This policy should be read in conjunction with DunkingbirdDesigns’ Terms and Conditions.
INFINITE ALCHEMY PTY. LTD. [ACN: 601 570 138; ABN: 90 601 570 138] and trading as DunkingbirdDesigns through the website www.DunkingbirdDesigns.com (“DunkingbirdDesigns” “we” and “us”) offers a service to design custom logos and print custom clothing.
This policy aims to inform you about how we collect, store, use and divulge material about you when you:
- Interact or use our website, including downloading materials from any resources or information pages (the “Website”).
- If you use any of our services or products (the “Services”) in any manner.
You may contact us:
- in writing at PO Box 53, Kippax, ACT, Australia 2615; or
- via email to support [at] DunkingbirdDesigns dot com
DunkingbirdDesigns is a Data Controller.
DunkingbirdDesigns will collect, manage and market to its customers and endeavor to comply with its legal obligations in all jurisdictions as a Data Controller.
The Privacy Principles with which DunkingbirdDesigns complies
By complying with the below privacy laws, DunkingbirdDesigns has done its utmost to be compliant on a global scale to achieve the best possible protection for our customers, and the customers of our customers.
Australian Privacy Principles
The Privacy Act 1988 and Privacy Amendment (Notifiable Data Breaches) Act 2017 (together “Privacy Act) define personal information as “information or an opinion, whether true or not, and whether recorded in a factual form or not, about a recognized individual, or an individual who is realistically identifiable”. The legislation includes thirteen Australian Privacy Principles (APPs), which apply to some private sector organisations, as well as most Australian and Norfolk Island Government agencies.
For full details go to this link: https://www.oaic.gov.au/individuals/privacy-fact-sheets/general/privacy-fact-sheet-17-australian-privacy-principles
To comply with the Australian Privacy Act the following thirteen principles need to be applied:
Principle 1 - Open and transparent management of personal information
Principle 2 - Anonymity and pseudonymity
Principle 3 - Collection of solicited personal information
Principle 4 - Dealing with unsolicited personal information
Principle 5 - Notification of the collection of personal information
Principle 6 - Use or disclosure of personal information
Principle 7 - Direct marketing
Principle 8 - Cross-border disclosure of personal information
Principle 9 - Adoption, use or disclosure of government related identifiers
Principle 10 - Quality of personal information
Principle 11 - Security of personal information
Principle 12 - Access to personal information
Principle 13 - Correction of personal information
GDPR Privacy Principles for the EU Zone
The General Data Protection Regulation (GDPR) is a lawful charter that sets rules for the collection and processing of personal information of individuals within the European Union (EU).
For full details go to this link: https://eugdpr.org
To comply with GDPR the following six principles need to be applied:
Principle 1 - Lawfulness, fairness and transparency
Principle 2 – Purpose Limitation
Principle 3 - Data minimization
Principle 4 - Accuracy
Principle 5 - Storage Limitations
Principle 6 - Integrity and Confidentiality
To optimise your experience interacting with us, DunkingbirdDesigns needs to collect your data. We do not take your trust for granted. As a global business with its headquarters in Australia, we conform our data use to the European Union’s (EU) General Data Protection Regulation (GDPR), which took effect from 25 May 2018. Consequently, in this Policy we clarify what we do, how we do it, your elections, and how we may need your assistance to help you be safe.
- Our Policy’s Aims
- Talk to Us About Your Data
- Disclosing Your Personal Data to Third Parties
- International Transfers of Your Personal Data
- Sharing of Information among DunkingbirdDesigns Group
- Storage, Retention, and Deletion of Your Personal Data
- How You Can Request Deletion
- Effects of Request – How Long Before Deletion and Consequences of Deletion
- Data Security
- Review of Procedures and Policy Updates
- Contacting Us
This policy applies to DunkingbirdDesigns products and services. Please understand that there may be sections below that do not relate to your usage of our website or services.
- Our Policy’s Aims
1.3 Personal data refers to any information relating to an identified or identifiable natural person (“data subject”), where this identification can be made directly or indirectly, by means of identifiers including your name, ID number, email coordinates, phone number, online identifiers such as cookies, your locality, your genetic, economic, cultural or social distinctiveness or other information that is particular to you.
1.4 We do not mean material that only denotes to a business corporation or organization. We also do not mean material that has been "anonymised," either by removing or de-identifying all specific identifiers. Anonymous data is not personal data when the anonymisation is irreversible. When we refer to anonymous data, we mean data that cannot be reversed into personal data.
1.5 As a data controller, we pledge ourselves to shielding the privacy of our website visitors and users of our products and services with respect to the processing of your personal data. Wherever we collect and process your personal data, we will limit the collection and retention to what is suitable, relevant and needed for our purposes and it will be kept in a form which allows for your identification no longer than necessary for the purpose for which we process your personal data. We refer to this as data minimisation.
1.6 Where we store your personal data for longer periods for statistical purposes, as allowed, we will use suitable protections. Appropriate law describes “statistical purpose” as any gathering of personal data, where the consequence of processing is for aggregate data, so the personal data we collect from you is anonymised or pseudonymised. For instance, the processing of your personal data might be for the business-related process of calculating users, products, sales and several metrics. We likewise share statistical data that has been anonymised and aggregated geographically and so, cannot be used to recognise individuals, with third parties for trend analytics.
1.7 Our policy provides you with the lawful bases for the collection of your personal data, lets you know how long personal data is stored and the reasons why, and how in some situations, they are necessary to retain. The length of this retention and how you may choose to request that we delete some or all your personal data and the consequences of the deletion are explained in this policy.
1.8 Some of the lawful bases we rely on are contractual and service necessity, consent, legitimate interests and compliance with legal obligations.
1.9 We want you to have an understanding of how and why we process your personal data so that you can make informed decisions on whether to allow us to retain your personal data or delete them.
Section 2 clarifies your rights under appropriate law and Section 3 lets you know when the Policy relates.
1.10 We endeavor to keep the policy easy to comprehend and transparent, and so we desist from technical data overload. If you desire to have additional particulars on how we process your personal data, please contact us.
- Talk to Us about Your Data
2.1 We attempt to make sure that the users of our products and services continuously have an open line of communication with us. You can contact us at any time if you have any enquiries concerning your personal data and, if European regulation applies to the processing of your data, about your right to request access to, modify, remove or export your data, or object to our processing of your data. You have the right to complain to controlling authorities in your Member State should you feel your privacy has been breached, however we would appreciate it if you contact us first before you approach any authorities or courts. You may submit requests to us at support [at] DunkingbirdDesigns dot com. We will act on your request within one month of receiving a request from you regarding any of your rights as a data subject.
2.2 We process your personal data where it is legal and just for us to do so. The lawful bases we rely for processing your personal data are contractual necessity, consent, legitimate interests and compliance with legal obligations.
2.3 There could be occurrences where you are using our products or services, but we do not have your personal data. In such circumstances, please contact your service provider as this person is the primary controller of your personal data.
3.1 Online activities Personal data collected when you visit our websites or use our products or services
3.2 Phone contacts Personal data collected from you when you call us.
3.3 Offline contacts Personal data collected from you at a "live" or in-person event such as a trade show or promotion.
3.4 Reseller information Personal data, including contact information such as telephone number and email address, collected from our resellers or affiliates.
3.5 Other circumstances Personal data collected from you when you contact us by email, through our website, or any other occasion.
4.1 Third Party Sites – Clicking on a Third-party website URL.
When you are taken to the third-party site, you agree to be ruled by all conditions and policies of the third party and you likewise agree that we are not accountable for any loss or damage you may suffer from your dealings with the third party, or your use of or dependence on any of that party's content. We are not responsible for the privacy governances of third parties. Your use of a third-party site will be ruled by the policies and terms of the third-party site
- Disclosing Your Personal Data to Third Parties
5.1 Disclosure to third parties
We need to reveal your personal data to unconnected third parties in restricted conditions:
- where necessary to satisfy a legitimate government request or order;
- in compliance to a legal requirement by a court of law or in the public interest;
- in response to a third-party subpoena, if we believe on the advice of our attorneys that we are required to respond;
- If we obtain your permission; or
- If necessary to defend ourselves or our users (for example, in a lawsuit).
5.2 We are also required in some limited circumstances to share our users' personal material with third parties. The third party may also convey back to us any new data gotten from you in connection with providing the service or product.
5.3 When you contact us or a third-party service provider working on our behalf, our service provider may propose upgrades to our products or services. Our service provider may also propose products or service that the service provider offers which are not our products or services. In this case, you will be clearly advised that the product or service is offered by the third party and not by DunkingbirdDesigns, and you will be subject to the terms and policies of the third-party service provider.
5.4 We reserve the right to store and use the information collected by our software. We may publish or share that information with third parties that are not part of the DunkingbirdDesigns Group, but we will only ever do so after anonymizing the data.
5.5 Where we employ data processors to process personal information on our behalf, we only do so on the basis that such data processors comply with the requirements under the GDPR and that have adequate technical measures in place to protect personal information against unauthorised use, loss and theft.
- International Transfers of Your Personal Data
6.1 We are a worldwide business which provides its products and services all around the world. In order to reach all of our users and provide all of them with our software, we operate on a platform that covers the globe. The servers that are part of this platform may consequently be positioned in a country not where you live. In some instances, these may be countries outside of the European Economic Area (“EEA”), where the level of protection provided by the laws of these countries may be different than the standard enshrined in the GDPR. Regardless, we provide the same GDPR-level of protection to all personal data. At the same time, when we transfer personal data outside of the EEA, we always make sure to put in place appropriate and suitable safeguards which lawfully obligate the receiving party to follow to a high level of safety, and to ensure that your data remains protected at all times and that your rights are protected. Situations where we transfer personal data outside of the EEA include provision of our products and services, processing of transactions and your payment details, and the provision of support services.
- Sharing of Information Among DunkingbirdDesigns Group
7.1 Our data collection and organization practices do not differ by locality. We adhere to the same “data minimisation” process with all personal data in our control, regardless of the jurisdiction from where it was collected, and irrespective of whether the data is transferred from one member of the DunkingbirdDesigns Group to another.
7.2 We reserve the right to store and use the information collected by our software and to share such information among the DunkingbirdDesigns Group to improve our current and future products and services, to help us progress new products and services, and to enhanced understanding of the behaviour of our users.
7.3 Any reference in this policy to “DunkingbirdDesigns Group” means DunkingbirdDesigns , its, direct and indirect, parent companies and any company that is, directly or indirectly, controlled by or under common control with DunkingbirdDesigns or its parent companies.
- Storage, Retention, and Deletion of Your Personal Data
8.1 Storage of Information
We store info that we collect on our servers or on the servers of our subsidiaries, affiliates, contractors, representatives, contractors, agents, or resellers who are working on our behalf. The data on our servers is accessible via an encrypted connection and is limited to authorised people only.
8.2 Access by our contractors
We and our personnel and agents who are at work on our behalf assume consistent maintenance of your personal data. All third parties need agree to observe the privacy of our users, and to protect the privacy of their personal information. Consequently your personal data cannot be shared with others, and there must be no direct marketing by the third parties.
8.3 Retention and Deletion of Your Personal Data
We retain personal data collected in compliance with the lawful obligation that personal data be retained in a form that allows identification of our data requirements for no longer than is needed for the purposes for which the data is being handled.
We will not keep your personal data in a form that allows you to be identified for longer than reasonably necessary with regards to the purpose for which the information was collected. We will also anonymise and aggregate data to the degree that we can achieve. We may retain online identifiers, location data and other personal data for statistical purposes as permitted under appropriate regulations. We may also adjust the personal data we keep in such a way that you cannot be identified. We will only retain your personal data for extra time following the end of the purpose for which we gathered it when allowed for valid interests or necessary by regulation. Otherwise, your personal data will be automatically deleted from our system once the legal basis for the collection and processing has been fulfilled.
- How You Can Request Deletion
You may request DunkingbirdDesigns to delete your personal data by submitting a request by email to support [at] DunkingbirdDesigns dot com. In some situations and to the degree allowable by law, for example, to provision the service or contract, for compatible use for our legitimate interests, under national tax, contract, criminal, or secrecy laws, we may hold your personal data despite your requests for erasure.
- Effects of Request – How Long Before Deletion and Consequences of Deletion
10.1 Contingent on what you request and how many requests we receive, it is likely for your requests to be actioned from within seven to thirty days.
10.2 If you request the erasure of your data (“right to be forgotten”), we will generally action this within thirty days, which may only include a record in our system that once the lawful basis for processing your personal data has been satisfied, your personal data needs to be punctually deleted.
- Data Security
11.1 Precautions for safety of personal material
We preserve organisational, procedural, and physical precautions for the security of your personal data.
11.2 Administrative safeguards
Right of entry to the personal data of our users is restricted to sanctioned personnel who have a genuine need to know based on their job descriptions. In the case of third-party contractors who process personal information on our behalf, similar requirements are imposed. These third parties are contractually bound by confidentiality clauses, even when they leave. Access is revoked upon their departure.
11.3 Technical safeguards
We keep your personal information in our databases using the shields described above. Third parties who we hire to provide services and who have access to our users' data are required to implement privacy and safety practices that we deem suitable.
11.4 Physical safeguards
Access to user information in our database is not allowed except via encrypted connection by authorised personnel. Physical removal of personal data from our location is prohibited. Third-party contractors who process personal data on our behalf agree to provide practical physical protections.
We try to collect no more personal data from you than is essential by the purpose for which we gather it. This, in turn, diminishes the total risk of harm should data loss or a breach in security happen: the smaller the amount of data we collect, the lesser the total risk.
11.6 Notification in the event of breach
In the improbable event of a break in the security of personal data, we will advise all users who are actually or possibly affected. We may adapt the method of notice dependent on the situations. Where the only contact information that we have for you is an email address, then the notice will be by email. Where we have reason to believe there are affected users for which we have no contact info on file, we may give notice via publication on our company website. We reserve the right to stay notification if we are asked to do so by law administration or other authorities, or if we believe that giving notice straightaway will increase the risk of harm to our user body overall.
- Review of Procedures & Policy Updates
DunkingbirdDesigns reserves the right to amend and update our procedures and this policy as required.
- Contacting Us
UK Privacy Principles
The Data Protection Act 2018 is the UK's implementation of the General Data Protection Regulation (GDPR). Everyone responsible for using personal data has to follow strict rules called “data protection principles”. They must make sure the information is: used fairly, lawfully and transparently.
For full details go to this link: https://www.gov.uk/data-protection
To comply with UK Privacy laws the following eight principles need to be applied:
Principle 1 - Be informed about how your data is being used
Principle 2 - Access personal data
Principle 3 - Have incorrect data updated
Principle 4 - Have data erased
Principle 6 - Stop or restrict the processing of your data
Principle 7 - Data portability (allowing you to get and reuse your data for different services)
Principle 8 - Object to how your data is processed in certain circumstances
What information does DunkingbirdDesigns collect?
We collect a number of types of information, including information that categorizes or may identify you as an individual (“Personal Information”) as clarified in more detail below.
Information You Provide to Us:
We may collect any Personal Information that you choose to send to us or provide to us. If you communicate with us over the Website we will keep a record of our communication. If you telephone us we will keep a record of your telephone number. We collect and store information provided directly to us.
The types of information we may collect directly from our customers and their users include names, usernames, email addresses, postal addresses, phone numbers, transactional information (including Services purchased) in addition to any other contact or other information they elect to provide us or upload to our systems in connection with the Services.
Information We Automatically Collect: If you visit the Website, we collect certain information related to your device, such as your device’s IP address, referring website, what pages your device visited, and the time that your device visited our website.
When you use the Services:
Usage data – we save and track user activity in relation to the types of Services our customers and their users use, the configuration of their computers, and performance metrics related to their use of the Services.
Log information – we log information about our customers and their users when you use one of the Services, including Internet Protocol (“IP”) address.
Data collected by cookies and other similar technologies – we use various technologies to collect data which may include saving cookies to users’ devices. For further information, please read the section below headed “Cookies and other Tracking Technologies”.
How do we use the information?
We will use the information we gather via our Website:
- To administer our Website for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes;
- To improve our Website to ensure that content is presented in the most effective manner for you and for your computer;
- For trend monitoring, marketing and advertising;
- For purposes made clear to you at the time you submit your information to provide you with information you have requested about our Services; and
- As part of our efforts to keep our Website secure.
Our use of your Personal Information may be based on our genuine interest to guarantee network and information safety and for our direct marketing purposes, or you consenting to it.
We might utilise the information we gather from our customers and their users in connection with the Services we provide for a variety of purposes, including to:
- To set up a user account;
- Provide, operate and maintain the Services;
- Process and complete transactions, and send related information, including transaction confirmations and invoices;
- Manage our customer’s use of the Services, respond to enquiries and comments and provide customer service and support;
- Send customers technical alerts, updates, security notifications, and administrative communications;
- Investigate and prevent fraudulent activities, unauthorized access to the Services, and other illegal activities; and
- For any other purposes about which we notify customers and users.
Personal Information will be erased when no longer necessary.
If you withhold your personal information, it may not be possible for us to provide you with our products and services or for you to fully access our website.
How do we share and disclose information to third parties?
We do not rent or sell your Personal Information to anyone.
We may share and disclose information (including Personal Information) about our customers in the following limited circumstances:
We may share your information with third party vendors, consultants and other service providers who we employ to perform tasks on our behalf. These companies include (for example) our payment processing providers, website analytics companies (e.g., Google Analytics), product feedback or help desk software providers, CRM service providers, email service providers, and others.
If DunkingbirdDesigns receives your Personal Information in Australia and subsequently transfers that information to a third party agent or service provider for processing, DunkingbirdDesigns remains responsible for ensuring that such third party agent or service provider processes your Personal Information to the standard required by our Privacy obligations.
You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
We may choose to buy or sell assets, and may share and/or transfer customer information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information could be one of the assets transferred to or acquired by a third party.
DunkingbirdDesigns Group Companies
We may also share your personal data with our parent companies, subsidiaries and/or affiliates for purposes consistent with this Policy.
Protection of DunkingbirdDesigns and Others
We reserve the right to access, read, preserve, and disclose any information as necessary to comply with law or court order; enforce or apply our agreements with you and other agreements; or protect the rights, property, or safety of DunkingbirdDesigns , our employees, our users, or others.
Disclosures for National Security or Law Enforcement
Under certain circumstances, we may be required to disclose your Personal Information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorized access, disclosure, alteration and destruction.
Unfortunately, no company or service can guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. Among other practices, your account is protected by a password for your privacy and security. You must prevent unauthorised access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
Cookies and Other Tracking Technologies
A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first party cookies. We also use third party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts.
- Assisting you in navigation;
- Assisting in registration to our events, login, and your ability to provide feedback;
- Analyzing your use of our products, services or applications;
- Assisting with our promotional and marketing efforts (including behavioral advertising).
You can opt-out of cookie use (except strictly necessary cookies) by adjusting your web browser controls.
Your Privacy Rights
What choices do I have?
You can always opt not to disclose info to us, but keep in mind some info may be needed to register with us or to take benefit of some of our features.
You can opt-out of receiving certain advertising or marketing communications from us at any time, by using the unsubscribe link in the emails communications we send. If you have any account for our Services, we will still send you non-promotional communications, like service related emails.
How Can I Exercise My Data Subject Rights?
If you would like to access, review, update, rectify, and delete any Personal Information we hold about you, or exercise any other data subject right available to you under General Data Protection Regulation (GDPR) or similar, you can email us directly at support [at] DunkingbirdDesigns dot com. Our privacy team will examine your request and respond to you as quickly as possible.
Please note that we may still use any aggregated and de-identified Personal Information that does not identify any individual, and may also retain and use your information as necessary to comply with our lawful responsibilities, resolve disputes, and enforce our agreements.
International Data Transfers
Personal Information submitted to the Website or through the Services is sent our hosted service providers’ cloud servers which may be hosted in a number of different countries. These countries may not have similar data protection laws to those in your country of residence. However, we will always safeguard your information in harmony with this Policy wherever it is processed.
We do not knowingly gather or solicit personal information from anyone under the age of 18. If you are under 18, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under age 18, we will delete that information as fast as possible. If you believe that a child under 18 may have provided us Personal Information, please contact us at support [at] DunkingbirdDesigns dot com.
For your ease, hyperlinks may be posted on the Website that link to other Websites (the “Linked Sites”). We are not responsible for, and this Policy does not apply to, the privacy practices of any Linked Sites or of any companies that we do not own or control. Linked Sites may gather information in addition to that which we gather on the Website. We do not recommend any of these Linked Sites, the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to read the Policy of each Linked Site that you visit to comprehend how the information that is gathered about you is used and secured.
Changes to the Policy
We are constantly trying to improve our Website and Services, so we may need to modify this Policy from time to time as well. We will alert you to material changes by, for example, placing a notice on our Website and/or by sending you an email (if you have registered your e-mail details with us) when we are required to do so by applicable law. You can see when this Policy was last updated by checking the date at the bottom of this page. You are responsible for periodically reviewing this Policy.