At the date of this policy, Glam is not regulated by the Privacy Act 1988 (Cth) (Privacy Act), however we remain guided by the Australian Privacy Principals contained in the Privacy Act (APPs).
Whilst guided by the APPs, we are only bound to the terms of this policy until such time as we become specifically regulated by any applicable law.
- using and engaging our services generally;
- accessing, subscribing to, downloading or using the this website and its services;
- requesting information on, enquiring about, using, receiving or providing feedback in relation to our services (online, in writing, by telephone or in person);
- otherwise providing, or consenting to the collection of, Personal Information by us or our agents or employees,
If you do not agree to us handling your Personal Information in the manner set out in this Policy we may not be able to provide our services to you and you should not provide us with any Personal Information.
What is Personal Information and Sensitive Information?
We follow the definition of Personal Information given in the Privacy Act:
“Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.”
“Sensitive Information means information or an opinion about an individual’s:
- racial or ethnic origin;
- political opinions;
- membership of a political association;
- religious beliefs or affiliations;
- philosophical beliefs;
- membership of a professional or trade association;
- membership of a trade union;
- sexual orientation or practices;
- criminal record;
that is also personal information; or
- health information about an individual;
- genetic information about an individual that is not otherwise health information;
- biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
- biometric templates.
What kinds of Personal Information might we collect and hold?
The Personal Information we may collect, hold and process about you depends upon how you interact with us. This information may vary depending on our specific needs, however, it may include your or that of your employer which you represent:
- name, address, email address, telephone number and other identification information;
- messages, requests, competition entries, reviews, content suggestions and information you input into our website, social media channels or communication channels to access our services or interact with us;
- information about how you interact with us, our staff, or associates online including via social media and email newsletters;
- demographic information such as age or date of birth, location and activities;
- business relationship and history with us;
- business or associated companies or entities;
- messages, emails, voicemail and other correspondence and frequency of enquiries;
- comments and feedback and responses to surveys;
- interaction with websites, including our website;
- information about how you use our website and third party websites;
- what computer configurations and software you use;
- your IP address and / or other device identifying data;
- general preferences and interests;
- billing and credit card information;
- other information required to provide a service or information you have requested from us;
- information collected by cookies, pixels, web beacons and other technologies; and
- any additional information relating to you that you provide to us directly.
How do we collect Personal Information?
We collect Personal Information:
- directly from you for example, when you provide that information to us, we contact you or when you contact us;
- when providing our services;
- when you participate in our services, including marketing or promotional activities;
- from third parties who you have authorised to provide us with information; and
- from publicly available sources such as the internet and social media.
How do we hold and secure your Personal Information?
We store your Personal Information digitally (unless legally required to retain in hard copy format).
All digital material is secured using password protected computers and databases.
We primarily use data storage providers located inside Australia. However some data may potentially be stored overseas, most likely the United States and Singapore, due to the use of third party services from businesses that originate in the United States in addition to services hosted in Singapore. Where appropriate, we have agreements with its storage providers to keep all Personal Information they store secure, using reasonable and appropriate security methods.
We conduct regular audits of our compliance with this Policy and the Act to ensure that our privacy framework is in line with industry best-practice.
Why do we collect, hold, use and disclose Personal Information?
We collect Personal Information for a number of reasons, including:
- writing articles, reviews or news stories;
- providing you or a third party with our services or information about our services;
- sending communications you request or contacting you and responding to your enquiries;
- providing third parties with information about you and your activities for the purpose of providing to you our products and/or services (for instance Mailchip, or equivalent service, for sending our marketing communications);
- ensuring consistency of service across our business and other internal business purposes;
- developing or refining our services as well as tailoring our services;
- notifying you about changes to our website, services, or activities we offer or provide via our website;
- internal business purposes;
- providing you with marketing material or contacting you in relation to our business, networking or promotional activities including forum competitions;
- publishing testimonials you provide us; and
- internal corporate purposes, corporate governance, auditing and record keeping.
Our use of Personal Information may extend beyond the uses described above, but will be restricted to purposes that we consider to be related to our functions and activities.
We do not collect your personal information for the purpose of selling or providing it to third parties to directly market their services to you unless it is disclosed to you in advance (such as if you enter a competition we are running, we will provide your details to the suppliers of the relevant prize or experience).
We may however disclose your personal information as part of a corporate restructure or sale of business, we will however post a notification on our website 14 days prior to any sale or restructure event.
What do we do with your Personal Information?
If we collect Personal Information, we may:
- use that information for the purposes stated in this Policy and directly related purposes;
- store that information in accordance with this Policy;
- pass that information amongst entities we work with, our members, associated organisations, business partners or affiliates;
- pass that information to third parties who provide products or services to us (including our accountants, auditors, lawyers, IT contractors, and other service providers); and
- provide that information to third parties as required by law.
Do you use my information for Direct Marketing?
We may use your Personal Information to communicate directly with you to promote our Services.
We use direct marketing to provide you with information about our Services or third party offerings that we believe you may be interested in.
If you receive direct marketing material from us, and do not wish to continue receiving it, please contact us by any of the methods stated in this Policy, asking to be removed from all future direct marketing programs. Once we have received your opt-out request, we will remove you from our direct marketing programs as soon as reasonably practicable.
What about Cookies, pixels and analytics?
When you access our website or social media channels, or when you use our services and Products, we may receive information about you via automated methods, including (but not limited to) use of a ‘cookie’, a ‘pixel’ or from analytics software.
These are tools that our web server may direct your traffic to, send to your computer, or embed on a website, when you visit our website. These tools help us provide services and Products to you, and to recognise when you re-visit the website, serve you customised content and to optimize your experience.
We generally don’t collect Personal Information through the use of these tools, though we may be able to access your IP address and information about what your computer technology is when using analytical software.
You may be able to change the settings of your browser so that Cookies are not accepted generally or that you are provided with options to accept or reject them as they are sent to your browser.
Do we ever send your information overseas?
We are a Australian based organisation however our data may be stored in cloud back up software (such as MS Outlook 365, Dropbox, Google Drive) which may be potentially be stored overseas, most likely in the United States of America and Singapore. For more details, please refer to How do we hold and secure your Personal Information?
We may upload images and / or footage to our social media accounts of website from time to time. The social media accounts and website may be hosted on an overseas server. Where applicable, in the event that your information is sent overseas, we will use our best endeavours to ensure that any overseas supplier will keep all Personal Information secure.
Can you access your Personal Information or request it be corrected?
You may request access to the Personal Information that we hold about you by contacting us. Upon receiving an access request we may request further details from you to verify your identity.
We reserve the right not to provide you with access to Personal Information if we cannot verify your identity to our reasonable satisfaction. An administrative fee may be charged to cover our costs in providing you with access to your Personal Information. This fee will be explained to you before it has been incurred.
We will respond to your access request within a reasonable period of time by:
- providing you with access to your Personal Information;
- rejecting your access request, and providing you reasons for this rejection.
Access requests may be denied where:
- we believe your request is frivolous or vexatious;
- we are entitled to reject a request by law;
- we are unable to verify your identity; or
- you have not paid the administrative fee (if any).
If you believe that the Personal Information that we hold is inaccurate or otherwise requires correction, you may send us a correction request by contacting us. We will review your Personal Information and respond to the request within a reasonable period of time.
We do not intentionally collect Sensitive Information to provide our Services, however if we do we will only keep your Sensitive Information whilst you consent to us doing so, or if we are required to by law or to protect a legal right. If you want us to delete your Sensitive Information you may request we do so in writing. This may, however, limit our ability to serve and assist you.
What happens if you want to deal with us anonymously or using a pseudonym?
When contacting us, you can do so either anonymously or by using a pseudonym. If you do so, we may not be able to provide you with accurate or useful information, and you may not be able to access a full range of our services. Further, we may not be able to investigate incidents or complaints you have made.
Minors (under 18 years of age)
Our services are not intended to be delivered to any person under 18 years of age (minor). We do not intentionally collect a minor’s personal information and:
- we may not specifically verify a person’s age when they access our Services and we assume that any person who does has sufficient capacity to consent to this policy;
- any person receiving our services later found to be a minor shall have delivery of our Services suspended and any Personal Information deleted, unless we are required to retain it by law;
- any right a minor may otherwise had under this policy with respect to their Personal Information may be exercised by their parent or legal guardian (upon sufficient verification); and
- we encourage parents or guardian to participate in their child’s online security and protection of their Personal Information.
GDRP - Notice
We do not offer our Services to European Union residents, however if you are a resident of the Europe Union and accessed our services then:
- The GDPR is the European Union (EU) data protection law. Australian-based organisations that offer goods or services to persons in the EU or who may access their website. This provision will not apply to a significant portion of the persons who use our site or services.
- From time to time, we may capture or collect personal information that passes through the EU. This might occur, for example, if a person in the EU accesses the Site and we collect analytical data about them, enquiries about our services from the EU, or if one of our customers gives us information about a person in the EU. If this occurs, we will treat the personal information received in accordance with this policy.
Where data is processed or monitored in the EU, you may have additional rights, such as:
- The right to request that we delete your personal information (unless we require that information to comply with a legal obligation, or need it to bring or defend a legal claim);
- The right to restrict our processing of your personal information (where it is inaccurate, would be unlawful to process, or where it has not been deleted due to us needing it to meet a legal obligation);
- Right to data portability (the right to receive your personal information in a readable format);
- The right to object to the processing of personal information; and
- For a complete list of your rights may be viewed here: General Data Protection Regulation (GDPR) – Official Legal Text (gdpr-info.eu)
We also have certain obligation in relation to the management of a data breach, including:
- We must advise the relevant statutory authority of a data breach within 72 hours of becoming aware of the breach; and
- We must advise affected individuals without undue delay where there is a high risk to their rights and freedoms.
Does this Policy ever change?
What happens if you have a question or complaint about how we have handled your Personal Information?
If you have a question or complaint, you can raise it with us by:
We take all complaints seriously and will respond to you within a reasonable period of time, usually 30 days, unless we consider your complaint to be frivolous or vexatious or if we are unable to verify your identity.
If you are not satisfied with the way we have handled your complaint, you can make a complaint to the Office of the Australian Information Commissioner at http://oaic.gov.au.
Effective Date: March 1, 2023