2. Collection and Use of Personal Information
2.1 What is “Personal Information”
The Privacy Act currently defines “personal information” as meaning information or an opinion about an identified individual or an individual who is reasonably identifiable:
2.2 Information We Collect
When you visit our Websites, we automatically collect certain information about your device and preferences, including:
(a) information about your web browser;
(b) IP address;
(c) time zone;
(d) cookies installed on your device;
(e) information about the web pages or products that you view;
(f) websites or search terms referred you to the Websites;
(g) information about how you interact with the Websites.
We refer to this automatically-collected information as “Device Information".
Additionally, when you otherwise engage with us or make (or attempt to make) a purchase through our Websites, we may collect certain information from you that personally identifies you including:
- (a) your name;
- (b) billing address;
- (c) shipping address;
- (d) payment information;
- (e) email address; and
- (f) phone number.
We may collect additional personal information from time to time.
You don’t have to give us the Order Information requested. However, if you do not provide us with some or all of the Order Information requested, we may not be able to fulfil your order or satisfy your request, to the requested standard or at all, and you may also miss out on receiving valuable information about Shona Joy.
2.3 Consent to Collection and Use
We will not normally seek to collect sensitive information, however you consent to us collecting sensitive information which you provide to us voluntarily.
2.4 Why We May Collect, Hold, Use and Disclose Personal Information
We may collect, hold, use and disclose Personal Information about you to provide and improve the quality of our products and service to customers and for our legitimate business interests. Our collection, holding, use and disclosure of your Personal Information will depend on our relationship with you, the circumstances of collection of the Personal Information and your request/s.
Generally, we use Order Information collected to:
- (a) fulfil any orders placed through the Websites (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations);
- (b) communicate with you;
- (c) screen our orders for potential risk or fraud; and
- (d) provide you with information or conduct advertising or marketing activities relating to our products or services (unless you tell us not to).
Device Information is collected to:
- (a) help us screen for potential risk or fraud (in particular, your IP address); and
- (b) to improve and optimise our Websites (for example, by generating analytics about how our customers browse and interact with the Websites and to assess the success of our marketing and advertising campaigns).
We may also collect, hold, use and disclose your Personal Information for other reasons where the law allows or requires us to do so, including the following:
2.5 How We Collect Personal Information
The main ways we collect Personal Information include:
- (a) if you access our Websites or engage with us via social networking services, including by the use of the specific technologies referred to below;
- (b) if you subscribe to any of our e-mailing or SMS marketing lists;
- (c) in connection with the fulfilling of orders;
- (d) if you request us to provide you with information regarding the Shona Joy products or service including online, email or telephone enquiries;
We collect Device Information using the following technologies:
- (a) “Cookies” which are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- (b) “Log files” which track actions occurring on the Websites, and collect data including your IP address, browser type, internet service provider, referring/exit pages and date/time stamps.
- (c) “Web beacons,” “tags,” and “pixels” which are electronic files used to record information about how you browse the Websites.
- Please note that we do not alter our Websites’ data collection and use practices when we see a "Do Not Track" signal from your browser.
3. Disclosure of Personal Information
3.1 Disclosure of Personal Information to third parties
We may disclose your Personal Information to third parties as a part of providing our products or service and for our legitimate business interests, including:
Where possible, Shona Joy may impose contractual restrictions equivalent to those imposed on Shona Joy under the Privacy Act in respect of collection and use of Personal Information by those third parties. However, in some cases, Shona Joy's ability to impose contractual restrictions is limited. In those circumstances, we will carefully consider the risks to the protection of Personal Information when entering into arrangements with third parties.
Under no circumstances will Shona Joy sell or receive payment for licensing or disclosing your Personal Information.
In the event of a data breach likely to cause serious harm involving your Personal Information, we will notify you in accordance with our Notifiable Data Breaches scheme obligations under Part IIIC of the Privacy Act.
3.2 Cross-border disclosure of Personal Information
Some of Shona Joy's third party contractors may be located overseas or perform services overseas and as a result your Personal Information may be disclosed to a third party in a foreign country.
Under the Privacy Act, we must take reasonable steps, before Personal Information is disclosed to an overseas recipient, to ensure that the overseas recipient does not breach Australian privacy laws in relation to that information ("the Obligation").
The Obligation does not apply if you consent to disclosure of your Personal Information to an overseas recipient.
By supplying Personal Information to us you consent to the disclosure of your Personal Information to an overseas recipient and agree that the Obligation does not apply.
4. Behavioural Advertising
As described above, we may use your Personal Information to provide you with targeted advertisements or marketing communications we believe could be of interest to you.
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work
You can opt out of targeted advertising via the relevant platform for example for Facebook via https://www.facebook.com/settings/?tab=ads.
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at https://optout.aboutads.info.
5. Additional Disclosure and Rights under EU Law
This section applies if you are based in the European Economic Area ("EEA") during your interactions with us and sets out the additional information that we are required to provide to you under European data protection laws.
5.1 Grounds for Use
Purposes of the data use
To fulfil orders and provide our products and administer our service
· contract performance
· legitimate interests (to allow us to perform our obligations and provide services to you)
To communicate with you and provide customer support
· contract performance
· legal obligation
· legitimate interests (to allow us to correspond with you in connection with our services)
To screen orders for potential risk or fraud
· legal claims
· legitimate interests (to prevent, detect and take action in response to fraudulent activity, including fraudulent transactions)
To conduct marketing activities and research
· legitimate interest (in order to market to you and better understand customer's requirements) and consent (which can be withdrawn at any time)
To ensure our Websites content is relevant
· legitimate interests (to allow us to provide you with relevant content on our Websites)
To maintain our records and comply with our legal obligations
· legal obligation
· legal claims
· legitimate interests (to cooperate with law enforcement and regulatory authorities)
5.2 Cross-border disclosure of Personal Information outside the EEA
When we transfer Personal Information from inside the EEA to outside the EEA, we may be required by law to take specific measures to safeguard the relevant Personal Information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export Personal Information from the EEA to these jurisdictions. In countries which have not had these approvals, we will use appropriate safeguards to protect any Personal Information being transferred.
5.3 Additional Rights
- (a) provide you with further details on how we use and process your Personal Information;
- (b) delete Personal Information we no longer have grounds to process; and
- (c) restrict how we process your Personal Information while we consider an inquiry you have raised.
In addition, under certain conditions, you have the right to:
- (a) where processing is based on consent, withdraw the consent;
- (b) lodge a complaint with a supervisory authority;
- (c) object to any processing of Personal Information that we process on the “legitimate interests” or “public interests” grounds, unless our reasons for the underlying processing outweighs your interests, rights and freedoms; and
- (d) object to direct marketing (including any profiling for such purposes) at any time.
You can exercise these rights by contacting us (details at clause 7 below). These rights are subject to certain exemptions to safeguard the public interest and our interests.
6. Additional Disclosure under California Consumer Privacy Act
6.1 Additional Disclosure
This section applies solely to Californian consumers' Personal Information processing and is intended to address the relevant notice requirements of the California Consumer Privacy Act of 2018.
- (a) Your information, sources and purposes: please refer to the sections above explaining what Personal Information we collect (section 2.2.), how we collect it (section 2.5) and how we use the Personal Information (section 2.4) including grounds for each category of use (section 5.1).
- (b) Sharing your information: we may share your information with certain categories of third parties, please refer to disclosure of Personal Information to third parties (section 3.1) above. We reiterate that under no circumstances will Shona Joy sell or receive payment for licensing or disclosing your Personal Information. We may allow certain third parties to collect your personal information via automated technologies on our Websites to serve you content and advertisements that may be of interest to you. You have the right to opt out of these as described in sections 2.5 and 3.1 above.
- (c) Additional rights: subject to exceptions under applicable law, you may have certain choices regarding our use and disclosure of your Personal Information as described below:
You can exercise these rights by contacting us (details at clause 7 below). If you choose to exercise any of these rights, you will not receive discriminatory treatment by us.
7. Accessing your Personal Information
You have the right to request access to Personal Information that is held by Shona Joy about you.
You also have the right to request the correction of any of your Personal Information that Shona Joy holds. We will take reasonable steps to make appropriate corrections to Personal Information so that it is accurate, complete and up-to-date.
To seek access to, or correction of, your Personal Information please contact Shona Joy as follows:
8. Use of your Personal Information to contact you (including via SMS)
We will never knowingly send you unsolicited commercial electronic messages. More information on the Spam Act 2003 (Cth) is available from the regulator’s website:
We may use information that we know about your likes and interests to tell you about Shona Joy products or promotions. We may know about your likes and interests because you have provided that information.
By entering your phone number in the checkout (while initiating a purchase) or subscribing via our subscription form (or Facebook form), you agree that we may send you SMS notifications. These notifications may relate to an order (including abandoned cart reminders) or be SMS marketing offers.
SMS marketing messages will not exceed 20 messages per month and you acknowledge that consent is not a condition for any purchase order.
9. Opting out
If you decide that you do not want to be contacted by Shona Joy please contact us (details at clause 7 above). You may also opt out of receiving communications by following the unsubscribe function on any Shona Joy communications.
You understand and agree that alternative methods of opting out, such as using key word replies or request replies may not be accounted as a reasonable means of opting out and message or data rates may apply.
We will use reasonable endeavours to remove your name from the mailing/SMS lists within a reasonable period of receiving your request.
10. Storage and protection of your Personal Information
Shona Joy stores Personal Information electronically on servers hosted by our service providers. Shona Joy has implemented appropriate physical, electronic and managerial security procedures in order to protect Personal Information from loss, misuse, alteration or destruction. Shona Joy regularly reviews security and encryption technologies and will strive to protect information to the fullest extent possible.
Due to the nature of the internet, Shona Joy cannot give any warranties as to the security of any Personal Information transmitted by you to Shona Joy over the internet, or that Personal Information will not be accessed by unauthorised persons.
We encourage you to be vigilant about the protection of your own Personal Information when using any digital services.
11. Linked Sites
12. Personal Information About Other People
If you give us Personal Information about any other person in relation to or in connection with the provision of our services:
If you wish to make a complaint about our handling of your Personal Information, you should first make a complaint in writing to us. We will handle your complaint seriously and confidentially and will provide you with a response in a reasonable time period (usually 30 days). If we are unable to resolve your complaint, or you are not satisfied with the response, you may seek to have the matter resolved through mediation.
14. National Privacy Commissioner
If you are not satisfied with the way in which we handle your enquiry or complaint, or you wish to make a complaint about any perceived breach by Shona Joy of the APPs you can contact the Office of the relevant Privacy Commissioner on:
Tel 1300 363 992 or email: firstname.lastname@example.org