Personal Information and Sensitive Information
Personal information is defined in the Privacy Act as:
Information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not,
Sensitive information includes things such as race, sexual orientation, political opinions, members of a trade association or trade union, criminal record or health information (Sensitive Information).
Information we collect from you
When you sign up to become a Grace Collective member via our website, which is located at www.thegracetales.com (the Website), we will usually only ask for the following information:
• birth date;
• residential or professional address;
• telephone number;
• email address;
• professional profile information; and
• details relating to employment or professional positions held.
We may ask you to nominate a User Name, a Display Name and a Password. We will not collect Personal Information unless the information is reasonably necessary to establish an account for you and provide our services to you.
From time to time, we may ask you to supply additional Personal Information for specific purposes. In such cases, we will clearly explain why we request that information and unless we are required or authorised by law to request that information from you, providing such information to us is optional. Under no circumstances will we request any information from you that may disclose your:
• political, religious or philosophical beliefs or affiliations;
• health and sexuality;
• racial or ethnic origin; or
• criminal convictions.
We may conduct surveys or market research and may seek other information from you on a periodic basis. These surveys will provide us with information that allows improvement in the types and quality of services offered to you, and the manner in which those services are offered to you. Participation in such activities is optional. We generally will only collect Personal Information about you if you voluntarily submit it to us by:
• providing your information by form, telephone or facsimile;
• creating an account with us;
• sending us an email;
• sending us information via the ‘Contact Us’ page on our Website; and/or
• sending us Personal Information when using any part of our Website.
We may from time to time run competitions or offer additional benefits to you and we may ask you to provide us with your Personal Information for these purposes. Providing us with this information is optional to you. However, if you do not provide your Personal Information to us we may not be able to contact you or give you access to the additional benefits.
You may opt out of these additional communications at any time and can do so by emailing us at email@example.com.
We will not collect Personal Information about you from third parties unless:
• you consent to the collection of the information from someone else; or
• it is unreasonable or impracticable to collect the information from you.
If we collect Personal Information from a third party, we will inform you that Personal Information has been collected and the circumstances of such collection.
Personal information via the Website
Most commercial websites use ‘cookies’, which are pieces of information that websites send to the browser and are stored in the computer hard-drive.
Cookies make using the Website easier by storing information about matters such as your preferences on the Website. This allows the Website to be tailored to you for any of your return visits. Cookies will not be used to identify you personally.
If you would prefer not to receive cookies, you can alter your security settings on your web browser to disable cookies or to warn you when cookies are being used. However, by disabling the cookie function in your web browser you may impede your ability to use parts of the Website.
We collect certain information from you using cookies such as:
• your browser type;
• your location;
• your IP address;
• information about when and how you use our website;
• information about your past internet usage, such as websites you visit before coming to our Website.
Your option not to provide your Personal Information
You have the option to interact anonymously or using a pseudonym with our Website. However, if you choose to remain anonymous or use a pseudonym, your experience with our Website may be diminished and we may not be able to offer you our full range of services.
Unsolicited Personal Information
Where we receive unsolicited Personal Information about you, we will check whether that information is reasonably necessary for our functions or activities. If it is, we will handle this information the same way we do with other information we seek from you. If not, we will destroy or de-identify it.
Children and minor’s privacy
We also ensure that our Website and marketing is not aimed at and does not target children under 13 years of age and will not intentionally collect data from them. If you believe that we might have any information from or about a child under 13, please contact our Privacy Officer at firstname.lastname@example.org
Use and disclosure of your Personal Information
We are the data controller of the Personal Information we collect from you. We take appropriate measures to ensure that all processing of your Personal Information by us, or by our service providers, is lawful. The lawful basis for the processing of your Personal Information will depend on the purposes for which we process your information.
Much of the personal information we collect from you is necessary for us to provide our products and services to you. This includes most of the information you provide to us when setting up a membership account.
Some of the processing we conduct is necessary in pursuit of our legitimate interests in developing our Website and services and ensuring that they deliver relevant and focused content to you.
Your Personal Information, including your email address, will be used, either on its own or as part of aggregated data, for the following primary purposes:
• providing you with news and information about our services and functions;
• purposes necessary or incidental to the provision of our services and functions;
• to ensure the proper functioning of our Website including customising and improving your online experience with us;
• to ensure the proper functioning of The Grace Tales business;
• personalising your experience with our products and services, for example through connectivity with social media services;
• to assist The Grace Tales with our marketing, planning, product development and research requirements; and
• sending you marketing and promotional material that we believe you may be interested in and otherwise communicating with you about our products and services.
We will not use or disclose (or permit the use or disclosure of) Personal Information that could be used to identify an individual member in any circumstances except:
• to ensure the proper functioning of our business and the Website;
• to communicate promotional offers and special events to you;
• where applicable law requires or authorises, us or a company holding data on our behalf to do so; or
• where you have given express consent to us for a prescribed purpose.
Only with your express consent will we use or disclose Personal Information (including Sensitive Information) about you for the purposes of direct marketing.
We may disclose your Personal Information to the following third parties for the above purposes:
• services providers engaged to provide services to us; and
• third parties who we consider may offer goods and services you are interested in.
We may disclose your Personal Information to our related entities, including our international related entities. You can ask us not to do this at any time by contacting our Privacy Officer at email@example.com. If we are compelled by law to disclose your Personal Information to a third party, we will take reasonable steps to notify you of this in advance, wherever it is lawful and reasonable for us to do so. We will not sell your Personal Information.
Public Personal Information
Any Personal Information you choose to make publicly available on our Website, for example, by posting comments on any of our pages, will be available to others. If you remove information that you have made public on our Website, other users may have already saved or downloaded that information, and copies may remain viewable in cached and archived pages of our Website.
Security of Personal Information
In our business, Personal Information may be stored both electronically and in hardcopy form. We are committed to keeping your Personal Information secure regardless of the format in which we hold it and we take all reasonable steps to protect your information from misuse, interference, loss, and unauthorised access, modification or disclosure. However, your use of the Website is at your own risk and we accept no responsibility, whether we are deemed to have been negligent or not, in the event of a breach of your privacy. In the event that Personal Information is compromised as a breach of security, we will promptly notify those affected in compliance with applicable law.
Note that no information transmitted over the internet can be guaranteed to be completely secure. However, we will endeavour to protect your Personal Information as best as possible but we cannot guarantee the security of any information that you transmit to us, or receive from us. The transmission and exchange of information is carried out at your own risk.
The protective steps we take from misuse, interference, loss, unauthorised access, modification and disclosure of your Personal Information include:
• confidentiality requirements of our employees;
• document storage security policies;
• security measures for access to our systems; and
• only providing access to Personal Information to a person who is verified to be able to receive that information.
We use an outside platform, and a third party credit card processing company, to bill you if you purchase services, including but not limited to, the online purchase of a Grace Collective membership. These companies do not retain, share, store or use personally identifiable information for any purposes other than billing.
Access to your Personal Information
In most cases, you have the right to access the Personal Information that we hold about you. If you wish to access your Personal Information or obtain more information about how we process it, please contact our Privacy Officer at firstname.lastname@example.org
We will deal with all requests for access to Personal Information as quickly as possible. Requests for a large amount of information, or information that is not currently in use, may require further time before a response can be given.
We may charge you a fee to recover the reasonable costs incurred by us in retrieving your information, but in no case will we charge you a fee for your application for access. In some cases, we will refuse to give you access to Personal Information we hold about you. This includes, but is not limited to, circumstances where giving you access would be unlawful; have an unreasonable impact on other people’s privacy; prejudice an investigation of unlawful activity; reveal our intentions in relation to negotiations with you so as to prejudice those negotiations; prejudice enforcement related activities conducted by, or on behalf of, an enforcement body; reveal evaluative information generated within the Business Chicks organisation in connection with a commercially sensitive decision-making process.
We will also refuse access where the Personal Information relates to existing or anticipated legal proceedings, and the information would not be accessible by the process of discovery in those proceedings. Further, we will refuse access where your request is frivolous or vexatious, and where we reasonably believe that: giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; unlawful activity, or misconduct of a serious nature, is being or may be engaged in against Business Chicks and giving access would be likely to prejudice the taking of appropriate action in relation to that matter.
If we refuse to give you access we will provide you with reasons for our refusal, unless doing so would be unreasonable in the circumstances. We will also take reasonable steps to give you access in a way that meets your needs without giving rise to the reasons of our refusal. Further, we will provide details of how you may make a complaint about our decision.
The right to move, copy, transfer or restrict use of your Personal Information
You have the right to ask us for a copy of your Personal Information; to correct, delete or restrict (stop any active) processing of your Personal Information; and to obtain the Personal Information you have provided to us in a structured, machine-readable format, and to ask us to share (port) this data to another controller. If you would like to do any of these things, please contact our Privacy Officer at email@example.com. We will deal with these requests in the same manner as described above regarding access to your Personal Information.
The right to correction and removal of your Personal Information
The accuracy of the Personal Information we have requested from you is important to us. We will take all such steps as are reasonable in the circumstances to ensure that all information requested from you is kept accurate, up to date and complete. However, we cannot undertake to ensure that such data, even where it includes Personal Information, is kept accurate, up to date and complete.
Should you suspect, or become aware of, that Personal Information we hold about you is inaccurate, out of date, incomplete or misleading, or if you would like your information deleted entirely, please contact our Privacy Officer at firstname.lastname@example.org
We will deal with all requests for correction and removal of Personal Information as quickly as possible. Requests relating to a large amount of information, or information which is not currently in use, may require further time before a response can be given. If we refuse to change or delete the Personal Information as you request, we will provide you with reasons for our refusal, unless doing so would be unreasonable in the circumstances. We will also provide details of how you may make a complaint about our decision. Further, in case of our refusal, you may request that we take reasonable steps to associate, with the relevant information, a statement that you view it as inaccurate, out of date, incomplete or misleading.
Where we have corrected or deleted Personal Information about you, you may request that we take reasonable steps to give notice of the correction to any third party to which we have disclosed the inaccurate, out of date, incomplete or misleading Personal Information.
Retention of your personal information
If you have a membership with Grace Collective, or are signed up to receive our communications, we will retain your Personal Information for as long as your account is active, or as needed to provide you with our services. We will also retain and use your Personal Information for as long as someone could bring a claim against us, and as necessary to comply with all other legal obligations and regulatory requirements, to resolve disputes and to enforce our agreements.
Cross-border disclosure of personal information
To provide you with the best service possible, we may use ‘cloud’ based technology services to hold your data, including your Personal Information. As a consequence, your data, including your Personal Information (and if you have provided such information, your sensitive Personal Information) may be held in the data centres used by a provider of such ‘cloud’ based technology services.
It is important to note that, by becoming a Grace Collective member or by using the Website, you consent to your data, including your Personal Information (and where applicable, your sensitive personal information) being transferred to data centres located outside of Australia. Your decision to become a Grace Collective member or to use the Website also signals your consent to this technical arrangement under which The Grace Tales does not exercise any direct control over the management of your data in those data centres.
A number of our related entities are incorporated and located overseas. We may disclose your Personal Information to our related entities for the purposes of operating our business and providing you with our services. Our related entities are located in:
• UK, USA, SINGAPORE.
Disposal of personal information no longer required
If we hold personal information about you, and we no longer need that information for any purpose for which the information may be used or disclosed, we will take reasonable steps to destroy or de-identify that information unless we are prevented from doing so by law.
Unsubscribing from our email database
To unsubscribe from our email database, please do so via any link or function contained in an email, via the Website or send an e-mail to email@example.com with “UNSUBSCRIBE” typed into the subject line of the email. Note that, while you maintain a Grace Collective membership, you are unable to unsubscribe from certain types of e-mails, such as important updates (including information about your account, security concerns and technical issues). Please de-activate your membership if you would like to unsubscribe from that correspondence.
Links to other websites
If you consider that your complaint has not been adequately dealt with by us, you can make a further complaint to the Office of the Australian Information Commissioner, which has complaint handling responsibilities under the Privacy Act.
For further information about privacy in general, please refer to the Office of the Australian Information Commissioner’s website: www.oaic.gov.au.