Koéna may collect, use and process personal data relating to the owners, directors and staff (employees and contractors) of our customers. We do this to manage our business activities with customers and to facilitate the supply of products and services under supply contracts.
Koéna is committed to collecting and processing personal data (‘Personal Data’) and sensitive personal data (‘Sensitive Personal Data’) in compliance with the EU General Data Protection Regulations 2018 (the ‘GDPR’).
“Data Access Request” is where you can ask us to provide you with a copy of the Personal Data that we hold about you (Right of Access).
“Data Breach” is a security incident where the integrity of Personal Data is compromised through being destroyed, lost, altered, corrupted, disclosed or accessed by an unauthorised person.
“Data Controller” is a legal person who controls the purposes for which and the means by which Personal Data is used.
“Data Processing” means any operation or set of operations that is performed upon Personal Data or sets of Personal Data whether automated or not including for collection, recording, organisation, structuring, storage, adaption, or alteration, retrieval, consultation, use, disclosure by transmission or for dissemination.
“Personal Data” refers to any information relating to an identifiable natural person who can be identified directly or indirectly. This includes information such as your name, email address, and contact details.
DATA PROTECTION PRINCIPLES
As a Data Controller, we are responsible for compliance with the six GDPR principles which require that Personal Data shall:
- be processed lawfully, fairly and in a transparent way;
- be collected and processed only for specified, explicit and legitimate purposes;
- be processed only to the extent necessary for the purposes we have notified you about;
- accurate and up to date;
- not be kept longer than is necessary for the purposes for which it was processed;
- be processed securely.
PERSONAL INFORMATION WE COLLECT
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically collected information as “Device Information”.
We collect from our customers the following types of Personal Data:
- personal information (name, address);
- email address;
- telephone numbers;
- payment information;
- product and/or service details
- interactions including any communications or activity;
We collect Device Information using the following technologies:
“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, click here.
“Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
“Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.
Additionally when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers and information required for other payment types), email address, and phone number. We refer to this information as “Order Information”.
HOW WE COLLECT PERSONAL DATA AND OUR PRIVACY NOTICE
We collect and process your Personal Data when you engage with Koéna for business purposes. We will provide you with a Privacy Notice when you interact with us and we collect your Personal Data.
Our Privacy Notice will include the purpose of processing the Personal Data; which categories of Personal Data we will need to process; who will receive the Personal Data (including if the Personal Data needs to be shared outside of the EU); how long we will keep your Personal Data; your rights in terms of accessing your Personal Data; the consequences of failing to provide the Personal Data and details of any automated decision-making based on the Personal Data you provide. We collect your Personal Data through a range of methods:
- when you contact us via telephone, email, social media or fax;
- customer surveys or competitions
- update requests based the products we provide;
- website and online software enquiry forms;
- events and seminars;
- marketing updates either by electronic means or post.
THE TYPES OF NON-PERSONAL DATA WE COLLECT
We collect non-Personal Data from you when you visit our websites or our social media pages. The information collected is generally anonymous traffic data and may include your IP address, browser type, device information, and language. The information that we collect is in aggregate form so that it cannot identify any individual user.
We use technologies and third-party services that use Google Analytics, pixels, tags and web beacons (code snippets) on our website to improve user experience, the supply of our products and to analyse how our website is used.
DATA ACCESS REQUEST (RIGHT OF ACCESS)
It is important that the Personal Data we hold about you is accurate and up to date. Please keep us informed of any changes to your data.
We comply with your rights under the GDPR (subject to the grounds set out in the GDPR and applicable law) that permit you:
- to be informed as to how your Personal Data is being used;
- to access your Personal Data and to know specifically what information is held about you and how it is processed, where and for what purpose (we will provide you a copy of your Personal Data in electronic format free of charge if requested);
- to rectify your Personal Data if it is inaccurate or incomplete;
- to erase your Personal Data (also known as ‘the right to be forgotten’) if you wish to delete or remove your Personal Data;
- to restrict Data Processing of your Personal Data;
- to retain and reuse your Personal Data for your own purposes (Personal Data portability);
- to object to your Personal Data being used; and
- to object against automated decision making and profiling.
You can contact us any time to exercise your rights under the GDPR including as to:
- request access to Personal Data that we hold about you;
- to correct any Personal Data that we hold about you;
- delete Personal Data that we hold about you; or
- opt out of emails, marketing, and any other notifications that you receive from us.
We may ask you to verify your identity before acting on any of your requests. All Data Access Requests will be processed within one (1) month and will be provided in a digital format free of charge. If you have any questions about the collection and storage of data, please contact us at the details set out below.
HOW DO WE USE YOUR PERSONAL INFORMATION?
We use the Order Information that we collect generally to fulfil any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
- Communicate with you;
- Screen our orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimise our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns). Other uses include advertising and retargeting.
SHARING YOUR PERSONAL DATA WITH THIRD PARTIES
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store you can read more about how Shopify uses your Personal Information here:
We also use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here.
You can also opt-out of Google Analytics here.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Personal Data is processed and shared with third parties in the following ways:
- third-party service providers that securely hold your data;
- to provide marketing and survey material to you (either by electronic means or post);
- third-party service providers for logistics or services;
- external HR specialists including reference and DBS related checks;
- courier service companies;
- external debt collection agencies;
- regulators and law enforcement agencies;
- with our legal representatives.
When we use third parties to process your Personal Data on our behalf, we ensure that the Data Processing is pursuant to our documented instructions and in accordance with the legal basis for the processing.
We only employ third-party data processors that are compliant with the GDPR requirements and that have sufficient security measures in place to protect and safeguard your data.
If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our subscriber databases, together with any Personal Data and non-Personal Data contained in those databases.
HOW WE SECURE YOUR PERSONAL DATA AND DATA BREACH
We are committed to ensuring that the data you provide to us is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
Your data will be securely stored, and all precautions will be taken to protect your data. Where possible, limitations are placed on the printing of personal data. Where this is unavoidable, data is stored in locked filing cabinets, within locked offices. Electronic data is held as follows:
- Password protected spreadsheets
- Password protected drives
- Access controlled systems
We will only hold your data for as long as is necessary to fulfil the purpose for which it was collected. Periods of data retention will apply differently for each specific category of data. You will be informed of how long your data will be stored in the Privacy Notice issued to you at the time your data is collected or processed.
You can also review the Company’s data register to find out more information about the data retention period for categories of data that are stored before the data is securely destroyed.
We have in place Data Breach response procedures to deal with any actual or suspected Data Breach including where we are obliged to report Data Breach to the relevant regulator within 72 hours of us becoming aware of a Data Breach. We will notify you and the applicable regulator of a Data Breach where we are legally required to do so.
You should report any actual or suspected breaches to our Data Protection Officer for investigation in the contact us section of this policy.
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by using the links below:
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/
DO NOT TRACK
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
Additionally, if you are a European resident, we note that we are processing your information in order to fulfil contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
When you place an order through the Site, we will maintain your Order Information for our records unless and until you ask us to delete this information.
For more information about our privacy practices, please contact us by e‑mail at firstname.lastname@example.org or by mail using the details provided below:
Re: Privacy Compliance Officer
34 Cahill Street,
© 2020 Koéna (XCuro Joint Venture Pty Ltd.). All rights reserved. XCuro Joint Venture Pty Ltd (ABN 80 608 286 273), 34 Cahill Street, Dandenong South VIC 3175, Australia.