• what information we collect and why we collect it;
• how we collect, use and secure that information;
• the choices we offer, including how to access and update information;
• international transfers of data and links to other sites;
• how we will respond to data breaches; and
• how we advise changes to our policy and how we may be contacted.
The reasons we collect, store, process and use this kind of information include:
• to identify and interact with users;
• for response purposes, when users make an inquiry;
• to plan, improve, tailor, optimise and promote our products and services;
• to provide users with relevant information and offers that we believe might be of interest to users, which we may do by email;
• to send users invitations to Proper Goods events, to respond to surveys or to enter competitions; and
• for contractual and other lawful legitimate business purposes or for the establishment, exercise or defense of legal claims.
We do not collect more data than is necessary for the above purposes.
Our affiliates and other third party service providers to Proper Goods, which may include cloud based content management and hosting services and involve application programming interfaces, may also be allowed access to some or all of the above information.
All such third parties are bound by the same laws and regulations that we are, wherever they are located in the world, and are required to have and to apply data protection policies and practices like us.
Cookies and log files
We allow limited use of various technologies to collect and store information when users visit our website; this may include using cookies (i.e. a string of unique data that a website stores on a user’s computer and that the user’s browser provides to the website each time the user returns) or similar technologies to identify the user’s browser or device. For example, at the time of publication of this policy, we use Google analytics and mix panel (for website traffic metrics and analytics). This helps us to optimise our users’ experience and to continually improve and tailor our products and services.
Users may set their browser to block all cookies or to indicate when a cookie is being set.
We automatically log IP addresses, browser types and dates/times, which assist with our service efforts and audits for security purposes.
How we collect information
We ordinarily ask for consent from users to collect, process, manage, store and use personal information and as set out in this policy. When users get in touch with us, via the contact page on our website, they will voluntarily provide the kind of information set out above.
How long we hold information
We hold information only for so long as is necessary for the purposes set out above; in this, we are guided by our contractual obligations and by other lawful legitimate business interests.
We work hard to protect Proper Goods and our users from misuse, interference, loss, unauthorised access, modification or disclosure of information we hold. In doing so, we apply technical and organisational measures to ensure a level of security appropriate to the risk including:
• analyzing and assessing privacy and security issues, risks and impacts during the design and development of our website, processes and systems;
• ensuring suitable confidentiality, integrity, availability and resilience of processing systems and services (for instance, we restrict access to personal information to Proper Goods employees, contractors, affiliates who need the information for the purposes described above and who are subject to privacy obligations);
• the ability to promptly restore availability and access to personal data in the event of an incident;
• regular review of our information collection, storage and processing practices, aimed to ensure security of data processing; and
• as we deem necessary, pseudonymisation and encryption of data.
We are guided in these activities by ISO/IEC 27001:2013, the international standard that describes best practice for an information security management system and by the ‘Guide to securing personal information (‘Reasonable steps’ to protect personal information)’, dated January 2015, issued by the Office of the Australian Information Commissioner.
Accessing, updating and deleting personal information
Users can request us, via email@example.com to:
• make changes to their personal information;
• send to them, or to transmit to another controller, all of their stored personal information (in which case we will do so in a structured, commonly used and machine-readable format);
• restrict processing of specific personal information; or
• delete information.
Similarly, users may withdraw their consent for us to hold any or all of their personal information by request to firstname.lastname@example.org and may unsubscribe to any or all emails through the automated facility sent with each email.
It may be the case that, for contractual or other lawful legitimate business purposes, we retain and use an archived version of users’ personal information, which may be pseudonymised, anonymised or otherwise de-identified. In Australia, we comply with the APPs in relation to the de-identification and/or destruction of data. For instance, if and when we no longer need personal information for any purpose for which it was collected, or any purpose for which it may be used or disclosed, we take reasonable steps to destroy or de-identify the information (APP 11.2).
International transfers & links to other sites
Personal information of users may be transferred across national and continental borders, including for contractual and other lawful legitimate business purposes or at the request of users. Within the Proper Goods organization, such transfers are governed by internal controls and rules, consistent with this policy and the relevant legislation and regulation.
We acknowledge the various data breach obligations in each of the jurisdictions in which we operate or sell our products. We commit to promptly identify and respond to any breaches, to act to prevent harm and to report, if and as required, to the relevant supervisory authority and users.
Complaints, inquiries and requests
As mentioned above, requests to access, update, restrict or delete personal information can be made to email@example.com.