1. The type of information we collect
The type of personal information we collect from you depends on your dealings with us. Where possible, we collect personal information directly from you. The personal information we collect from you may include:
2. How we collect information
We may collect personal information about you in a number of ways. Primarily, we will collect information from you when you use our website, join one of our mailing lists, create an account, place an order with us, communicate with us or any other time you provide personal information to us.
Sometimes we may collect personal information about you from third parties who provide services to us or on our behalf.
We may also collect personal information from you through cookies used on our website (discussed further below).
Pages of our website, and our e-mails, may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) or other tracking technologies that permit us, for example, to count users who have visited those pages or opened an email, for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity) and to track your progress using our website.
Some information may be automatically collected through our use of ‘cookies’ on the website. Cookies are small files installed in your website browser or on your device used to recognise customers that revisit our website and to help us enhance and customise your experience.
Cookies provide us with information about customer behaviour such as pages viewed, products purchased and the customer journey around our website. Information collected from cookies may include personal information. The types of cookies we use include both essential and non-essential cookies. These cookies may be session or persistent cookies; first party or third-party cookies. Specifically, the cookies we use include preference cookies, statistic cookies and/or marketing cookies.
3.1. to enable certain functions on our website and allow our website to operate and function properly or as designed;
3.2. to improve your website experience, enhance website functionality via personalised technology and to determine where users may be encountering errors or bugs on the website;
3.3. to track and gather data about how our website is used by individuals; and
3.4. to record information about an individual’s use of our website for advertising and marketing purposes.
Third party cookies
Withdrawing consent to the installation of cookies
4. Data collection subject to additional legal requirements, including for European Union and California customers
If you are a customer residing in the EU or are a California resident or otherwise are present in California and subject to the CCPA, we will comply with the principles of data protection set out in the GDPR and CCPA, as applicable, for the purpose of fairness, transparency and lawful data collection and use. We will process your personal information as a Processor and/or Controller as defined in the GDPR. In compliance with GDPR and CCPA, as applicable, we:
4.1. will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose;
4.2. will take reasonable and appropriate steps to keep your data safe and secure and to ensure the information we hold about you is accurate and up to date;
4.3. will only process your personal information if it is lawful, such as if you have given your consent, it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation;
4.4. do not collect or process any personal information from you that is considered “Sensitive Personal Data” under the GDPR, such as personal information relating to your sexual orientation, religious beliefs, ethnicity or political opinions, unless we have obtained your explicit consent or if it is being collected in accordance with the GDPR; and
4.5. only store your information for as long as reasonably necessary.
We do not accept or knowingly collect or process personal information of customers under the age of 16 without the consent of a parent or someone who has parental authority.
5. The reasons we collect, use and disclose personal information
We generally use and disclose your personal information for the purpose for which it is collected, including:
5.1. to fulfil or meet the reason you provided the information, including to provide you with products and services and to allow you to access and use our website;
5.2. for marketing and promotional purposes, including to send you information about our and other party’s products and services, competitions, surveys or other promotions and value-add services that we think may be on interest to you;
5.3. to send you communications, respond to your enquiries or to provide information requested by you; and
5.4. to personalize your website experience and to deliver content and product and service offerings relevant to your interests;
6. Sharing your personal information
Your personal information may be disclosed to our affiliates and related bodies corporate as well as our and their respective employees, officers and directors.
We may also disclose your information to third party service providers and contractors with whom we work. This may include our website host providers, payment operators, promotional partners or other third parties who provide services to us or on our behalf. Where you have expressly authorised a third party to receive certain information held by us, we will disclose such information to that authorised third party.
If our business or assets are sold or transferred, we may disclose your personal information to the purchaser, potential purchaser (including their advisors) or any successor in title of our business and/or assets, including as part of any bankruptcy proceeding.
Your personal information may also be disclosed to regulatory or investigative bodies, government or law enforcement agencies or as otherwise required or permitted by law or court order. In such circumstances we are not under an obligation to try and restrict disclosure of your personal information.
7. Promotional communications
From time to time, we may send you promotional communications and information about our products and services or the services of our trusted third party partners.
If you prefer to not receive promotional communications from us, you may opt-out or withdraw your consent at any time by contacting us or by using the unsubscribe facility we offer in our electronic messages.
8. International data hosting and transfers
Some of our trusted third party suppliers and contractors are located outside of Australia in the European Union, United States and Canada.
You consent to the disclosure of your information to our third party suppliers and contractors including those located in Australia and overseas.
We will take reasonable steps to ensure that any overseas third party suppliers or contractors deal with personal information in a way that is consistent with the Privacy Act however you acknowledge that we cannot prevent the use (or misuse) of personal information by others.
If you are a customer located in the EU, your transfer of data to each of these countries will be protected by appropriate safeguards which may include ensuring that these countries offer an adequate level of data protection recognised by the European Commission, are certified as compliant with the EU-US Privacy Shield or use standard data protection clauses adopted or approved by the European Commission.
9. Security of your personal information
Security of your personal information is important to us and we take reasonable steps to protect the personal information we hold from misuse, interference and loss, as well as unauthorised access, modification or disclosure, as required by the Privacy Act. For example, we use the Secure Sockets Layer (SSL) protocol to encrypt the information you enter on our website in order to protect its security during transmission to and from our website. The encryption process protects your information by scrambling it before it is sent to us from your computer. We also maintain a written, regularly audited plan to protect your personal information.
We use Shopify to facilitate the sale of our products on our website. Shopify complies with the Payment Card Industry Data Security Standard which is a security standard for organisations that handle credit and debit card information designed to keep your payment information secure.
Where we engage data processes to process the personal information of customers residing in the EU on our behalf, we do so only on the basis that such data processors comply with the requirements under the GDPR and that they have safeguards in place to protect personal information against unauthorised use, loss and theft.
While we endeavour to ensure your personal information is protected, we cannot guarantee the security of personal information you disclose to us.
10. Third party websites
We may display content or links to websites operated by third parties on our website. Such content or links are not operated by us and are provided for your convenience only.
If you click on any content or links of a third party you may leave the Yora website, in which case the collection, use, storage and disclosure of your personal information will be governed by the privacy policies and practices of the relevant third party. We are not responsible for the privacy or security practices of third party websites.
You may deal with us using a pseudonym or without providing us with any personal information. Please note however that if you provide a pseudonym or choose to remain anonymous, we may not be able to provide you with certain services which require us to know your correct identity.
12. Access and correction
You have certain rights to access personal information we hold about you. To request access to personal information we hold about you, please contact our Privacy Officer. We will generally provide you with access to your personal information to at least the extent required under applicable law, subject to some exceptions under the Privacy Act.
We try to ensure that all information we hold about you is accurate and up to date. You can keep your information up to date by letting us know of any changes to your personal information. If you would like to request that we correct or update any personal information we hold about you, you may do so by contacting our Privacy Officer.
We may take reasonable steps to verify your identity before granting access to or correcting your personal information.
Where we no longer require your personal information, we will take reasonable steps to destroy the information or ensure that it is de-identified unless we are required by law to retain the information.
13. EU customers’ rights under the GDPR
If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used, in addition to your rights in the paragraph above. We comply with your rights under the GDPR as to how your personal information is used and controlled.
As an EU customer, you have the following rights regarding your personal information:
13.2. to have your information corrected and/or completed;
13.3. to have your information deleted;
13.4. to restrict the use of your information;
13.5. to receive your information in a portable format;
13.6. to object to the use/processing of your information; and
13.7. to withdraw your consent, whether fully or partially, to the use of your information.
If you wish to have your data deleted, we will erase it from our system unless we are obliged to continue storing it. Under such circumstances, we will ensure that your data is prevented from being used for other purposes. Again, we may take reasonable steps to verify your identity before granting access to, correcting and/or deleting your personal information.
14. California customers’ rights under the CCPA
If you are an individual California resident or otherwise are present in California and subject to the CCPA, you have certain rights as to how your personal information is obtained and used, in addition to your rights in the paragraph above. We comply with your rights under the CCPA as to how your personal information is used and controlled.
As a California customer, you have the following rights regarding your personal information:
14.1. to obtain a written disclosure of your information and its use;
14.2. to have your information deleted in certain circumstances;
14.3. to opt-out of the sale of your personal information;
14.4. to receive your information in a portable format; and
14.5. to withdraw your consent, whether fully or partially, to the use of your information.
If you wish to exercise any of the foregoing rights under the CCPA, please provide a verifiable consumer request to our Privacy Officer. Only you or someone legally authorized to act on your behalf may make such a request. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We endeavour to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to an additional 45 days), we will inform you of the reason and extension period in writing. If you wish to have your data deleted, please provide a verifiable consumer request and we will erase it from our system unless we are obliged to continue storing it or, at our option, if we are permitted to deny your request under the CCPA. Under such circumstances, we will ensure that your data is prevented from being used for other purposes. Again, we may take reasonable steps to verify your identity before granting access to, correcting and/or deleting your personal information.
15. Privacy enquiries or concerns
If you have an enquiry or concern about our privacy practices, you can contact us on the details below. You should include enough information to allow us to identify you and understand your enquiry or concern. All privacy enquiries and concerns will be reviewed, investigated (if required) and responded to within a reasonable timeframe.
If you are not satisfied with our response, you can contact us directly to discuss your concerns or lodge a complaint with the Office of the Australian Information Commissioner by visiting www.oaic.gov.au or calling 1300 363 992.
16. Contact information
If you would like further information about our privacy practices, would like to lodge a request to access or correct your personal information, or would like to contact us regarding any privacy enquiries or concerns, please contact our Privacy Officer at:
Post: Level 2, 17 William Street, Cremorne, VIC, 3121, Australia