Crowd Culture is committed to complying with Australian privacy legislation and to protecting and safeguarding your privacy when you deal with us. We will only collect, hold, use and disclose your personal information as reasonably required to run our business and as permitted by the Privacy Act 1988 (Cth) (“Privacy Act“) including the Australian Privacy Principles (“the APPS”).
This Privacy Statement applies to personal information from individuals in the European Union (under GDPR regulation) and all other global customers collected, processed, disclosed and stored (collectively “used”) by Crowd Culture.
COLLECTION OF INFORMATION
Some information provided to us by clients, customers, contractors and other third parties might be considered private or personal. Under the Privacy Act, personal information is information or an opinion about an individual whose identity can reasonably by ascertained from that information or opinion.
Without these details we would not be able to carry on our business and provide our services to you. We will only collect such personal information if it is necessary for one of our functions or activities.
The kinds of personal information Crowd Culture collects includes:
In particular, personal information is collected from people in the following situations by Crowd Culture:
a) if you contact Crowd Culture, we may keep a record of that correspondence;
b) when you apply for and/or establish and/or access an account;
c) when you submit your e-mail address to our website mailing list;
d) when you place an order on our website to purchase our services we may require you to provide us with contact information including your name, address, telephone number or email address and financial information (such as credit card details).
At or before the time the personal information is collected by us, we will take reasonable steps to ensure that you are made aware of who we are, the fact that you are able to gain access to the information held about you, the purpose of the collection, the type(s) of organisations to which we usually disclose the information collected about you, any laws requiring the collection of the information and the main consequences for you if all or part of the information is not collected.
USE OF INFORMATION COLLECTED AND DISCLOSURE OF PERSONAL INFORMATION TO OTHERS
We may use or disclose personal information held about an individual for the primary purpose for which it was collected (e.g. for provision of our services, including administration of our services, notification to you about changes to our services, record-keeping following termination of our services to you and technical maintenance) – that is, to carry on our business and provide services to our customers.
We may also use such information for a secondary purpose related to the primary purpose of collection and where you would reasonably expect that we would use the information in such a way.
In addition, we are permitted to use or disclose personal information held about you:
a) where you have consented to the use or disclosure;
b) where we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious, immediate threat to someone’s health or safety or the public’s health or safety;
c) where we reasonably suspect that unlawful activity has been, is being or may be engaged in and the use or disclosure is a necessary part of our investigation or in reporting the matter to the relevant authorities;
d) where such use or disclosure is required under or authorised by law (for example, to comply with a subpoena, a warrant or other order of a court or legal process);
e) where we reasonably believe that the use or disclosure is necessary for prevention, investigation, prosecution and punishment of crimes or wrongdoings or the preparation for, conduct of, proceedings before any court or tribunal or the implementation of the orders of a court or tribunal by or on behalf of an enforcement body;
f) where you have requested a service and we are required to disclose the information to an Installer in order to facilitate the provision of the service.
DISCLOSED PERSONAL INFORMATION TO A THIRD PARTY
a) related entities, third party contractors and or commercial partners; and or
b) service providers (such as parties we contract with to send you promotional and informational offers on our behalf); and or
c) other persons and entities as permitted under the Privacy Act.
Sharing your information with Shopify:
Shopify provides us with the online e-commerce platform that allows us to sell our products and services to you.
Shopify therefore hosts the data we collect about you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application, on a secure server behind a firewall. Your data will be stored in Shopify’s servers in the USA.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS).
Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.
Sharing your information with other third parties:
Where Crowd Culture uses third party service providers, we may disclose to them your personal information – but they will only use your information to the extent necessary to allow them to perform the services on our behalf.
Crowd Culture will share your information with the following categories of service providers:
Third parties providing payment gateways
Third parties who process payments or transactions on our behalf
Google AdWords: Google AdWords is an online advertising service developed by Google, where advertisers pay to display brief advertising copy, product listings, and video content within the Google ad network to web users. Google AdWords’ system is based partly on cookies and partly on keywords determined by advertisers. Google uses these characteristics to place advertising copy on pages where they think it might be relevant. Advertisers pay when users divert their browsing to click on the advertising copy. Partner websites receive a portion of the generated income.
Google Analytics: Google Analytics is a freemium web analytics service offered by Google that tracks and reports website traffic. Google launched the service in November 2005 after acquiring Urchin. Google Analytics is now the most widely used web analytics service on the Internet.
Facebook: Facebook is an American online social media and social networking service company based in Menlo Park, California. Its website was launched on February 4, 2004, by Mark Zuckerberg, along with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dustin Moskovitz, and Chris Hughes.
Zendesk: Zendesk Inc. is an American customer service software company headquartered in San Francisco, California, USA. It is listed on the New York Stock Exchange with the symbol ZEN and is a constituent of the Russell 2000 Index.
Klaviyo: Klaviyo is an email marketing platform created for online businesses — featuring powerful email and SMS marketing automation.
Okendo: Using Okendo's complete platform, we use this to collect customer reviews and visual marketing posts to display on site to show product benefits. Okendo is based in Australia.
SnapChat: Snapchat is a multimedia messaging app popular around the world created by Evan Spiegel, Bobby Murphy, and Reggie Brown, former students at Stanford University, and developed by Snap Inc., originally Snapchat Inc. Its a social media platform that allows customers to share stories
Shopify: Shopify is a Canadian e-commerce company headquartered in Ottawa, Ontario. It is also the name of its proprietary e-commerce platform for online stores and retail point-of-sale systems.
USE OF INFORMATION FOR OTHER PURPOSES
In order for Crowd Culture to grow and better serve its users, Crowd Culture collects information relating to customer businesses. This information includes but is not limited to:
- product information;
- pricing information;
- picture information;
- promotional information;
- end customer personal information; and
- business statistics.
ANONYMITY AND PSEUDONYMITY
You have the option of dealing with Crowd Culture anonymously however this only applies where it is practicable for Crowd Culture to do so, such as providing response to a general enquiry.
For most other functions and activities, we will need your name and contact information and enough information about the particular matter to enable us to adequately serve you and perform our regular business functions. In these circumstances, it will not be practicable for you to operate under a pseudonym.
As part of Crowd Culture’s functions and business activities and to promote the services we can provide to you, Crowd Culture may use personal information that you have provided to us for the purposes of direct marketing. Direct marketing includes, but is not limited to, sending to you e-newsletters and/or contacting you in relation to promotions and information about Crowd Culture products and services.
Generally, we will do so where you have expressed interest in receiving such information. You can opt out of receiving direct marketing communications by sending an email to Crowd Culture at: privacy@Crowd Culture.com.au or using the ‘unsubscribe’ or ‘opt out’ link or details provided in the direct marketing communication.
Our website may contain links to other websites and those third party websites may collect personal information about you. We are not responsible for the privacy practices of other businesses or the content of websites that are linked to our website.
Crowd Culture encourages users to be aware when they leave the site and to read the privacy statements of each and every website that collects personally identifiable information.
Crowd Culture places great importance on the security of all information associated with our customers, clients and contractors. We have implemented technology and security measures to reasonably protect your personal information and to assist in preventing the misuse, interference, loss, unauthorised access, modification and or disclosure of your personal information.
All personal information held is kept securely and if held electronically, is held on secure servers in controlled facilities.
We employ appropriate electronic and procedural measures to protect personal information from unauthorised access, use or disclosure. When you purchase from Crowd Culture, your financial details are passed through a secure server using the latest industry standard 256-bit SSL (secure sockets layer) encryption technology. Access to your personal information is limited to employees we believe reasonably need to use that information in order to perform their roles in providing or developing our services.
You acknowledge that despite our best efforts the security of online transactions and communications sent by electronic means or by post cannot be guaranteed.
Personal information is de-identified or destroyed securely when no longer required by us.
Crowd Culture takes all reasonable steps to ensure your information is held on secure servers in controlled facilities. Information stored within our computer systems can only be accessed by those entrusted with authority and computer network password sanctions. You are responsible for keeping your passwords and/or account information secret.
THIRD PARTY STORAGE
Crowd Culture may retain the information you provide including your contact and credit card details to enable us to verify transactions and customer details, to allow you to process any future transactions you may wish to make, and to retain adequate records for legal and accounting purposes. In order to store this information, Crowd Culture uses a third party. This information is provided to the user before the credit information is input, including the terms and conditions of the third party. The user, in continuing with the transaction and providing credit details, consents to the passing of this information to the third party for storage.
Unfortunately, no data transmission over the Internet can be guaranteed to be 100 percent secure. As a result, while we strive to protect users’ personal information, Crowd Culture cannot ensure or warrant the security of any information transmitted to it or from its online products or services, and for this reason, users receive and access this information at their own risk. Once Crowd Culture receives your transmission, it makes every reasonable effort to ensure its security on our systems.
ACCESS TO AND CORRECTION OF PERSONAL INFORMATION
Crowd Culture is committed to, and takes reasonable steps to maintain, accurate, timely, relevant, complete and appropriate information about our customers, clients and website users. You may request access to personal information about you held by Crowd Culture. Requests for access to your personal information should be made to the Crowd Culture Privacy Officer, the contact details of which are located below:
Crowd Culture Privacy Officer
Verification of identity is required with any request to access (or update) your personal information so that we can ensure your personal information is disclosed only to you.
Inaccurate information will be corrected upon receiving advice from you.
If we refuse to provide you with access to, or, correct the personal information held about you by us, then we will provide reasons for such refusal. Crowd Culture will respond to any requests for access or correction within a reasonable time of receipt of the request, but by no later than 30 days of the request being received.
Office of the Australian Information Commissioner:
Phone: 1300 363 992
DISCLOSURE OF PERSONAL INFORMATION OUTSIDE AUSTRALIA
We may disclose your personal information to our related bodies corporate and external service providers located overseas for some of the purposes listed above. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information. We may disclose your personal information to entities located outside of Australia, including the following:
a) our data hosting and Cloud-based IT service providers; and b) other external service providers located in North America and Eastern Europe.
Or you can get in contact by mail at:
Crowd Culture Skincare Pty Ltd
ATTN: Privacy Compliance Officer
6/19 William Street, Cremorne, VIC, 3121, Australia
Should you wish to read more information on privacy legislation or the Australian Privacy Principles we recommend that you visit the website of the office of the Australian Information Commissioner at www.oaic.gov.au.