1.1 In this Policy, “Headlokt”, “we”, “our” and “us” is a reference to Headlok Pty Ltd (ACN 649 303 819).
1.2 Personal information is any information about a person where their identity is apparent, or can reasonably be ascertained, such as name, email, phone number and identification numbers (e.g., driver licence or passport number) (Personal Information).
2. What this Policy is about
2.2 This Policy covers Personal Information collected directly from:
- individuals who access and/or use our website www.headlokt.com (Website), including the submission of feedback forms; or
- individuals who create an account (Customers) to purchase our products (Products) advertised on the Website.
2.3 We endorse fair information handling practices and uses of information in compliance with our obligations under the privacy laws in force in Australia and overseas from time to time. Any information provided, including Personal Information, will be used only for the purpose/s intended and where the intention includes confidentiality, information will be treated as such unless otherwise required by law.
2.4 This Policy represents the default position that Headlokt will take in its treatment of Personal Information. Headlokt will treat all Personal Information in a manner consistent with this Policy unless you have provided your express consent otherwise.
2.5 If there is any inconsistency between the Act, or any other data protection laws, and this Policy, this Policy shall be read and interpreted to comply with the Act or the relevant data protection law.
2.6 If there is any inconsistency between the Act and another data protection law, the Act will prevail.
3. Other Policies and Terms and Conditions
3.1 Your use of the Website is also subject to our Terms and Conditions. The Terms and Conditions for your use of our Website may be found here: https://www.headlokt.com/pages/terms-conditions.
4. Collection of Personal Information
4.1 Headlokt may collect the following Personal Information about you:
- your name, address, email address, phone number, and other contact details;
- your credit card, debit card and account details, which are processed by a third-party service provider that handles payments for us; and
- any company or organisation you represent.
Headlokt usually does not collect or store credit card, debit card or account details when Orders are placed, but may do so in some cases.
4.2 Personal Information will be typically collected:
- when you contact us or place an order through our Website;
- when you create an account as a Customer;
- when you subscribe to our marketing emails or other publications;
- during other communications between you and us; and
- when you contact or communicate with us by any other means, including interactions on social media platforms.
4.3 We do not intentionally collect any information from users under the age of 18 (Underage Users) and we will never intentionally or knowingly share or use the Personal Information of Underage Users. We may request that you produce proof of your identity to confirm you are not an Underage User. For the avoidance of doubt, any information provided to us pursuant to a request for proof of identity will not be collected or stored by us.
4.4 If you believe an Underage User has provided Personal Information and wish for it to be deleted, please contact our Privacy Officer, details of which are set out in clause 11.3 of this Policy, and we will delete it as soon as reasonably practicable.
4.5 Our Website automatically collects anonymous usage data about visitors, including the URL that the visitor came from, the browser being used and the IP address. This data is utilised to improve the Website and does not include any personally identifying information.
4.6 Headlokt also reserves the right to collect anonymous usage data through other websites and online systems in order to provide our users with a better user experience. This data does not include any personally identifying information.
4.7 'Cookies' are alphanumeric identifiers that are stored by the web browser on a computer's hard-drive that enable our system to recognise a visitor to our Website. This helps Headlokt to track basic visitor information for the purposes of optimising the design of our systems and marketing activities.
4.8 Most web browsers automatically accept Cookies and this function can be disabled by changing the browser settings of the user.
4.9 Please note that the Website may contain links to other websites which are not hosted or operated by Headlokt. Headlokt is not responsible for the privacy policies of such other websites and you should independently review the privacy policies on such websites.
5. Use of Personal Information
5.1 Headlokt uses Personal Information in the following ways:
- to supply and deliver Products to you;
- to process orders and payments;
- to contact you about orders, payments and delivery of Products;
- to send you communications including marketing emails and feedback forms;
- to provide Product refunds and exchanges;
- to manage your profile and account with us; and
- for our own internal administration purposes.
5.2 We may also use Personal Information we collect for related purposes such as:
- to record information about your usage, preferences and behaviour in relation to the Products, as well as any feedback provided by you;
- when combined with the deidentified Personal Information of other users (in which case such combined information will no longer be personal) to analyse and develop products and services that suit our users;
- to perform statistical analyses of user behaviour;
- to optimise marketing activities, user experience, and content; and
- any other use for which we obtain permission from you.
5.3 We do not pass on any Personal Information to third parties except in accordance with this Policy.
5.4 As a user of the Website you have the option to opt in to receive email, promotional material or other updates from us about new information, briefings or products or services being offered by Headlokt, along with newsletters and any noteworthy changes to the Website. You may at any time unsubscribe and opt out from receiving these promotional/marketing update messages.
6. Disclosure of Personal Information
6.1 Other than disclosure to service providers or as required by law (for example, disclosure to Government departments or to Courts), our policy is that we do not give Personal Information to other organisations unless we have disclosed the use in this Policy or you have expressly consented for us to do so.
6.2 The parties we may also share Personal Information with are employees, subcontractors, suppliers and affiliates of Headlokt and on a need to know basis third parties, as authorised by you, to allow the provision of the Products to you. Access to Personal Information will be revoked within a reasonable timeframe of access no longer being required.
6.3 We may also disclose your Personal Information to our Website host or business service providers in certain limited circumstances, for example when our Website experiences a technical problem or to ensure that it operates in an effective and secure manner. Access to Personal Information by these parties is subject to such parties protecting your Personal Information to at least the degree set out in this Policy, and such access will be revoked within a reasonable timeframe of access no longer being required.
6.4 Occasionally, Headlokt might also use Personal Information for other purposes or share Personal Information with another organisation because:
- we believe it is necessary to protect your rights, property or personal safety;
- we believe it is necessary to do so to prevent or help detect fraud or serious credit infringements - for example, we may share information with other, credit reporting agencies, law enforcement agencies and fraud prevention units; or
- we believe it is necessary to protect the interests of Headlokt – for example, disclosure to a Court in the event of legal action to which Headlokt is a party.
6.5 When we share information with other organisations and service providers as set out above, we do so in accordance with this Policy. To the extent that these organisations and service providers gain access to Personal Information, their use is governed by their own privacy policies, the Act and any other relevant law.
6.6 In the event that Headlokt is sold or merged with another entity, the data, including your Personal Information, may be transferred to the purchasing entity, which would be bound to comply with the Act in relation to the access, storage and use of your Personal Information. Your Personal Information would not be disclosed to a buyer in either circumstance, other than as a part of the transfer of all data related to the Website to that buyer.
7. Confidentiality and Data Security
7.1 All Personal Information collected is stored on secure servers in Australia, however we reserve the right to transmit the Personal Information overseas for storage on a secure server overseas.
7.2 We take all reasonable steps to manage data stored by us to ensure data security and to prevent the loss, misuse or alteration of Personal Information. Notwithstanding the above, Headlokt is not responsible for any third-party access to Personal Information as a result of:
- interception while it is in transit over the internet;
- an unpatched vulnerability, a zero-day vulnerability, or an attack within 48 hours of a vendor releasing a patch or update;
- spyware or viruses on the device (such as a computer or phone) from which you access our Website or otherwise contact us; or
- as a result of your failure to adequately protect your username or password (if applicable).
7.3 Headlokt is also not responsible for any losses, expenses, damages and costs, including legal fees, resulting from such third-party access.
7.4 If we have reasonable grounds to believe that your Personal Information may be subject to unauthorised access or disclosure (Eligible Data Breach), we will investigate and assess the suspected Eligible Data Breach to determine whether the Eligible Data Breach is likely to result in serious harm to you (Notifiable Data Breach). If a Notifiable Data Breach occurs, then we will notify you and the Australian Information Commissioner as soon as practicable after we become aware of the Notifiable Data Breach in accordance with our obligations under the Act. We will comply in every way with our obligations under Part IIIC – “notification of eligible data breaches” of the Act.
8. Retention and Disposal of Personal Information
8.1 We will retain Personal Information for as long as is required for us to fulfil the purposes for which the Personal Information was collected, including where applicable to provide you with the Products and to comply with legal requirements.
8.2 If we no longer require Personal Information for any purpose, including legal purposes, we will take reasonable steps to securely destroy or permanently de-identify the Personal Information.
9. Access to Personal Information
9.1 You can request access to the Personal Information held about you at any time by contacting our Privacy Officer.
9.2 We will always endeavour to meet requests for access. However, in some circumstances we may decline a request for access. This includes the following circumstances:
- we no longer hold or use the information;
- providing access would have an unreasonable impact on the privacy of other persons;
- the request is frivolous or vexatious;
- the information relates to existing or anticipated legal proceedings and would not normally be disclosed as part of those proceedings;
- providing access would be unlawful; and providing access would be likely to prejudice the detection, prevention, investigation and prosecution of possible unlawful activity.
9.3 If we decline a request for access, we will provide reasons for our decision when we respond to the request.
9.4 We reserve the right to charge you a reasonable fee for access to your Personal Information. These charges will be limited to the cost of recouping our expenses for providing you with your Personal Information, such as document retrieval, photocopying, labour and delivery.
9.5 Despite anything contained in this Policy to the contrary, if the Freedom of Information Act 1982 (Cth) applies to a person on whose behalf we hold Personal Information, the access and correction requirements in the Act operate alongside and do not replace other informal or legal procedures by which an individual can be provided access to, or correction of, their Personal Information.
10. Changing or deleting Personal Information
10.1. We will take reasonable steps to ensure that Personal Information is accurate, complete and up-to-date at the time of collecting the Personal Information from you, using or disclosing the Personal Information, or during other interactions with you.
10.2 If you believe that any Personal Information we hold about you is inaccurate, incomplete or out-of-date, you may contact our Privacy Officer.
10.3 We will do our best to correct any Personal Information that is inaccurate, incomplete or out-of-date or dispose of it in accordance with this Policy.
11.2 If you have a complaint in relation to the way your Personal Information has been handled by Headlokt, the complaint should be made in writing to our Privacy Officer in the first instance. Headlokt will investigate the complaint and prepare a response to you in writing within a reasonable period of time.
11.3 Our Privacy Officer can be contacted by email at firstname.lastname@example.org.
11.4 From time to time, our policies will be reviewed and may be revised. Headlokt reserves the right to change this Policy at any time.