Revision date: March 2021
Sarah & Sebastian Pty Ltd (ACN 155 463 764) (SARAH & SEBASTIAN) is committed to protecting the privacy and security of our clients and visitors to our online and retail stores.
If you are located:
- in the European Union (“EU”), you have additional rights under the EU General Data Protection Regulation (“GDPR”);
- in the United Kingdom (UK), you have additional rights under the UK General Data Protection Regulation; or
- in California, you have additional rights under the California Consumer Privacy Act (CCPA).
PERSONAL INFORMATION WE COLLECT
“Personal information” means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether that information or opinion is true or not or recorded in a material form or not. The types of personal information we may collect and hold about you, depending upon the interaction in-store or online includes:
- Identifying and contact information such as your name, shipping and billing addresses, email address and phone numbers;
- Your date of birth;
- Information about products and services you have purchased, ordered or enquired about;
- Payment information including credit or debit card details, bank details or information in regards to other accepted payment solutions such as Paypal, Afterpay or Klarna;
- images captured by CCTV security cameras in our stores;
- Health information collected through our piercing waiver including pre-existing conditions;
- Information from contacting us with feedback or complaints and details of products returned, refunds made to you or repairs processed; and
- Personal information learnt about you from social media platforms and video sharing sites like Instagram, Facebook, LinkedIn and Youtube; such as your profile picture, username, handle, likes, location and friend list.
If you wish to apply for employment with SARAH & SEBASTIAN, we collect personal information when recruiting personnel, such as your name, contact details, qualifications and work history. Generally, we will collect this information directly from you.
We may also collect personal information from third parties in ways which you would expect (for example, from recruitment agencies or referees you have nominated). Before offering you a position, we may conduct background checks to determine your suitability for certain positions (for example, where handling finances).
If you become an employee of SARAH & SEBASTIAN, we will collect your Tax File Number and superannuation fund details.
When you visit or browse sarahandsebastian.com, we automatically collect certain information about your device, including information about:
- Your web browser;
- IP address;
- Time zone;
- Cookies on your device;
- The web pages you visit on the website;
- How you got to our website ie. referring websites and search terms; and
- Your interactions on our website.
We collect this information using the following technologies:
- Log files - track actions occurring on our website, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- Web beacons, tags, and pixels - electronic files used to record information about how you browse our website.
From time to time, you may be able to visit our website or deal with us anonymously or by pseudonym. However, please be aware that, if you do not provide us with certain information that we request, we may not be able to provide you with the products or services you require.
HOW WE USE YOUR PERSONAL INFORMATION
We use the personal information that we collect generally to fulfil orders (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this information to:
- Communicate with you;
- Safely undertake our piercing and soldering services;
- Screen our orders for potential risk or fraud;
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services; and
- for recruitment purposes, such as assessing applications for employment.
We use the collected device information to:
- supply you with advertising that is more relevant to you when you are visiting our website or other websites that promote our products;
- help us screen for potential risk and fraud (in particular, your IP address);
- improve and optimise our website (for example, by generating analytics about how our customers browse and interact with our website, and to assess the success of our marketing and advertising campaigns); and
- provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
We may use your personal information for the purposes of marketing our products and services or to inform you of new products, services, promotions or events that we believe you may be interested in. If you would like to stop receiving any of these marketing communications, you can opt out by writing to us at the contact details listed below (“Contact Us”) and informing us that you no longer wish to receive these materials. If at any time you would like to stop receiving future electronic marketing messages (such as emails or SMS), you can click the “unsubscribe” link in the electronic marketing messages we send.
HOW WE DISCLOSE OR SHARE YOUR PERSONAL INFORMATION
SARAH & SEBASTIAN does not sell personal information to any third parties. However, in order to provide the products or services requested by you, we may share or disclose your personal information to;
- SARAH & SEBASTIAN contractors and service providers including shipping companies, payment service providers and software, email and website service providers on a confidential basis. These third parties may only use this information in relation to our business and are prohibited from using your personal information for promotional purposes or selling your information. Shopfiy, for example, powers our e-commerce platform so your personal information is shared with Shopify if you make a purchase on our website.
- Service providers and other third parties in relation to our marketing or business development efforts
- Comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights; and
- Any other person or organisation that we advise you of or which you would reasonably expect.
The third parties that we may provide your personal information to may be located in Australia, New Zealand, Europe, UK, Russia, the United States and Canada.
If we sell or purchase any business or assets, your personal information may be disclosed to the prospective buyer/seller. If our business (or substantially all of our assets) is acquired by a third party, your personal information held by SARAH & SEBASTIAN may be an asset which is transferred to the buyer.
HOW WE STORE YOUR PERSONAL INFORMATION
Your personal information is stored on SARAH & SEBASTIAN’s IT systems in Australia and on the IT systems of our contractors or service providers, some of whom are located overseas including in the USA and Canada.
We take reasonable steps to destroy or permanently de-identify your personal information if it is no longer needed for a purpose which it may be used or disclosed under the Australian Privacy Principles and we are not required by law or a court/tribunal order to retain the information.
Please note that where CCTV is in operation in our stores you may be captured on CCTV and your image stored. All CCTV footage is captured purely for your security and for the prevention and detection of crime. If you would like to know more about this, please contact us using the details provided below.
THIRD PARTY LINKS
DO NOT TRACK
Please note we do not support Do Not Track. Do not track is a preference you can set in your web browser to inform websites that you do not want to be tracked. We do not alter our website’s data collection and use practices when we see a Do Not Track signal from your browser.
YOUR RIGHTS – ACCESS AND CORRECTION
You have the right to request that we provide you with access to your personal information or to ask us to correct any personal information we hold about you that is out-of-date, incorrect, incomplete or misleading.
If you have created an account on our website, you can update your account details by accessing your account and editing your account information. You can also contact us by submitting a request in writing to the address set out below. If we are able to we will action your request within a reasonable time frame (usually within 30 days) following receipt of your request.
We may decline an access or correction request in circumstances prescribed by the Privacy Act. If complying with your request for access requires considerable time and expense on our part, we may charge you a reasonable fee for providing you with the information.
If we do refuse your access or correction request, we will provide you with written reasons for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction (if you ask us to do so).
If you are located in the EU or California, you have the additional rights set out below.
You may make a complaint about privacy to our Privacy Officer using the contact details set out below.
Our Privacy Officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint.
Your complaint will then be investigated. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.
In most cases, we will investigate and respond to a complaint within a reasonable time, usually within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
If you are not satisfied with our response to your complaint, you may make a complaint to the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted by telephone on 1300 363 992 or by using the contact details on the website www.oaic.gov.au.
EU and UK RESIDENTS
How we use your personal information
We can only collect and use your personal information if we have a valid lawful reason to do so. Our reasons are:
- Consent – you have consented to our processing of your personal information for a specific purpose
- Contract – we process your personal information to fulfil a contract you have with us or, alternatively, because you have requested us to take specific steps before you enter into a contract with us
- Legitimate interests – we process your personal information for our legitimate interests (or a third party’s legitimate interests) unless the legitimate interests are overridden by a good reason to protect your personal information
- Legal obligations – we process your personal information in order for us to comply with the law (which does not include complying with contractual obligations)
Personal information uses
To provide and administer our products and services
For marketing purposes
To manage our relationship with you
To provide customer support
To comply with our legal obligations
To prevent and detect fraudulent activity
To conduct market, consumer and other research
To ensure content is relevant
If you are located in the EU or the UK, you have the following additional rights:
- The right to information – you can request confirmation about the following: whether your personal information is being processed by us; the purpose of processing; the categories of personal information which are processed; the recipients (or types of recipients) who may receive the personal information; the anticipated retention period of the personal information; and your rights to rectification, erasure, to restrict (or object) to processing and to lodge a complaint with a data protection supervisory authority in the EU or the UK.
- The right to object to our processing of your personal information for (i) direct marketing purposes; (ii) for scientific, historical research or statistical purposes; or (iii) where our processing is based on legitimate interest grounds or because it is in the public’s interest. We will respond to your objection request within a month. However, there may be some circumstances where we are not required to stop processing your personal information. If this is the case, we will provide you with a written explanation.
- The right to restrict processing – in some circumstances, you can request us to restrict our use of your personal information in which case we will not use or disclose your personal information while it is restricted. We will respond to your restriction request within a month.
- The right to erasure – you can request us to erase your personal information where it is no longer required for a purpose for which it was collected or where, for example, you have exercised successfully your right to object to processing. We will respond to your erasure request within a month. However, where there are legal or other reasons for us to retain your personal information, we will provide you with a written explanation.
- The right to data portability – you can request us to provide you with a copy of the personal information you have provided to us. We are required to provide it to you in an electronic format that can be reused easily. You can also request us to transfer your personal information in an electronic format to another entity.
You can exercise any of these rights by contacting us using the contact details below.
You also have the right to:
- access your personal information and request the correction of your personal information (see “YOUR RIGHTS – ACCESS AND CORRECTION” above);
- and lodge a complaint with a data protection authority if you are unhappy with the outcome of a privacy complaint. The “COMPLAINTS” section above explains our complaints handling process. A list of EU data protection authorities is available at https://ec.europa.eu/. The UK data protection authority is the Information Commissioner’s Office (https://ico.org.uk).
If you are a resident of the State of California, you may exercise the rights described below. By choosing to exercise your rights as described below, you are declaring that you are a California resident as defined in the CCPA.
- Right to Deletion. You have the right to request us to delete any of your personal information. If we delete your personal information, you will permanently lose access to your personal information and/or your SARAH & SEBASTIAN account. We may deny your deletion request when permitted by applicable law or for business purposes including, without limitation, when personal information is needed to comply with our legal obligations, meet regulatory requirements, support our business operations, resolve disputes, maintain security or to prevent fraud and abuse. We retain anonymised information after your account has been closed.
- Right to Correction. You have the right to update or modify your personal information. If you have a customer account, you may update or modify your personal information by accessing your account and editing your account information. If you do not have a customer account, then you may request that your personal information be updated by emailing us at: email@example.com.
- Right to Non-Discrimination. SARAH & SEBASTIAN will not discriminate against individuals who exercise their rights under the CCPA.
- Exercising your Rights. If you wish to exercise one of these rights, please contact us using the contact details below. Before we can process any such request, we will need to verify your identity. We reserve the right to deny a request where we are unable to satisfactorily complete this process. If you authorise someone to make a request on your behalf, we may also deny your request if we are unable to verify that the individual making the request is authorised to act on your behalf.
1300 050 220
ATTN: PRIVACY OFFICER
SARAH & SEBASTIAN
5C, 32 Ralph Street
Alexandria NSW 2015
You can find more information about privacy and the protection of your personal information on the website of the OAIC at https://www.oaic.gov.au/.