- [IMPORTANT INFORMATION AND WHO WE ARE]
- [THE DATA WE COLLECT ABOUT YOU]
- [HOW IS YOUR PERSONAL DATA COLLECTED?]
- [HOW WE USE YOUR PERSONAL DATA]
- [DISCLOSURES OF YOUR PERSONAL DATA]
- [INTERNATIONAL TRANSFERS]
- [DATA SECURITY]
- [DATA RETENTION]
- [YOUR LEGAL RIGHTS]
- Important information and who we are
Our website is not intended for children and we do not knowingly collect data relating to children. We encourage parents and guardians to take an active role in their children’s online activities and interests and do not let their children submit personal data to us.
Full name of legal entity: Athletic Brewing Co. Australia Pty Ltd
Postal address: Level 16, 1 Market Street, Sydney, NSW 2000, Australia
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Personal data, or personal information, means any information about an individual from which that person can be identified or reasonably ascertained and may include an opinion about the individual. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes your name, username or similar identifier, title, date of birth and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses, and social media interactions with us.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We do not generally collect sensitive information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you fail to provide personal data
You have the option of not disclosing personal data to us or to use a pseudonym when dealing with us in relation to a particular matter. Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- apply for our products or services;
- create an account on our website;
- subscribe to our service or publications;
- request marketing to be sent to you;
- enter a competition, promotion or survey; or
- give us feedback or contact us.
- Third parties or publicly available sources. We may receive personal data about you from various third parties as set out below.
Technical Data from the following parties:
- Analytics, search information, and advertising network providers such as Google;
- Social media providers such as Facebook, Twitter and Instagram;
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
We may use the personal data you provide to us for the purposes for which it was initially collected or purposes related to such initial purpose (if such purpose would be within your reasonable expectations)Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you, such as when you purchase products form our online store.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
Purposes for which we will use your personal data
We have set out below a description of some examples we intend to use your personal data.
To register you as a new customer for performance of a contract with you
To process and deliver your order including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
To manage our relationship with you which will include:
(b) Asking you to leave a review or take a survey
To enable you to partake in a prize draw, competition or complete a survey
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
To make suggestions and recommendations to you about goods or services that may be of interest to you
To process an application for employment with us
Opting out of marketing messages
By supplying us with your personal data, you give us permission to use your personal data to contact you to inform you about products and services we think would be of particular interest to you, including from other businesses operated by or related to us. This may include contacting you through direct marketing, events and competitions, public relations and social media. You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Change of purpose for which we use your personal data
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason would be reasonably expected by you. We may also use your personal data for purposes authorised by laws or regulations, such as to prevent or investigate alleged crime or fraud.
We may share your personal data with the parties set out below for the purposes set out in the table [Purposes for which we will use your personal data] above:
Other members of the Athletic Brewing Group.
Our service providers: We may disclose your personal data to third party service providers who assist us in providing goods and services to you. We require our service providers to respect the security of your personal data and to treat it in accordance with the law and only permit them to process your personal data for specified purposes and in accordance with our instructions. For example, we use third party service providers for:
- Hosting our website;
- Processing your order and payment when you purchase goods from us;
- Fulfilling and delivering your order;
- Providing online customer service and chat functionality on our website;
- Providing analytics information;
- Sending communications to our customers;
- Preventing fraud and helping to keep our website secure.
Professional advisers: We may need to share personal date with our advisers including, lawyers, auditors, bankers, and insurers.
When required by law: We may share personal data if we are also under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of our business, our customers or others.
To enforce our legal rights:
- If disclosure would mitigate our liability in an actual or threatened lawsuit;
- As may be necessary to protect our legal rights and legal rights of our users, business partners or other interested parties;
- To enforce our agreements with you; and
- To investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.
We will share your personal data within the Athletic Brewing Group. This will involve transferring your data outside of Australia, including to United States, Canada, the United Kingdom and the European Union.
Whenever we transfer your personal data out of Australia, we ensure a similar degree of protection is afforded to it by ensuring appropriate safeguards are implemented. Where we use certain service providers, we may implement specific protections including standard contracts clauses approved for use when transferring personal data to those jurisdictions. However, the countries in which the personal data is received may or may not have data protection laws equivalent to those in force in Australia.
- You acknowledge and agree to such international data and information transfers with respect to personal data. Clause 8.1 of the Australian Privacy Principles contained in Schedule 1 of the Privacy Act provides that if we disclose personal data about an individual to an overseas recipient, then we must take such steps as are reasonable in the circumstances to ensure the overseas recipient does not breach the Australian Privacy Principles in relation to such information. An exception to this is if we obtain your consent. We intend to rely on this exception in the following way . Unless you notify us in writing to the contrary, you will be taken to have consented to the disclosure by us of personal data to overseas recipients on the basis that:clause 8.1 of the Australian Privacy Principles will not apply to such disclosure;
- if the overseas recipient engages in any act that contravenes the Australian Privacy Principles, you will not be able to seek redress under the Privacy Act;
- the overseas recipient may not be subject to any privacy obligations or to any principles similar to the Australian Privacy Principles;
- you may not be able to seek redress in the overseas jurisdiction; and
- the overseas recipient is subject to a foreign law that could compel the disclosure of personal information to a third party, such as an overseas authority.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, interfered with or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We store your personal data in the cloud. Since no system is 100% secure or error-free, we cannot guarantee that your personal data is totally protected, for example, from hackers or misuse. Except to the extent that liability cannot be excluded or limited due to applicable law, we assume no liability or responsibility for disclosure of your Personal Information due to unauthorised third party access, errors in transmission or other causes beyond our control.
If you enter or upload personal data on our website, you should exercise due care to safeguard any passwords and usernames you create.
How long will you use my personal data for?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:
- [Right to request access to your personal data].
- [Right to request rectification of your personal data].
- [Right to withdraw consent].
If you wish to exercise any of the rights set out above, please contact us at firstname.lastname@example.org. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within a reasonable timeframe, and generally no later than one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
YOUR LEGAL RIGHTS
Right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. In some circumstances, we may not be in a position to grant access to your personal data, such circumstances include where:
- providing access is likely to pose a serious threat to the safety of an individual or the public;
- providing access is likely to unreasonably impact on the privacy of others;
- the request for access is frivolous or vexatious;
- providing access would reveal information which relates to existing or anticipated legal proceedings or otherwise impact on any negotiations;
- providing access is unlawful (including being unlawful as directed by a court or tribunal order) or is likely to impact on actions being taken in relation to alleged unlawful activities relating to our functions and activities; or
- granting access would impact on a commercially sensitive decision-making process.
Right of rectification – You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Withdraw consent at any time – Where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will endeavour to advise you if this is the case at the time you withdraw your consent.
You also have the right to make a complaint at any time to the Australian Privacy Commissioner, for privacy issues (www.oaic.gov.au). We would, however, appreciate the chance to deal with your concerns before you approach the Privacy Commissioner so please contact us in the first instance.