Daring Designs Co is an Australian based jewellery online retailer with worldwide operations. We are committed to the protection of your personal information in accordance with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).
This policy (the “Policy”) sets out how we collect, use, manage and store personal information in the course of doing business. You agree that this Policy applies to you as an individual and is separate from, and does not amend or modify, any contractual arrangements between you or your organisation and us, nor create any rights in you under any such contract.
In this Policy:
"personal information" means any information or opinion about an identified individual or an individual who is reasonably identifiable (whether or not the information is true);
"sensitive information" means (without limitation) information about an individual’s race, ethnic origin, membership of a political association, religious beliefs, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation, criminal record, or health, genetic or biometric information.
2. What personal information we collect
As part of our operations we collect personal information that can reasonably be used to identify a specific person. The personal information that we may collect or hold will depend on the context in which we collect it, and may include:
- your name;
- telephone, mobile phone number and email address;
- delivery addresses;
- age or birth date;
- details of products that you have ordered from us;
- employment related information, if you apply to work for us;
- information you provide to us through surveys, competitions or market research; and
- any other personal information you or a person ostensibly authorised by you submits to us, as well any other information that we consider necessary (such as information about your opinions) to perform our functions and activities.
3. How we collect personal information
3.1 We collect personal information in a number of ways, including:
(a) where you provide information directly to us;
(b) where you interact directly with our employees and such other persons acting for us or on our behalf, such as our customer service team, including from electronic queries sent to us via email;
(c) if you are applying for employment with us, where you provide information directly to us during a recruitment process, or we obtain it from a recruitment agency, your referees, education institutions and government agencies;
(d) from third parties, such as our service providers;
(e) through referrals from individuals or other entities;
(f) through marketing and business development events including surveys, competitions and other market research initiatives;
(g) where you provide feedback to us;
(h) from related entities in our corporate group; and
(i) from publicly available sources of information.
3.2 We do not generally collect sensitive information about individuals. Where we collect, use and disclose sensitive information about you, we will only do so where (a) such collection, use, or disclosure is reasonably necessary to conduct our business and (b) either we have obtained your consent or such collection, use, or disclosure is permitted by law.
3.3 If you do not wish for your personal information to be collected in a way anticipated by this Policy, we will take reasonable steps to accommodate your request. If we do comply with your request, or you provide us with inaccurate or incorrect information, we may not have sufficient information to conduct our business and we may be limited:
(a) in our ability to properly conduct our operations;
(b) in our ability to keep you informed about your orders or our business;
(c) in our ability to provide you with access to protected areas of our website;
(d) in considering your application for employment with us; and
(e) in our ability to respond to an inquiry or request.
4.2 We may log IP addresses (that is, the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track users movements, and gather broad demographic information.
5. Purpose of collection, use and disclosure
5.1 We collect, use and disclose personal information for the primary purpose of conducting our business, which includes:
(a) providing and managing the delivery of our services and products, including processing orders and delivering products;
(b) collecting and disclosing personal information to our related entities in connection with our operations;
(c) in the case of applications for employment, assessing a person’s application for employment with us;
(d) to assess the performance of the website and to improve the operation of the website;
(e) researching and assessing our services and products to identify possible improvements, including collecting, using, and disclosing details about your usage patterns and interests;
(f) for the administrative, marketing (including direct marketing), planning, product or service development, quality control and research purposes;
(g) responding to an inquiry or request;
(h) compiling and maintaining a mailing list and communicating with persons on those lists;
(i) fulfilling obligations to, and cooperating with, government authorities;
(j) resolving disputes or addressing complaints;
(k) protecting our property, rights, and security, and the rights, property, and security of third parties or the public in general; and
(l) disclosing business-related data and information (including personal information) to potential buyer or other successors in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, insolvency, liquidation, or similar proceedings.
6. To whom may we disclose your personal information?
6.1 In conducting our operations, we may share some of your personal information with, or receive personal information from, third parties such as outsourced service providers and contractors.
6.2 Unless you have agreed otherwise, these parties are not allowed to use your personal information for any other purpose except to assist in conducting our business. We take reasonable steps to ensure that such third parties are subject to confidentiality requirements. In particular, we may disclose your personal information:
(a) to third party technology providers including Peoplevox and NetSuite which are online solutions we use to process customer orders and manage internal human resource functions;
(b) through Electronic Data Interchange (EDI);
(c) in the case of employees, to third parties that manage our payroll system and employee records;
(d) to any other third parties incidental to us carrying out our functions;
(e) to other service providers or referral partners in order to provide our services to you, or to assist our functions or activities (such as law firms);
(f) where you otherwise provide your consent, whether express or implied; and
(g) where otherwise required by law.
7. Overseas disclosure
7.1 From time to time, we may disclose your personal information to overseas recipients if it is necessary to conduct our business.
7.2 We currently have operations in Australia, and the United States and personal information is disclosed in those jurisdictions. We also use cloud-based solutions such as Peoplevox, NetSuite and EDI that store personal information securely primarily in the United States of America and the United Kingdom. We may from time to time expand our operations and/or change the cloud-based or other solutions used to store personal information.
7.3 We take reasonable steps to ensure that the receiving party provides commitments regarding privacy and confidentiality which are at least equal to the Australian Privacy Principles or applicable privacy protection laws that offer at least the same level of protection as that required under the Privacy Act in Australia.
8. Storage and security of personal information
8.1 Where we hold your personal information, we will take reasonable steps to ensure that the information is secure and may only be accessed by authorised persons. Where we store your personal information electronically on our database, we use secure servers and there are restrictions as to who has access to that information through password protection. All hardcopies of personal information are stored in lockable rooms.
8.2 Although we take reasonable steps, we are not responsible for third party circumvention of security measures on our electronic databases or at any of our premises. Please note that third party recipients of personal information may have their own privacy policies and we are not responsible for their actions, including their handling of personal information.
8.3 We cannot control the actions of other users with whom you share your information. Further, we cannot guarantee that only authorised persons will access your personal information. Please notify us immediately if you believe there has been any unauthorised access to your information.
8.4 We keep personal information as long as it is reasonably necessary for the purposes described in this Policy or otherwise in compliance with our or our service providers’ data retention policies. If any personal information that we hold is no longer required for the purpose for which it was collected and no applicable law requires us to retain that information, we will take reasonable steps to de-identify or destroy the information.
9. Access and correction
9.1 We will take reasonable steps to ensure the personal information we hold is complete, up to date and accurate, so far as it is practicable for us to do so.
9.2 You may request access to the personal information we hold about you by contacting our Privacy Officer. We may, subject to any exceptions set out in the Privacy Act, provide you with access to your personal information. We may charge you a fee to cover our administrative and other reasonable costs for giving access but we will not charge you for making the request itself.
9.3 Subject to paragraph 9.4, if personal information we hold about you is incorrect, we will, on your request to correct it or where we are satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading, take such steps as are reasonable in the circumstances to ensure that the information is corrected. You are able to make a correction request by using the contact details below. We will not charge you for making a correction request.
9.4 If you request us to correct personal information that we hold about you and we refuse to do so, we will, to the extent reasonable, provide you a written response as to our reasons. You can make a complaint if you think we have wrongly refused to correct or give you access to your personal information by using the contact details below.
10. Direct marketing
10.1 From time to time, we may use your personal information for direct marketing purposes and you consent to us using your personal information for direct marketing purposes (for an indefinite period). This includes sending you updates about our products and offerings. When we contact you, it may be by mail, email or SMS in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. Where we use or disclose your personal information for the purpose of direct marketing, we will:
(a) allow you to ‘opt out’ or, in other words, allow you to request not to receive direct marketing communications; and
(b) comply with any such request by you to ‘opt-out’ of receiving further communications within a reasonable time frame.
11. Questions and complaints
11.1 If you believe that your privacy has been breached, please contact our Privacy Officer using the contact information below and provide details of the incident so that we can investigate it. We request that complaints about breaches of privacy be made in writing, so we can be sure about the details of the complaint.
11.2 We will attempt to confirm as appropriate and necessary with you your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will inform you whether we will conduct an investigation, the name, title, and contact details of the investigating officer and the estimated completion date for the investigation process. We will aim to ensure that your complaint is resolved in timely and appropriate manner.
11.3 After we have completed our enquiries, we will contact you, usually in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view.
11.4 If you are unsatisfied with the outcome of our investigation, you may take your complaint to the Office of the Australian Information Commissioner (“OAIC”). Further information about the OAIC can be found on their website (https://www.oaic.gov.au/).
12. Changes to this Policy
We may change this Policy at any time. Please refer back to this Policy periodically to review any updates. If we make material changes to this Policy we will notify you by publication on our website. The revised version of the Policy will be effective at the time we post it, which time will be indicated at the end of this Policy. You agree to be bound by any modified or amended versions of this Policy.