Spot Medic

Privacy policy

PRIVACY POLICY

The Department of Brands Limited (NZ Company Number 3751396) (Company, we, our or us) is committed to protecting the privacy and security of our customers and visitors to our website https://thedeparmentofbrands.com and the online stores of our brands at:

This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from our sites, or when you interact with us through communication channels or social media platforms.

If you are located:

 

  • in the European Union (EU), you have additional rights under the EU General Data Protection Regulation (GDPR);
  • in the United Kingdom (UK), you have additional rights under the UK General Data Protection Regulation; or
  • in California, you have additional rights under the California Consumer Privacy Act (CCPA).

 

Details of those additional rights and how we address them are set out at the end of our Privacy Policy.

SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?

When you purchase something from our store, as part of the buying and selling process, our online store (which is powered by Shopify) collects the personal information you provide to fulfil your order such as your name, address, email address and phone number. This personal information is collected and stored by Shopify, who may share this information with us.

We will collect your email address when you subscribe to our newsletters.

We may collect your name and contact details when you, for example, communicate with us by phone, email or post, contact us using a form on one of our sites or engage with us via social media to, for example, provide feedback, make a query or enter a promotion.

When you browse our sites, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.

Email marketing (if applicable): With your permission, we may send you emails about our brands, new products and other updates.

SECTION 2 - CONSENT

How do you get my consent?
When you provide personal information to complete a transaction, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.

If we ask for your personal information for a secondary reason, like marketing, we will ask you for your consent.

How do I withdraw my consent?
If, after you opt-in, you change your mind, you may withdraw your consent for us to contact you for direct marketing purposes at anytime, by contacting us at hello@thedepartmentofbrands.com or mailing us at: The Department of Brands, c/- 5B Gibbes Street, Chatswoood NSW 2067, Australia.

SECTION 3 - DISCLOSURE

From time to time, we may disclose your personal information to third parties for the purposes of providing our products and services and conducting our business.  These third parties may include:

  • third party service and content providers, contractors, advisors and suppliers who assist us in managing our business or operating our sites, for example, business support services, webhosting service providers, cloud storage providers, mailing houses and delivery service providers;
  • our professional advisors including lawyers, accountants, tax advisors and auditors;
  • law enforcement bodies to assist in their functions, courts of law or as otherwise required or authorised by law; and
  • regulatory or government bodies for the purposes of resolving customer complaints or investigations.

We also use the services of Shopify and PayPal which are addressed separately below.

In general, the third party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

Certain providers may be located in, or have facilities that are located in, a different jurisdiction than either you or us. Accordingly, if you elect to proceed with a transaction that involves the services of a third party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider (or its facilities) are located. Shopify, for example, which provides our online shopping platform is headquartered in Canada while PayPal, our payment processor, is headquartered in the USA.

Once you leave our sites or are redirected to a third party website or application, you are no longer governed by this Privacy Policy or our sites’ Terms of Service.

We may also disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

If we sell or purchase any business or assets, your personal information may be disclosed to the prospective buyer/seller. If our business (or substantially all of our assets) is acquired by a third party, your personal information held by the Company may be an asset which is transferred to the buyer.

SECTION 4 – SHOPIFY AND PAYPAL

Our online stores are hosted by Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.

Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.

For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.

Shopify’s payment provider on our sites is PayPal. PayPal processes payments for orders on our behalf. Accordingly ,we do not collect or store your credit card details. Your credit card data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

PayPal adheres to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

For more insight, you may also want to read PayPal’s Terms of Service here and Privacy Policy here.

SECTION 5 - THIRD PARTY WEBSITES

From time to time, our sites may contain links to websites operated and maintained by third parties over which we have absolutely no control.  These third party websites are not subject to this Privacy Policy or our privacy standards and procedures. Any information you provide to third party websites will be governed by the terms of the websites’ privacy policies. We have no responsibility or liability whatsoever for the content, actions or policies of third party websites. The inclusion of third party links on our sites in no way constitutes an endorsement of such websites’ content, actions or policies. 

SECTION 6 - SECURITY

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

We take reasonable steps to destroy or permanently de-identify your personal information if it is no longer needed for a purpose which it may be used or disclosed under the Australian Privacy Principles and we are not required by law or a court/tribunal order to retain the information.

SECTION 7 - COOKIES

Our sites use cookies. Cookies collect information that includes the server your computer or device is logged onto, your browser type and how you gained entry to our sites. Therefore, when you visit our sites anonymously, details are recorded about your visit, such as time and date, pages accessed and time spent on the sites, in addition to the matters described above. This information is used in an anonymous form for statistical purposes, for example, to determine how many people access a webpage on a site. A cookie cannot retrieve any other information from your hard drive, pass on computer viruses or capture your email address or any other personally identifiable information.

Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.

  • _session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
  • _shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
  • _shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
    cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
  • _secure_session_id, unique token, sessional
  • storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.

SECTION 8 - ACCESS AND CORRECTION OF PERSONAL INFORMATION

We will take reasonable steps to ensure that the information we hold about you is relevant, accurate, up-to-date and complete.

You can request that we provide you with access to information we hold about you or ask us to correct any personal information we hold about you that is out-of-date, incorrect, incomplete or misleading. You can update your contact details by logging in to your account. You can also contact us by submitting a request in writing to the address set out below. If we are able to, we will action your request within a reasonable time frame (usually within 30 days) following receipt of your request.

We may decline an access or correction request in circumstances prescribed by the Privacy Act. If complying with your request for access requires considerable time and expense on our part, we may charge you a reasonable fee for providing you with information.

If we do refuse your access or correction request, we will provide you with written reasons for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction (if you ask us to do so).

SECTION 9 - COMPLAINTS

You may contact us at any time if you have any questions or concerns about this Privacy Policy or about the way in which your personal information has been handled.

You may make a complaint about privacy to our Privacy Officer using the contact details set out below.

Our Privacy Officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint.

Your complaint will then be investigated. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.

In most cases, we will investigate and respond to a complaint within a reasonable time, usually within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.

If you are not satisfied with our response to your complaint, you may make a complaint to the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted by telephone on 1300 363 992 or by using the contact details on the website www.oaic.gov.au.

SECTION 10 - EU, UK AND CALIFORNIAN RESIDENTS

EU and UK RESIDENTS

 

How we use your personal information

 

We can only collect and use your personal information if we have a valid lawful reason to do so. Our reasons are:

 

  • Consent – you have consented to our processing of your personal information for a specific purpose

 

  • Contract – we process your personal information to fulfil a contract you have with us or, alternatively, because you have requested us to take specific steps before you enter into a contract with us

 

  • Legitimate interests – we process your personal information for our legitimate interests (or a third party’s legitimate interests) unless the legitimate interests are overridden by a good reason to protect your personal information

 

  • Legal obligations – we process your personal information in order for us to comply with the law (which does not include complying with contractual obligations)

 

Personal information uses

Our reasons

To provide and administer our products and services
  • contract performance
  • legitimate interests (to allow us to perform our obligations and provide products to you)

For marketing purposes
  • legitimate interests (in order to market to you)
  • consent (which can be withdrawn at any time)

To manage our relationship with you
  • consent
  • contract performance
  • legal obligations
  • legitimate interests

To provide customer support
  • contract performance
  • legal obligation
  • legitimate interests (to allow us to communicate with you in connection with our products)

To comply with our legal obligations
  • legal obligation
  • legal claims
  • legitimate interests (to cooperate with law enforcement and regulatory authorities)

To prevent and detect fraudulent activity
  • legal claims
  • legitimate interests (to prevent, detect and take action in response to fraudulent activity, including fraudulent transactions)

To conduct market, consumer and other research
  • legitimate interest (to ensure that we understand our customers’ requirements)

To ensure content is relevant
  • legitimate interests (to allow us to provide you with the content and services on our website)

 

Individual Rights

 

If you are located in the EU or the UK, you have the following additional rights:

  • The right to information – you can request confirmation about the following: whether your personal information is being processed by us; the purpose of processing; the categories of personal information which are processed; the recipients (or types of recipients) who may receive the  personal information; the anticipated retention period of the personal information; and your rights to rectification, erasure, to restrict (or object) to processing and to lodge a complaint with a data protection supervisory authority in the EU or the UK
  • The right to object to our processing of your personal information for (i) direct marketing purposes; (ii) for scientific, historical research or statistical purposes; or (iii) where our processing is based on legitimate interest grounds or because it is in the public’s interest. We will respond to your objection request within a month. However, there may be some circumstances where we are not required to stop processing your personal information. If this is the case, we will provide you with a written explanation.
  • The right to restrict processing – in some circumstances, you can request us to restrict our use of your personal information in which case we will not use or disclose your personal information while it is restricted. We will respond to your restriction request within a month.
  • The right to erasure – you can request us to erase your personal information where it is no longer required for a purpose for which it was collected or where, for example, you have exercised successfully your right to object to processing. We will respond to your erasure request within a month.  However, where there are legal or other reasons for us to retain your personal information, we will provide you with a written explanation.
  • The right to data portability – you can request us to provide you with a copy of the personal information you have provided to us. We are required to provide it to you in an electronic format that can be reused easily. You can also request us to transfer your personal information in an electronic format to another entity.

 

You can exercise any of these rights by contacting us using the contact details below.

 You also have the right to:

  •  access your personal information and request the correction of your personal information (see the “ACCESS AND CORRECTION” section above); and
  •  lodge a complaint with a data protection authority if you are unhappy with the outcome of a privacy complaint. The “COMPLAINTS” section above explains our complaints handling process.  A list of EU data protection authorities is available at https://ec.europa.eu/. The UK data protection authority is the Information Commissioner’s Office (https://ico.org.uk).

 

CALIFORNIA RESIDENTS

 

If you are a resident of the State of California, you may exercise the rights described below.  By choosing to exercise your rights as described below, you are declaring that you are a California resident as defined in the CCPA.

 aRight to Know. You have the right to ask us for a copy of your personal information collected over the past 12 months and for information about how we collect, use, disclose, and sell it.  We do not share personal information with third parties for their own direct marketing purposes without your permission.  Please refer to the following sections of our Privacy Policy for specific information on these matters: WHAT WE DO WITH YOUR INFORMATION and DISCLOSURE

b. Right to Deletion. You have the right to request us to delete any of your personal information. If we delete your personal information, you will permanently lose access to your personal information and/or your account. We may deny your deletion request when permitted by applicable law or for business purposes including, without limitation, when personal information is needed to comply with our legal obligations, meet regulatory requirements, support our business operations, resolve disputes, maintain security or to prevent fraud and abuse. We retain anonymised information after your account has been closed.

c. Right to Correction. You have the right to update or modify your personal information. If you have a customer account, you may update or modify your personal information by accessing your account and editing your account information.  If you do not have a customer account, then you may request that your personal information be updated by emailing us at: hello@thedepartmentofbrands.com.

d. Right to Opt-Out of the Sale of Your Personal Information. You have the right to ask that we not sell your personal information. We do not sell, in the traditional sense of the word, or rent personal information to third parties for money. We do, however, share your personal information as we have described in this Privacy Policy.

e. Right to Non-Discrimination. We will not discriminate against individuals who exercise their rights under the CCPA.

f. Exercising your Rights. If you wish to exercise any of these rights, please contact us using the contact details below. Before we can process any such request, we will need to verify your identity. We reserve the right to deny a request where we are unable to satisfactorily complete this process. If you authorise someone to make a request on your behalf, we may also deny your request if we are unable to verify that the individual making the request is authorised to act on your behalf.

SECTION 11 - CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time, so please review it frequently. Material changes to the Privacy Policy will take effect after reasonable notice of the changes has been provided, for example, upon their posting on the website or notification by email.

QUESTIONS AND CONTACT INFORMATION

If you would like to: access, correct, amend or delete any personal information we have about you, make a complaint, or simply want more information, contact our Privacy Compliance Officer at hello@thedepartmentofbrands.com. 

 

Last Updated: 19 August 2021