Privacy Policy
OUTLINE
Our policy. This Privacy Policy, which is subject to the Privacy Act and APPs, regulates how we collect, use and disclose personal information.
Third parties. This Privacy Policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you in search results, sites that may include references to our Services, or other sites linked from the Platform. Our Privacy Policy does not cover the information practices of other companies and organizations who advertise our Services, and who may use cookies, pixel tags and other technologies to serve and offer relevant ads.
Amendment. We may change, vary or modify all or part of this Privacy Policy at any time in our sole discretion. It is your responsibility to check this Privacy Policy periodically for changes. If we adopt a new Privacy Policy:
- we will post the new Privacy Policy on the Platform; and
- it will then apply through your acceptance of it by subsequent or continued use of the Platform.
PURPOSE
Primary purpose. We collect your personal information to lawfully carry out our business functions and activities and provide you access to and use of the website, its various functionalities and related Services, including but not limited to accessing products, services, promotions and offers from naomifindlay.com (Primary Purpose).
Secondary purposes. In addition to the Primary Purpose, we may use the personal information we collect and you consent to us using your personal information to:
- provide you with (directly or indirectly) information about the Services you requested and any other products, services, promotions, offers and events you may be interested in, including (but not limited to) from third party naomifindlay.com Businesses and other relevant third party suppliers and service providers;
- facilitate transactions between you (or other people who you are acting for) and other people and organisations (including the naomifindlay.com Businesses) who are referred to on the Platform from time to time;
- generally enable your use of naomifindlay.com;
- enable registration, validation, authentication and the use of and/or access to naomifindlay.com by you and relevant naomifindlay.com Businesses;
- upload to and from and be used by the naomifindlay.com Database (in an aggregated form and basis relevant to naomifindlay.com Businesses) in accordance with its stated functionality and purpose, including to create and as relevant maintain a link between a relevant customer, naomifindlay.com Businesses and the naomifindlay.com Database;
- personalise and customise your experiences with us;
- develop or add additional products and services from us, naomifindlay.com Businesses or new individuals and organisations that are accessible from time to time via thePlatform or otherwise;
- attract and/or engage third parties interested in obtaining your personal information from us;
- help us review, manage and enhance our website and the Services and develop insights used in reports or other content developed by us;
- analysis of the usage of the Platform or Services;
- communicate with you, including by email, mail outs, via the Website contact form, social media, mobile and in-application notifications;
- conduct surveys, competitions or promotions;
- provide technical assistance to you if required;
- training, quality assurance and administrative purposes;
- if applicable, to process payments and administer your account, including to send you account related reminders. In this case you will be directed to (or we may use to facilitate the transaction) a third party website (a secure internet payment gateway) approved by the relevant financial institution to enter your credit/debit card or other payment mechanism details. This third party may in turn integrate the payment software with a third party payment application provider who assists in managing the payment transaction;
- investigate any complaints about or made by you, or if we have reason to suspect you have breached any relevant terms; or
- as required or permitted by any law.
WHAT WE COLLECT
Personal information we collect about you may include identification information such as:
- your name, address, date of birth, username, password, email address, skype address, mobile phone number, and other addresses, contact details and identifiers used in electronic communications;
- information submitted through the Platform;
- information supplied to us via surveys, competition entry forms, and data collection supplied via various websites;
- photographic images of staff, clients and individuals supplied to us for use in connection with our business activities;
- information about enquiries made to us, the naomifindlay.com Businesses, our suppliers or business associates;
- information provided when you raise a support enquiry or when we are working with you to resolve a technical or administrative query;
- the content of letters or emails you send to us; and
- cookies, metadata, location and usage data from the Services.
- we will only collect, hold, use or disclose your sensitive information with your consent.
HOW WE COLLECT
How we collect. Your personal information may be collected:
- when you complete an application, consent, purchase, account sign-up or similar form via Platform or otherwise;
- when you contact us to make a query or request;
- when you post information or otherwise interact with the Platform;
- in the course of providing the Services to you, including providing support through our support services and business partners;
- when you participate in one of the Services, our competitions or surveys;
- through our communications with you, including but not limited to by letter, email, telephone, surveys competitions and social media;
- from publicly available sources of information;
- from government regulators, law enforcement agencies and other government entities;
- from business contacts, external service providers and suppliers, business partners, sponsors and any naomifindlay.com Businesses;
- in the course of our business functions and activities; or
- by other means reasonably necessary.
Third party collection. If we collect any personal information about you from someone other than you, to the extent not already set out in this Privacy Policy, we will inform you of the fact that we will collect, or have collected, such information and the circumstances of that collection before, at or as soon as reasonably practicable after we collect such personal information.
Storage. We hold personal information in a number of ways, including:
- in our hard copy files;
- in other systems that we use in connections with our business, some of which may be owned and operated by our suppliers, including but not limited to Firebase (a Google Analytics product); and
- in the Infusion Soft Database associated with the Platform.
Authority. If you provide us with the personal information of another individual, without limiting any other provision of this Privacy Policy, you acknowledge and agree that the other individual:
- has authorised you to provide their personal information to us; and
- consents to us using their personal information in order for us to provide our Services.
Unsolicited information. If we receive unsolicited personal information about you that we could not have collected in accordance with this Privacy Policy and the Privacy Act, we will, within a reasonable period, destroy or de-identify such information received.
Minors. Generally, it is our policy to not collect personal information from persons who are under the age of 18 years or offer to send any promotional material to such persons. However, you acknowledge that it is a condition of use of the website that you are 18 years or over or otherwise possess legal parental guardian consent and that if you are not 18 years or over, we are unable to distinguish or separate your data and cannot prevent collection of same.
Anonymity. If you would like to access any of our Services on an anonymous basis we will take reasonable steps to comply with your request, however:
- you may be precluded from taking advantage of some of our Services; and
- we will require you to identify yourself if:
- we are required by law to deal with individuals who have identified themselves; or
- it is impracticable for us to deal with you if you do not identify yourself or elect to use a pseudonym.
Destruction. Subject to a legal requirement to the contrary, we will destroy or de-identify your personal information if:
- the primary or secondary purpose for which we collected the personal information from you no longer exists or applies, which includes if your account remains inactive for a sufficient period of time for us to determine it is no longer in use; or you request us to destroy your personal information.
USE
Primary use. We will only use and disclose your personal information:
- for purposes which are related to the Primary Purpose; or
- if we otherwise get your consent to do so, in accordance with this Privacy Policy and the Privacy Act.
- Subject to clause 2, we will not use your personal information for any purpose for which you would not reasonably expect us to use your personal information.
Direct marketing. We will offer you a choice as to whether you want to receive direct marketing communications about services. If you choose not to receive these communications, we will not use your personal information for this purpose.
We will otherwise only use or disclose your personal information for the purposes of direct marketing if:
- we collected the information from you;
- it is reasonable in the circumstances to expect that we would use or disclose the information for direct marketing purposes;
- we provide you with a simple means to ‘opt-out’ of direct marketing communications from us; and
- you have not elected to ‘opt-out’ from receiving such direct marketing communications from us.
You may opt out of receiving such communications by:
- altering or updating your communications settings on the App;
- if applicable, checking the relevant box on the form used to collect your personal information;
- clicking a link on the email communication sent to you; or
- contacting us using our contact details below.
- We may offer you the opportunity to receive information from third parties regarding products or services that may be of interest to you. If you choose to receive such information, we may forward messages from such third parties to you via the website or such other means as is practicable.
DISCLOSURE
How we disclose. We may disclose personal information and you consent to us disclosing such personal information to:
- third parties engaged by us to perform functions or provide Services on our behalf;
- our professional advisors, including our accountants, auditors and lawyers;
- our related bodies corporate;
- persons authorised by you to receive information held by us, including to those individuals that you authorise us to provide information to via the Platform. For the avoidance of doubt, this includes but is not limited to naomifindlay.com Businesses and any other business partners and sponsors that we may have commercial arrangements with from time to time;
- third parties who we contract with for our independent commercial purposes;
- a government authority, law enforcement agency, pursuant to a court order or as otherwise required by law; or
- a party to a transaction involving the sale of our business or its assets.
Non-identifiable information. We may share non-personally identifiable information publicly and with our partners (e.g. naomifindlay.com Businesses, relevant third party suppliers or service providers, publishers, advertisers, sponsors, or connected sites). For example, we may share information publicly to show trends about the general use of the Services.
Social Media. Our Platform uses and interacts with various social media, applications, channels and technologies such as blogs, Twitter, Facebook, Instagram, Snapchat, LinkedIn, and Google+. You acknowledge and agree that the nature of social media is that these applications actively enable exchange and disclosure of any information, whether personal or otherwise, that is included within those applications. All information, including personal information that you enter in those applications may be used, stored, handled and disclosed in any way that is consistent with the privacy policies of the relevant social media platform, applications, channels and technologies, if any. All information that is posted in a blog, Twitter feed, social media or other applications or technologies in connection with the Platform should be considered as public information that may be used, copied and adapted by any person for any means and should not be posted unless you are prepared to specifically state what restrictions on use there may be with that information or are prepared to accept that it may be used, copied, adapted, stored, handled and disclosed to any other person in any other way.
Overseas disclosure. We may in some circumstances send your personal information to overseas recipients to enable us to provide you our Services. Overseas recipients that may handle or process your data include (but are not limited to) the server hosts of our email services, naomifindlay.com Database and the Platform.
Circumstances where we may send personal information overseas includes (but is not limited to):
- where one of our related entities, subsidiaries, related or affiliated contractors, business partners or com Businesses assists us with our business activities and functions;
- where we have a third party supplier or service provider assisting us with providing our business activities and functions. We have no control over where such suppliers or service providers hold or process their data and it is impractical for us to be able to advise you of the countries where the personal information may be held or processed;
- where our Platform, or any hosting service we use to support our managed services, software or software as a service, is hosted by us or a third party, and the hosting facilities and/or the back-up/disaster recovery sites are located overseas. We have no control over where these third party providers host the Platform and it is impractical for us to advise you of the countries where the personal information may be held or processed; and
- where a third party application is being used in connection with our interactions with you (e.g. email or Skype) and the third party providers or the relevant application have their applications hosted overseas. We have no control over where these third party providers host their applications and it is impractical for us to be able to advise you of the countries where the personal information may be held or processed.
- Third party payment gateway providers may disclose your personal information If this is applicable to your use of the Services, please refer to the privacy policies of the third party payment gateway provider for information regarding how they will use, disclose and manage your personal information.
- If we send your personal information to overseas recipients, we will take reasonable measures to protect your personal information such as ensuring all information is de-identified where appropriate before being transmitted. However, you acknowledge and agree that if we disclose your personal information to overseas recipients, we are not obliged to take reasonable steps to ensure overseas recipients of your personal information comply with the Privacy Act and the APPs.
THIRD PARTY WEBSITES AND APPLICATIONS
Our website includes links to other websites, applications and tools that are not owned or operated by us. We not responsible for the content of those websites, applications or tools, nor for any products, services or information contained in them or offered through them. You should review the privacy policies and terms and conditions of use of those websites, applications and tools when you visit them. We do not endorse, sponsor, condone or represent the companies or content that is contained in any linked website, and reserve the right to terminate any link or linking program at any time. Please see our Terms and Conditions for further information.
COOKIES, METADATA AND SITE DATA ACTIVITY
A cookie is a small piece of computer code which remains on your computer and contains information which helps us identify your browser.
When you visit our Platform, a cookie may record the authentication to allow your member id to login. We use the information gathered by cookies to identify your web browser so that when you log in on the next occasion your use of the Platform and other applications and tools on it is easier and faster because the Platform has remembered your details.
We also use Firebase, a Google Analytics product (from Google Inc) to analyse the use of our Platform, and Google Analytics places cookies on your computer in order to perform its functions.
If you do not want us to use cookies then you can stop them, or be notified when they are being used, by adopting the appropriate settings on your browser. If you do not allow cookies to be used some or all of the Platform might not be accessible to you. You may also delete cookies that have been stored onto your computer using the functions in your browser.
Sometimes information that you upload is provided with associated metadata. If you do not want us to use the metadata you must remove it before uploading it onto the Platform.
We may collect data that is associated with your visit and use of the Platform, including the pages you visit, the activities you do, the preferences you make, the applications and tools you use and the purchases you make and the competitions you enter. We may also collect information relating to the computer, mobile phone or other device including the device type, the browser, location, IP address and search words used. We may collect, use, disclose and store this information in any of the ways set out in this Privacy Policy.
ACCESS AND CORRECTION
Access. If you require access to your personal information, please contact us using our contact details below. You are required to put your request in writing and provide proof of identity.
We are not obliged to allow access to your personal information if:
- it would pose a serious threat to the life, health or safety of any individual or to the public;
- it would have an unreasonable impact on the privacy of other individuals;
- the request for access is frivolous or vexatious;
- it relates to existing or anticipated legal proceedings between you and us and would not ordinarily be accessible by the discovery process in such proceedings;
- it would reveal our intentions in relation to negotiations with you in a way that would prejudice those negotiations;
- it would be unlawful;
- denying access is required or authorised by or under an Australian law or a court/tribunal order;
- we have reason to suspect that unlawful activity, or misconduct of a serious nature relating to our functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
- it would likely prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
- it would reveal commercially sensitive information.
- If you make a request for access to personal information, we will:
- respond to your request within 14 days or otherwise within a reasonable period; and
- if reasonable and practicable, give access to the personal information as requested.
- If we refuse to give access to the personal information, we will give you a written notice that sets out at a minimum:
- our reasons for the refusal (to the extent it is reasonable to do so); and
- the mechanisms available to complain about the refusal.
- We request that you keep your personal information as current as possible. If you feel that information about you is not accurate or your details have or are about to change, you can:
- contact us using our contact details below and we will correct or update your personal information; or
- change your details via the website.
- If you otherwise make a request for us to correct your personal information, we will:
- respond to your request within 14 days or otherwise within a reasonable period; and
- if reasonable and practicable, correct the information as requested.
- If we refuse a request to correct personal information, we will:
- give you a written notice (via email) setting out the reasons for the refusal and how you may make a complaint; and
- take reasonable steps to include a note with your personal information of the fact that we refused to correct it.
SECURITY AND PROTECTION
In relation to all personal information, we will take all reasonable steps to:
- ensure that the personal information we collect is accurate, up to date and complete;
- ensure that the personal information we hold, use or disclose is, with regard to the relevant purpose, accurate, up to date, complete and relevant; and
- protect personal information from misuse, loss or unauthorised access and disclosure.
We require staff and service providers to respect the confidentiality of personal information. We store your personal information on a secure server behind a firewall and use security software accessible only by authorised personnel to protect your personal information from unauthorized access, destruction, use, modification or disclosure.
Please contact us immediately if you become aware of or suspect any misuse or loss of your personal information.
DATA BREACHES
We are required to comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act.
If we become aware that a Data Breach in respect of personal information held by us may have occurred, we will:
- investigate the circumstances surrounding the potential Data Breach to determine whether a Data Breach has occurred; and
- if a Data Breach has occurred, carry out a reasonable and expeditious assessment of whether there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach.
If we become aware that there has been an eligible data breach in respect of personal information held by us, and the personal information relates to you or you are at risk from the eligible data breach, we will ensure that either we, or a relevant APP entity that is the subject of the same eligible data breach:
- prepare a statement that complies with subsection 26WK(3) of the Privacy Act;
- provide a copy of the statement to the Office of the Australian Information Commissioner (OAIC); and
- if it is practicable, notify you of the contents of the statement, or otherwise publish a copy of the statement on the Platform and take reasonable steps to publicise the contents of the statement, as soon as practicable after the completion of the preparation of the statement.
COMPLAINTS
If you have a complaint about how we collect, use, disclose, manage or protect your personal information, or consider that we have breached the Privacy Act or APPs, please contact us using our contact details below. We will respond to your complaint within 14 days of receiving the complaint.
Once the complaint has been received, we may resolve the matter in a number of ways:
- Request for further information: We may request further information from you. Please provide us with as much information as possible, including details of any relevant dates and documentation. This will enable us to investigate the complaint and determine an appropriate solution.
- Discuss options: We will discuss options for resolution with you and if you have suggestions about how the matter might be resolved you should raise these with our Privacy Officer.
- Investigation: Where necessary, the complaint will be investigated. We will try to do so within a reasonable time frame. It may be necessary to contact others in order to proceed with the investigation. This may be necessary in order to progress your complaint.
- Conduct of our employees: If your complaint involves the conduct of our employees we will raise the matter with the employees concerned and seek their comment and input in the resolution of the complaint.
After investigating the complaint, we will give you a written notice about our decision.
You are free to lodge a complaint directly with the Office of the Australian Information Commissioner (OAIC) online, by mail, fax or email. For more information please visit the OAIC website at oaic.gov.au.
CONTACT
Please forward all correspondence in respect of this Privacy Policy to:
Privacy Officer: Naomi Findlay, CEO
Email: hello@naomifindlay.com
INTERPRETATION AND DEFINITIONS
Personal pronouns: Except where the context otherwise provides or requires:
- the terms we, us or our refers to Naomi Findlay Pty Ltd (ACN 613 128 386) of 71 Carrington Street West Wallsend NSW Australia 2286 including its assignees and successors in title from time to time; and
- the terms you or your refers to a user of the Platform and/or a customer to whom we provide the Services.
- Terms italicised and defined in the Privacy Act have the meaning given to them in the Privacy Act.
- Defined terms: In this Privacy Policy unless otherwise provided, the following terms shall have their meaning as specified:
APPs means any of the Australian Privacy Principles set out in Schedule 3 of the Privacy Act.
Data Breach means unauthorised access, modification, use, disclosure, loss, or other misuse of personal information held by us.
Mobile Devices means communication devices (whether strictly mobile or not) which utilise the Android or iOS operating system software or their successor operating systems in each case to the extent compatible with naomifindlay.com.
Platform means the Website.
Privacy Act means the Privacy Act 1988 (Cth) as amended from time to time.
Privacy Policy means this privacy policy as amended from time to time.
naomifindlay.com Businesses means a retailer, supplier or service provider or other business that is relevant to the renovation market and that has agreed from time to time to offer its products and/or services to you via the Platform.
naomifindlay.com Database means the hosted central database which holds data (including personal information) and relevant applications for the purposes of user authentication and which links to and exchanges data and other information to the website and/or the system.
Services means, the service of providing the Platform and its various functionalities to you and, where the context requires, the services provided to you by naomifindlay.com Businesses or other third parties through the Platform from time to time.
system means the software solution or system owned by Naomi Findlay Pty Ltd and hosted in a data centre by a third party provider, which use or right of access is subject to compliance with relevant terms of use and/or usage conditions in issue from time to time and/or an agreement in writing (as the case may be).
Terms and Conditions means the document comprising the terms and conditions of use or “End User Licence Agreement” (EULA) as amended from time to time which governs your use of the Website.
Website means the website at www.naomifindlay.com, style.naomifindlay.com, findlayandco.com, renovate.naomifindlay.com, members.naomifindlay.com, and any other websites we create in the future.