What is Personal Information and why do we collect it?
Personal Information is information or an opinion that identifies an individual. This includes information such as your name, email address, identification number, or any other type of information that can reasonably identify an individual, either directly or indirectly. Examples of Personal Information we collect when you place an order include:
- your name;
- your contact details, mailing address, street address and/or telephone number;
- your demographic information, such as postcode;
- detail of products and services we have provided to you and/or that you have enquired about, and our response to you;
- your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
- information about your access and use of our Site, including through the use of Internet cookies, your communications with our Site, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
- additional personal information that you provide to us, directly or indirectly, through your use of our Site, associated social media platforms and/or accounts from which you permit us to collect information; and
- any other personal information requested by us and/or provided by you or a third party.
We may collect these types of personal information directly from you or from third parties. We don’t guarantee external website links.
We may collect additional information at other times, including but not limited to, when you provide feedback, when you provide information about your personal or business affairs, change your content or email preference, respond to surveys and/or promotions, provide financial or credit card information, or communicate with our customer support.
Collection and use of personal information
Your Personal Information is collected for the primary purpose of providing our products to you. We may also use your Personal Information for secondary purposes closely related to the primary purpose:
- to enable you to access and use our Site, and associated social media platforms;
- to contact and communicate with you;
- for internal record keeping and administrative purposes;
- for analytics, market research and business development, including to operate and improve our Site, and associated social media platforms;
- to run competitions and/or offer additional benefits to you;
- for advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you; and
- to comply with our legal obligations and resolve any disputes that we may have.
Disclosure of Personal Information to third parties
We may disclose personal information to:
- sponsors or promoters of any competition we run;
- credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
- courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
- third parties to collect and process data, such as Google Analytics and Mailchimp. This may include parties that store data outside of Australia; and
- If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases.
Your rights and controlling your personal information
Restrict: You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.
Access: You may request details of the personal information that we hold about you in accordance with the provisions of the Privacy Act 1988 (Cth), and to the extent applicable the EU GDPR. If you would like a copy of the information which we hold about you or believe that any information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading, please email us at firstname.lastname@example.org. An administrative fee may be payable for the provision of such information. In certain circumstances, as set out in the Privacy Act 1988 (Cth) or any other applicable law, we may refuse to provide you with personal information that we hold about you.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.
Complaints: If you believe that we have breached the Australian Privacy Principles and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint.
Unsubscribe: To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.
General Data Protection Regulation (GDPR) for the European Union (EU)
- We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.
- We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
- We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.
- We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure. We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
- We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
- We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
- You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children without parental authority.
Your rights under the GDPR
If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. Toasty complies with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU
Except as otherwise provided in the GDPR, you have the following rights:
- to be informed how your personal information is being used;
- access your personal information (we will provide you with a free copy of it);
- to correct your personal information if it is inaccurate or incomplete;
- to delete your personal information (also known as “the right to be forgotten”);
- to restrict processing of your personal information;
- to retain and reuse your personal information for your own purposes;
- to object to your personal information being used; and
- to object against automated decision making and profiling.
Storage and security of Personal Information
We are committed to ensuring that the personal information we collect is secure. We do no sell your personal data. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
Hosting and International Data Transfers
Information that we collect may from time to time be stored, processed in or transferred between parties or sites located in countries outside of Australia.
The hosting facilities for our Site are situated in Australia. Our domain providers are situated in Australia and United States. Transfers to each of these Countries will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website.
You acknowledge that personal data that you submit for publication through our Site or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
Cookies, web beacons and reCAPTCHA
We may use web beacons on our Site from time to time. Web beacons (also known as Clear GIFs) are small pieces of code placed on a web page to monitor the visitor’s behaviour and collect data about the visitor’s viewing of a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.
Links to other websites
Furthermore, a copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at https://www.oaic.gov.au/
Complaints and Enquiries
Last update: 24 January 2020