SECTION 1 – HOW DO WE COLLECT YOUR INFORMATION?
When you purchase something from the Websites, as part of the buying and selling process such as to complete a transaction, verify your credit card, place an order, arrange for a delivery, return a purchase, or make an enquiry, or create an Inck Collective Buy membership, we collect the personal information you give us such as your name, address, phone number, credit card or alternate payment details (such as PayPal, Stripe or bank account details) and email address. We may also collect your personal information when you make an enquiry, enter a request via the Website or join our social media channels (e.g. Instagram, Facebook, LinkedIn and Twitter).
We also collect personal information about our suppliers and their employees, as well as our prospective employees in order to conduct our business.
When you browse the Websites, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system. This information does not personally identify you.
SECTION 2 – CONSENT & USE
How do you get my consent?
When you provide us with personal information we imply that you consent to our collecting and using your personal information for that specific reason only.
If we wish to use your personal information for a secondary reason, like marketing (e.g. to send you emails about our store, new products and other updates), we will ask you directly for your express consent, unless you were already part of our database legitimately collected or obtained prior to the commencement of the GDPR on 25 May 2018.
We may also use your personal information for a secondary reason without express consent where it is in our legitimate interests to do so such as part of our measures to prevent and detect any misuse of the Websites or any fraudulent activities, as well as to enhance our processes, evaluate the effectiveness of our marketing activities and services and perform statistical and demographic analysis of our customers.
In addition, it may be necessary for us to use your personal information where it is permitted by law or required for us to comply with our legal obligations or to fulfil our contract with you.
Age of consent
By using the Websites, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependants to use this site.
How do I withdraw my consent?
If after you consent, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at firstname.lastname@example.org or mailing us at: Inck Merchandise Level 4, The Elan, 1 Kings Cross Rd, Darlinghurst, NSW 2010 or by choosing to unsubscribe from our communications.
What are the consequences of not providing my personal information?
You are not obliged to provide your personal information, however a failure to provide your information could result in us being unable to provide you with our goods or services. If you do not consent to us using your information for marketing purposes or unsubscribe, then there is no consequence to you other than not receiving updates regarding future promotions or activities that may interest you, as well as any updates regarding changes to our terms of business and our contact details.
SECTION 3 – DISCLOSURE
When you place an order via the Websites, we will need to disclose your personal information to companies who perform parts of our service delivery. This includes delivery companies, such as postal or courier partners, third party fulfilment contractors, merchant payment gateways for debit/credit card payments. We only share information which is absolutely necessary with those third parties that are involved in the processing and delivery of your order.
We may also disclose your information to:
- third party service providers for the purpose of enabling them to provide their services including IT service providers, data storage, web-hosting and server providers, marketing or advertising providers and professional advisors;
- anyone to whom our business or assets (or any part of them) are, or may (in good faith) be transferred;
- courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; and
- our advisors, lawyers and accountants, in the management of our business.
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
How long do we hold your information?
Except if your information is required to be retained by law or in accordance with our financial reporting obligations, we will hold your information for as long as we require it, or until you notify us that you no longer wish to hold your account, or for UK or EU residents, until you request that we erase your data. Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
SECTION 4 – OVERSEAS DISCLOSURE
Personal information which we collect and hold is stored and used by us locally in Australia. Some service providers who we use for specific functions (for example, cloud-based data storage and software providers) may store certain information on our behalf on servers based in United States and Germany. These service providers are engaged pursuant to terms of service requiring stringent privacy compliance in respect of this data.
For UK and EU residents, this means that your data will almost certainly be transferred outside of the European Economic Area (“EEA”) when it is provided to us as we are based in Australia and our service providers store information in the United States. Where your personal data is transferred by us to anyone else, we will ensure that this is only done with appropriate safeguards in place to protect personal data in compliance with applicable data protection legislation. Such measures may include (without limitation) transferring the data (i) to a third party in a country that has been identified as providing adequate protection for EEA data, or (ii) to a third party which has entered into standard contractual clauses adopted or approved by the European Commission, or (iii) to a third party in the US which is Privacy Shield certified.
Should you require more detailed information as regards transferring your personal data outside the EEA (e.g. the names of the recipients and the exact legal basis for any such transfer), please contact us on the contact details below.
SECTION 5 – THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies on their websites so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
When you click on links on the Websites, they may direct you away from the Websites. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 – SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. However, no guarantee can be given that information sent over the Internet is always 100% secure. Sending and receiving information over the Internet is at the user’s own risk and we do not accept responsibility for any consequences of unauthorised access to your information.
If you choose a direct payment gateway to complete your purchase, then Inck Merchandise stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS), as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Your data is stored through Inck Merchandise’s data storage, databases and the general Inck Merchandise application on a secure cloud-based server behind a firewall.
SECTION 7 – COOKIES
A Cookie is a piece of information that our web server may send to your device when you visit the Websites. The Cookie is stored on your device and may provide us with information about your device.
A Cookie helps us to recognise you when you revisit the Websites and to coordinate your access to different pages on the Websites. With most internet browsers, you can erase Cookies from your device hard drive, block all Cookies, or receive a warning before a Cookie is stored
Here is a list of cookies that we use. We have listed them here so you can choose if you want to opt-out of cookies or not.
- _session_id, unique token, sessional, Allows Inck Merchandise to store information about your session (referrer, landing page, etc).
- _lsite_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
- _lsite_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
- cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
- _secure_session_id, unique token, sessional
- storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
SECTION 8 – YOUR RIGHTS
To the extent permitted by law, you have the right to request access to or update or correct your personal information at any time by contacting us at email@example.com or via the contact details below.
UK + EU residents also have the following additional rights:
- the right to request that we erase their personal data (right to be forgotten);
- the right to obtain a copy of their personal data on request;
- the right to transfer their personal data to another person or entity (right of data portability);
- the right to restrict or object to processing, or withdraw consent to processing; and
- the right to lodge a complaint with a supervisory authority (see below)
SECTION 9 – COMPLAINTS, QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer on +61 2 9360 5758 or at firstname.lastname@example.org or by mail at Inck Merchandise Level 4, The Elan, 1 Kings Cross Road, Darlinghurst, NSW 2010.
We consider all complaints consistently with the relevant legislation and as we consider appropriate in the circumstances. We shall review your complaint and will respond to you in writing setting out the outcome of our investigation and the steps we take to deal with your complaint, within a reasonable time or the time required by the Privacy Act or GDPR, as applicable.
You also have the right to make a complaint to the Office of the Australian Information Commissioner (OAIC) (see website at www.oaic.gov.au) or the local regulator in your jurisdiction in Europe, as applicable.