automated decision making.
These rights are subject to certain rules around when you can exercise them.
If you wish to exercise any of the rights set out above, please contact us at email@example.com
HOW CAN YOU ACCESS AND CORRECT YOUR PERSONAL INFORMATION
You may request access to any personal information we hold about you at any time by contacting us. Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We may charge you a reasonable fee to cover our administrative and other reasonable costs in providing the information to you. We will not charge for simply making the request and will not charge for making any corrections to your personal information.
There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider if the information requires correction. If we do not agree that there are grounds for correction, then we will add a note to the personal information stating that you disagree with it.
HOW TO CEASE RECEIVING COMMUNICATIONS FROM US
You may terminate any ongoing communications you receive from ArchiStar via e-mail (such as newsletters, subscriptions, contest results, survey inquiries, etc.) by (1) clicking the “unsubscribe” link that is available within the communication received, or (2) by emailing firstname.lastname@example.org and request to be unsubscribed.
IF YOU THINK WE HAVE BREACHED THE AUSTRALIAN PRIVACY PRINCIPLES OR GDPR
To the extent that we are subject to the Australian Privacy Principles and GDPR, we have taken all reasonable steps to ensure that our practices comply with those principles. If you believe we have breached those principles we request that you email us at email@example.com setting out the circumstances in which you believe we are in breach. Your complaint will be reviewed and investigated by a senior manager of our business and a response will be provided to you within 30 business days. If you are unhappy with our response you agree that any further dispute should be determined by mediation with an independent mediator to be appointed by agreement of the parties within 14 business days of you notifying us of you wish to proceed to mediation. You agree that the cost of mediation will be borne equally between the parties and that the decision of the mediator will be final and binding on the parties.