Website Privacy Policy
This Privacy Policy applies to all personal information collected by EIZ Pty Ltd, its subsidiaries and affiliates in Australia (collectively “EIZ”) through EIZ websites, services, online and mobile products, and any other apps or services and applications that reference this Privacy Policy (together “Services”). This Privacy Policy does not apply to any products, services, websites, or content that are offered by third parties or have their own privacy notice.
In this Privacy Policy, “we” and “us” refers to EIZ and “you” and “your” refers to any individual and/or entities that they represent about whom we collect personal information.
-
What information do we collect?
We collect your personal information in the course of providing Services to you. Personal information includes identifiable information about you or an opinion, such as your name, email, address, contact number, bank account details, payment information, support inquiries and community comments.
-
How we collect your personal information
We may collect your personal information as follows:
-
Information you give us: We receive and store any information you provide in relation to our Services. You can choose not to provide certain information, but then you might not be able to benefit from some or all of our Services.
-
Information we collect automatically: We automatically collect and store certain types of information about your use of our Services, including information about your interaction with content and services available through our Services. Like many other websites, we use “cookies” and other similar tracking technologies, and we obtain certain types of information when your web browser or device accesses our Services and other content served by or on behalf of EIZ on other websites.
-
Information from other sources: We might receive information about you from other sources such as publicly available materials or trusted third parties including our marketing or research partners. We may also collect information such as updated delivery and address information from our carriers, which we use to supplement or correct records to better inform, personalise and improve our Services or to validate the information you provide. With regard to your information received by us from third parties, please contact third parties should you have any inquiries.
-
Purpose of collection
We collect personal information from you that is reasonably necessary to carry out our business, to provide and continually improve our Services to all our users and to assess and manage user needs.
The purpose for which EIZ usually collects and uses personal information may depend on the nature of your interaction with us and include:
-
Information you give us: We receive and store any information you provide in relation to our Services. You can choose not to provide certain information, but then you might not be able to benefit from some or all of our Services.
-
EIZ Services: We use your personal information to provide and deliver our Services and process transactions, including subscriptions, purchases and payments.
-
Communicate with you: We use your personal information to communicate with you about products and services, promotional offers and marketing material, notice (including notices about updates) and Services in general via diverse channels (e.g. by phone, e-mail, customer support) and to respond to your requests or inquiries.
-
Provide, troubleshoot and improve EIZ Services: We use your personal information to provide functionality, analyse performance, request feedback, fix errors in, provide support for and improve usability and effectiveness of the Services whether via website, e-mail, in-app support or otherwise.
-
Protect: We collect your personal information to detect and prevent fraud or abuse and ensure that everyone uses EIZ websites and Services in accordance with our Terms and Conditions.
-
Recommend and Personalise: We use your personal information to recommend features, products, and services that might be of your interest, identify your preferences and personalise your experience with our Services.
-
Advertise: We use your personal information to display interest-based ads for features, products, and services that might be of your interest, through EIZ websites and Services or through third party websites and their platforms.
-
Comply with legal obligations: We may collect, use and retain your personal information in compliance with our legal obligations (e.g. bank account details for identity verification).
-
Analyse, aggregate and report: We may use your personal information to produce aggregated and anonymised analytics and reports, which we may share publicly or with third parties.
-
Does EIZ share your personal information?
We share your information only as described below and with parties that either are subject to this Privacy Notice or follow practices at least as protective as those described in this Privacy Notice.
-
4.1 External service providers: We employ other companies and individuals to perform functions on our behalf. Examples include, but are not limited to, fulfilling orders for products and services, delivering packages, sending postal mail and e-mail, tracking what you are selling online, removing repetitive information from customer lists, analysing data, providing marketing assistance, providing search results and links (including paid listings and links), processing payments, transmitting content, scoring, assessing and managing credit risks and providing customer services. These external service providers have access to personal information needed to perform their functions, but may not use it for other purposes. These service providers may be located in other countries.
-
Business transfers: We might sell or buy other businesses or services. In such transactions, your information generally is one of the transferred business assets but remains subject to any pre-existing Privacy Notice to the extent you consented. Also, in the unlikely event that EIZ or substantially all of its assets are acquired, customer information will of course be one of the transferred assets.
-
Protection of EIZ and others: We release account and other personal information when we believe disclosure is appropriate to comply with the applicable law; enforce or apply our Terms and Conditions and other agreements; or protect the rights, property, or safety of EIZ, our users, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.
-
Other than as set out above, we will only disclose your personal information after giving notice to you of our intention to do so and with your consent, or as permitted or required by law.
-
Security, storage and duration
-
Security is a priority for us when it comes to your personal information. We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal information.
-
We use Amazon Web Services (AWS) to keep electronic data, including personal information, safe. We also use locked storage to keep hard copies of information on our premises safe.
-
In addition to the above, our employees also take steps to ensure that personal information is kept safe and secure. This includes but is not limited to, the following:
-
limiting access to any personal information subject to authorisation and based on the position held in EIZ. Access is controlled by password.
-
keeping files tidy and organised. All physical documents are digitised and stored electronically with firewall and password protection, and any hard copy is stored in locked storage with limited access to EIZ management and accounting.
-
using only approved applications and services on devices, including without limitation computers, mobile phones, tablets, and following all reasonable instructions or guidance given by EIZ management when dealing with personal information.
-
Whilst we are committed to protecting the security of your personal information, it is also important for you to protect against unauthorised access to your password and to your computers, devices, and applications. Be sure to log out when finished using a shared device.
-
We will not retain any personal information (or any documents or records containing personal information, electronic or otherwise) for any period longer than is necessary for the purposes set out in this Privacy Policy or to be in compliance with the law. Your personal information will be stored in accordance with applicable data protection laws.
-
The retention of personal information may depend on:
-
Necessity for ongoing business: We store your personal information to fulfil agreements with you, maintaining and improving the performance of our Services, keeping our systems secure, and maintaining appropriate business and financial records. Most of our storage duration depends on the basis of this general rule.
-
Statutory, contractual or other similar obligations: We may retain your personal information in accordance with our legal obligations. It may also be necessary to retain your personal information with regard to pending or future legal disputes. Personal information contained in contracts, notifications and business letters may be subject to statutory storage obligations.
-
Consent-based processing of personal information: If we process personal information with consent, we store the personal information for the duration in correspondence with your consent.
-
When your personal information is no longer needed, it will be destroyed or de-identified and stored in accordance with our Data Retention Policy and practice. Information is de-identified when the information is no longer about an identifiable individual or an individual who is reasonably identifiable.
-
Access to your personal information
-
Depending on your data choices, certain services may be limited or unavailable.
-
You can access, update and delete certain information about your account with EIZ. You have the right to seek correction of inaccurate personal information. When you update or delete any information, we usually keep a copy of the prior version for our records.
-
Subject to any restrictions, you may withdraw your consent or object to our processing of your personal information.
-
You can withdraw your consent to receive promotional or marketing communications at any time. The withdrawal of consent has no effect on the lawfulness of usage of your personal information based on consent before your withdrawal.
-
If you have any inquiries or complains as to how your personal information is being collected or used, please contact us via enquiry@eiz.com.au. We will review and investigate your inquiry or complain and endeavour to respond to you within a reasonable time.
-
Overseas transfer
Your personal information may be transferred or stored overseas for a variety of reasons. It is not possible to identify each and every country to which your personal information may be sent.
-
If your personal information is sent to a recipient in a country with data protection laws which are at least substantially similar to the Australian Privacy Principles in Schedule 1 of the Privacy Act 1988 (Cth), and where there are mechanisms available to you to enforce protection of your personal information under that overseas law, we will not be liable for a breach of the Australian Privacy Principles if your personal information is mishandled in that jurisdiction.
-
If your personal information is transferred to a jurisdiction which does not have data protection laws as comprehensive as Australia's, we will take reasonable steps to secure a contractual commitment from the recipient to handle your information in accordance with the Australian Privacy Principles.
-
Data breaches
-
A data breach occurs when there is an unauthorised access or disclosure of personal information held by EIZ, or when personal information is lost. Data breaches can occur due to malicious action (e.g. hackers), human error, or a failure in information handling or security systems.
-
Within 30 days of becoming aware of a potential data breach, we will assess whether an eligible data breach has occurred. An eligible data breach occurs when:
-
there is a data breach (see clause 9.1 for what constitutes a data breach);
-
the data breach is likely to result in serious harm to one or more individuals;
-
EIZ has been unable to prevent the likely risk of serious harm.
-
Serious harm can include serious physical, psychological, emotional, financial or reputational harm. EIZ takes the following factors into consideration:
-
the nature of the data;
-
the sensitivity of the data;
-
whether the information is protected by any security measures and if so, the likelihood that these security measures could be overcome;
-
the kinds of persons who could have accessed the information and whether they may intend to cause harm to the individual;
-
the likelihood that the person who obtained the information intend to cause harm and have obtained (or could obtain) information to circumvent any security technology;
-
nature of the harm;
-
any other relevant matters
-
In assessing whether an eligible data breach occurred, EIZ shall consider the circumstances of the data breach including the following factors:
-
Whose personal information was involved in the breach?
-
How many individuals were involved?
-
Do the circumstances of the data breach affect the sensitivity of the personal information?
-
How long has the information been accessible?
-
Is/was the personal information adequately encrypted, anonymised or otherwise not easily accessible?
-
What parties have gained or may gain unauthorised access to the personal information?
-
Regardless of whether an eligible data breach has occurred or not, we will take steps to reduce the likelihood of harm to affected individuals caused by a data breach. The steps to be taken depend on a case by case basis, but includes recovering or electronically securing the information or notifying the affected individual and assisting them. If we take remedial actions and are satisfied there is no risk of harm, it is not an eligible data breach.
-
However, if despite remedial actions, we have reasonable grounds to believe there is an eligible data breach, we will notify the affected individuals and the Office of the Australian Information Commissioner. This notification will contain our contact details, a description of the breach, the information concerned and recommended steps for individuals. If it is impractical to contact the affected individuals, we will take all reasonable steps to publicise a statement about the data breach.
-
8.7 If we hold personal information jointly with another entity, both entities are responsible for complying with the requirements under the Privacy Act 1988 (Cth) about data breaches. If we become aware of a potential or actual data breach regarding information held jointly with another entity, we will liaise with the other entity to determine which entity should take the steps outlined in this clause 9 to comply with the Act in relation to the data breach.
-
How to contact us about privacy
If you have any queries, or if you seek access to your personal information, or if you have a complaint about our privacy practices, you can contact us via enquiry@eiz.com.au.