1 INTRODUCTION

Our website shopping platform displays products available from independent sellers (“Sellers”). We act as their agent and receive payments on their behalf.

We and our Australian Sellers are bound by the Australian Privacy Principles. To the best of our ability, we and our Sellers also comply with privacy laws in jurisdictions where Sellers or their customers are located, including the EU General Data Privacy Regulation (GDPR).

Our policy in relation to the collection, use, storage, access, rectification, transfer and deletion of personal information is set out here and in our Cookie Policy

In these policy statements, “we”, “us” and “our” means Dr Naomi Pty Limited (ABN 78089578923) of 1 Regent St, Paddington, NSW Australia. We are the controller of personal information collected on our website.

2 PERSONAL INFORMATION WE COLLECT AND USE – WHAT, WHEN, HOW AND WHY

This section provides details of what personal information we collect on our website, when and how we collect it, why we need it and how we use it.

  1. Sign-up. We invite every new visitor on our website to subscribe to our e-mail list in order to receive information on products and special offers available from our Sellers. This is totally optional; visitors can continue to browse our site without subscribing. The only information we collect on sign-up is your email address. See also (g) below.
  2. Account opening, shipping and billing details. The first time you choose a product to purchase on our website and proceed to Checkout, you will be invited to establish a Dr Naomi account by providing your email address and a password. You will also be requested to provide the shipping details for the order – the recipient’s name, address, and phone number – and your billing contact details (your name, address and phone number, if different from the shipping details). We collect this information so we can arrange fulfillment of your order and communicate with you if we encounter problems in doing so. We store this information so you will not have to re-enter it for future purchases on our site, and for the purposes outlined in (d) and (g) below.
  3. Checkout. If you choose to continue with Checkout, you will be offered a choice of  2 secure payment options – credit card and  PayPal. Our credit facility is provided by a PayPal service called Braintree. PayPal will require your credit card or direct debit details. PayPal offers an option to securely save your credit card details in the PayPal/Braintree system. If you do this, PayPal will send a small piece of software code that enables us to reference your stored card so you will not need to re-enter all the details the next time you shop on our site. We do not store your card details in our own system
  4. Purchase details. We record your purchase details for tax and contractual purposes, and for the purposes outlined in (g) and (h) below
  5. Messaging. We record transactional messages in connection with your purchase of a product and any messages between you and our Customer Service team. We engage the secure services of various unrelated companies to provide and manage these messaging channels, including Zendesk and Mandrill. They enable you to communicate with us about products on our site, the delivery of your orders and any questions or concerns you may have about your purchases.
  6. Wishlists, gift vouchers and other facilities. We may also collect personal information in connection with Wishlists, Gift Vouchers or use of other facilities and services on our website. In each case, the what, when how and why of the information we collect will be obvious from the context.
  7. Direct marketing. If you have signed up to receive our emails or purchased products on our website we may contact you directly by email, text messages or post to inform you about products and offers available on our website. Our email platform is securely hosted by MailChimp. We may use your personal information to form a view on what we think you might want or need, or what might be of interest to you. At the bottom of every promotional email you receive from us we provide a “click here” link that will allow you to determine how often you want to hear from us and to provide your gender and day and month of birth date. If you choose to provide these details we may send you special birthday offers. To “unsubscribe”, click the link at the end of messages you receive or contact us selecting “Privacy” in the Enquiry Type menu.
  8. Information we obtain through cookies and similar tools. We use cookies and technologies that perform functions similar to cookies to collect information. If you allow your browser to accept cookies, they will enable us to record the pages that you visit and the time you spend on them. We use this information to improve the performance of our website and make your browsing experience and the direct marketing communications you receive from us more relevant to your interests. Our Cookie Policy provides additional detail on our use of these tools and how to manage cookies in your browser.
  9. Analytics. We also record the type of browser you are using and your IP address. We use this and other information we collect to analyse, maintain and improve the performance of our website and ensure that our site design is compatible with your browser and location.

3 OUR LEGAL BASIS FOR COLLECTING PERSONAL INFORMATION

We collect personal information on our website because it is necessary for (a) the formation of the contract of purchase and sale; (b) payment; and (c) in case we need to contact you in relation to your order or delivery details. We also collect personal information based on (d) your consent to our use of cookies; and (e) our commercial interest in marketing our services and in monitoring and improving the use and performance of our website.

4 INTEGRITY AND SECURITY OF PERSONAL INFORMATION

We take reasonable steps to ensure that any personal information we collect is accurate, up-to-date, complete and relevant to our commercial interests. We take all reasonable steps to safeguard information held by us from unauthorised access, destruction, use, modification or disclosure. Our servers and IT systems are password protected and comply with security standards. The entities that provide our payment systems use secure socket layer technology (SSL) to encrypt credit card numbers and other critical data. Our paper files are stored in premises that are locked when unattended.

We collect order information as agent for our Sellers and pass it on to them. They are contractually obliged to use such information only for the purpose of providing products you order.

We disclose information to independent entities that we engage to support our website, customer service and marketing. They include Google, Bing, Facebook, Stylight, Adroll, Criteo, Outbrain, Feefo, Hotjar, Newrelic, MailChimp and Vero. These entities are legally and contractually obliged to maintain the privacy and confidentiality of that information and to use it only to provide the services contracted by us. Their Privacy Policy and cookie information is available on their respective websites.

If required by law, we may also provide information to government agencies and courts.

5 CROSS-BORDER TRANSFER OF PERSONAL INFORMATION

Our website database is hosted by Amazon Web Services on servers located in Australia and Singapore. Our Data Processing Agreement with AWS is GDPR-compliant.

The AWS Privacy Policy is available on the AWS website.

If you use our website to buy from a Seller in another country, your transaction will involve a cross-border transfer of your name, address and purchase information to the Seller. Our Sellers are bound by the privacy laws in the countries where they operate.

Independent entities that we engage to support of our website, customer service and marketing may also access information in our database and may provide all or part of their support from other countries that provide an adequate level of data protection.

6 THE PERIOD FOR WHICH YOUR PERSONAL INFORMATION WILL BE STORED

We will retain information relating to purchases on our website for a period of 5 years, in accordance with the requirements of Australian tax law. We will retain any information relating to your browsing history on our website for so long as your account with us remains active or until you withdraw your consent to our use of this information, whichever first occurs.

7 YOUR PRIVACY RIGHTS AND HOW TO EXERCISE THEM

If we have your personal information, you have various rights under the privacy law in Australia. You may also have rights under the law in your location if you are outside Australia. They may include a right to access, rectify and erase your information and a right to withdraw your consent to its use.

To exercise your privacy rights, please contact us, selecting “Privacy” in the Enquiry Type menu. We will respond as soon as possible. In the unlikely event we are unable to resolve your concern within 30 days, you can proceed to lodge a complaint with OAIC.

If you are outside Australia, you may also be able to lodge a complaint at any time with the supervisory authority for privacy in your home state, province or country.

You can edit and update your Wishlist and delete your stored credit card details via your account page.

You can use the privacy settings in your web browser to block our cookies. We do not recommend you do this, for the reasons stated in our Cookie Policy

8 CHANGES TO THIS PRIVACY POLICY

This policy is effective from 22 May 2018. Any changes will be posted on this page. If changes are significant, we may choose to notify you by email or to clearly indicate on our home page that the policy has been updated.