Effective Date: 25 May 2018
Who are ‘we’?
When we talk about “we” (or “our” or “us”), we mean Bellroy Pty Ltd and all its wholly owned subsidiaries. We are based in Australia but we supply goods all over the world.When we talk about “we” (or “our” or “us”), we mean Bellroy Pty Ltd and all its wholly owned subsidiaries. We are based in Australia but we supply goods all over the world.
We also store backups of some data, including order details (which will include Customer Information) on our servers in Australia. We use appropriate technical and organisational measures to protect the personal data that we collect and process. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data, including using the latest 256-bit SSL (secure sockets layer) encryption technology to protect your Customer Information when you purchase from our online store. Bellroy also complies with the Australian Privacy Principles in relation to the proper use and storage of personal data.>
For European Union data protection purposes, when we act as a controller in relation to your personal data, Samuel Giles is our representative in the European Union. You can contact him on email@example.com
What is ‘personal data’
Personal data is any data that could directly or indirectly identify you – this includes information like your name, address, telephone number and your email address but in some cases it may include less obviously identifying information, like your IP Address (see below).
What data do we collect
When you visit bellroy.com or shop with us online, we collect information about you and your use of our website. We treat this information as falling into three categories: Customer Information, Usage Data and your IP Address.
Customer Information is the information you explicitly provide to us when you make an online purchase or sign up to receive our newsletters, including your:
- Email address
- Shipping and/or billing address
- Payment information
Usage Data is general information about how you interact with our website, such as:
- which pages you visited on our website
- how you came to the website (for example, by clicking on a link in a newsletter or from an advertisement)
- which buttons or links you clicked
- whether you have been to the website before
Whenever you visit a website (including ours), the computer from which the web pages are served (i.e. our web server) needs to know your computer’s public network address so it can send the requested pages to your browser. The public network address associated with your computer is called its “public IP Address” and is sent automatically each time you access any Internet website. From a computer’s IP Address, it is usually possible to determine the general geographic location of that computer but often not the specific computer and if multiple people use the computer not the specific user (although if your IP Address is unique to you and is published somewhere or if you later identify yourself while while using the same IP Address, it is possible that IP Address could identify you).
In the European Union, your IP Address is considered to be personal data, and we treat it accordingly.
How we collect data
Information you provide to us directly: When you shop with us online, we will ask you to provide personal data (such as your name and address) so we can fill your order. We may also ask you to provide personal data when you sign up for a newsletter, respond to a job application or an offer, join us on social media, take part in surveys or contact us for help. If you don’t want to provide personal data, you don’t have to, but it might limit your ability to do certain things on the website.
Information we collect automatically: When you visit bellroy.com or shop with us online, we collect some information about you automatically, including Usage Data.
How we use data
Where we collect your personal data, we’ll only process it:
- to fill orders placed by you, or
- where we have legitimate interests to process the personal data and our interests are not overridden by your rights, or
- in accordance with a legal obligation, or
- where we have your explicit consent.
The main reason we use your personal data is to fill orders and to manage our relationship with you (for example, dealing with questions about products, returns and warranty claims).
We also use personal data for other purposes, including:
To communicate with you: this may include providing you with information you’ve requested or that we’re required to provide to you, that relates to changes to our website or policies, marketing communications in accordance with your preferences or to invite you to provide feedback or to take part in research we are conducting.
To support you: this may include dealing with any questions you have about our products, dealing with warranty claims or any issues relating to our goods or services.
To improve our website: we use Usage Data to help us understand the online behaviour of our customers, which helps us to focus our marketing activities and improve the services we provide on the website. Using web analytics on our website enables us to measure, collect, analyse and report on Usage Data for the purposes of understanding and optimising customers’ experiences on our website. We try to ensure that all Usage Data is anonymised (i.e. not referable to a specific person) unless we have your consent.
Geographical location information contained in Usage Data also enables us to tailor your experience on our website by displaying different content based on your location, such as providing content in your preferred language (where possible), showing local currency and pricing, and showing relevant advertising. Again, geographical location information is anonymised unless we have your consent.
To protect you: we use Customer Information and your IP Address to detect and prevent fraudulent activity when you want to make a purchase from us.
To analyse, aggregate and report: we may use the personal data we collect about you and other users of our website to produce aggregated and anonymised analytics and reports, which we may share with third parties.
How we can share your personal data (and how we don’t)
There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:
- handle payments securely (PayPal Inc and Braintree Payment Solutions LLC)
- distribute direct marketing materials that you have consented to receive (MailChimp)
- connect to social networks (for example, Pinterest, Facebook, Instagram and LinkedIn)
- pay commission to affiliates
- target advertising (for example, Google, Facebook)
- protect you and us against fraud (for example, MaxMind)
There also may be times when we are legally required to disclose personal data, such as to regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws and regulations, or to exercise our legal rights. Where possible and appropriate, we will notify you of this kind of disclosure.
We only share your Customer Information with third parties where it is either necessary to enable online transactions (such as PayPal) or where you have consented to receive direct marketing material (such as MailChimp).
Your personal data is never disclosed to third parties for remarketing or retargeting purposes. Bellroy never sells its email lists or customer information.
International data transfers
When we do transfer data, we will make sure that there are safeguards in place to protect your personal data.
For individuals in the European Union (EU), this means that your personal data will be transferred outside of the EU. EU personal data will only be transferred to countries that have been identified as providing adequate protection for EU data (such as New Zealand) or to a third party where we have approved transfer mechanisms in place – this means that we have either entered into an appropriate Data Processing Agreement or by ensuring that the entity has appropriate data protection in place, including where the entity is Privacy Shield certified (for US-based third parties).
We also store backups of some data, including order details (which will include Customer Information) on our servers in Australia. We use appropriate technical and organisational measures to protect the personal data that we collect and process. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data, including using the latest 256-bit SSL (secure sockets layer) encryption technology to protect your Customer Information when you purchase from our online store. Bellroy also complies with the Australian Privacy Principles in relation to the proper use and storage of personal data.
How long we retain your personal data depends on what it is, what we need it for (for example, keeping track of your warranty rights) and whether we are legally required to keep it (for example, for tax). Once we no longer need to retain it, we will make sure your personal data is deleted or anonymised.
Your personal data belongs to you, and you have the right to:
- know what personal data we hold about you
- make sure that all personal data is correct and up-to-date
- ask us to correct any personal data
- object to our continued processing of your personal data
If you no longer wish to receive any online communications, just let us know by clicking the ‘unsubscribe’ link at the bottom of the newsletter or other communication.
You can notify us if you no longer wish us to process your personal data, but we not that if you do so, this may mean that we can no longer provide our services to you.
If you have any complaints or concerns about how we manage your personal data, please contact us by emailing firstname.lastname@example.org. If you are in the European Union, you also have the right to complain to your local Data Protection Authority about the collection and use of your Personal Data.
Changes to this Policy
How to contact us
Bellroy Pty Ltd
5 Theatre Place