In this Privacy Policy, ‘us’ ‘we’ or ‘our’ ‘HOOKAH FRUITS™’ means HOOKAH FRUITS PTY LTD (ABN 72634247984) and (ACN 634 247 984). We are committed to respecting your privacy. Our Privacy Policy sets outs out how we collect, use, store and disclose your personal information. We are bound by the Australian Privacy Principles contained in the Privacy Act. By providing personal information to us, you consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us. We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy. Personal information includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details. Further specific details in relation to how we handle the personal information of individuals located in certain jurisdictions outside of Australia are set out at the end of this Privacy Policy. We recommend you review this Privacy Policy in full to determine if any such additional terms apply to you.

We may collect the following types of personal information:

  • name;
  • mailing or street address;
  • email address;
  • telephone number and other contact details;
  • age or date of birth;
  • your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
  • details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries;
  • any additional information relating to you that you provide to us directly through our website or app or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information;
  • information you provide to us through customer surveys; or
  • any other personal information that may be required in order to facilitate your dealings with us. 

We may collect these types of personal information either directly from you, or from third parties. We may collect this information when you: 

  • register on our website or purchase our goods or services;
  • communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites;
  • interact with our sites, services, content and advertising; or
  • invest in our business or enquire as to a potential purchase in our business.

In addition, when you apply for a job or position with us, we may collect certain information from you (including your name, contact details, working history and relevant records checks) from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract. This Privacy Policy does not apply to acts and practices in relation to employee records of our current and former employees, which are exempt from the Privacy Act.

We may collect, hold, use and disclose your personal information for the following purposes:

  • to enable you to access and use our website or goods and services, or to attend an event we conduct;
  • to operate, protect, improve and optimise our website, services, products, events, business and our users’ and clients’ experience, such as performing analytics, conducting research and advertising and marketing;
  • to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and the information requested by you;
  • to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
  • to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by our business partners or us;
  • to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
  • to consider your employment application. 

We may also disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.

We and/or our carefully selected business partners may send you direct marketing communications and information about our services and products. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act. You may opt out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (eg an unsubscribe link).

We may disclose personal information for the purposes described in this privacy policy to:

  • our employees and related corporate bodies;
  • our clients to the extent you attend an event we conduct on their behalf or engage with a product or service we manage on their behalf;
  • third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you);
  • professional advisers, dealers and agents;
  • academics and other third parties who we engage to perform analysis on our products and services for the purposes of improving those products and services;
  • payment systems operators (eg merchants receiving card payments); 
  • our existing or potential agents, business partners or partners;
  • our sponsors or promoters of any competition that we conduct via our services;
  • anyone to whom our assets or businesses (or any part of them) are transferred;
  • specific third parties authorised by you to receive information held by us; and/or
  • other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.

You agree that we may compile and deidentify data that we hold (including personal information), and may use such de-identified data for any purpose. We will comply with OAIC Guidelines in connection with any deidentification.

We may disclose personal information outside of Australia to our related bodies corporate, to clients, or to third-party services providers, including cloud providers and customer management services providers located in the United States. We will, however, take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with the Australian Privacy Principles.

You have the right to access the Personal Information we hold about you, and to require the correction, updating and blocking of inaccurate and/ or incorrect data by sending an email to us. We will usually respond to your request within 7 Business Days. You may also request the deletion or destruction of your Personal Information, your Account details or your Transaction details by sending an email to us. The Company will act on your request only when it is not inconsistent with its legal and regulatory obligations and compliance procedures. Upon your written request, we will inform you of the use and general disclosure of your Personal Information. Depending on the nature of your request, there may be a minimal charge for accessing your Personal Information. Also,  We may also need to verify your identity when you request your personal information.

If you think that any personal information we hold about you is inaccurate, please contact us, and we will take reasonable steps to ensure that it is corrected.

We may collect non-personal identification information about you whenever you interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about your means of connection to our Site, such as the operating system and the Internet service providers you use and other similar information.

HOOKAH FRUITS™ has the discretion to update this privacy policy at any time. When we do, we will send you an email. We encourage you to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. HOOKAH FRUITS™ reserve the right to refuse service to anyone for any reason at any time.

We will hold your information for as long as you authorise us by maintaining an active account or remaining on our mailing list. We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information and order information stored via our Site. While HOOKAH FRUITS™ takes precautions to secure your data, if there is a security issue, we will alert you of this fact.

If an account is deleted, we’ll still need to hold on to some information about past orders for our own records.

We use third-party providers to process your payments which are PayPal and ZipPay. You will require to provide your banking information directly to them. HOOKAH FRUITS PTY LTD does not store any Credit or Debit Card information.

We may collect personal information about you when you use and access our website. While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer. We may also use ‘cookies’ or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other devices. They enable the entity that puts the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser, but our websites may not work as intended for you if you do so. We may also use cookies to enable us to collect data that may include personal information. For example, where a cookie is linked to your account, it will be considered personal information under the Privacy Act. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy. We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information. For example, we only allow access to personal information on a need-to-know basis, and we secure all physical files. However, we cannot guarantee the security of your personal information.

There may be links from our Site to other sites and resources provided by third parties. This Privacy Policy applies only to this Website. Accessing those third-party sites or sources requires you to leave our Site. We do not control those third-party sites or any of the content contained therein, and you agree that we are in no way responsible or liable for any of those third-party sites, including, without limitation, their content, policies, failures, promotions, products, services or actions and/ or any damages, losses, failures or problems caused by, related to or arising from those sites. We encourage you to review all policies, rules, terms and regulations, including the privacy policies, of each site that you visit.

We will disclose certain information to our benefits partners so that you may obtain any benefits available to you. This information varies between our benefits partners but includes information such as account or membership numbers, your name, and your use of HOOKAH FRUITS™’s service. We will also share aggregate information with our benefits partners so that we can monitor our relationship with them.

If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.

The following provisions may apply to you depending on the jurisdiction in which you reside. We recommend you review these sections in full to determine whether any of these terms apply to you.

If you have any questions, comments, or concerns regarding our Privacy Policy and/ or practices as it or they relate to the Platform, please contact us. If you have a complaint about how your Personal Information has been used, please send us an e-mail to [email protected].

This section applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA), and any terms defined in the CCPA have the same meaning when used in this notice.

Our Website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). We have collected the following categories of personal information from its consumers within the last twelve (12) months:

Category Examples Collected
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.  Yes
B. Personal information categories are listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). 

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Some personal information included in this category may overlap with other categories.

 Yes
     
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.  Yes
     
F. Internet or other similar network activity.  Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.  Yes
     

We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from you when you provide it to us;
  • Automatically as you use the Websites. Automatically collected information may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies; and
  • From third parties, such as our business partners
We may use, sell (as defined in the CCPA), or disclose the personal information we collect for one or more of the following business purposes:
  • To fulfil or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about products or services from one of our partners, we will provide the partner with that personal information to respond to your inquiry. 
  • To provide, support, personalize, and develop our Website, products, and services.
  • To create, maintain, customize, and secure your account with us.
  • To process your requests.
  • To provide you with support and to respond to your inquiries, including investigating and addressing your concerns and monitoring and improving our responses.
  • To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
  • To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
  • For testing, research, analysis, and product development, including to develop and improving our Website, products, and services.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Website users is among the assets transferred.

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Once we receive and confirm your verifiable request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you.
  • If we sold or disclosed your personal information for a business purpose:
    • sales, identifying the personal information categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

You have the right to request that we delete from our records any of the personal information that we collect and retain, subject to certain exceptions. Once we receive and confirm your verifiable request, we will delete your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  1. Complete the transaction for which we collected the personal information.
  2. Provide you with notices about your account, including expiration and renewal notices.
  3. Carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
  4. Fulfill any other purpose for which you provided it.
  5. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  6. Debug products to identify and repair errors that impair existing intended functionality.
  7. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  8. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  9. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent.
  10. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  11. Comply with a legal obligation and any relevant laws, regulations, ordinances, rules, directives, or statutes.
  12. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by emailing your request to [email protected].

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We endeavour to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 additional days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

If you are 16 years of age or older, you have the right to direct us not to sell your personal information at any time (the “right to opt-out”). We do not sell (as defined in the CCPA) the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt out of future sales at any time.

To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by emailing [email protected].

Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back into personal information sales at any time by emailing your request to [email protected].

You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services;
  • Charge you, or suggest you may be charged, for services;
  • Impose penalties;
  • Provide you with a different level or quality of services.

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected].

If you are from the European Economic Area (EEA), our legal basis for collecting and using the personal information described in this Privacy Policy depends on the personal information we collect and the specific context in which we collect it.

We may process your personal information because:

  • We need to perform a contract with you
  • You have given us permission to do so
  • The processing is in our legitimate interests, and it is not overridden by your rights
  • For payment processing purposes
  • To comply with the law

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete or limit the use of your personal information.

If you wish to be informed about what personal information we hold about you and if you want it to be removed from our systems, please contact us.

In certain circumstances, you have the following data protection rights:

The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request the deletion of your personal information directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.

The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.

The right to object. You have the right to object to our processing of your personal information.

The right of restriction. You have the right to request that we restrict the processing of your personal information.

The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.

The right to withdraw consent. You also have the right to withdraw your consent at any time when we relied on your consent to process your personal information.

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your personal information. For more information, please contact your local data protection authority in the European Economic Area (EEA).

______________________

This Privacy Policy (together with our Terms of Use and Sale) governs our collection, processing and use of your Personal Information.

Effective: 1st Feb 2023