Privacy Policy

All about security & privacy

SECURITY POLICY

Designstuff Group Pty Ltd uses the eWAY Payment Gateway for its online credit card transactions. eWAY processes online credit card transactions for thousands of Australian merchants, providing a safe and secure means of collecting payments via the Internet. All online credit card transactions performed on this site using the eWAY gateway are secured payments.

  • Payments are fully automated with an immediate response.
  • Your complete credit card number cannot be viewed by Designstuff Group Pty Ltd or any outside party.
  • All transactions are performed under 128 Bit SSL Certificate.
  • All transaction data is encrypted for storage within eWAY’s bank-grade data centre, further protecting your credit card data.
  • eWAY is an authorised third party processor for all the major Australian banks.
  • eWAY at no time touches your funds, all monies are directly transferred for your credit card to the merchant account held by Designstuff Group Pty Ltd.

For more information about eWAY and online credit card payments, please visit www.eWAY.com.au

PRIVACY POLICY

General

The Designstuff site (designstuff.com.au) (Site) is owned and operated by Designstuff Group Pty Ltd (ACN 160 080 464) (we or us).

Your privacy is important to us and we are committed to protecting your personal information in accordance with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) and the General Data Protection Regulation (EU 2016/679) (GDPR), which applies across the European Union (EU) (collectively, Privacy Laws). 

This privacy policy outlines when and how we collect, process, use, share, store, alter and destroy your personal information and how you can access your personal information. This policy applies to all personal information we collect through our Site, products and services.

If you have any questions about this policy, you can contact us at [email protected]

Types of personal information collected

Personal information is information or an opinion about you which identifies you, or which is reasonably capable of identifying you, whether or not the information is true or recorded in a material form.

We collect and use personal information from customers, users or visitors of our Site and any other individual who interacts with us.

The types of personal information we collect and use depend on the type of dealing you have with us, which may include:

  • your name, address, telephone number, email address and username;
  • information about the products or services you order or enquire about (including how they are used);
  • your financial information (such as credit card and bank account details), method of payment and any information required for user authentication processes; and
  • any other information relating to you that you provide to us (including information you provide in surveys and competition forms and through our other promotional activities). 

We do not wish to collect your sensitive information. However, some of our services are automated and we may not recognise that you have accidentally provided us with your sensitive information. If you accidentally do so, please contact us [email protected] so we can destroy it. 

Method of collection

We will collect your personal information in a variety of ways, including through your use of our products, services, Site or newsletters, your participation in competitions, promotions, events, surveys or questionnaires and from third parties (which we discuss further below).

Some of the personal information collected by us will track your use of our products, services or Site, enhance your use of our products, services or Site and assist us in providing a better service to you.

We will only collect personal information that is necessary for one or more of our functions or for a purpose outlined in this privacy policy or otherwise disclosed to you. By providing your personal information to us, you acknowledge that you are authorised to provide such information to us.

Where we collect your personal information directly from you, we will take reasonable steps to notify you of certain matters in the form of a collection notice at, before or as soon as practicable after the time of collection. A collection notice provides more specific information about a particular collection of personal information than this privacy policy (which sets out our general information handling practices). This privacy policy is therefore subject to any specific provisions contained in our collection notices and any terms and conditions of particular offers, products and services that may arise from time to time. We encourage you to read those provisions carefully.

Where we collect your personal information from your authorised representative, we will take reasonable steps to make sure that you are made aware of the collection. If you provide us with personal information about another individual (as their authorised representative), we rely on you to inform them that you are providing their personal information to us and about the matters outlined in this privacy policy and any relevant collection notice. You must take reasonable steps to ensure the individual consents to the matters outlined in this policy, including who we are and how to contact us. You must also assist us with any requests by the individual to access or update the personal information you have collected from them and provided to us. 

Legal basis for processing personal information (EU)

We rely on several legal bases under the GDPR to collect, process, store, use and disclose the personal information of individuals residing in the EU, including:

  • where you have freely and expressly consented to the collection, use, storage, processing and disclosure of your personal information for a specific purpose;
  • where the collection, use, storage, processing and disclosure of your personal information is necessary for the performance of a contract to which you are a party;
  • for our legitimate business interests (including providing our products, services or Site, managing our relationship with you and responding to your queries or complaints); and
  • where there is a legal obligation to collect, use, store or disclose your personal information.

Purpose of collection

We use and process your personal information for the purposes for which the information is collected. In particular, we may use and process your personal information:

  • to provide you with our Site, products and services;
  • to provide you with information about offers, competitions, promotions, events, surveys or questionnaires;
  • to notify you of other matters which we believe may be of interest to you, including new product or service offerings;
  • to customise the advertising and content on our Site;
  • to improve, develop and manage our Site, products and services;
  • to operate, maintain, test and upgrade our systems;
  • to perform research and analysis about our Site, products and services;
  • to perform our business functions;
  • to comply with regulatory or other legal requirements;
  • for any purpose to which you have consented; and
  • for any other purpose notified to you at the time of collection.

Disclosure to third parties

With your consent, we may provide your personal information to:

– our employees, related entities, business partners, third party contractors, suppliers and agents from time to time for the purpose of delivering, providing and administering our products, services or Site; and
– third party service providers who process or use your personal information for the purpose of performing functions on our behalf, but these providers may not process or use such information for any other purpose. Examples of third-party service providers include marketing and analysis organisations, financial and credit card institutions to process payments (such as Paypal, eWay, American Express and NAB), hosting companies, web developers, internet service providers, customer service providers, customer support specialists, third party shopping agents, fulfilment companies, external business advisors (including auditors and lawyers), our insurer, and research and data analysis firms,

(collectively, Authorised Affiliates).

Where we disclose your personal information to any of our Authorised Affiliates, we will ensure that they undertaken to protect your privacy. These Authorised Affiliates are not permitted to use the information for any purpose other than the purpose for which they have been given access.

Our Authorised Affiliates may also provide us with personal information collected from you. If you disclose personal information to an Authorised Affiliate, we rely on you to provide the Authorised Affiliate with consent for us to collect, storage, use, process and disclose your personal information.

We may also disclose any personal information we consider necessary to comply with any applicable law, regulation, legal process, governmental request or industry code or standard.

Overseas disclosure

Our Authorised Affiliates may be located in or outside Australia or the EU, including in India and other countries from time to time. Where we transfer your personal information to our overseas Authorised Affiliate, we will take steps reasonably necessary to ensure that there is a legal basis for the transfer of your personal information and your personal information is treated securely (including by using reasonably endeavours to ensure each overseas Authorised Affiliate receiving your personal information understands and is bound by the Standard Contractual Clauses approved by the European Commission (found at https://ec.europa.eu/info/law/law-topic/data-protection_en).

By accessing or using our products, services or Site, or providing your personal information to us, you explicitly and freely consent to the transfer of your personal information to our overseas Authorised Affiliates.

If you do not wish to receive information from our Authorised Affiliates, please let us know by contacting [email protected]

Security

We will use our reasonable endeavours to protect and maintain the security of your personal information and to make our Site as secure as possible against unauthorised access. We use a combination of technical, administrative and physical controls to protect and maintain the security of your personal information.

Our officers, employees, agents and third party contractors are expected to observe the confidentiality of your personal information.

The transmission of information via the internet is not completely secure. While we do our best to protect your privacy, we are unable to guarantee or warrant the security of any personal information transmitted through the internet. You provide your personal information to us at your own risk and we are not liable for any unauthorised access to, or disclosure of, the personal information.

Destruction and de-identification

If we determine that your personal information is no longer needed for any purpose, we will take reasonable steps to destroy or permanently de-identify that personal information, unless we are required by law or a court or tribunal to retain the information.

Suspected data breach

We have a comprehensive data breach notification policy and response plan which outlines the steps our personnel are required to take in the event of a data breach. This allows us to identify and deal with a data breach quickly to mitigate any harm that may occur. 

As part of the response plan, we will notify you as soon as practicable if we discover or suspect that your personal information has been lost, accessed by, or disclosed to, any unauthorised person or in any unauthorised manner, believe you are likely to suffer serious harm as a result and are unable to prevent the likely risk of harm.

If you would like more information about our response plan, please contact us at [email protected]

Direct marketing and opt-out

We will seek your express consent for us to send you marketing or promotional material and information by requesting that you tick the appropriate check box when providing us with your personal information to do so.

Where we have obtained your prior consent or are otherwise permitted under the GDPR, we may, from time to time, use your personal information to send you information about the promotions, deals, competitions, products or services we offer, and any other information we consider relevant to you. This information will be sent to you via the communication channels specified at the time you provide your consent and may include mail, email, SMS, telephone, social media, Mailchimp, customised online content or displaying advertising on our Site. 

These communications may continue even after you stop using our products, services or Site.

Should you no longer wish to receive these communications, you may opt-out at any time by contacting us at [email protected] or using the unsubscribe facility that we include in our commercial electronic messages (email or SMS). Opting-out will only affect future communications. 

Cookies

We may collect information when you access and use our Site by utilising features and technologies of your internet browser, including cookies, pixel tags and similar technologies. A cookie is a piece of data that enables us to track and target your preferences.

The type of information we collect may include statistical information, details of your operating system, location, your internet protocol (IP) address, the date and time of your visit, the pages that you have accessed, the links which you have clicked and the type of browse that you were using. 

We may use cookies and similar technologies to enable us to identify you as a return user and personalise and enhance your experience and use of our Site and help us improve our service to you when you access our Site. Most browsers are initially set up to accept cookies. However, you can reset your browser to refuse all cookies or warn you before accepting cookies.

If you reject our cookies or similar technologies, you may still use the Site but may only have limited functionality of the Site. We may also use your IP address to analyse trends, administer the Site and other websites we operate, track traffic patterns, and gather demographic information.  Your IP address and other personal information may be used for credit fraud protection and risk reduction.

Disclaimer

We will not disclose your personal information to any third party other than our Authorised Affiliates without your consent in writing, unless we are otherwise required to do so by law permitted to do so under this Privacy Policy or such disclosure is reasonably necessary in our opinion to protect our rights or property or to avoid injury to any person. 

Our Site may contain hyperlinks or advertising to or from businesses operated by third parties. We do not endorse, sponsor or approve any of these third parties, their products or services or the content on their websites. 

This Privacy Policy only addresses our collection, use and disclosure of your information via our Site. The use of your personal information by these third parties is governed by their privacy policies and is not subject to our control. We are not responsible for the policies or practices of third parties.

In the event of a merger, acquisition or sale of the whole or part of our business, we reserve the right to transfer your personal information as part of any such transaction.

Access to information collected by us

We will use our reasonable endeavours to keep your personal information accurate, up-to-date and complete. You have the right to access or correct any personal information that we hold about you, subject to any exceptions provided by the relevant Privacy Laws. You may access or correct the personal information we have collected about you by contacting [email protected] or accessing your account details on our Site.

We will use our reasonable endeavours to respond to your request for access or correction within 21 days of receipt of your enquiry. We will not charge you for the request. However, in certain circumstances, we may charge a reasonable fee for providing you with access to this information.

If we do not allow you to access any part of your personal information, we will tell you why in writing. 

Privacy Rights (EU)

Under the GDPR, you have a number of important rights. Subject to certain exceptions, you have the right to:

  • fair and transparent processing of your personal information and processing in accordance with the GDPR;
  • request access to and obtain a copy of the personal information we hold about you;
  • require us to rectify or correct any personal information we hold about you that is inaccurate or incomplete;
  • require us to erase your personal information in certain situations;
  • obtain a copy of your personal information in a commonly used electronic format so that you can manage and move it, or request we send it to a third party;
  • object or withdraw your consent at any time to the collection, use, processing or disclosure of your personal information (including for direct marketing purposes), but this does not apply where we have other legal justifications to continue doing so and does not affect the lawfulness of any collection, use, processing or disclosure that occurred before you -withdrew your consent;
  • object to decisions made by automated means which produce legal effects concerning or significantly affecting you; or
  • otherwise restrict our collection, use, processing or disclosure of your personal information in certain circumstances. 

You can exercise any of these rights by contacting us at [email protected].

Children

We do not knowingly collect personal information from anyone under the age of 18 (Child) without the consent of a parent or guardian. If you are at least 13 years old but not yet 18, you should only provide your personal information if your parent or guardian agrees to this Privacy Policy.

If we become aware that any Child’s personal information has been provided without the consent of a parent or guardian, we will use reasonable endeavours to delete the personal information as soon as possible or, where deletion is not possible, ensure that the personal information is not used for any purpose or disclosed further to any Authorised Affiliate.

Consent

You expressly and freely acknowledge and agree that we, our Authorised Affiliates and each of their officers, employees, agents and contractors are permitted to collect, process, share, store, use and disclose, alter and destroy your personal information in the manner set out in this Privacy Policy and in accordance with Privacy Laws. 

Your provision of personal information is voluntary. However, if you do not provide your personal information to us, we may not be able to provide you with access to, and use of, our Site. 

You may withdraw your consent at any time by contacting us at [email protected]

Changes to the privacy policy

We may change this policy from time to time. We will post any revised privacy policy to the Site so you are aware of any changes. Your continued use of our products, services or Site following the posting of the revised Privacy Policy will be confirmation of your acceptance of the changes.

You should regularly check and read our Privacy Policy. If there are material changes to the way we process your personal information, we will display a notice on the Site and endeavour to notify you directly through the contact information you have provided to us.

Contact and complaints

In case you have any queries concerning our privacy policy or the way we handled your personal information, please do not hesitate to contact us at [email protected] and provide full details of your complaint and any supporting documents. We will treat all privacy complaints seriously, promptly and confidentially.

We will endeavour to provide an initial response to your query or complaint within 10 business days and investigate and attempt to resolve your query or complaint within 30 business days or such longer period as is necessary and notified to you by us.

If you are dissatisfied with the outcome of your complaint, you may refer the complaint to the lead supervisory authority in your relevant jurisdiction.