Privacy

We collect and use your personal and health information to provide you with a good or service. Sometimes we are legally obliged to do so.

We recognise there are risks involved in collecting and storing this information and that's why we partner with third party providers so that data transmission is encrypted and storage is secure. We also do not disclose your information to anyone unless you want us to or we are legally obliged to.

We use Stripe to transmit and process payment. A copy of Stripe's privacy policy can be found here.

We use Contentful to transmit and store your information. A copy of Contentful's security policy can be found here. Contentful is also hosted and operated on Amazon AWS which is ISO27001, PCI DSS and SOC (1,2,3) compliant.

We take your privacy seriously and we try our best to maintain it.

Our privacy policy

Throughout this site, the terms “we”, “us” or “our” refer to Hearts & Crosses and the term "site" refer to www.heartsandcrosses.com.au.

This Privacy Policy briefly tells you how we manage the personal information that we collect, use and disclose and how to contact us if you have any queries or complaints. This Privacy Policy does not cover personal information collected or held by us about our employees and is to be read subject to any overriding provisions of law or contract.

We will assume you consent to collection, use and disclosure of your personal information in the manner specified in this Privacy Policy (which may change from time to time) until you tell us to the contrary by contacting us using our contact details below.

Collection of personal information by us

We will only collect your personal information where it is reasonably necessary for or directly related to the conduct of our functions or activities. We will typically collect personal information in the course of providing our goods and services to customers and in other dealings with those customers and prospective customers. We may also collect personal information as we determine necessary from time to time for any purpose in connection with the general conduct of our business, for example, in dealing with suppliers, service providers and contractors or for charities or charitable purposes we proudly support.

Where we collect your personal information we will do so only by lawful and fair means and not in an unreasonably intrusive way. Where we collect your personal information, and it is reasonable and practicable to do so, we will collect it directly from you. There may be occasions where we receive or collect personal information about you from a third party. Where it is lawful or practical to do so, you may choose to deal with us anonymously (for example, when enquiring about our goods and services generally).

Where you provide us with personal information about someone else you must have their consent to provide their personal information to us based on this Privacy Policy.

Kinds of information collected

The kinds of personal information we collect and hold will depend upon the reasons for, or circumstance of, its collection. It may include, amongst other things:

  • your name and contact details;
  • other personal information you give us when you request a good or service from us. This information may include: your requirements with respect to specific goods or services; your opinion or preferences with respect to any of our goods or services, payment details, or your preferred payment method;
  • information contained in any communications between you and us;
  • information contained in an application form or other document given to us;
  • payment and transactional information about your acquisition and use of our goods and services;
  • activity with our digital or online services; and
  • any information we are required to collect by law.

Collection of other information from our website and online

We provide information and services through a range of digital and online services including websites (e.g. heartsandcrosses.com.au) email, online advertisements and social media profiles.

Site visit information

When you visit our website, we and/or our contractors collect general information about your visit which may include your server address, the date and time of your visit, the pages you accessed, the information you downloaded and the type of Internet browser you used.

We and/or our contractors may use this information in anonymous, aggregated form, for statistical purposes, to assist us in improving the quality and usability of our website.

Other digital services

We may use “cookies”. A cookie is a piece of information that allows the server to identify and interact more effectively with your device. The cookie assists us in maintaining the continuity of your browsing session (e.g. to maintain a shopping cart) and remembering your details and preferences when you return. Other technologies that may be used with us include web beacons (which may operate in conjunction with cookies), Flash local stored objects and JavaScript. Some of these cookies and other technologies are consistent across various our digital services, allowing us and the other providers of these services to understand you better and provide a more consistent experience across these services. You can configure your web browser to reject and delete cookies and block JavaScript but you may find some parts of our digital services then have limited functionality.

Our systems record a variety of information in relation to interactions with our online services. This can include information about software versions used, device identifiers (like IP address), location data (where available and not disabled by the user), dates, times, file metadata, referring website, data entered and user activity such as links clicked.

In some cases third parties may use cookies and other technologies such as those described above as part of our digital services. These technologies may be used in connection with activities like surveys, online behavioural advertising, website analytics and email campaign management. The services we may use from time to time include Google Analytics, Google Display Network, Google AdSense, Snip Cart, Stripe, Mailchimp and Sendgrid. You can find more details in the privacy policies for those services (e.g. Google’s Ads Preferences Manager), including information on how to opt-out of certain conduct. Bear in mind, you may need to opt-out separately from each service. The website youronlinechoices.com.au also allows you to opt-out of some online behavioural advertising and provides further information about how online behavioural advertising works. You can contact us to request further details of the services we use. Many of these services operate without collecting or using any personal information.

How your personal information will be collected and held

We may collect your personal information in relation to your interactions and transactions with us, including using our coupons; placing an order online; participating in a promotion, competition, survey or charitable event; registering for services; making a charitable donation; using related digital services. We may monitor and record your communications with us (including email and telephone) for security, dispute resolution, and training purposes and we also operate video and audio surveillance devices in our premises.

We may also collect personal information from third parties including public sources, information service providers, providers who administer our products and services such as insurance, anyone authorised to act on your behalf. We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of our service providers.

We implement a range of measures to protect the security of that personal information. We also take measures in respect of destroying or de-identifying personal information that is no longer needed for any lawful purpose. Unfortunately the internet is not a secure place and we cannot guarantee security of your personal information.

Sensitive information

We will not collect, use or disclose sensitive information about you unless it is necessary to provide you with a good or service and we have your consent or unless we are legally required to collect, use or disclose that information.

Sensitive information is any information about a person's racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, membership of a professional, trade or political association or union, sexual preferences or practices, criminal record, health information or genetic information about an individual that is not otherwise health information.

Use of your personal information

We collect your personal information so that we can use it for or in connection with our functions and activities which may include, amongst other things:

  • confirming your identity when you contact us;
  • accepting and processing your orders;
  • providing you with any of our goods and services or information about those goods or services;
  • providing you with information about charities or charitable purposes or activities we proudly support;
  • being aware of any special good or service requirements you may have;
  • providing you with electronic confirmation of your orders (where applicable) and advising you of any changes to our goods and services;
  • delivering orders;
  • providing refunds or discounts;
  • communicating directly with you (including direct marketing) and providing marketing communications and targeted advertising to you on an ongoing basis by telephone, electronic messages (e.g. email), our digital services and other means (you can contact us at “hello@heartsandcrosses.com.au” at any time to opt out of electronic and telephone direct marketing communications);
  • conducting product and market research;
  • maintaining and updating our records;
  • working with our service providers;
  • administering and managing the provision of our goods and services to you, including billing and debt collection;
  • conducting reviews or checks of your credit worthiness;
  • addressing any queries, feedback or complaints we receive from you;
  • developing, improving and marketing our goods and services;
  • complying with relevant laws, regulations and Codes; and
  • using your personal information for any other purpose that it was collected for or any related purpose for which we are entitled to use your personal information.

Where we are not able to collect personal information that we require to conduct a particular functions or activities, it may restrict or limit our ability to conduct or perform that function or activity.

Use and disclosure of your personal information for secondary purposes

If we use or disclose your personal information for a purpose (the "secondary purpose") other than the main reason for which it was originally collected (the "primary purpose"), to the extent required by law, we will ensure that:

  • the secondary purpose is related to the primary purpose of collection (and directly related in the case of sensitive information), and you would reasonably expect that we would use or disclose your information in that way;
  • you have consented to the use or disclosure of your personal information for the secondary purpose;
  • the use or disclosure is required or authorised by or under law; or
  • the use or disclosure is otherwise permitted by law (for example, as a necessary part of an investigation of suspected unlawful activity).

Disclosure of personal information to third parties

Where permitted by the Privacy Act, personal information we collect about you may be disclosed to third parties as we determine necessary from time to time for any purpose reasonably necessary or directly in connection with the conduct of our business, including, but not limited to:

  • any service provider we engage to carry out our business functions and activities;
  • our professional advisors and other contractors (for example IT consultants, research agencies and mailing houses);
  • any person who introduces you to us, or who is acting as your referee or guarantor;
  • your authorised agents or your executor, administrator or legal representative;
  • an organisation that is an arrangement or alliance with us (for example, for the purpose of promoting or using our respective goods or services or conducting a seminar or promotion);
  • our business associates and others for purposes directly related to the purpose for which the personal information is collected;
  • our related companies;
  • organisations that conduct or promote charitable purposes or activities we proudly support;
  • organisations that are involved in a transfer or proposed sale of our business or assets
  • any entity to which we are required or authorised by or under law to disclose such information (for instance, Federal or State law enforcement agencies and investigative agencies, courts and various other Federal or State government bodies); and
  • others that you have been informed of at the time any personal information is collected from you.

We take steps to ensure that third party recipients are obliged to protect the privacy and security of your personal information and use it only for the purpose for which it is disclosed.

Transborder data flows

We will only transfer personal information to someone who is in a foreign country if:

  • we reasonably believe that the recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the Privacy Act;
  • you consent to the transfer;
  • the transfer is necessary for the performance of a contract between you and us, or for the implementation of pre-contractual measures taken in response to your request;
  • the transfer is necessary for the conclusion or performance of a contract concluded in the interest of you between us and a third party;
  • the transfer is for your benefit and it is impracticable to obtain your consent to that transfer. If it were practicable to obtain such consent, you would be likely to give it; or
  • we have taken reasonable steps to ensure that the information transferred will not be held, used or disclosed by the recipient of the information inconsistently with the Privacy Act.

We may provide your personal information to our contractors and service providers who may be located in a foreign country from time to time for any purpose reasonably necessary or directly in connection with the conduct of our business and consistent with this Privacy Policy and the Privacy Act.

Security of your personal information

We protect any personal information that we collect and hold about you from misuse or loss. We also protect it from unauthorised access, modification or disclosure. Where we need to disclose your personal information to a service provider or other agent or contractor, we prohibit them from using the personal information except for the specific purpose that we have provided it.

We will take reasonable steps to destroy or de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed in accordance with the Privacy Act.

Keeping your personal information up-to-date and correcting your personal information

We take reasonable steps to ensure that any personal information collected by us is accurate and up-to-date at the time of collecting, using and disclosing that information.

If you learn that personal information we hold about you is inaccurate, incomplete or out-of-date, you should contact us.

You also have a right to request that a statement be attached to your personal information if we disagree with your request to correct the information.

Access to your personal information

You can ask to obtain access to personal information that we hold about you, although in some circumstances, the law may not permit us to provide such information to you. If we are not able to provide you with access to any of your personal information held by us, we will tell you the reasons why this is the case. We may ask you to put your request in writing and pay a reasonable fee to us before providing requested access.

How to contact us

If you wish to contact us, for example, to access or correct your personal information, you may contact us at:

Hearts & Crosses
ABN 53 433 662 426
Level 1, 210 Swan St
Richmond, VIC, 3121

E-mail: hello@heartsandcrosses.com.au

If you wish to unsubscribe from receiving email and other communication, please provide your request to (hello@heartsandcrosses.com.au)