In the course of carrying out our activities Chemist Leaf Pty (ACN 658857802) will collect, store, use and disclose personal information. We are committed to the protection of your personal information and to compliance with appliable privacy laws, including the Privacy Act 1988 (Cth) and the General Data Protection Regulation (the GDPR).
Types of personal information we collect and hold
We collect and hold personal information about individuals for the provision of our products and services and for purposes connected to those products and services.
Consistent with the provision of our products and services, the types of personal information we may collect and hold include the following.
- Identity and contact details: including individuals’ name, address, telephone number, email address and details of the services and goods they have enquired about or purchased.
- Payment details: where individuals purchase products or services from us, bank details and payment card details and personal information related to such details (note, however, that payment transactions are processed by an authorised third party and are encrypted by the acquiring bank and as such we do not retain payment card details).
- Other information: text of communications gathered in the course of our interaction with you, including where you comment within our platforms and/or otherwise interact on live-chat, social media, email, and other information from your interactions with us online, including your IP address, URL’s, cookie information, search histories, and other associated information.
The bases for our processing of your personal information under the GDPR is with your consent and to enable us to perform the contract with you related to the services you have asked us to provide. If you don’t provide us with personal information we are unlikely to be able to provide you with our services.
How we collect and hold personal information
We may collect personal information in the course of providing our products and services, from our website (and other online platforms, including social media), via our clients or third party agents who pass on your information, or directly from you.
Personal information is held securely, is subject to various security protections and is held only for as long as the information remains relevant to the purpose for which it was collected or as otherwise required by law.
We take reasonable steps to ensure the security and integrity of the personal information we collect, store, use and disclose including restricted server access, encryption and other industry standard security protocol such as the use of firewalls and complex password protection.
Cookies and similar technologies
We also collect certain information (such as the information set out under ‘Other information’ above) using the following technologies:
- Cookies: being data files that are placed on your device or computer and often include an anonymous unique identifier.
- Log files: these track actions occurring on our website.
- Web beacons, tags, and pixels: which are electronic files used to record information about how you browse our website.
As we and our third party partners adopt additional technologies, we may also gather additional information through other methods.
You can change your settings through your web browser to:
- notify you when a cookie is being set or updated; and
- to block or disallow cookies.
Please refer to the ‘help’ or ‘settings’ sections on your applicable web browser for more information.
Purposes for which we hold, use and disclose information
We will not use or disclose personal information for any secondary purpose, unless that secondary purpose is related to the primary purpose for which we have collected that information, and you would reasonably expect the disclosure in the circumstances, or unless you consent to that use or disclosure.
The purposes for which we hold, use, disclose, and process information include:
- conducting our business, which includes providing our products and services, or the products services of a third party, to you;
- maintaining the safety and security of our operations (e.g. for digital and physical security monitoring, and for maintaining and managing records);
- to communicate and provide information about our products and services or third party products or services that may be of interest to you;
- where you have consented, if such consent is required by law) to provide you with information or advertising (including targeted advertising) related to our products or services or marketing communications that we believe may be of interest to you;
- to improve and optimise our platforms, products and services;
- for our internal administrative, research, planning, marketing and development purposes; and
- for our regulatory and legal compliance, including without limitation compliance with our licensing obligations.
Access and correction
We take all reasonable steps to ensure any personal data that we collect, use or disclose is up to date and accurate. If you believe personal information that we hold about you is not up to date or accurate, you may ask us to correct it.
You may also ask us to provide you with details of the personal information that we hold about you, and copies of that information. We will respond to your request and strive to provide you with the data within 30 days of receipt of your request.
If we provide you with copies of the information that you have requested, we may charge you a reasonable fee to cover the administrative costs of providing you with that information.
Please direct all request for access and correction to us by using the contact form available on our website.
Some other rights in relation to your privacy
Relevant to the GDPR, dome individuals also have the right, in certain circumstances, to have the information that we hold about them erased. You can talk to us further about this by using the contact form available on our website..
You can also request that we restrict or suspend the processing of your personal information. However, please note that, where you do make such a request, it is unlikely that we will be able to continue providing services and products to you.
The GDPR also provides that in some circumstances individuals have the right to data portability, to withdraw their consent at any time, to object to data processing and to object to the processing of their data for marketing purposes.
Relevant to the GDPR, in order to provide our services to you, at your request we will disclose the information which we process to countries outside the European Economic Area (EEA). However, that is typically only the case where the information has been collected in a country outside the EEA.
In terms of our Australian operations, in the course of providing products and services, we may disclose personal information to overseas entities including through utilisation of overseas data servers for information processing. Those overseas entities are likely to be located in the following countries: USA.
Changes to this policy
If you consider a breach of the Privacy Act 1988 (Cth) by us has occurred, please direct your query to our Privacy Officer so that we may attempt to resolve the issue.
Chemist Leaf Privacy Officer
W8/347 Main South Rd,
5162 SA, Australia
If you do not consider our response satisfactory, you may contact the Australian Privacy Commissioner via the website www.oaic.gov.au or by telephone on 1300 363 992 or you can contact another appropriate supervisory authority. For EU individuals, you can contact the European Data Protection Supervisor.