The Privacy Notice was last updated on 24th May, 2018.
We may change this privacy notice from time to time. We will post any privacy notice changes on this page and, if the changes are significant, we will provide a more prominent notice by adding an announcement on the Ethical Practice website or by sending you an email notification. We encourage you to review our privacy notice whenever you use our services to stay informed about how we treat personal Information and the ways you can help protect your privacy. If you disagree with any changes to this privacy notice, you will need to stop using the services and deactivate your account(s), as outlined below.
This site may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our site, we encourage you to read the privacy notice of every website you visit.
Questions or concerns
If you have any questions or concerns regarding this privacy notice, please send us a detailed message to firstname.lastname@example.org and we will try to resolve your concerns.
- Who is the Personal Information collector
Ethical Practice trades under the company Olio 3 Pty Ltd, incorporated in Australia (ABN 73 134 136 002), and referred to as “we”, “us” or “our” in this privacy notice) is the data controller (Controller) and responsible for your personal information. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out below. We collect and process personal information in accordance with applicable data protection law.
- Contact: Jeff Shearer, Data Protection Representative
- Email address: email@example.com
- Postal address: 70 Elizabeth Street, Tighes Hill NSW 2297 Australia
- What personal information we collect about you and how we collect it
We gather various types of personal information from our users, as explained more fully below. We may use this personal information to personalise and improve our services, to allow our users to set up a user account and profile, to contact users, to fulfill your requests for certain products and services, to analyse how users utilise the services, and as otherwise outlined in this privacy notice. We may share certain types of personal information with third parties, as described in section 4. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
2.a. Information you provide to us
Account information: We collect information about you when you register for an account, create or modify your profile, set preferences, sign-up for a subscription or make purchases through the services. For example, we collect personal information such as your name, email address, browser information, and, in some cases, billing information, company name, and third-party account credentials (for example, your log-in credentials for Facebook or other third party sites). If you provide your third-party account credentials to us, you accept that some content and/or information in those accounts (“Third Party Account Information”) may be transmitted into your account with us if you authorise such transmissions, and that third party account information transmitted to our services is covered by this privacy notice. You can choose not to provide us with certain information, but then you may not be able to register with us or to take advantage of some of our features. We may anonymise your personal information so that you cannot be individually identified, and provide that anonymous information to our partners.
Content you provide through our features: We collect and store content that you post, send, receive and share while using our services’ features. This content includes any information about you that you may choose to provide. Examples of content we collect and store include the comments you write and the product collections you create.
Content you provide through our websites: We collect other content that you submit to websites owned or operated by us, which include social media or social networking websites operated by us. For example, you provide content to us when you provide feedback or when you participate in any interactive features, surveys, contests, promotions or events.
Information you provide through our support channels: the services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with the services. Whether you contact our support via email or social media, speak to one of our representatives directly or otherwise engage with our support team, you may be asked to provide contact information, a description of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.
Payment information: We collect payment and billing information when you register for certain paid services. For example, we ask you to provide payment information, such as billing address and payment card details, which we collect via secure payment processing services.
We do not collect any special categories of personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
2.b. Information collected automatically when you use our services
Your use of the Services: We keep track of certain information about you when you visit and interact with our services. This information includes the visiting frequency, features you use; the search terms you enter, the links you click on, the products you purchase and/or download; the attachments you upload to the services, and how you interact with the free and paid content available on the services, or interact with other users of the services.
Device and connection information: We collect information about your computer, phone, tablet, or other devices you use to access the services. This device information includes your connection type and settings when you install, access, update, or use our services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference to approximate your location to provide you with a better service experience. How much of this information we collect depends on the type and settings of the device you use to access the services.
2.c. Information we receive from other sources
We receive information from:
- Google Analytics, by Google LLC., USA: https://analytics.google.com/; Data types: Visitor data, Page interaction, Commercial transactions, Traffic sources.
- PayPal, PayPal Holdings, Inc., USA: https://paypal.com/; Data types: Credit card token/key, Last four digits of the credit card number, Ratings for detecting fraudulent users
- Mailchimp, Rocket Science Group, USA: https://mailchimp.com/; Data types: name, email address and any other data field information collected through email subscription engagement with Ethical Practic
Note on Facebook:
For more details about how we use this information, please see section 3.
- How we use the personal information
Below we list the specific purposes for which we use the information about you.
3.a. How we use the personal information you provide to us and the personal information collected automatically when you use the services
To provide the services: We use information about you to provide the services to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the services. Your activity on the services might be used to personalise and improve your experience with the services.
For research and development: We are continually looking for ways to make our services faster, more intuitive and more useful to you. We use collective learnings about how people use our services to identify trends, usage, activity patterns and areas for improvement of the services.
To communicate with you about the services: We use your contact information to send transactional communications via email and within the services. Such communications include, but are not limited to, purchase confirmations and receipts, subscription reminders, questions and requests, customer support communications, and any technical notices, updates, security alerts, and administrative messages. We also send you communications as you onboard to the services to help you become more proficient in using the services. These communications may be part of the services and so you possibly cannot opt out of these. If an opt-out is available, you will find that option within the communication itself or in your notification settings.
To promote and drive the engagement with the services: We use your contact information and information about your activity on the services to send promotional communications, including by email, directly displayed in the services, or by displaying Ethical Practice advertising on other companies’ websites and applications, as well as on platforms like Facebook and Google. The purpose of these communications is to drive engagement to the services and increase the value you get from using the services. These communications include but are not limited to, information about new features, offers, discounts, survey requests, newsletters, contests, and events we think may be of interest to you. You can choose to opt out of this type of communications at any time either within the communication itself or in your notification settings.
Customer service: We use your information to resolve technical issues you experience, to respond to your requests for assistance and to repair and improve the services.
For security: We use information about you and your services’ use to screen and verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of the services’ terms.
To protect our legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
To automate decision-making: We use automated systems that analyse your information to customise search results, personalise advertising or tailor features to how you use our Services. We analyse your information to detect abuse such as fraud, spam, malware, and illegal content. We may also combine information collected among our and third-party services and across your devices for the purposes described above.
With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, with your permission, we may write down and publish user case stories to promote the services.
- How and with whom we share the personal information we collect
We neither rent nor sell your personal information in personally identifiable form to anyone. However, we do share your personal information with third parties as described below.
4.a. Affiliated businesses and third party websites we do not control
In certain situations, businesses or third party websites we’re affiliated with may sell items or provide services to you through the services jointly with us. An example of one such service may be a hotel offer promoted as part of a retreat we are hosting. This situation may include the ability for you to automatically transmit third party account information to your services’ profile or to automatically transmit information in your services’ profile to your third party account. We have no control over the policies and practices of third party websites or businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to an affiliated website or business, please review all such business’ or websites’ policies.
4.b. Agents/data processors
We employ other companies and people to perform tasks on our behalf and may need to share your information with them to in the process of providing products or services to you. Unless we tell you differently, our agents do not have any right and are not allowed to use the personal information we share with them beyond what is necessary to assist us.
4.c. Business Transfers
We may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that would be transferred. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal information would be one of the assets transferred to or acquired by a third party.
4.d. Protection of company and others
We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of Company, our employees, our users, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.
4.e. Other Transfers
Except as set forth above, you will be notified or asked for consent when your personal information may be shared with third parties in a personally identifiable form and will be able to prevent the sharing of this information.
- How we store and secure the personal information we collect
5.a. Information storage and security
We endeavour to protect the privacy of your account and other personal information we hold in our records and we have implemented what we consider to be appropriate security measures, but we cannot guarantee complete security. Unauthorised entry or use, hardware or software failure, and other factors may compromise the security of user information at any time. Sensitive information such as credit card details and password are stored in encrypted form. SSL is applied when transferring information and while you access the services from a web browser.
- Information processing and transfers for EEA individuals
Legal bases for processing (for EEA individuals)
As an individual in the EEA (European Economic Area), we collect and process information about you where we have legal bases for doing so under EU laws. We only collect and use the information when:
- We need it to provide you the services, including operating the services, provide customer support and personalise features as well as for safety and security processes.
- It serves a legitimate interest (which is not overridden by your data protection interests), such as for research and development, for marketing and promotion and to protect our legal rights and interests.
- You have given us consent to do so for a specific purpose.
- We need the information to comply with legal obligations.
If you have given consent to our use of your information for a specific purpose, you can change your mind at any time, but this will not affect any processing that has already taken place. You have the right to object to the use of your information, but this may mean that the services are no longer available.
- International transfers of information
Our third-party service providers may be located outside EEA which means their processing of personal information will involve transferring of data outside the EEA. When data is transferred outside EEA we ensure protection using the following safeguards:
- We only transfer Personal Information to countries that have been deemed to provide an adequate level of protection of personal information by European Commission. Please see: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en
Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.
- For how long we store the Personal Information
Ethical Practice will process and store your personal information for as long as it is necessary and permitted under applicable data protection law. your personal information will not be retained for longer than is necessary for the purposes for which the information is collected, or the purposes of satisfying any legal, accounting, or reporting requirements
To determine the appropriate period for storing your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some cases, we may anonymise your personal information (making it no longer associated with you) for research and statistical purposes, in which case we may use this information indefinitely without further notice to you.
In some circumstances, you can ask us to erase your personal information. Please see section 9. below for further information.
- What rights do you, as the data subject, have
According to applicable data protection law, you have the following rights with regards to Ethical Practice:
The right of access: You have the right to obtain from us confirmation as to whether or not your personal information is being processed, and if this is the case, access to your personal information and other information such as the purpose of the processing, the categories of your personal information, the recipients or categories of recipients to whom your personal information has been or will be disclosed, your rights in relation to processing of your personal information, and the existence of automated decision-making. you have the right to obtain one copy of the personal information undergoing processing. For any further copies requested by you, we may charge you a reasonable fee based on administrative cost. If you would like one copy, please submit a written request to firstname.lastname@example.org. with documentation showing that you are the person in question. You may independently in some cases be able to access some of the personal information you have provided to us. Please see section 10, “How to access and update your personal information” below.
The right to correction: You have the right to obtain from us without undue delay the correction of inaccurate or incomplete personal information concerning you. The accuracy of the new data you provide to us might need to be verified. We may use any aggregated data derived from or incorporating your personal information after you update it, but not in a manner that would identify you personally directly or indirectly. You may independently in some cases be able to correct some of the personal information you have provided to us. Please see section 10, “How to access and update your personal information” below.
The right to erasure: You have the right to obtain from us the erasure of personal information concerning you without undue delay, and we are obligated to erase your personal information without undue delay in certain situations:
- If you withdraw your consent to our processing of your personal information,
- Where the personal information collected is no longer necessary for the purposes for which we have been collecting or processing it,
- Where you have successfully exercised your right to object (see below),
- Where we may have processed your information unlawfully,
- Where we are required to erase your Personal Information to comply with local law
Please note, that we may not always be able to comply with your request of erasure for specific legal reasons. In this case, we outline the legal reasons to you, if applicable, at the time of your request.
The right to object: You have the right to object at any time to our processing of your personal information, which for instance is based on legitimate interest, on grounds relating to your situation, as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes, including profiling to the extent that it is related to such direct marketing. Also, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. If you object to the processing, we shall no longer process your personal information unless we, for instance, can demonstrate compelling legitimate ground for the processing, which overrides your interests, rights, and freedoms or for the establishment, exercise or defence of legal claims.
The right to restriction: You have the right to obtain from us restriction of processing your personal information in certain situations:
- If you contest the accuracy of your personal information,
- If the processing of your personal information is unlawful,
- If we no longer need your personal information for the purposes of processing, but you need it for the establishment, exercise or defence of legal claims,
- If you have objected the processing of your personal information, as described above, and the verification whether our legitimate grounds override those of yours is pending.
The right to data portability: You have the right to receive your Personal Information in a structured, commonly used and machine-readable format and have the right to transmit that information to another third-party if the processing, for instance, is based on your consent or the processing is carried out by automated means.
The right to withdrawal of your consent: You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our special features. You have the right to withdraw your consent to our processing of your personal information at any time. If you wish to withdraw your consent, please contact us at email@example.com.
The right to complain: You have the right to lodge a complaint with a supervisory authority.
There are exceptions to these rights so that full access to your personal information may be denied, for example, if making the information available would adversely affect others. To make use of your rights described above, please contact us at firstname.lastname@example.org at any time.
- How to access and update your personal information
Through your account settings, you may be able to access, and, in some cases, edit or delete some of the personal information you’ve provided to us. The information you can view, update, and delete may change as the services change. If you have any questions about your viewing, deleting or updating information we have on file about you, please contact us at email@example.com
- Our policy towards children
We do not knowingly collect or solicit personal information from anyone under the age of 18 or knowingly allow such persons to register for the services (as that term is defined in our Terms of Service). If you are under 18, please do not attempt to register for the services or send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 18 may provide any personal information to us or on the services. If we learn that we have collected personal information from a child under age 18 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 18, please contact us at firstname.lastname@example.org.