Personal information includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details.
What personal information do we collect?
We may collect the following types of personal information:
- mailing or street address;
- email address;
- telephone number and other contact details;
- age or date of birth;
- your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
- details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries;
- any additional information relating to you that you provide to us directly through our website or app or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information;
- information you provide to us through customer surveys; or
- any other personal information that may be required in order to facilitate your dealings with us.
We may collect these types of personal information either directly from you, or from third parties. We may collect this information when you:
- register on our website or purchase our goods or services;
- communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites;
- interact with our sites, services, content and advertising; or
- invest in our business or enquire as to a potential purchase in our business.
Why do we collect, use and disclose personal information?
We may collect, hold, use and disclose your personal information for the following purposes:
- to enable you to access and use our website or goods and services, or to attend an event we conduct;
- to operate, protect, improve and optimise our website, services, products, events, business and our users’ and clients’ experience, such as performing analytics, conducting research and advertising and marketing;
- to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and the information requested by you;
- to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
- to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by our business partners or us;
- to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
- to consider your employment application.
We may also disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.
Do we use your personal information for direct marketing?
We and/or our carefully selected business partners may send you direct marketing communications and information about our services and products. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act. You may opt out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (eg an unsubscribe link).
To whom do we disclose your personal information?
- our employees and related corporate bodies;
- our clients to the extent you attend an event we conduct on their behalf or engage with a product or service we manage on their behalf;
- third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you);
- professional advisers, dealers and agents;
- academics and other third parties who we engage to perform analysis on our products and services for the purposes of improving those products and services;
- payment systems operators (eg merchants receiving card payments);
- our existing or potential agents, business partners or partners;
- our sponsors or promoters of any competition that we conduct via our services;
- anyone to whom our assets or businesses (or any part of them) are transferred;
- specific third parties authorised by you to receive information held by us; and/or
- other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
You agree that we may compile and deidentify data that we hold (including personal information), and may use such de-identified data for any purpose. We will comply with OAIC Guidelines in connection with any deidentification.
Disclosure of personal information outside Australia
We may disclose personal information outside of Australia to our related bodies corporate, to clients, or to third-party services providers, including cloud providers and customer management services providers located in the United States. We will, however, take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with the Australian Privacy Principles.
Access and Changing of Personal Information
You have the right to access the Personal Information we hold about you, and to require the correction, updating and blocking of inaccurate and/ or incorrect data by sending an email to us. We will usually respond to your request within 7 Business Days. You may also request the deletion or destruction of your Personal Information, your Account details or your Transaction details by sending an email to us. The Company will act on your request only when it is not inconsistent with its legal and regulatory obligations and compliance procedures. Upon your written request, we will inform you of the use and general disclosure of your Personal Information. Depending on the nature of your request, there may be a minimal charge for accessing your Personal Information. Also, We may also need to verify your identity when you request your personal information.
If you think that any personal information we hold about you is inaccurate, please contact us, and we will take reasonable steps to ensure that it is corrected.
Non-personal Identification Information
We may collect non-personal identification information about you whenever you interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about your means of connection to our Site, such as the operating system and the Internet service providers you use and other similar information.
Storing Your Information
We will hold your information for as long as you authorise us by maintaining an active account or remaining on our mailing list. We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information and order information stored via our Site. While HOOKAH FRUITS™ takes precautions to secure your data, if there is a security issue, we will alert you of this fact.
If an account is deleted, we’ll still need to hold on to some information about past orders for our own records.
Your Banking Information
We use third-party providers to process your payments which are PayPal and ZipPay. You will require to provide your banking information directly to them. HOOKAH FRUITS PTY LTD does not store any Credit or Debit Card information.
Web Browser Cookies
We may collect personal information about you when you use and access our website.
While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
We may also use ‘cookies’ or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other devices. They enable the entity that puts the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser, but our websites may not work as intended for you if you do so.
We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information. For example, we only allow access to personal information on a need-to-know basis, and we secure all physical files. However, we cannot guarantee the security of your personal information.
We will disclose certain information to our benefits partners so that you may obtain any benefits available to you. This information varies between our benefits partners but includes information such as account or membership numbers, your name, and your use of HOOKAH FRUITS™’s service. We will also share aggregate information with our benefits partners so that we can monitor our relationship with them.
Making a complaint
If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
Additional provisions in respect of jurisdictions outside Australia
The following provisions may apply to you depending on the jurisdiction in which you reside. We recommend you review these sections in full to determine whether any of these terms apply to you.
Your California Privacy Rights
This section applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA), and any terms defined in the CCPA have the same meaning when used in this notice.
Information We Collect
Our Website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). We have collected the following categories of personal information from its consumers within the last twelve (12) months:
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||Yes|
|B. Personal information categories are listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories.
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Yes|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||Yes|
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you when you provide it to us;
- Automatically as you use the Websites. Automatically collected information may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies; and
- From third parties, such as our business partners
Use of Personal Information
We may use, sell (as defined in the CCPA), or disclose the personal information we collect for one or more of the following business purposes:
- To fulfil or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about products or services from one of our partners, we will provide the partner with that personal information to respond to your inquiry.
- To provide, support, personalize, and develop our Website, products, and services.
- To create, maintain, customize, and secure your account with us.
- To process your requests.
- To provide you with support and to respond to your inquiries, including investigating and addressing your concerns and monitoring and improving our responses.
- To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improving our Website, products, and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Website users is among the assets transferred.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
Once we receive and confirm your verifiable request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you.
- If we sold or disclosed your personal information for a business purpose:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete from our records any of the personal information that we collect and retain, subject to certain exceptions. Once we receive and confirm your verifiable request, we will delete your personal information from our records, unless an exception applies.
Why We May Deny Your Request
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information.
- Provide you with notices about your account, including expiration and renewal notices.
- Carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
- Fulfill any other purpose for which you provided it.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation and any relevant laws, regulations, ordinances, rules, directives, or statutes.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by emailing your request to [email protected].
What We May Need From You
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Response Timing and Format
We endeavour to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 additional days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales Opt-Out and Opt-In Rights
If you are 16 years of age or older, you have the right to direct us not to sell your personal information at any time (the “right to opt-out”). We do not sell (as defined in the CCPA) the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt out of future sales at any time.
To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by emailing [email protected].
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back into personal information sales at any time by emailing your request to [email protected].
You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services;
- Charge you, or suggest you may be charged, for services;
- Impose penalties;
- Provide you with a different level or quality of services.
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected].
Legal Basis for Processing Personal Information under the General Data Protection Regulation (GDPR)
We may process your personal information because:
- We need to perform a contract with you
- You have given us permission to do so
- The processing is in our legitimate interests, and it is not overridden by your rights
- For payment processing purposes
- To comply with the law
Your Data Protection Rights under the General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete or limit the use of your personal information.
If you wish to be informed about what personal information we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request the deletion of your personal information directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
The right to object. You have the right to object to our processing of your personal information.
The right of restriction. You have the right to request that we restrict the processing of your personal information.
The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time when we relied on your consent to process your personal information.
Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your personal information. For more information, please contact your local data protection authority in the European Economic Area (EEA).
Effective: 1st Feb 2023