OPF Rewards Pty Ltd (ACN 56 633 217 517) ("we, us, our") recognises that your personal information is important to you and that you are concerned with its collection, use and disclosure. As such, to the extent applicable, we take great care to comply with the Australian Privacy Principles ("APPs") as set out in the Privacy Act 1988 (Cth) ("Privacy Act") and the European Union's General Data Protection Regulation.
PERSONAL INFORMATION WE COLLECT
We collect the following types of personal information from you:
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, server address, time zone and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as "Device Information."
We collect Device Information using the following technologies:
- "Cookies" are data files that are placed on your device or computer and often include an anonymous unique identifier in order for us to collect details about your use of the Site. You may elect to reject cookies at any time and still use the Site, however in doing so, some parts of the Site may not fully function. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org;
- "Log files" track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps; and
- "Web beacons," "tags," and "pixels" are electronic files used to record information about how you browse the Site.
When you make a purchase or attempt to make a purchase through the Site, we may collect certain information from you, including your name, date of birth, age and gender, your contact details such as your email address, phone number, billing and shipping addresses as well as your payment information (such as credit card numbers, cardholder name and expiration date). We refer to this personal information as "Order Information."
We will also collect other personal information from you such as your name, postcode and other demographic information, as well as contact details such as your email address when you submit an enquiry using the Site, send us a message through the Site or otherwise communicate with us using the contact details displayed on the Site. We will additionally collect personal information such as your user name, and other personal information available from social networking sites, when you connect with us, comment about us, or send a message to us on our Social Media (for example, so that we can answer questions about our services).
HOW DO WE HOLD AND SECURE YOUR PERSONAL INFORMATION
We may hold your personal information in a number of ways, including in our database and our customer relationship management system.
We take reasonable steps to ensure that the personal information that we hold is stored in a secure environment protected from misuse, interference and loss and any unauthorised access, modification or disclosure. Such reasonable steps include data encryption systems, employee screening, confidentiality policies and security verification processes.
WHY DO WE COLLECT, HOLD AND USE YOUR PERSONAL INFORMATION?
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimise the Site (for example, generating analytics to understand how our customers browse and interact with the Site and to assess the success of our marketing and advertising campaigns).
We use the Order Information that we collect generally to fulfil any orders placed through the Site (including processing your payment information, arranging for shipping and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
- communicate with you; and
- screen our orders for potential risk or fraud.
Additionally, we collect personal information from you in order to deal with requests, enquiries, complaints, and other customer care related activities. When in line with the preferences you have shared with us, we also collect your personal information to provide you with information or advertising relating to our products or services.
DISCLOSING YOUR PERSONAL INFORMATION
We may disclose your personal information to third parties to help us use your personal information in the manner described above. This may include disclosing your personal information to organisations that provide services to us in connection with our business including customer support, payment processing, administration, archival, data storage, hosting, mail and delivery, distribution, logistics, marketing, auditing, financial and legal advisory, banking, debt collection, security or technical services and the operation of our site. In some cases these service providers may collect your personal information on our behalf. If we disclose personal information to a third party, we generally require that the third party protects that information to the same extent that we do.
We also use Google Analytics to help us understand how our customers use the Site. Google Analytics does not identify individual users and will not associate an individual's IP address with other data held by Google. You can read more about how Google uses your personal information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics at any time by disabling or refusing cookies on the Site, or alternatively you can access the opt out browser here: https://tools.google.com/dlpage/gaoptout.
Finally, we may also disclose your personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive or to otherwise protect our rights.
As described above, we may use your personal information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative's ("NAI") educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of receiving any type of marketing information from us at any time, including our targeted advertising, by:
• using opt-out links from whichever services being used. Common links include:
- FACEBOOK - https://www.facebook.com/settings/?tab=ads; and
- GOOGLE - https://www.google.com/settings/ads/anonymous.
• visiting the Digital Advertising Alliance's opt-out portal at: http://optout.aboutads.info/.
DO NOT TRACK
Please note that we will not alter our Site's data collection and use practices if we see a "Do Not Track" signal from your browser.
We take reasonable steps to ensure that the personal information that we collect, hold and use is accurate, up-to-date and complete.
You have the right to access the personal information we hold about you and to ask that your personal information be corrected and updated. If you would like to exercise these rights, please contact us using the contact information below.
Upon request, we will provide access to your personal information that we hold (except in certain circumstances set out in the Privacy Act). On a rare occasion where we refuse access, we will provide you with a written notice stating our reasons for doing so. Please note that we may seek to recover reasonable costs incurred for providing you with access to any of the personal information about you held by us. We will also agree to take reasonable steps to correct and update the personal information that we hold about you if we are satisfied that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
If you are a resident in the European Union, you may have additional rights which are described below.
The Site is not intended for individuals under the age of 16 years old.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at firstname.lastname@example.org or by mail using the details provided below:
PO BOX 3059
You may also lodge a complaint with the Office of Australian Information Commissioner at:
Office of the Australian Information Commissioner
GPO BOX 5218
Privacy hotline on 1300 363 992.
ADDITIONAL RIGHTS OF EUROPEAN RESIDENTS
We are committed to ensuring we comply with the European Union's General Data Protection Regulation (GDPR), to the extent it applies to our handling of personal information.
If you are a European resident, we note that we are processing your personal data in order to fulfil contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. We also process your information with your consent, which you have the right to withdraw at any time. We will ensure that your processed persona data is adequate, relevant, not excessive, accurate and, where necessary, kept up to date. Additionally, please note that your information will only be transferred outside of the European Union where there is adequate protection, or where we have your consent to do so.
While we endeavour to provide all our customers with appropriate access and control over their personal data, as a European resident, you may, in certain circumstances, have the following additional rights:
• the right to have your data erased ("the right to be forgotten");
• the right to restrict processing of your personal data;
• the right to data portability;
• the right to object to the processing of your personal data; and
• the right to object to automated decision making, including profiling.
We will allow and assist European residents to exercise these rights unless we have compelling and legitimate legal grounds not to (e.g. an objection in the GDPR, a countervailing legal obligation under Australian legislation or if the personal data has been fully anonymised).