05 March 2021
We are Lily West. We sell flowers, hampers and associated products via the Lily West website and direct in our retail store.
When you use our website, we understand that you trust us with your information - we are committed to keeping that trust. That starts with helping you understand our privacy practices and your choices regarding this information in accordance with the Privacy Act 1988 (Cth) (Australian Privacy Act).
WHAT PERSONAL DATA WE COLLECT, HOLD AND USE
We will only collect personal data from you if it is reasonably necessary to provide services to you. We will only collect personal data for the purposes for which we advised you we were collecting it for or a related purpose which would reasonably be expected or otherwise with your permission.
Personal data we may collect and hold includes:
- Personal Information: first name, last name, username, or similar identifier and title
- Contact Data: billing address, email address and telephone numbers
- Third-Party Contact Data: name (or nickname), address and phone number
- Financial Data: payment card details
- Transaction Data: details about payments to and from you and other details of products and services you have purchased from us
- Profile Data: username, password, security pin and preferences
HOW WE COLLECT YOUR PERSONAL DATA
We will generally collect the above personal data from you directly. We collect personal data from you in various ways such as when you communicate with us, when you place an order with us, fill in an application or form or survey, if you apply for a job with us, if we provide a product or service to you, or when you participate in any of our activities. We use this information to operate, maintain, and provide to you with our products and services. We may also use this information to correspond with you, and to address any issues you raise about the services.
We may also collect data and personal information about individuals from third parties and automatically. When you log in to our service or interact with us through third-party services like Facebook Messenger or Twitter Direct Message, your communications are also governed by these companies’ privacy policies.
The legal basis for processing of this data is for performance of the contract of provision of our services, entered into between you and us.
In addition, we may process personal data, if applicable law, regulation, legal process or enforceable governmental request, obliges us to do so where we have legitimate interests that are not overridden by data protection interests.
If you have any questions about opting out of the collection of cookies and other tracking/recording tools, you can contact us directly at email@example.com.
THE PURPOSES FOR WHICH WE COLLECT, HOLD, USE AND DISCLOSE PERSONAL DATA
We collect personal data which is reasonably necessary for one or more of our functions as noted above and including to:
- maintain your account and contact details;
- allow you to purchase our products and services;
- process transactions and end user related information, including confirmations and invoices;
- communicate with you;
- provide you with access to protected areas of the site;
- verify data for accuracy or completeness;
- improve the quality of our services and develop new ones;
- Help our services deliver more useful, customised content;
- Keep you posted on security alerts and support and administrative messages;
- send marketing communication to you;
- conduct surveys to determine use and satisfaction;
- comply with our legal obligations;
- protect a person’s rights, property or safety;
- credit reporting purposes; and
In the unlikely event that we hold sensitive data about you, we will only disclose or use that data with your consent or if the use or disclosure is directly related to the primary purpose.
Please note that we will also use or disclose your personal data or sensitive data if we are required to do so by law or a court/tribunal order; or if we reasonably believes that the use or disclosure of the data is reasonably necessary for an enforcement related activity or on behalf of an enforcement body, in which case we will make a written note of the use or disclosure or another exception applies under the Australian Privacy Act.
WHO DO WE DISCLOSE YOUR PERSONAL DATA TO?
Because Lily West is part of a group of companies, information may be shared with other related business units. Information will be treated confidentially and only disclosed on a need to know basis.
We work with other companies that help us provide our systems and services to our customers, and we may provide data to these companies for the purpose of providing the services and products to you and to facility our interests as stated above. Those service providers will only be provided with access to your information as is reasonably necessary for the purpose that we have engaged the service provider, and we will require that such third parties comply with our Standards and all applicable laws.
We may also disclose your personal data to third parties to whom you expressly ask us to send the personal data to or to third parties you consent to us sharing your personal data with.
To avoid ambiguity, we will not share your personal information with third parties for marketing purposes unless we have your explicit consent through an opt-in.
DEALING WITH UNSOLICITED PERSONAL DATA
If we happen to receive personal data about you from a source other than you, or it is data provided by you which we did not request, we undertake to determine, within a reasonable period, if we could have requested such personal information in accordance and where applicable the Australian Privacy Act and handle the unsolicited information accordingly.
QUALITY OF PERSONAL DATA
We take all steps reasonable in the circumstances to ensure that the personal data we collect from you is accurate, up to date and complete.
PROTECTION OF PERSONAL DATA
We will take all reasonable steps to protect your personal data from misuse, interference, loss, unauthorised access, modification and unlawful disclosure. Personal data that is no longer needed will be deleted or anonymized.
How you can protect your data
We urge customers to take every precaution to protect their personal data and the watch user data by changing passwords often, using a combination of letters and numbers, and make sure a secure browser and internet connection is used.
How we protect your data
We safeguard the security of the data with physical, electronic, and managerial procedures. We use industry best practice encryption all our services including Devices, Applications, Websites and Communications
NOTIFIABLE PERSONAL DATA BREACH
In the event that there is a personal data breach and we are required to comply with the notification of eligible data breaches provisions under Australian privacy laws and/or any other regulations or legislation, we will take all reasonable steps to contain the suspected or known breach where possible and follow the following process set out in this clause.
YOUR RIGHTS OF ACCESS TO, AND CORRECTION OF, PERSONAL DATA
The laws of some countries grant particular rights in respect of personal information. Users in those jurisdictions may have the right to:
- Request a copy of your information;
- Request that we correct inaccuracies relating to your information;
- Request that your information be deleted or that we restrict access to it;
- Request a structured electronic version of your information; and
- Object to our use of your information;
Should you wish to make a request in respect of your personal information please contact us at firstname.lastname@example.org.
In some circumstances we may not be able to comply with a request that you make in respect of your personal data. For example, we may not be able to provide a copy of your information where it infringes on the rights of another User. We may also be required to retain certain information that you ask us to delete for various reasons, such as where there is a legal requirement to do so. In some cases, you may have shared your information with third parties, such as by publishing a design on a third party’s website. In that case we will not be able to delete the information, and you will need to contact that third party directly.
If we are unable to resolve your request, or if you are concerned about a potential violation, you may be entitled to report the issue or make a complaint to the data protection authority in your jurisdiction.
You may have specific rights in relation to your information depending on where you live.
DATA RETENTION POLICY
Generally, we store your personal data only if legitimate interests and/or applicable legislation, justify storage.
PRIVACY – ENQUIRIES, REQUESTS, COMPLAINTS, BREACHES
CONTACTING Lily West
Telephone +61 (0) 8 8355 2928
Address 303 Grange Rd, Findon SA 5023