COLLECTION OF PERSONAL INFORMATION & DATA PROCESSING
THE TYPES OF INFORMATION THAT WE COLLECT, AND HOW WE COLLECT IT
We collect information in two ways:
- Information you give to us directly. This information typically includes: email address, first name, surname, postal address, telephone number and domain name, and may also contain your username, message or any other information required to process an order through the Site; or
- Information we collect through your use of our services. This includes information collected by our server, including the internet protocol (‘IP ’) address used to connect your computer to the Internet, operating system and platform, the average time you spend on scanlantheodore.com, pages visited, information searched for, average access time, and websites you have visited previously, as well as other relevant statistics; cookies and other anonymous identifiers, which we send to your computer's browser for record-keeping purposes.
HOW WE USE YOUR INFORMATION
We may use the information you give to us directly to:
- Deliver our products to you, to collect payments, to manage your account, to market to you directly, as well as provide you with information about our products and services, and to notify you of changes to our products and services; or
- Contact you about new products, projects or seasonal promotions. If you wish not to receive such communications, you can unsubscribe by submitting a request here. You can also unsubscribe from the mailing list by clicking on the unsubscribe link that can be found in all communication emails that are sent; or
- Provide, maintain, protect and improve our services, to develop new ones, and to protect our services and our customers. We may also use this information to offer you tailored products, projects or seasonal promotions; or
- Keep a record of your communications with us to help solve any issues or disputes that might arise;
We may use the information we collect through your use of our services to:
- Measure the use of the Site and to administer and improve the Site. This statistical data is interpreted by Scanlan Theodore in its continuing effort to improve the Site and your shopping experience; or
- Gather information on which web pages are visited and how often, to make the Site more user friendly, and to give you a better experience when you return to the Site; or
- We may combine the information you give to us directly with the information we collect through your use of our service.
SECURITY OF YOUR INFORMATION
Scanlan Theodore uses a number of security measures to protect the information you provide to us. We protect your personal information by:
- Restricting internal and external access to your personal information; and
- Maintaining our technology systems to prevent unauthorised computer access; and
- Ensuring that third parties that require access to your information, including organisations outside Australia, take such steps as are reasonable to ensure that they do not breach our privacy obligations; and
- Securely destroying your personal information when your personal information is no longer needed.
When purchasing from us, your financial details are passed through a secure server using the latest 128-bit SSL (secure sockets layer) encryption technology.
Scanlan Theodore uses the latest, industry standard 128-bit SSL (secure sockets layer) encryption technology to transmit and encrypt all credit information into Scanlan Theodore’s databases.
WHEN WE MAY TRANSFER YOUR INFORMATION TO OTHER PARTIES
We may from time to time supply the owners or operators of third party websites from which it is possible to link to Scanlan Theodore with information relating to the number of users accessing the Site from such third party websites or applications. You will not personally be identifiable from this information.
In delivering our products or collecting and using your personal information, we may be required to disclose some of your personal information to third party organisations, including external service providers; our legal, accounting, financial or other professional advisors; and regulatory or government authorities as required by law.
Our website may contain links to other websites. Scanlan Theodore is not responsible for the availability of, or any content or material contained in, or obtained through, any such websites. Any link to another website, and reference to third-party information, products or services linked to this website, is not, and should not be construed as, an express or implied endorsement by Scanlan Theodore. Any questions or comments relating to such other websites should be addressed to the operator or operators of those websites.
OVERSEAS TRANSFERS OF YOUR INFORMATION
Our business is based in Australia.
We may need to share some of the information that we collect about you from the UK and/or EU with organisations both inside and outside Australia. In some cases, we may need to ask you before we do this.
Australia has strict data protection laws but they vary in some respects from the data protection laws in the UK and the EU.
In addition to handling your information within Australia, we may transfer your information to our head office in New York USA but only where it is required for reporting, business consolidation or other business requirements. Our head office is under the same duty of confidentiality and privacy when dealing with your information.
We might also store your information in cloud storage or some other form of networked storage. This storage may be accessible from various countries via the internet, which means it is not always practicable to determine the countries in which your information might be stored or accessed. If this occurs, then this might mean that your information is disclosed in countries other than those listed above.
Many countries outside of the UK and the EU do not have the same data protection laws as the UK and EU.
If we transfer, share, store or handle your information outside of the UK or the EU, it will only be done with relevant protections in place. We will take steps to ensure that your information will be protected in accordance with applicable data protection laws and in accordance with legally recognised data transfer mechanisms, for example:
- Where the European Commission has given a formal decision that the relevant country provides an adequate level of data protection similar to that which applies in the UK and EEA - by adopting a European Commission approved contract, or standard data protection clauses in the form of template transfer clauses adopted by the Commission, that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach; and
- In accordance with a set of European Commission approved binding corporate rules that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach; and
- Subject to our compliance with an approved code of conduct approved by a supervisory authority that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach; and
- Subject to the terms of our certification under an approved certification mechanism as provided for in the GDPR that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.
Any transfers to these countries will be undertaken on the basis that the country, territory or one or more specific sectors in that country, or an international organisation ensures an adequate level of protection.
For more information on the basis of any transfers, our safeguards or European Commission details, please contact us as described below.
HOW LONG WE WILL KEEP YOUR INFORMATION
We will only hold your personal information for period permitted by the relevant privacy legislation. After this time it will be securely deleted from our systems and we may ask you to provide your information again when you make a purchase.
Notwithstanding the preceding sub-clause hereof, your information may be stored for longer periods insofar as the information will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes (subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard your rights and freedoms).
OUR RESPONSIBILITIES UNDER GENERAL DATA PROTECTION REGULATION (GDPR)
Scanlan Theodore complies with the stipulations specified in the GDPR for EU and UK customers. If you are a resident of the EU or UK, you have certain rights and protections under the EU and UK GDPR regarding the processing of your Personal Data.
We collect, use, and store your Personal Data to enable us to provide you with our goods or services and information about them.
Scanlan Theodore relies on the following lawful means of processing your Personal Data:
- Where it is necessary to fulfil a contract with you. This includes where we collect your Personal Data to enable us to send you our goods or provide you with our services.
- Where you have given us valid consent to use your Personal Data. We will rely on that consent and only use the Personal Data for the specific purpose for which you have given consent. This includes where we email newsletters or send mobile phone notifications.
- We may also process your Personal Data where it is to further our legitimate interests which could include usage statistics, analytics, and internal analysis so we can improve our services to you.
YOUR RIGHTS AS AN EU OR UK RESIDENT
If you are a resident of the EU or UK, Scanlan Theodore guarantees various rights including the:
- Right to access your personal data
- Right to be informed
- Right to rectification
- Right to object
- Right to restriction of processing
- Right to data portability
- Right not to be subject to automated processing
- Right to erase your personal data
According to the GDPR, any incorrect or inaccurate data can be rectified or deleted at any time.
Should you wish to access your Personal Data or ask for the information to be corrected, please contact the Scanlan Theodore Client Experience Team. In some circumstances, you also have the right to object to or ask that we restrict certain processing activities or delete your Personal Data.
If you would like to limit or request deletion of your Personal Data or exercise any other rights, you can contact us by submitting a form.
Scanlan Theodore complies with the GDPR protection directives set out by the EU and UK regarding the collection, use and retention of Personal Data from EU member countries and the UK. All Personal Data stored on our platform is treated as confidential. It is stored securely and is only accessed by authorised personnel. Our collection is limited in relation to what is necessary, for the purpose for which the Personal Data is processed and kept only for so long as is necessary for the purpose for which the Personal Data was collected. We implement and maintain appropriate technical, security and organisational measures to protect Personal Data against unauthorised or unlawful processing or use, and against accidental loss, destruction, damage, theft or disclosure. We ensure the encryption and pseudonymisation of Personal Data and we have adequate cyber security measures in place. In the event that your personal information is affected by a data breach, you will be notified.
By providing Scanlan Theodore with your Personal Data, you consent to us disclosing it to third parties who reside outside the EU or UK. We will ensure that those third parties are GDPR compliant.
APPLICABLE LAW AND JURISDICTION
HOW TO EXERCISE YOUR RIGHTS IN RELATION TO YOUR INFORMATION
You have the right to access personal information held by Scanlan Theodore about you, subject to the restrictions provided by law. We endeavour to keep information about you as accurate as possible. If you are concerned about our use of your personal data you provide us, or if you would like to remove, change or correct the information you have supplied to us, you are entitled to do so, please contact us by submitting a form.
WITHDRAWING YOUR CONSENT
You can withdraw your consent to Scanlan Theodore’s collection or processing of your Personal Data. You can do so by contacting us here or by opting out of email newsletter communications by following the instructions in those emails. If you withdraw your consent to the use of your Personal Data, you may not have access to our Services, and we might not be able to provide you with our goods/services. In some circumstances, where we have a legal basis to do so, we may continue to process your information after you have withdrawn consent. For example, if it is necessary to comply with an independent legal obligation or if it is necessary to do so to protect our legitimate interest in keeping our Services secure.
HOW TO MAKE A PRIVACY COMPLAINT
If you feel that your data has not been handled correctly or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have a right to lodge a complaint with the Australian Privacy Commissioner through their website: www.oaic.gov.au/privacy/privacy-complaints/
For more information on your rights, including the circumstances in which they apply, refer to the Office of the Australian Information Commissioner (https://www.oaic.gov.au/) or see the Guidance from the UK Information Commissioner's Office (ICO) on individual's rights under the GDPR (http://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/)
NOTICES & CONTACT
For the purposes of contacting Scanlan Theodore under this agreement, providing notices under this agreement, or for any questions, please submit a request.
To contact our data protection officer, please contact us by submitting a form.
Version Date: September 2022