What is personal information?
In general terms, personal information is information (whether fact or opinion) about an identified or reasonably identifiable individual.
Some types of personal information are designated as ‘sensitive information and are subject to additional protection under the Privacy Act. For example, these can include information about your health and wellbeing.
What types of information do we collect?
The types of personal information we collect about you will depend on the information’s purpose. This can include:
- Your name, billing and shipping address, email, phone number(s), payment information (including credit card information or alternative payment methods), order details
- Suppose ONA Luxury suspects fraudulent activity or our terms and conditions have been broken. In that case, ONA Luxury may collect your driver’s license and any other form of identification deemed necessary to verify your identity.
- if you have requested to receive news and exclusive offers, promotions, or invitations to events – your name, mailing or street address, email address, and telephone number(s);
- If you have contacted our customer support team to make a complaint, provide feedback, submit an inquiry, request a call-back, or request a product replacement – your name, email address, and any files attached to your request;
- in the case of our brand ambassadors, representatives or supporters, your name, mailing or street address, email address, date of birth, occupation, and social media information;
- in the case of prospective employees or contractors – the information contained in your application or résumé, recorded during any interview, or obtained through any pre-employment checks, and government-issued identifiers such as tax file numbers; and
- in the case of our suppliers and distributors – your name, mailing or street address, email address and telephone number(s).
Generally, ONA Luxury will not collect sensitive information about you. However, in certain circumstances, we may need to collect limited sensitive information. For example, if you disclose details of a medical condition or other specific dietary or allergy requirements to us in the course of requesting further information from us about any of our products. When you browse our website, we also automatically receive details of your device’s Internet protocol (IP) address, your web browser type used to access our website, and your operating system.
How do we collect personal information?
We collect personal information directly from you, including when you:
- access our website;
- place an order or arrange a subscription;
- arrange for a delivery or return a purchase;
- sign up to receive news and exclusive offers;
- enter surveys, competitions, promotions or request information or material from us;
- communicate by us by email, by telephone, or via our website;
- apply to work with us or are engaged by us as a contractor; or
- provide goods or services to us.
In some circumstances, we may collect personal information about you:
- from publicly available sources (such as the internet); or
- from third parties, for example, service providers who assist us with activities
Direct marketing communications
We will only send you emails about our store, new products, and other direct marketing communications (for example, through mail, SMS or email), where you have consented to us doing so, or are permitted by law to do so. You can unsubscribe from direct marketing communications at any time by contacting us at email@example.com
Can you choose not to disclose your personal information?
If you contact us to make a general inquiry about ONA Luxury or our products, you do not have to identify yourself or provide any personal information. Alternatively, you can also notify us that you wish to deal with us using a pseudonym.
However, if we cannot collect personal information about you, we may not provide you with the knowledge or assistance you require. For example, we will not send you the information you have requested if you have not provided us with a valid email address or telephone number.
How do we use your personal information?
In general, we use your personal information for our business operations. Some specific purposes for which we use your data are as follows:
- to process your purchase and provide you with products that you have ordered as part of the buying and selling process;
- to verify your identity (for example, if you request access to the personal information we hold about you or if we require further information to process your purchase);
- to consider you for a job at ONA Luxury (whether as an employee or contractor) or other relationships with us;
- to communicate with you and address issues or complaints you or we may have regarding our relationship
- to contact you via electronic messaging such as SMS and email, by mail, by phone, or any other lawful manner.
We may also use or disclose your personal information for other purposes you have consented to or as otherwise permitted or required by law.
Technical and general analytics information is used to gauge website visitor traffic and trends and deliver personalised content to you while you are on our website, and improve our website and our products and services.
To whom do we disclose personal information?
We may disclose your personal information to third parties in connection with the purposes described above. We may disclose your personal information to the following types of third parties:
- any potential third party acquirer of our business or assets, and advisors to that third party;
- our professional advisers (such as lawyers, accountants, or auditors) and insurers;
- our employees, contractors, and third-party service providers who assist us in performing our functions and activities, e.g., payment systems operators and financial institutions, cloud service providers, data storage providers, freight companies, telecommunications providers, and IT support services providers;
- organisations authorised by us to conduct promotional, research, or marketing activities;
- third parties with whom we have arrangements for promoting our business, for example, marketing agencies and companies who may use your personal information to tailor electronic advertising to you (e.g., on a webpage or social media platform) concerning our products and services;
- third parties to whom you have authorised us to disclose your information (e.g., referees if you are applying for a job with us); and
- any other person as required or permitted by law.
Suppose we disclose your personal information to third parties. ONA Luxury will use reasonable commercial efforts to ensure that such third parties only use your personal information to the extent reasonably necessary to allow the third party to comply with their obligations to us in a manner consistent with applicable laws. For example, where commercially practical, we will include suitable privacy and confidentiality clauses in our agreement with a third-party service provider to disclose your personal information.
Where is your data stored and transferred?
Shopify Inc hosts our online store. Your data is stored in databases located in Australia and the United States of America. We keep your information on a server behind a firewall.
Suppose you choose a direct payment gateway to complete your purchase. In that case, our server stores your credit card data only until the payment transaction is completed, and then the information is deleted. Your credit card data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express, and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
We take reasonable precautions to protect your personal information and follow good industry practices to ensure it is not lost, misused, or inappropriately accessed, disclosed, altered, or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow PCI-DSS requirements and implement additional generally accepted industry standards.
Please notify us immediately if you become aware of any breach of security.
Third Party Services
When you click on links on our website, you may be directed away from our website. We are not responsible for the privacy practices of other websites and businesses, and we encourage you to read their respective privacy policies.
Suppose you use any third-party service providers in your use of our website, such as payment gateways and other payment transaction processors. In that case, these third-party providers have their privacy policies regarding the personal information we are required to disclose to them for your purchase-related transactions. We recommend that you read their privacy policies to understand how these third-party service providers will handle your personal information.
How can you access and correct your personal information?
You may request access to any personal information we hold about you at any time by contacting us. We will provide access to that information under the Privacy Act, subject to any exemptions that may apply. We will need to verify your identity before we can comply with your request. We may also charge an administration fee in limited circumstances, for example, if we are required to procure additional resources to comply with your request.
If you believe that personal information we hold about you is incorrect, incomplete, or inaccurate, then you may request us to amend it by contacting us.
What is the process for complaining about a privacy breach?
If you have any questions, concerns, or complaints about our collection, use, disclosure, or management of your personal information, please get in touch with us in writing using the contact details below.
We will make inquiries, and an appropriate person will assess your complaint to resolve any issue in a timely and efficient manner.
If you are unsatisfied with the outcome, we will advise you about further options, including, if appropriate, review by the Privacy Commissioner within the Office of the Australian Information Commissioner.
Where applicable, we will rely on the employee records exemption in the Privacy Act and any other applicable exemptions in the Privacy Act or other legislation.
Questions and Contact information
If you would like to register a complaint or want more information about how we handle personal information, don’t hesitate to get in touch with us at firstname.lastname@example.org