PRIVACY POLICY

Introduction

  • This website (matchamaiden.com) and the products or services sold on, or via, this website are created, operated and controlled by Matcha Maiden Pty Ltd (ACN 639 649 899) (Matcha Maiden, we, us or our).
  • We are committed to ensuring your personal information is protected. We manage your personal information in accordance with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act) and the General Data Protection Regulation (EU 2016/679) (GDPR), which applies across the European Union (collectively, Privacy Laws).
  • By accessing and using and continuing to our website, or otherwise purchasing products or services on, or via, this website you agree to this Privacy Policy.
  • This Privacy Policy outlines how we collect, process, store, use, disclose, alter and destroy your personal information or personal data (as defined in the Privacy Laws) (collectively, Personal Information) kept by us or how you may make a privacy complaint.
  1. The information we collect about you
  • We will only collect and hold Personal Information about you that is reasonably necessary to undertake our business activities and functions, make our website available to you, deliver our products and services to you, or as otherwise permitted by law.
  • The type of Personal Information that we collect and use depends on the type of dealings that you have with us and includes the following:
  • contact details (for example, full name, date of birth, address, mobile and telephone numbers and email address);
  • information relating to your dealings, or enquiries you have made, with us, including information about the products or services you have ordered;
  • payment and billing information;
  • information regarding your access and use of our website, including location information, your computer’s internet protocol (IP) address, unique device identifier, browser characteristics, device characteristics, operating system, language preferences, referring URLs, information on actions taken on your website, dates and times of visits to your website and other usage statistics;
  • other information that you provide to us or that we may collect in the course of our relationship with you; and
  • information provided by or on behalf of applicants for employment.
  • We do not collect your sensitive information or sensitive personal data (as defined by the Privacy Laws) (collectively, Sensitive Information). If you have accidentally sent us Sensitive Information, please contact us using the contact details set out in below.
  1. How we collect Personal Information
  • We will collect Personal Information about you in a number of different ways. We may collect Personal Information directly from you or in the course of our dealings with you. For example, when you:
  • contact and correspond with us (for example, when you participate in a promotion, competition, or survey, or when you complete online forms for our products or services, subscribe to become a Matcha Maiden VIP or otherwise subscribe to our publications, alerts and e-newsletters, or information you provide to us when you send us an email);
  • when use or order our products or services on, or via, the website, by telephone or by email;
  • visit our website (including via cookies), contact us online or via telephone with a query or request or make a comment on our social media sites;
  • provide your Personal Information to third parties (including to our related bodies corporate, business partners and service providers, credit reporting bodies, credit providers, government agencies, public registries, search agencies, regulatory and licensing bodies, parties to whom you refer us (for example, previous employers and referees), recruitment agencies and from publicly available sources of information (for example, online databases and social media));
  • when apply for a position of employment with us; or
  • when otherwise legally authorised or required to do so.
  • When we collect Personal Information directly from you, we will take reasonable steps to notify you (using a collection notice) at, before, or as soon as practicable after, the time of collection. As a collection notice is specific to a particular collection of Personal Information, it will provide more specific information about our information-handling practices than this Privacy Policy.
  1. How we use your Personal Information

By providing Matcha Maiden with your Personal Information, you consent to us using your Personal information for the purposes outlined herein. We use and disclose your Personal Information for the purposes for which the information is collected, including (but not limited to):

  • providing or delivering our product or services to you, including, without limitation, to provide you with access to, and use, of our website and managing product returns and refunds in accordance with our Return and Refunds Policy;
  • assisting with, or responding to, your queries;
  • informing you about our website, products or services, offers, competitions, promotions, discounts, events, sweepstakes, surveys, questionnaires, or other matters which we believe are of interest to you (such as recruitment or job opportunities);
  • share with our Third Party Providers;
  • administer, improve and manage our products, services, website (including customising the advertising and content on our website) and relationship with you;
  • take action against you in the event you violate any terms and conditions displayed on our website;
  • charge and bill you for the use of our products and services;
  • verifying your identity;
  • for internal record keeping;
  • for direct marketing purposes (see section 6 below); and
  • complying with our legal and regulatory obligations.
  1. Disclosure to Third Party Providers
  • In order to provide you with access to our website, or to deliver our products or services to you we may disclose your Personal Information to:
  • our related bodies corporate, business partners, service providers, third party contractors, agents or suppliers;
  • authorised external service providers who perform functions on our behalf, such as financial and credit card institutions in order to process any payments (see below), internet and technology services providers, web developers, hosting companies, marketing, advertising and internet security service providers (including email marketing and advertising automation platforms, such as Mailchimp, and telecommunication marketing providers, such as Vodaphone), courier and delivery providers (including Australia Post), fulfilment companies, credit reporting agents, debt collection agents, market research and recruitment service providers;
  • external business advisors, such as auditors, lawyers, insurers and financiers,

(collectively, Third Party Providers).

  • We may also disclose your Personal Information to:
  • to any other party with your consent and direction; and
  • law enforcement bodies or regulatory authorities to assist with their functions, or as otherwise required or authorised by law.
  • Prior to the disclosure of Personal Information to Third Party Providers, we will take such steps as are reasonable in the circumstances to ensure that the Third Party Providers treat your Personal Information securely and otherwise complies with the relevant Privacy Laws in relation to the Personal Information.
  • We use third party payment  processors  to  process  payments  made  to In connection with the processing of such payments, we do not collect, process, use, share, store or disclose payment information (such as credit card and bank account details).  Rather, all such information is provided directly  to our  third  party  processors,  Paypal, Stripe, Shopify, Applepay or Afterpay whose  use  of  your  Personal  Information  is governed  by  their  privacy  policies,  which  may  be  viewed  at www.paypal.com/au/webapps/mpp/ua/privacy-fullwww.apple.com/au/legal/privacy/en-ww/, www.shopify.com/legal/privacy, www.stripe.com/au/privacy and www.afterpay.com/en-AU/privacy-policy
  • In the event of a merger, acquisition or sale of the whole or part of our business or assets, we reserve the right to transfer your Personal Information as part of any such transaction. As such, individually identifying information of our customers may be one of the assets sold in connection with that transaction without notice to you or your consent. However, your Personal Information would remain subject to this Privacy Policy.
  1. Data Processor

For the purposes of the GDPR:

  • you appoint us as a Controller to collect, process, use, share, store, disclose, retrieve, alter and destroy your Personal Information in accordance with this policy;
  • you authorise us to use Processors, provided that:
    • we provide the names of all Processors and sub-processors to you on request;
    • we sign a written agreement with each Processor and sub-processor that imposes obligations on that Processor and sub-processor that are no less stringent than those required of us under the GDPR;
    • we are not relieved of any of our obligations under this policy by engaging Processors and sub-processors; and
    • where we intend to add or replace a Processor, it will provide you the opportunity to object to such changes.
  • Controller means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Information; and
  • Processor means a natural or legal person, public authority, agency or other body which processes Personal Information on behalf of the Controller.
  1. Legal basis for processing personal information (EU Only)

We rely on several legal bases under the GDPR to collect, process, store, use and disclose the Personal Information of individuals residing in the European Union (EU), including:

  • where you have freely and expressly consented to the collection, use, storage, processing and disclosure of your Personal Information for a specific purpose. The provision of Personal Information to us is voluntary. However, if you do not provide your Personal Information to us, we may not be able to provide you with access to, and use of, our products, services or website. You may withdraw your consent at any time by contacting us using the details below;
  • where the collection, use, storage, processing and disclosure of your Personal Information is necessary for the performance of a contract to which you are a party. For example, when collection and use is necessary to fulfil our obligations to provide you with access to, and use of, our products, services or website;
  • for our legitimate business interests, including, but not limited to:
    • providing, operating and improving our products, services or website;
    • marketing new promotions, deals, competitions, products, services or features of the website provided by us or our Third Party Providers that we consider may interest or benefit you;
    • managing, analysing, understanding and developing our relationship with you;
    • responding to your queries or complaints (such as when you submit a question via email); and
  • where there is a legal obligation to collect, use, store, process or disclose your Personal Information. For example, we may be obliged to disclose your Personal Information by reason of any applicable law, regulation or court order and/or to protect our interests and legal rights, or the public interest.
  1. Marketing communications
  • At the time of accessing, or using, our products, services or website or from time to time, we may seek your express consent, by requesting that you tick the appropriate check box when providing us with your Personal Information, for us to send you marketing or promotional materials and other information.
  • Where we have obtained your prior consent or are otherwise permitted under the GDPR, we may, from time to time, use your Personal Information to send you information about the promotions, deals, competitions, products or services we offer, and any other information that we consider may be relevant to you.
  • These communications may continue, even after you stop using our products or services.
  • We may send this information to you via the communication channels specified at the time you provide your consent.
  • These communication channels may include mail, email, SMS telephone, social media or by customising online content and displaying advertising on our website.
  • You can opt out of receiving these communications by:
    • contacting us using the details below; or
    • using the unsubscribe function in the email or SMS.
  • You may re-subscribe at any time by re-registering via the website.
  1. Overseas disclosures of Personal Information
  • Our Third Party Providers may be located in or outside Australia, the European Union, the United States and elsewhere in the world, whose laws are not recognised by the European Commission as providing an adequate level of protection to Personal Information.
  • Where we do transfer your Personal Information to our overseas Third Party Providers, we take steps reasonably necessary to ensure that:
  • By accessing or using our products, services or the website or providing your Personal Information to us, you explicitly and freely consent to the transfer of your Personal Information to our overseas Third Party Providers.
  • If you do not wish to receive information from any of our Third Party Providers, please let us know using the details below.
  1. Suspected data security

In the event of any loss, or unauthorised access or disclosure of your Personal Information that is likely to result in serious harm to you, we will investigate, prevent, mitigate and notify you and:

  • (Australia) the Office of the Australian Information Commissioner; or
  • (EU only) supervisory authority in the country in which you reside which has responsibility for privacy and data protection,
  1. Security of your Personal Information
  • We will take steps that are reasonable in the circumstances to ensure that the Personal Information that we hold are protected from misuse, interference and loss and from unauthorised access, modification or disclosure. We hold Personal Information in both hard copy and electronic forms in secure databases on secure premises, accessible only by authorised staff.
  • We protect your information using physical, technological and administrative security measures to minimise and manage the risks of unauthorised access, disclosure, use and alteration of your Personal Information. Some of the safeguards that we use include [insert as appropriate, e.g. firewalls and data encryption, physical access controls to data centres, SSL (Secure Socket Layer) encryption when transmitting payment information, and information access authorisation controls.
  • The transmission of information via the Internet is not completely secure. We cannot guarantee the security of your data transmitted to our online services and any transmission is at your own risk.
  • We will destroy or de-identify Personal Information in circumstances where it is no longer required, unless we are otherwise required or authorised by law to retain the information.
  1. Privacy rights (EU only)
  • Under the GDPR, you have a number of important rights. Subject to certain exceptions, you have the right to:
    • fair and transparent processing of your Personal Information and processing in accordance with the GDPR;
    • require us to rectify or correct any Personal Information we hold about you that is inaccurate or incomplete;
    • require us to erase your Personal Information in certain situations;
    • obtain a copy of your Personal Information in a commonly used electronic format so that you can manage and move it, or request we send it to a third party;
    • object or withdraw your consent at any time to the collection, use, processing or disclosure of your Personal Information (including for direct marketing purposes). In such a situation we will cease processing your Personal Information unless there is a legal bases for us to continue to collect, use, process or disclosure your Personal Information. In this scenario, you must also immediately cease using website, and delete all copies of the website;
    • object to decisions being made by automated means which produce legal effects concerning you or significantly affecting you; or
    • otherwise restrict our collection, use, processing or disclosure of your Personal Information in certain circumstances.
  • Where you exercise your right to impose a restriction on the use, disclosure, processing of your Personal Information in accordance with this clause, your Personal Information will only be used, processed, and disclosed with your consent
  • You can exercise any of these rights by contacting us using the details below.
  1. Accessing and correcting your Personal Information
  • We take steps reasonable in the circumstances to ensure Personal Information it holds is accurate, up-to-date, complete, relevant and not misleading. Under Privacy Laws, you have a right to access and seek correction of your Personal Information that is collected and held by us.
  • If at any time you would like to access or correct the Personal Information we hold about you, or you would like more information about our approach to privacy, please contact us via the contact details set out below. We will grant access to the extent required or authorised by Privacy Laws or other law and take steps reasonable in the circumstances to correct Personal Information where necessary and appropriate.
  • To obtain access to your Personal Information:
  • you will have to provide proof of identity to ensure that Personal Information is provided only to the correct individuals and that the privacy of others is protected; and
  • we may charge you a reasonable administration fee, which reflects our costs in providing you with access to your Personal Information in accordance with your request.
  • If we refuse your request to access or correct your Personal Information, we will provide you with written reasons for the refusal and details of complaint mechanisms.
  1. Cookies
  • We use small text files placed on your computer called ‘cookies’ to collect standard log and visitor behaviour information in an anonymous form. We use this information to analyse how visitors use our website and to compile statistical reports on website activity. You can set your computer to reject cookies, but this may affect your ability to use certain parts of our website.
  • We may also log your IP address. Your IP address is your computer’s electronic Internet address. We may collect your IP address to see trends, run the website, track user movements, and gather broad demographic information.
  1. Privacy complaints
  • If you have any complaints or issues you wish to raise with us regarding the way we have handled your Personal Information, or would like to discuss any issues about our Privacy Policy, please contact us directly by email to [email protected]. Please provide us with full details of your complaint and any supporting documentation.
  • We will respond to you within a reasonable period of time to acknowledge your complaint and inform you of the next steps we will take in resolving your complaint. At all times, we will treat your privacy complaint seriously and in a confidential manner.
  • If you are unhappy with a response that you have received from us, you may direct your complaint to the Office of the Australian Information Commissioner. If, however, you reside in the European Union, you may make a complaint to the supervisory authority in the country in which you reside which has responsibility for privacy and data protection. 
  1. Changes to this Privacy Policy

From time to time it may be necessary for us to review and revise our Privacy Policy. We may notify you about changes to this Privacy Policy by posting an updated version on our website. We encourage you to check our website from time to time to ensure you are familiar with our latest Privacy Policy.

 

 

 

matcha maiden logo