The Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs) apply to the collection and use of your personal information. The Way Store Pty Ltd (ABN 32 628 742 192) (The Way, our, us, we) is committed to the protection of the personal information of all of its customers. This policy sets out how we deal with your personal information including how we collect, hold, use and disclose your personal information and how you may access and correct it.
Please take some time to read through this policy before you provide us with any personal information. We also encourage you to check this policy regularly as it may change from time to time. If you have any suggestions or concerns that are not addressed in this policy, please contact us.
You consent to us collecting, holding, using and disclosing your personal information in accordance with this policy.
What kind of personal information do we collect?
We will only collect personal information about you if it is reasonably necessary for our functions and activities. We may collect information from you that personally identifies you such as your name, email address, home address, billing address, telephone number, date of birth, details of communications with us (written or verbal), clothing sizes, purchase history, in some instances government identifiers (such as your driver’s licence), and, if you ask us to store it for faster checkout, your credit card details.
We generally will not collect sensitive information about you (such as racial or ethnic origin, political opinions, religious or philosophical beliefs or details of health or disabilities). If we do collect or receive sensitive information, we will do so in compliance with the APPs.
You have the option of not identifying yourself or dealing with us using a pseudonym in relation to particular matters. However you will appreciate that, in some circumstances, it may not be possible for us to deal with you if you do not identify yourself.
How do we collect personal information?
We collect personal information directly from you in the normal course of business, including electronically when you visit our websites. You may be asked to provide us with personal information when you:
- create an account with us;
- purchase goods or services from us, including via third party payment platforms such as Afterpay;
- request goods to be delivered to you or services to be provided to you;
- subscribe to our mailing list or request to receive direct marketing from us;
- register or purchase a gift card;
- access or use our website; and/or
- make an enquiry with us, connect with us through social media, or correspond with us.
We do not generally collect personal information from third parties, unless you have consented to such collection, or would reasonably expect us to collect your personal information in this way.
If we receive information about you from a third party and it is not information we need in respect of our business activities, we will destroy or de-identify that information (provided it is lawful to do so).
If we collect personal information about you from other entities and you have not already given your consent to that collection, we will take such steps as are reasonable in the circumstances, to notify you that we have collected personal information, how it was collected, and why we have collected it and provide you with a copy of this policy.
How do we hold personal information?
We will use all reasonable endeavours to maintain the security of your personal information and to protect your personal information from misuse, interference and loss and against unauthorised access, modification or disclosure. Any personal information that we receive is securely stored and access is restricted to our authorised personnel. We use secure Shopify to process online orders in a ‘secure socket layer’ environment using a 256-bit SSL certificate.
How do we use personal information?
If we hold personal information about you that was collected for a particular purpose, we will not use or disclose it for another purpose unless:
(a) you consent;
(b) you would reasonably expect us to use or disclose it for that other purpose; or
(c) it is required or authorised by law or a court/tribunal order.
We generally use personal information, and you consent to us using your personal information, to:
- deliver to you, or help you manage, our products or services;
- complete transactions with you or on your behalf, including lay-by purchases;
- manage our customer loyalty program;
- conduct promotions or competitions;
- screen orders for potential risk or fraud;
- help us manage and improve our services and websites;
- communicate with you;
- to provide you with targeted advertisements or marketing communications which we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work;
- where you have consented to receive direct marketing, send you ongoing information, offers and promotional material about opportunities, products and services which we believe may be of interest to you;
- manage and resolve legal, consumer or commercial complaints and issues;
- conduct market research and analysis; and
- carry out internal functions including training and internal audits.
You may return or exchange goods in accordance with our Returns Policy. If a return is approved (at our discretion) without proof of purchase, we may require suitable personal information from you for the purposes of identification. This personal information may be recorded with the transaction as part of our fraud prevention program. Information collected in these circumstances will only be used for this purpose.
Who do we disclose personal information to?
We do not disclose your personal information to anyone else unless:
- you have consented to the disclosure;
- you would reasonably expect, or have been told, that your information is passed to those individuals, businesses or agencies;
- we sell all or part of our business, merge with another company or business, or restructure our business (or contemplate doing any of the foregoing), in which case we may transfer or disclose your personal information to the parties involved in the transaction for the purposes of that transaction;
- if it is reasonably necessary, in our opinion, to protect our rights or property or that of any third party or to avoid injury to any person; or
- it is otherwise required or authorised by law.
You consent to us disclosing your personal information to our authorised personnel and to:
- related bodies corporate of The Way;
- to companies that perform services on our behalf, such as delivery services, mail outs, customer liaison services, data entry services, trade promotion or gift card administration, account management services and debt collection services, including Shopify which we use to power our online store. You can read more about how Shopify uses your personal information here: https://www.shopify.com/legal/privacy;
- our professional advisors, including auditors and lawyers;
- payment system operators and financial institutions; and
- organisations authorised by us to conduct promotional, research and/or marketing activities.
We take reasonable steps to ensure that third parties to which we disclose your personal information protect your privacy to the same standard expected of us.
If you have provided us with your personal information for the express or implied purposes of receiving direct marketing, you hereby consent to us and our related bodies corporate (either directly or through our service providers) using your personal information to advertise or send you information about products and services which we think may be of interest to you.
You will be given the opportunity to "opt out" or unsubscribe from receiving direct marketing communications from us. Alternatively, you may contact us at the address below to “opt out” of, or unsubscribe from, any future communications. We will use all reasonable endeavours to comply with that request within a reasonable period, and in any event, within five business days.
You acknowledge and agree that we may disclose your personal information overseas, including the United States of America, in situations where:
- entities to whom we are permitted to disclose your personal information under this policy are based overseas; or
- the personal information we collect is stored on servers located overseas.
You acknowledge that as a result of your consent to such disclosure (if any), clause 8.1 of the APPs does not apply.
How do you access and correct your personal information?
Where we hold personal information about you, we will provide you with access to the information on request within a reasonable time if it is reasonable and practicable to do so. There are some exceptions to this where we may refuse to give you access and these are set out in clause 12.3 of the APPs. In that case, where required, we will give you written notice setting out the reasons for our refusal and the mechanisms available if you wish to complain about our refusal.
We may impose a reasonable charge for giving you access to your personal information.
You may also access and update some of the personal information you have provided to us on your ‘profile’ page after you login to your account.
If we are satisfied that your personal information is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps to correct your personal information. In addition, if you request us to correct your personal information, we will take reasonable steps to do so within a reasonable time. If you request it, we will also take reasonable steps to notify any other entity of the changes if we have previously provided your personal information to that entity. There is no fee for correcting your personal information.
How do you contact us or make a complaint?
If you have any questions or comments on this policy, are concerned about how your personal information is being handled or if you would like to make a complaint in respect of our obligations under the APPs, please contact our Privacy Officer by:
- emailing us at: firstname.lastname@example.org; or
Once we receive your complaint, we will let you know if we need any further information from you.
We will endeavour to resolve your complaint within a reasonable period. If we do not believe we will be able to do so, we will let you know what is happening and a date by which you can reasonably expect a response.
If you are unhappy with our response, you may complain to the Office of the Australian Information Commissioner about the handling of your personal information. The Commissioner can be contacted at:
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992