We collect and use your personal and health information to provide you with a good or service. Sometimes we are legally obliged to do so.
We recognise there are risks involved in collecting and storing this information and that's why we partner with third party providers so that data transmission is encrypted and storage is secure. We also do not disclose your information to anyone unless you want us to or we are legally obliged to.
We use Contentful to transmit and store your information. A copy of Contentful's security policy can be found here. Contentful is also hosted and operated on Amazon AWS which is ISO27001, PCI DSS and SOC (1,2,3) compliant.
We take your privacy seriously and we try our best to maintain it.
Throughout this site, the terms “we”, “us” or “our” refer to Hearts & Crosses and the term "site" refer to www.heartsandcrosses.com.au.
Collection of personal information by us
We will only collect your personal information where it is reasonably necessary for or directly related to the conduct of our functions or activities. We will typically collect personal information in the course of providing our goods and services to customers and in other dealings with those customers and prospective customers. We may also collect personal information as we determine necessary from time to time for any purpose in connection with the general conduct of our business, for example, in dealing with suppliers, service providers and contractors or for charities or charitable purposes we proudly support.
Where we collect your personal information we will do so only by lawful and fair means and not in an unreasonably intrusive way. Where we collect your personal information, and it is reasonable and practicable to do so, we will collect it directly from you. There may be occasions where we receive or collect personal information about you from a third party. Where it is lawful or practical to do so, you may choose to deal with us anonymously (for example, when enquiring about our goods and services generally).
Kinds of information collected
The kinds of personal information we collect and hold will depend upon the reasons for, or circumstance of, its collection. It may include, amongst other things:
- your name and contact details;
- other personal information you give us when you request a good or service from us. This information may include: your requirements with respect to specific goods or services; your opinion or preferences with respect to any of our goods or services, payment details, or your preferred payment method;
- information contained in any communications between you and us;
- information contained in an application form or other document given to us;
- payment and transactional information about your acquisition and use of our goods and services;
- activity with our digital or online services; and
- any information we are required to collect by law.
Collection of other information from our website and online
We provide information and services through a range of digital and online services including websites (e.g. heartsandcrosses.com.au) email, online advertisements and social media profiles.
Site visit information
When you visit our website, we and/or our contractors collect general information about your visit which may include your server address, the date and time of your visit, the pages you accessed, the information you downloaded and the type of Internet browser you used.
We and/or our contractors may use this information in anonymous, aggregated form, for statistical purposes, to assist us in improving the quality and usability of our website.
Other digital services
Our systems record a variety of information in relation to interactions with our online services. This can include information about software versions used, device identifiers (like IP address), location data (where available and not disabled by the user), dates, times, file metadata, referring website, data entered and user activity such as links clicked.
How your personal information will be collected and held
We may collect your personal information in relation to your interactions and transactions with us, including using our coupons; placing an order online; participating in a promotion, competition, survey or charitable event; registering for services; making a charitable donation; using related digital services. We may monitor and record your communications with us (including email and telephone) for security, dispute resolution, and training purposes and we also operate video and audio surveillance devices in our premises.
We may also collect personal information from third parties including public sources, information service providers, providers who administer our products and services such as insurance, anyone authorised to act on your behalf. We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of our service providers.
We implement a range of measures to protect the security of that personal information. We also take measures in respect of destroying or de-identifying personal information that is no longer needed for any lawful purpose. Unfortunately the internet is not a secure place and we cannot guarantee security of your personal information.
We will not collect, use or disclose sensitive information about you unless it is necessary to provide you with a good or service and we have your consent or unless we are legally required to collect, use or disclose that information.
Sensitive information is any information about a person's racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, membership of a professional, trade or political association or union, sexual preferences or practices, criminal record, health information or genetic information about an individual that is not otherwise health information.
Use of your personal information
We collect your personal information so that we can use it for or in connection with our functions and activities which may include, amongst other things:
- confirming your identity when you contact us;
- accepting and processing your orders;
- providing you with any of our goods and services or information about those goods or services;
- providing you with information about charities or charitable purposes or activities we proudly support;
- being aware of any special good or service requirements you may have;
- providing you with electronic confirmation of your orders (where applicable) and advising you of any changes to our goods and services;
- delivering orders;
- providing refunds or discounts;
- communicating directly with you (including direct marketing) and providing marketing communications and targeted advertising to you on an ongoing basis by telephone, electronic messages (e.g. email), our digital services and other means (you can contact us at “email@example.com” at any time to opt out of electronic and telephone direct marketing communications);
- conducting product and market research;
- maintaining and updating our records;
- working with our service providers;
- administering and managing the provision of our goods and services to you, including billing and debt collection;
- conducting reviews or checks of your credit worthiness;
- addressing any queries, feedback or complaints we receive from you;
- developing, improving and marketing our goods and services;
- complying with relevant laws, regulations and Codes; and
- using your personal information for any other purpose that it was collected for or any related purpose for which we are entitled to use your personal information.
Where we are not able to collect personal information that we require to conduct a particular functions or activities, it may restrict or limit our ability to conduct or perform that function or activity.
Use and disclosure of your personal information for secondary purposes
If we use or disclose your personal information for a purpose (the "secondary purpose") other than the main reason for which it was originally collected (the "primary purpose"), to the extent required by law, we will ensure that:
- the secondary purpose is related to the primary purpose of collection (and directly related in the case of sensitive information), and you would reasonably expect that we would use or disclose your information in that way;
- you have consented to the use or disclosure of your personal information for the secondary purpose;
- the use or disclosure is required or authorised by or under law; or
- the use or disclosure is otherwise permitted by law (for example, as a necessary part of an investigation of suspected unlawful activity).
Disclosure of personal information to third parties
Where permitted by the Privacy Act, personal information we collect about you may be disclosed to third parties as we determine necessary from time to time for any purpose reasonably necessary or directly in connection with the conduct of our business, including, but not limited to:
- any service provider we engage to carry out our business functions and activities;
- our professional advisors and other contractors (for example IT consultants, research agencies and mailing houses);
- any person who introduces you to us, or who is acting as your referee or guarantor;
- your authorised agents or your executor, administrator or legal representative;
- an organisation that is an arrangement or alliance with us (for example, for the purpose of promoting or using our respective goods or services or conducting a seminar or promotion);
- our business associates and others for purposes directly related to the purpose for which the personal information is collected;
- our related companies;
- organisations that conduct or promote charitable purposes or activities we proudly support;
- organisations that are involved in a transfer or proposed sale of our business or assets
- any entity to which we are required or authorised by or under law to disclose such information (for instance, Federal or State law enforcement agencies and investigative agencies, courts and various other Federal or State government bodies); and
- others that you have been informed of at the time any personal information is collected from you.
We take steps to ensure that third party recipients are obliged to protect the privacy and security of your personal information and use it only for the purpose for which it is disclosed.
Transborder data flows
We will only transfer personal information to someone who is in a foreign country if:
- we reasonably believe that the recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the Privacy Act;
- you consent to the transfer;
- the transfer is necessary for the performance of a contract between you and us, or for the implementation of pre-contractual measures taken in response to your request;
- the transfer is necessary for the conclusion or performance of a contract concluded in the interest of you between us and a third party;
- the transfer is for your benefit and it is impracticable to obtain your consent to that transfer. If it were practicable to obtain such consent, you would be likely to give it; or
- we have taken reasonable steps to ensure that the information transferred will not be held, used or disclosed by the recipient of the information inconsistently with the Privacy Act.
Security of your personal information
We protect any personal information that we collect and hold about you from misuse or loss. We also protect it from unauthorised access, modification or disclosure. Where we need to disclose your personal information to a service provider or other agent or contractor, we prohibit them from using the personal information except for the specific purpose that we have provided it.
We will take reasonable steps to destroy or de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed in accordance with the Privacy Act.
Keeping your personal information up-to-date and correcting your personal information
We take reasonable steps to ensure that any personal information collected by us is accurate and up-to-date at the time of collecting, using and disclosing that information.
If you learn that personal information we hold about you is inaccurate, incomplete or out-of-date, you should contact us.
You also have a right to request that a statement be attached to your personal information if we disagree with your request to correct the information.
Access to your personal information
You can ask to obtain access to personal information that we hold about you, although in some circumstances, the law may not permit us to provide such information to you. If we are not able to provide you with access to any of your personal information held by us, we will tell you the reasons why this is the case. We may ask you to put your request in writing and pay a reasonable fee to us before providing requested access.
How to contact us
If you wish to contact us, for example, to access or correct your personal information, you may contact us at:
Hearts & Crosses
ABN 53 433 662 426
Level 1, 210 Swan St
Richmond, VIC, 3121
If you wish to unsubscribe from receiving email and other communication, please provide your request to (firstname.lastname@example.org)