ALL ABOUT SECURITY & PRIVACY
Blanc Canvas Store uses the Shopify Payment Gateway for its online credit card transactions. Shopify Payments processes online credit card transactions for thousands of Australian merchants, providing a safe and secure means of collecting payments via the Internet. All online credit card transactions performed on this site using the Shopify Payments gateway are secured payments.
- Payments are fully automated with an immediate response.
- Your complete credit card number cannot be viewed by Blanc Canvas Store or any outside party.
- All transactions are performed under 128 Bit SSL Certificate.
- All transaction data is encrypted for storage within Shopify Payments bank-grade data centre, further protecting your credit card data.
For more information about Shopify Payments and online credit card payments, please visit https://help.shopify.com
The Blanc Canvas Store site (blanccanvas.store (Site) is owned and operated by Blanc Canvas (ACN) (we or us).
Your privacy is important to us and we are committed to protecting your personal information in accordance with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) and the General Data Protection Regulation (EU 2016/679) (GDPR), which applies across the European Union (EU) (collectively, Privacy Laws).
If you have any questions about this policy, you can contact us at firstname.lastname@example.org
Types of personal information collected
Personal information is information or an opinion about you which identifies you, or which is reasonably capable of identifying you, whether the information is true or recorded in a material form.
We collect and use personal information from customers, users or visitors of our Site and any other individual who interacts with us.
The types of personal information we collect and use depend on the type of dealing you have with us, which may include:
- your name, address, telephone number, email address and username;
- information about the products or services you order or enquire about (including how they are used);
- your financial information (such as credit card and bank account details), method of payment and any information required for user authentication processes; and
- any other information relating to you that you provide to us (including information you provide in surveys and competition forms and through our other promotional activities).
We do not wish to collect your sensitive information. However, some of our services are automated and we may not recognise that you have accidentally provided us with your sensitive information. If you accidentally do so, please contact us email@example.com so we can destroy it.
Method of collection
We will collect your personal information in a variety of ways, including through your use of our products, services, Site or newsletters, your participation in competitions, promotions, events, surveys or questionnaires and from third parties (which we discuss further below).
Some of the personal information collected by us will track your use of our products, services or Site, enhance your use of our products, services or Site and assist us in providing a better service to you.
Legal basis for processing personal information (EU)
We rely on several legal bases under the GDPR to collect, process, store, use and disclose the personal information of individuals residing in the EU, including:
- where you have freely and expressly consented to the collection, use, storage, processing and disclosure of your personal information for a specific purpose;
- where the collection, use, storage, processing and disclosure of your personal information is necessary for the performance of a contract to which you are a party;
- for our legitimate business interests (including providing our products, services or Site, managing our relationship with you and responding to your queries or complaints); and
- where there is a legal obligation to collect, use, store or disclose your personal information.
Purpose of collection
We use and process your personal information for the purposes for which the information is collected. We may use and process your personal information:
- to provide you with our Site, products and services;
- to provide you with information about offers, competitions, promotions, events, surveys or questionnaires;
- to notify you of other matters which we believe may be of interest to you, including new product or service offerings;
- to customise the advertising and content on our Site;
- to improve, develop and manage our Site, products and services;
- to operate, maintain, test and upgrade our systems;
- to perform research and analysis about our Site, products and services;
- to perform our business functions;
- to comply with regulatory or other legal requirements;
- for any purpose to which you have consented; and
- for any other purpose notified to you at the time of collection.
Disclosure to third parties
With your consent, we may provide your personal information to:
– our employees, related entities, business partners, third party contractors, suppliers and agents from time to time for the purpose of delivering, providing and administering our products, services or Site; and
– third party service providers who process or use your personal information for the purpose of performing functions on our behalf, but these providers may not process or use such information for any other purpose. Examples of third-party service providers include marketing and analysis organisations, financial and credit card institutions to process payments (such as Paypal, Shopify payments, American Express and Afterpay), hosting companies, web developers, internet service providers, customer service providers, customer support specialists, third party shopping agents, fulfilment companies, external business advisors (including auditors and lawyers), our insurer, and research and data analysis firms,
(collectively, Authorised Affiliates).
Where we disclose your personal information to any of our Authorised Affiliates, we will ensure that they undertaken to protect your privacy. These Authorised Affiliates are not permitted to use the information for any purpose other than the purpose for which they have been given access.
Our Authorised Affiliates may also provide us with personal information collected from you. If you disclose personal information to an Authorised Affiliate, we rely on you to provide the Authorised Affiliate with consent for us to collect, storage, use, process and disclose your personal information.
We may also disclose any personal information we consider necessary to comply with any applicable law, regulation, legal process, governmental request or industry code or standard.
Our Authorised Affiliates may be located in or outside Australia or the EU, including in India and other countries from time to time. Where we transfer your personal information to our overseas Authorised Affiliate, we will take steps reasonably necessary to ensure that there is a legal basis for the transfer of your personal information and your personal information is treated securely (including by using reasonably endeavours to ensure each overseas Authorised Affiliate receiving your personal information understands and is bound by the Standard Contractual Clauses approved by the European Commission (found at https://ec.europa.eu/info/law/law-topic/data-protection_en).
By accessing or using our products, services or Site, or providing your personal information to us, you explicitly and freely consent to the transfer of your personal information to our overseas Authorised Affiliates.
If you do not wish to receive information from our Authorised Affiliates, please let us know by contacting firstname.lastname@example.org
We will use our reasonable endeavours to protect and maintain the security of your personal information and to make our Site as secure as possible against unauthorised access. We use a combination of technical, administrative and physical controls to protect and maintain the security of your personal information.
Our officers, employees, agents and third party contractors are expected to observe the confidentiality of your personal information.
The transmission of information via the internet is not completely secure. While we do our best to protect your privacy, we are unable to guarantee or warrant the security of any personal information transmitted through the internet. You provide your personal information to us at your own risk and we are not liable for any unauthorised access to, or disclosure of, the personal information.
Destruction and de-identification
If we determine that your personal information is no longer needed for any purpose, we will take reasonable steps to destroy or permanently de-identify that personal information, unless we are required by law or a court or tribunal to retain the information.
Suspected data breach
We have a comprehensive data breach notification policy and response plan which outlines the steps our personnel are required to take in the event of a data breach. This allows us to identify and deal with a data breach quickly to mitigate any harm that may occur.
As part of the response plan, we will notify you as soon as practicable if we discover or suspect that your personal information has been lost, accessed by, or disclosed to, any unauthorised person or in any unauthorised manner, believe you are likely to suffer serious harm as a result and are unable to prevent the likely risk of harm.
If you would like more information about our response plan, please contact us at email@example.com
Direct marketing and opt-out
We will seek your express consent for us to send you marketing or promotional material and information by requesting that you tick the appropriate check box when providing us with your personal information to do so.
Where we have obtained your prior consent or are otherwise permitted under the GDPR, we may, from time to time, use your personal information to send you information about the promotions, deals, competitions, products or services we offer, and any other information we consider relevant to you. This information will be sent to you via the communication channels specified at the time you provide your consent and may include mail, email, SMS, telephone, social media, Mailchimp, customised online content or displaying advertising on our Site.
These communications may continue even after you stop using our products, services or Site.
Should you no longer wish to receive these communications, you may opt-out at any time by contacting us at firstname.lastname@example.org or using the unsubscribe facility that we include in our commercial electronic messages (email or SMS). Opting-out will only affect future communications.
We may collect information when you access and use our Site by utilising features and technologies of your internet browser, including cookies, pixel tags and similar technologies. A cookie is a piece of data that enables us to track and target your preferences.
The type of information we collect may include statistical information, details of your operating system, location, your internet protocol (IP) address, the date and time of your visit, the pages that you have accessed, the links which you have clicked and the type of browse that you were using.
If you reject our cookies or similar technologies, you may still use the Site but may only have limited functionality of the Site. We may also use your IP address to analyse trends, administer the Site and other websites we operate, track traffic patterns, and gather demographic information. Your IP address and other personal information may be used for credit fraud protection and risk reduction.
Our Site may contain hyperlinks or advertising to or from businesses operated by third parties. We do not endorse, sponsor or approve any of these third parties, their products or services or the content on their websites.
In the event of a merger, acquisition or sale of the whole or part of our business, we reserve the right to transfer your personal information as part of any such transaction.
Access to information collected by us
We will use our reasonable endeavours to keep your personal information accurate, up-to-date and complete. You have the right to access or correct any personal information that we hold about you, subject to any exceptions provided by the relevant Privacy Laws. You may access or correct the personal information we have collected about you by contacting email@example.com or accessing your account details on our Site.
We will use our reasonable endeavours to respond to your request for access or correction within 21 days of receipt of your enquiry. We will not charge you for the request. However, in certain circumstances, we may charge a reasonable fee for providing you with access to this information.
If we do not allow you to access any part of your personal information, we will tell you why in writing.
Privacy Rights (EU)
Under the GDPR, you have a number of important rights. Subject to certain exceptions, you have the right to:
- fair and transparent processing of your personal information and processing in accordance with the GDPR;
- request access to and obtain a copy of the personal information we hold about you;
- require us to rectify or correct any personal information we hold about you that is inaccurate or incomplete;
- require us to erase your personal information in certain situations;
- obtain a copy of your personal information in a commonly used electronic format so that you can manage and move it, or request we send it to a third party;
- object or withdraw your consent at any time to the collection, use, processing or disclosure of your personal information (including for direct marketing purposes), but this does not apply where we have other legal justifications to continue doing so and does not affect the lawfulness of any collection, use, processing or disclosure that occurred before you -withdrew your consent;
- object to decisions made by automated means which produce legal effects concerning or significantly affecting you; or
- otherwise restrict our collection, use, processing or disclosure of your personal information in certain circumstances.
You can exercise any of these rights by contacting us at firstname.lastname@example.org
If we become aware that any Child’s personal information has been provided without the consent of a parent or guardian, we will use reasonable endeavours to delete the personal information as soon as possible or, where deletion is not possible, ensure that the personal information is not used for any purpose or disclosed further to any Authorised Affiliate.
Your provision of personal information is voluntary. However, if you do not provide your personal information to us, we may not be able to provide you with access to, and use of, our Site.
You may withdraw your consent at any time by contacting us at email@example.com
Contact and complaints
We will endeavour to provide an initial response to your query or complaint within 10 business days and investigate and attempt to resolve your query or complaint within 30 business days or such longer period as is necessary and notified to you by us.
If you are dissatisfied with the outcome of your complaint, you may refer the complaint to the lead supervisory authority in your relevant jurisdiction.