Sommerfugl Kids needs to collect personal information about you, from you, to perform its business functions and activities. By providing your personal information, you agree to its use and disclosure in accordance with this statement and the below Privacy Policy.
If you do not agree, you must not provide your personal information, and we may not be able to supply you with the products you require. We may disclose your personal information to other parties, including to our related entities, third party service providers or contractors appointed by Sommerfugl Kids to perform services for us or on our behalf (such as website and data hosting providers and payment processing services) and otherwise as specified in our Privacy Policy.
We may use and disclose your personal information for direct marketing purposes, unless you opt out.
Our Privacy Policy above contains more information about how you may access and seek correction of your personal information, how you may complain about a breach of your privacy, and how we will deal with that complaint.
Our Privacy Obligations
This privacy policy describes how Sommerfugl Kids collects and handles your personal information. In this policy “we” “our” and “us” refers to Sommerfugl Kids. For the purposes of this policy, “personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable. We take our obligations under the Privacy Act 1988 (the “Act”) and the Australian Privacy Principles (“APPs”) very seriously and have implemented practices, procedures and systems to ensure we comply with those laws. We are committed to maintaining the confidentiality and security of your personal information and managing it in an open and transparent way.
Being anonymous or using a pseudonym
You will need to provide us with accurate personal details when you interact with Sommerfugl Kids, otherwise we may be unable to provide you with our services in the way that you propose and in some circumstances – at all. You may however use a pseudonym during some interactions and where it is not necessary for us to identify you.
For clarification on circumstances where you must identify yourself, please contact hello@sommerfuglkids.com. You may use a pseudonym or not identify yourself when making such a request.
COLLECTION OF PERSONAL INFORMATION WE SOLICIT FROM YOU
Personal information (that is not sensitive information)
We will only collect your personal information where:
+ it is reasonably necessary in order for us to carry out one or more of our functions or activities (such as to complete a transaction); or
+ we are required to by law.
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, delivery address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Sensitive Information
Some personal information (e.g. race, ethnicity, health information etc.) is sensitive and requires a higher level of protection under the Privacy Act. We will only collect your sensitive information when:
+ we have your consent; and
+ the collection is reasonably necessary for us to carry out one or more of our functions or activities.
Exceptions for the need for consent
We will not need your consent to collect your sensitive information when:
+ it is required or authorised by law;
+ a “permitted general situation” exists as defined under the Act; and
+ a “permitted health situation” exists as defined under the Act.
Collection by lawful and fair means
We will only collect your personal information by lawful and fair means. This includes through various browser tracking software such as “Cookies”. Cookies are small files that are transferred to your computer’s hard drive through your web browser and enable our site to recognise your browser and remember certain information. We use cookies to keep track of advertisements and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. You should be able to configure your computer so that it disables cookies or does not accept them. For example, some third party vendors including Google use cookies to deliver advertisements based on your prior visits to their website. You have the option to opt out of Google’s use of cookies by visiting the Google advertising opt out page at https://policies.google.com/technologies/ads.
Collection from you
We will always try to only collect your personal information directly from you (unless it is unreasonable or impracticable to do so) as this is the best way to ensure its accuracy. It also provides you with an opportunity to ask us any questions about our Privacy Policy before collection. We may also collect your personal information over the telephone, through correspondence (whether by letter, fax or email) and when you purchase online via our website.
Dealing with unsolicited personal information
If we receive your personal information from a third party without having asked you for it, then within a reasonable time, we will determine whether we could have collected it in the ways outlined above. If we determine that it could not have been collected in one of those ways and it is lawful and reasonable to do so, then as soon as practicable we will:
+ destroy the information; or
+ ensure that it is de-identified.
Notification of collection
Before or at the time of collecting your personal information (or as soon as practicable afterwards) we will take reasonable steps to notify you or ensure you are aware of the following:
+ our identity and contact details;
+ circumstances where we have collected your personal information from you without your knowledge or from someone other than you;
+ circumstances where we are required or authorised by law to collect your personal information;
+ reasons why we have collected your personal information;
+ what may happen if we do not collect all or some of your personal information;
+ details of the persons or entities that we usually disclose personal information to;
+ how you may access and seek correction of your personal information;
+ how you can lodge a complaint with us; and
+ whether we are likely to disclose your personal information to overseas recipients and if so, details of the likely countries that may receive your personal information.
USE AND DISCLOSURE OF PERSONAL INFORMATION
We will only hold your personal information for the particular purpose of for which we collected it (“Primary Purpose”). We will not use or disclose your personal information (not being sensitive information) for another purpose (“Secondary Purpose”) unless:
+ we first obtain your consent;
+ you would reasonably expect us to use or disclose it for a Secondary Purpose that is related to the Primary Purpose or – in the case of sensitive information – directly related to the Primary Purpose;
+ we are required to by law;
+ a permitted general purpose exists;
+ a permitted health situation exists; or
+ we reasonably believe it is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
DIRECT MARKETING
What is direct marketing?
For the purposes of this policy, “direct marketing” is the promotion of goods and services directly to you including through emails, SMS, phone calls and the post.
Adoption of direct marketing laws
Under the Act, we may use your personal information for the purposes of direct marketing if:
+ we have collected your personal information directly from you; and
+ you reasonably expect us to use your personal information for the purpose of direct marketing.
Circumstances where we need your consent for direct marketing
Unless it would be impracticable or unreasonable, we need your consent when:
+ collecting your personal information from a third party for the purpose of direct marketing; or
+ you would not reasonably expect to receive the direct marketing.
If at any time you want to know who provided us with your personal information, then please send a request to hello@sommerfuglkids.com. We will provide the details of that third party within a reasonable time and without charge.
Text notifications
By subscribing to Sommerfugl Kids text notifications, you agree to receive automated marketing text messages from us about our products and services at the phone number you provided when you subscribed, and that the messages may be sent via automatic telephone dialing system or other technology. Message frequency is recurring. Consent is not a condition of purchase. Message and data rates may apply. Reply STOP, END, CANCEL, UNSUBSCRIBE or QUIT to opt-out and HELP for customer support. You may receive an additional text message confirming your decision to opt-out. You understand and agree that attempting to opt-out by any means other than texting the opt-out commands above is not a reasonable means of opting out.
Sensitive information
We will not use your sensitive information for the purposes of direct marketing unless you have given us permission in writing.
Opting-out
We will always provide a simple means for you to “opt-out” from receiving direct marketing, which typically involves an “opt-out” link on emails, “tick-a-box” on the collection form or through a pop-up on your screen when you provide personal information online. We will not use or disclose your personal information for the purposes of direct marketing material if you have previously told us not to. If at any time in the future you do not want us (or one of our service providers) to send you direct marketing material, then you can simply contact hello@sommerfuglkids.com. We will affect the change in a reasonable time and without charge.
OVERSEAS DISCLOSURE
We will always endeavour to store your information on an Australian server.
However, in circumstances where this is not possible, we may disclose your personal information to an overseas entity when we:
+ have taken reasonable steps to ensure that they also treat it in accordance with the Act; or
+ reasonably believe that the overseas entity is subject to the same or similar laws to that found in the Act and there are ways that you can take action to enforce those overseas laws;
+ expressly inform you of your option to consent to that disclosure and you then provide us with informed consent to do so; or
+ are required or authorised by law;
+ a permitted general purpose exists,
+ a permitted health situation exists;
+ we reasonably believe it is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
ADOPTION, USE AND DISCLOSURE OF GOVERNMENT RELATED IDENTIFIERS
We will not adopt a government related identifier as your identifier unless:
+ we are required or authorised by law;
+ it is reasonably necessary to verify your identity for the purposes of our activities or functions;
+ it is reasonably necessary to fulfil our obligations to an agency or State or Territory authority;
+ it is required or authorised by or under an Australian law, or a court/tribunal order;
+ some (but not all) permitted general situations exist;
+ we reasonably believe it is reasonably necessary for enforcement related activities by, or on behalf of, an enforcement body; and
+ where it is allowed under the regulations.
QUALITY OF PERSONAL INFORMATION
We will take such steps (if any) as are reasonable in the circumstances to ensure that your personal information we collect, use or disclose is accurate, up-to-date, complete and relevant.
SECURITY OF PERSONAL INFORMATION
Protection
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
Destruction
When we no longer need your personal information for a permitted purpose and we are not required to keep it to comply with any laws, we will take such steps as are reasonable in the circumstances to destroy your personal information or to ensure that the information is de-identified.
PAYMENT INFORMATION
Our online store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our items to you. Your personal information is stored through Shopify's data storage, databases and the general Shopify application. They store your date on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement https://www.shopify.com/legal/privacy
ACCESS TO PERSONAL INFORMATION
Upon your written request we will provide you with a copy of your personal information that we hold unless:
+ we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or
+ giving access would have an unreasonable impact on the privacy of other individuals; or
+ your request for access is frivolous or vexatious; or
+ the information relates to existing or anticipated legal proceedings between us and you, and would not be accessible by the process of discovery in those proceedings; or
+ giving access would reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations; or
+ giving access would be unlawful; or
+ denying access is required or authorised by or under an Australian law or a court/tribunal order; or
+ we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in;
+ giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
+ giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision-making process.
CORRECTION OF PERSONAL INFORMATION
We will take reasonable steps to correct your personal information (at no charge) if we are satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading. This extends to third parties that we have provided your personal information to unless it is impracticable or unlawful to do so.
Circumstances when we decline to make corrections In certain circumstances we may decline to correct your personal information. When this occurs we will provide you with a written notice that sets out:
+ the reasons for the refusal; and
+ the mechanisms available to complain about the refusal.
MAKING A COMPLAINT
If you have a concern or complaint relating to our handling of your personal information or any breaches of the AAP’s, please send a note to us at hello@sommerfuglkids.com outlining the nature of the complaint. We will endeavour to respond to your complaint within 30 days of receipt. If unresolved, the complaint may be referred to an external complaints resolution entity and finally, if necessary, taken to the OIAC.
If you would like a copy of this Privacy Policy sent to you then please request it by contacting us at hello@sommerfuglkids.com and we will provide you a copy of this Privacy Policy free of charge. This policy was last updated 10 November 2019.