Privacy policy.
Effective as of 30 September 2024
Welcome to R3SUP'S Privacy Policy.
R3SUP respects your privacy and is committed to protecting your personal information. This Privacy Policy is to provide you with the information required under the Australian Privacy Act 1988 and informs you about how we use and look after your personal information (also referred to as personal data), including any information you may provide through this website and our store (our “Site”) or when you request information from R3SUP or otherwise communicate with us, and when your personal information is provided to us relating to our business. This Policy also informs you about your privacy rights and how the law protects you.
WHO WE ARE
R3SUP Australia and R3SUP Pty Ltd, are each independent controllers and responsible for your personal information (referred to as "R3SUP", "we", "us" or "our" in this Privacy Policy). R3SUP Australia is the controller of your personal data which it holds or uses, and R3SUP Pty Ltd is the controller of your personal data which it holds and uses if you are in Australia.
Our Compliance Officer is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights (including any opt-out mentioned in this Privacy Policy), please contact the Compliance Officer using the details set out below.
Contact Details;
Our full details are:
Name of legal entities: R3SUP Australia, R3SUP Pty Ltd
Email address of the Compliance Officer: info@R3SUP.com
If you have a complaint relating to such information, please contact the Compliance Officer using the contact details above. You have the right to make a complaint at any time to the Office of the Australian Information Commissioner, the Australian supervisory authority for data protection issues (www.oaic.gov.au). We would, however, prefer to deal with your concerns before you approach the OAIC so please contact us in the first instance. .
Our Privacy principles
The following outlines our privacy principles:
Before or at the time of collecting personal information, we will identify the purposes for which information is being collected.
We will collect and use personal information to fulfil the purposes specified by us and for other compatible purposes.
We will only retain personal information as long as necessary for the fulfilment of those purposes.
We will collect personal information by lawful and fair means and transparently.
Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up to date.
We will use reasonable efforts to protect personal information by appropriate security safeguards against loss or theft, as well as unauthorised access, disclosure, copying, use or modification.
We will make readily available to customers information about our policies and practices relating to the management of personal information.
Personal information we collect
We may obtain information from you directly. For example you may give us information when you buy products from us in our store at www.R3SUP.com or when you contact us either directly or by filling in forms on our Site. The information collected will include the following:
name
contact details (e.g. email address, postal address or telephone number)
transactional details (e.g. products ordered, quantity, dates of order, payments you make, method of payment, any returns, shipping details).
information that you provide by filling in forms on our Site. This includes information provided at the time of registering to use our Site, posting material, or requesting further services. We may also ask you for information if you report a problem with our Site
records and copies of your correspondence (including email addresses and phone calls), if you contact us
your responses to surveys that we might ask you to complete for research
your search queries on the Site .
If you do not provide personal information that we request, it may mean that we are unable to provide you with the products or customer services you have requested.
You also may provide information to be published or displayed on public areas of the Site, or transmitted to other users of the Site or third parties (collectively, "User Contributions"). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages/you may set certain privacy settings for such information by logging into your account profile, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Site with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorised persons.
We also collect personal information automatically when you use the website and when you navigate through the website. As you navigate through and interact with our Site, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
Details of your visits to our Site, including traffic data, location data, logs, and othercommunication data and the resources that you access and use on the Site
Information about your computer and internet connection, including your IP address,operating system, and browser type and settings
We also may use these technologies to collect information about your online activities over time and across third party Sites or other online services (behavioural tracking). The information we collect automatically may include personal information, or we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Site and to deliver a better and more personalized service, including by enabling us to:
Estimate our audience size and usage
Store information about your preferences, allowing us to customise our Site accordingto your individual requirements
Speed up your searches.
Recognize you when you return to our Site
The technologies we use for this automatic data collection may include:
Cookies (or browser cookies). A cookie is a small file placed on the hard drive of yourcomputer. You may refuse to accept browser cookies by activating the appropriatesetting on your browser. However, if you select this setting you may be unable to accesscertain parts of our Site. Unless you have adjusted your browser setting so that it willrefuse cookies, our system will issue cookies when you direct your browser to our site.
Flash Cookies. Certain features of our Site may use local stored objects (or Flashcookies) to collect and store information about your preferences and navigation to,from, and on our Site. Flash cookies are not managed by the same browser settings asare used for browser cookies.
Web Beacons. Pages of our Site may contain small electronic files known as webbeacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit theCompany, for example, to count users who have visited those pages or and for otherrelated Site statistics (for example, recording the popularity of certain Site content andverifying system and server integrity).
Third Party Use of Cookies and other Tracking Technologies:
Some content or applications, including advertisements, on the Site is served by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies to collect information about you when you use our Site. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different Sites and other online services. They may use this information to provide you with interest-based (behavioural) advertising or other targeted content. We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
For more information on our use of these technologies, see our cookie policy which explains how you can opt out of certain non-essential cookies.
If you give us personal data about other people (for example members of your family) then you confirm that they are aware of the information in this Policy about how we will use their personal data.
Our Site is not intended for children under [16] years of age. No one under age 16 may provide any information to or on the Site. We do not knowingly collect personal information from children under 16. If you are under 16, please do not use or provide any information on this Site. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at info@R3SUP.com.
2. How we use your personal information, and the legal basis for doing so
This section includes details of the purposes for which we use personal information and also the different legal grounds upon which we process that personal information. We use personal information to provide you with products you have bought and improve our services and for other purposes that are in our legitimate interests, as well as for compliance purposes. Further information is set out below.
We can only process your personal data on a basis permitted by law. The legal basis will usually be one of the following:
to allow us to take actions that are necessary in order to provide you with our retail services (to perform our contract with you); for example, to despatch to you the products you have bought, through our fulfilment and delivery partners;
necessary to allow us to comply with our legal obligations; for example, to respond to a court order;
necessary for our or your legitimate interests; for example, to help us develop and improve our products and services (further details about this are set out below);
where we have your consent to do so. We only ask for your consent in relation to specific uses of personal information where we need to and, if we need it, we will collect it separately and make it clear that we are asking for consent; or
in the case of special categories of personal data, that it is in the substantial public interest.
Note that we may process your personal information on more than one lawful basis depending on the specific purpose for which we are using your information. You are welcome to contact us for further information on the legal grounds that we rely on in relation to any specific processing of your personal information.
Legitimate interests for use
We use personal information for a number of legitimate interests, including to provide and improve our products and services, administer our relationship with you and our business, for marketing and in order to exercise our rights and responsibilities. More detailed information about these legitimate interests is set out below.
to provide technical and customer support and training and to improve our products, our website and our services to you
to administer our relationship with you, our business and our third-party providers such as Shopify (e.g. to provide financial information or to provide you with information about your order)
to personalise your experience with our services. If you leave our site with your shopping cart full, we may contact you later to suggest you complete the purchase. We may also retain your browsing and usage information to make your searches within our services more relevant and use those insights to target advertising to you online on our websites and apps. Your choices in relation to marketing are explained below.
to deliver and suggest tailored content such as news about new products. We analyse the way you use our website to make suggestions to you for products or services that we believe you will also be interested in, and so that we can make our services more user-friendly
to contact you in relation to, and conduct, surveys or polls you choose to take part in and to analyse the data collected for market research purposes
to provide you with newsletters and other marketing as permitted by law
to meet our internal and external audit requirements, including our information security obligations
to enforce our terms and conditions
to protect our rights, privacy, safety, networks, systems and property, or those of other persons
for the prevention, detection or investigation of a crime or other breach of law or requirement, loss prevention or fraud
to comply with requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, including where they are outside your country of residence
in order to exercise our rights, and to defend ourselves from claims and to comply with laws and regulations that apply to us or third parties with whom we work in order to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or shares.
Where we rely on legitimate interests as a lawful ground for processing your personal information, we balance those interests against your interests, fundamental rights and freedoms. For more information on how this balancing exercise has been carried out, please contact our Compliance Officer.
Special categories of data
We do not knowingly collect special categories of data (also known as sensitive personal data). Examples of these are data concerning health, ethnic or racial origin or religious beliefs. If we were to do so, we would do so on the basis that it was necessary for reasons of substantial public interest, to establish, exercise or defend any legal claims, or in some cases, with explicit consent. In any case, we would carry out the processing in accordance with applicable laws.
Automated Decision Making and Profiling
We do not analyse personal data in relation to our services in a way which involves profiling, which is processing your personal data using software that is able to evaluate your personal aspects and automatically predict risks, interests or outcomes.
We may use the information we have collected from you to enable us to display advertisements to our advertisers' target audiences. Even though we do not disclose your personal information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.
3. Messages to you (including marketing)
We may send you messages (by telephone, post, SMS text and email and other digital means) to help you track your orders and keep you informed about our terms and conditions and features of our website.
We may also send you marketing messages, to inform you about products and services (including those of others) that may be of interest to you. You can ask us to stop or start sending you marketing messages at any time by contacting us (see Contact Us at the beginning of this Privacy Policy) or by following the unsubscribe instructions in our marketing messages.
Consent
We may obtain consent to collect and use certain types of personal data when we are required to do so by law (for example, sometimes when we process sensitive personal data or when we place cookies or similar technologies on devices or browsers). If we ask for your consent to process your personal data, you may withdraw your consent at any time by following the unsubscribe instructions in our communications with you or by contacting us using the details set out in the Contact Us section at the beginning of this Privacy Policy or, if in relation to cookies or similar, as described in the Cookie Policy.
4. Disclosure of personal information
We will treat all your personal information as private and confidential (even when you are no longer a customer). We will not reveal your name, address or any details of your relationship with us to anyone, other than in the following cases:
[R3SUP Pty Ltd] and affiliates in Australia for administrative, accounting and operational purposes.
Our third party service providers. These may include for example:
Squarespace and Cin7, who host our store. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored
Squarespace and Cin7’s data storage, databases and the general Squarespace application. They store your data on a secure server behind a firewall;
those we engage to host and maintain the website and IT systems;
analytics and search engine service providers that assist us in the improvement and optimisation of this website;
those who assist us with or partner with us in marketing campaigns (eg Pinktank);
SMS/telephone provider.
Third parties where we have a duty to or are permitted to disclose your personal information by law (e.g., government agencies, law enforcement, courts and other public authorities);
Third parties where reasonably required to protect our rights, customers, systems and services (e.g. legal counsel and information security professionals).
Before we disclose personal information to a third party, we take steps to ensure that the third party will protect personal information in accordance with applicable privacy laws and in a manner consistent with this Policy. Where required by law third parties sign a data processing agreement with us. They are required to restrict their use of this personal information to the purpose for which the information was provided.
Sometimes the third party will be outside Australia, in which case see section 6 below for more information.
Payments
If you choose a direct payment gateway to complete your purchase, then Squarespace and Cin7 stores your credit card data. [It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS).] Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard and American Express.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Squarespace and Cin7’s Terms of Service or Privacy Statement. Once you leave our store’s website or are redirected to a third party website or application you are no longer governed by this Privacy Policy or our website terms of service.
R3SUP does not hold or have access to the payment information you provide to Squarespace or Cin7 or its payment service providers, such as your credit card or bank account details, although we do have access to the method of payment and card issuer.
5. External links and social media sites
This website and our services may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to
collect or share information about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the Privacy Policy of every website you visit.
Communication, engagement and actions taken through external social media platforms are subject to the terms and conditions as well as the privacy policies of those social media platforms.
This website may use social sharing buttons which help share web content directly from our web pages to the social media platform in question. Where you use such social sharing buttons you do so at your own discretion. You should note that the social media platform may track and save your request to share a web page respectively through your social media platform account. Please note these social media platforms have their own privacy policies, and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these social media platforms.
6. Where we store personal information
If you live in the Australia, the personal information relating to you that we collect may be transferred to, and stored at, locations outside Australia. It may also be processed by staff operating outside Australia who work for us or for one of our service providers. In particular personal data may be accessed by staff at our R3SUP in Australia.
As described in this Privacy Policy, we may also share personal information relating to you with third parties who are located overseas, for business purposes and operational, support and continuity purposes, for example, when we use IT service providers or data storage services.
Countries where personal information relating to you may be stored and/or processed, or where recipients of personal information relating to you may be located, may have data protection laws which differ to the data protection laws in your country of residence. By submitting your personal data, you accept that personal data relating to you may be transferred, stored or processed in this way. We take measures to ensure that any international transfer of information is managed carefully and in accordance with data protection law to protect your rights and interests and in accordance with this Policy.
These measures include:
Transfers of your personal information to countries which are recognised as providing an adequate level of legal protection for personal data;
We have obtained the consent of data subjects to the international transfer of their personal data;
Transfers to organisations where we are satisfied about their data privacy and security standards and protected by contractual commitments such as signing the Standard Contractual Clauses or International Data Transfer Agreements and, where available, further assurances such as certification schemes.
You have the right to ask us for more information about our safeguards. Please contact the Compliance Officer (see the Contact Us section at the beginning of this Privacy Policy).
7. Changes of Business Ownership and Control
We may, from time to time, expand, reduce or sell our business, and this may involve the transfer of certain divisions or the whole business to other parties, such as through a merger, divestiture, restructuring, reorganisation, dissolution, or other sale or transfer of some or all of R3SUP’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding. Personal information relating to you will, where it is relevant to any division so transferred, be transferred along with that division to prospective buyers and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use personal information relating to you for the purposes.
8. Security and data retention
Security
The security of personal data received from or about you is a high priority. We take such steps as are reasonable securely to store personal data regarding you so that it is protected from unauthorised use or access, misuse, loss, modification or unauthorised disclosure. We only use third party service providers (such as Squarespace) whom we are satisfied look after personal data securely and in accordance with privacy laws. This includes both physical and electronic security measures. Examples include:
storing information on secured networks consistent with industry standards, which are only accessible by those employees who have special access rights to such systems;
using industry-standard encryption technologies when transferring or receiving personal data, such as SSL technology;
the use of two factor authentication on accounts with access to data;
adherence to PCI standards by our payment service providers;
restrictions are placed on the electronic transfer of files;
our IT networks undergo regular necessary vulnerability testing to identify and remedy potential opportunities for unauthorised data access; and
robust management of boundary firewalls, access controls, malware protection and patch release processes towards protecting customer data.
Retaining your information
We will only retain your personal information for a period of time that is calculated depending on the type of personal information, and the purposes for which we hold that information.
We will only retain information that enables us to:
provide customer services in relation to orders that have been placed;
maintain business records for analysis and/or audit purposes;
comply with record retention requirements under the law;
defend or bring any existing or potential legal claims;
maintain records of anyone who does not want to receive marketing from us;
deal with any future complaints regarding the services we have delivered or the products we have supplied;
assist with fraud monitoring; or
assess the effectiveness of marketing that we may have sent you.
Our policy is to ensure information is only held for the correct period. We then delete or de-identify your data. The retention period is generally linked to the amount of time available to bring a legal claim, which in many cases is six or seven years following a transaction. We will retain your personal data after this time if we are required to do so to comply with the law, if there are outstanding claims or complaints that will reasonably require your personal data to be retained, or for regulatory or technical reasons. If we do, we will continue to make sure your privacy is protected.
9. Your rights
You have certain rights regarding your personal data. These include the rights to:
request a copy of the personal information we hold about you;
request that we supply you (or a nominated third party) with an electronic copy of the personal information that you have provided us with;
inform us of a correction to your personal information;
exercise your right to restrict our use of your personal information;
exercise your right to erase your personal information; or
object to particular ways in which we are using your personal information (such as automated decision making, or profiling (for example to help us decide what products and services would suit you best); or
understand the basis of international transfers of your information by us.
Where we rely on our legitimate interests to obtain and use your personal information then you have the right to object if you believe your fundamental rights and freedoms outweigh our legitimate interests. Where processing is carried out based upon your consent, you have the right to withdraw that consent.
Your ability to exercise these rights will depend on a number of factors and in some instances, we will not be able to comply with your request e.g. because we have legitimate grounds for not doing so or where the right does not apply to the particular information we hold on you.
You should note that if you exercise certain of these rights we may be unable to continue to provide some or all of our products or services to you (for example where the personal data is required by us to comply with a statutory requirement, or is necessary in order for us to perform our contract with you).
We ask that you contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate.
Please contact the Compliance Officer if you wish to exercise any of your rights.
If you have a concern about the way we are collecting or using personal data relating to you, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Office of the Australian Information Commissioner at https://oaic.gov.au
10. Changes to this Policy
We review and amend our Privacy Policy from time to time. Any changes we make to this Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this Policy. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the website.