PRivacy Policy

Page 1

PRIVACY POLICY

General Klein Imports Pty Ltd ACN 643 404 077 (trading as Flossmates) and its

related entities (referred to in this document as ‘we’, ‘us’ or ‘our’) operate

the flossmates.com.au website (‘Site’).

We are committed to protecting the Personal Information we collect from

you when you use our Site. The Privacy Act 1988 (Cth) (‘Privacy Act’), and

the Australian Privacy Principles (‘APP’) govern the way in which we

manage your Personal Information and this Policy sets out how we collect,

use, disclose and otherwise manage Personal Information about you.

We will not share or use your Personal Information, except as described in

this Policy or unless you have otherwise provided us with your consent to

do so.

Collection and

Notice

Types of information collected

We may collect and hold Personal Information about you, that is,

information that can identify you, and is relevant to providing you with the

services you are seeking. This can include but is not limited to:

• your name

• contact details (including address, email address, phone number)

• financial information (such as credit card or bank account numbers)

and information about how you use our products and services.

(collectively, ‘Personal Information’)

This is not an exhaustive list. We may need to collect additional information

about you from time to time to provide products or services to you.

You might also need to provide us with Personal Information about other

individuals (e.g. your authorised representatives). If so, we rely on you to

inform those individuals that you are providing their Personal Information

to us and to advise them about this policy.

Purpose of collection

The type of Personal Information that we collect and hold about you

depends on your interaction with us. Generally, we will collect, use and hold

your Personal Information for the purposes of:

• providing products or services to you or someone else you know;

• issuing tax invoices for the products or services we may provide to

you from time to time;

• providing you with information about other services that we, our

related entities and other organisations that we have affiliations with,

offer that may be of interest to you;

• facilitating our internal business operations, including the fulfilment of

any legal requirements; and

• analysing our services and customer needs with a view to developing

new or improved services.

Method of collection

Personal Information will generally be collected directly from you through

the use of any of our standard forms (such as when you enter into an

Page 2

agreement with us, contact us with a query or request, submit your details

through our Site or by email). We may also collect information other than

directly from you where it is unreasonable or impractical to not do so, for

example:

• from third parties such as our related entities, business partners, or

your representatives;

• from publicly available sources of information;

• from our records of how you use our services; and

• from the third parties we list in the section of this policy with the

heading ‘Use and disclosure’.

We will usually notify you in advance when we indirectly collect information,

or where that is not possible, as soon as reasonably practicable after the

information has been collected.

If you choose not to provide certain information about you, we may not be

able to provide you with the products or services you require, or the level

of service on which we pride ourselves.

If the Personal Information you provide to us is incomplete or inaccurate,

we may be unable to provide you, or someone else you know, with the

products or services you, or they, are seeking.

Internet users

If you access our Site, we may collect additional Personal Information

about you in the form of your IP address and domain name.

Our Site uses cookies. The main purpose of cookies is to identify users and

to prepare customised web pages for them. Cookies do not identify you

personally, but they may link back to a database record about you. We use

cookies to monitor usage of our Site and to create a personal record of

when you visit our Site and what pages you view so that we may serve you

more effectively.

Our Site may contain links to other websites. We are not responsible for

the privacy practices of linked websites and linked websites are not subject

to our privacy policies and procedures.

Google Analytics

We also use third party services such as Google Analytics that collect,

monitor and analyse this type of information in order to increase our Site’s

functionality. These third-party service providers have their own privacy

policies addressing how they use such information. See additional

information below.

Google Analytics is a service which transmits website traffic data to Google

servers in the United States. Google Analytics does not identify individual

users or associate your IP address with any other data held by Google. We

use reports provided by Google Analytics to help us understand website

traffic and webpage usage. By using this Site, you expressly consent to the

processing of data about you by Google in the manner described in

Google's Privacy Policy

and for the purposes set out above. You can opt out of Google Analytics if

you disable or refuse the cookie, disable JavaScript, or use the opt-out

service provided by Google .

Social Media

Page 3

We also use interfaces with social media sites such as Facebook, LinkedIn,

Twitter and other social media channels.

We cannot maintain your privacy if you decide to contact us through public

forums such as Facebook, LinkedIn, Twitter or other social media channels

or if you choose to "like" or "share" information from or in relation to this

Site through these channels. You should review the privacy policy of these

channels if you choose to contact us or like or share information via these

channels. Please be aware if you are a member of a social media site, the

interfaces with social media sites we use may allow the social media site

to connect your visits to this Site with other personal information.

External Links

Our Site may contain links to other websites or social media. These linked

sites are not under our control and we accept no responsibility for the

conduct of those that operate linked websites or social media platforms.

Before disclosing your Personal Information on any other website or social

media platforms, we recommend you examine the terms and conditions of

using that website or platform and its privacy statement.

Use and Disclosure Generally, we only use or disclose Personal Information about you for the

purposes for which it was collected (as set out above) or for purposes which

are directly related to one or more of our functions and activities. We may

disclose Personal Information about you from time to time:

• third party product or service providers, who assist us in operating our

business (including to assist us in providing you with the products and

or services that you have requested or have expressed an interest),

and these service providers may not be required to comply with our

privacy policy;

• our related entities and other organisations with whom we have

affiliations so that those organisations may provide you with

information about services and various promotions

• a purchaser of the assets and operations of our business, if those

assets and operations are purchased as a going concern; and

• government agencies and departments when required to do so by law.

We are not likely to disclose your Personal Information overseas, except

as permitted by the Privacy Act, unless we otherwise advise you in writing.

Disclosure to

overseas recipients We are not likely to disclose your Personal Information to overseas

recipients, except as noted below or as otherwise permitted by the Privacy

Act, unless we otherwise advise you in writing.

The types of overseas companies we share information with, in order to

deliver our service to you are as follows;

1. Companies that do things to assist us in delivering our service such

as ecommerce providers like Shopify, see below for more information;

2. Payment service providers like Stripe and Paypal, see below for more

information; and

3. Marketing service providers such as SMS Bump, MailChimp and

Google Analytics see above for more information;

Page 4

4. Companies that assist us with delivery of our products such as Shippit

and Australia Post.

How we use your

information for

Direct Marketing

We may also use your information so that we, our related entities, and other

business partners can promote and market products, services and special

offers that we think will be of interest to you (which may include products,

services and offers provided by a third party). This marketing may be

carried out in a variety of ways (including by email, SMS/MMS, or social

media) and may continue after you cease acquiring any products or

services from us until you opt-out by contacting us using the contact details

set out in the Contact section of this policy.

How we hold your

Personal

Information

The security of your Personal Information is of paramount importance to

us.

The Personal Information we collect from you may be:

1. transferred to, and stored at a destination outside of Australia; and

2. processed by staff operating outside of Australia who work for us or

one of our affiliates.

We agree to take all reasonable steps to ensure these overseas entities

handle your Personal Information in accordance with the Act and the APPs,

When you provide, or otherwise allow us to collect, your Personal

Information, you expressly consent to your Personal Information being

disclosed to certain overseas recipients, as set out below under ‘Where we

store your personal data: Shopify’. Where we disclose your Personal

Information to an overseas recipient, you agree that we will not be required

to ensure the recipient’s compliance with Australian privacy laws or

otherwise be liable or accountable for how the recipient handles your

Personal Information.

If you have any objections to your Personal Information being disclosed to

an overseas recipient, please let us know by contacting us via the contact

details noted below prior to disclosing any of your Personal Information to

us.

We have also taken measures to enhance the safety and security of your

e-commerce transactions. When you place an order or access your

personal account information, you’re utilising a secure server software

SSL, which encrypts your Personal Information before it’s sent over the

Internet. SSL is one of the safest encryption technologies available.

If we no longer need your Personal Information for the purposes for which

it was collected or for purposes which are directly related to one or more of

our services or other functions and activities, we will take reasonable steps

to securely destroy it or permanently remove all identifying features from

that information. This obligation is subject to any legal requirement or court

order to retain the information.

Where we store your

personal data:

Shopify

Our Site is hosted on Shopify Inc. Shopify provides us with the online ecommerce platform that allows us to sell our products and deliver our

services to you. Your data is stored through Shopify’s data storage

databases and the general Shopify application.

Shopify Inc. collects, uses and processes your information in accordance

with their privacy policies. You can access their privacy policy here:

Commented [CH1]: Client note: Please advise us what you

use the company ‘Honeycomb’ for.

Page 5

Shopify Inc. is a Canadian company but works with and processes data

about individuals across the world. To operate their business, they may

send your Personal Information outside of your location including to the

United States. This data may be subject to the laws of the countries they

send it to. If you would like more information about where your information

might be sent, please contact Shopify directly. More information can be

found here: .

Information on how Shopify Inc. deals with any bank or credit card details

can be found here: .

Our policies for

Minors

Our Services are not directed at persons under the age of 18 (‘Minor’).

We do not knowingly collect Personal Information from Minors. If you are a

parent or guardian and become aware that a Minor under your care has

provided us with Personal Information, please contact us. If we become

aware that we have collected Personal Information from a minor without

verification of parental consent, we will take steps to remove and destroy

that information from our system.

How we handle data

from international

visitors

As noted above, your Personal Information may be collected used and

processed to overseas recipients. We are an Australian company that

operates entirely in Australia and is subject to Australian law.

We currently only offer our Services to customers located in Australia,

however if you are accessing our Site from a location outside of Australia,

you acknowledge and understand that your Personal Information will be

transferred, processed and stored in Australia in accordance with this

privacy policy. Australian privacy laws may not be as protective as those in

your jurisdiction.

When we disclose Personal Information in accordance with this privacy

policy, it may be accessed from, transferred to, and/or stored outside the

country in which you are located. The privacy laws in that country may be

of a lower standard than those in your own country. We will use our best

endeavours to safeguard your Personal Information in accordance with this

privacy policy.

Data breach

notification

We accept our obligation to keep Personal Information safe. Should

personal data systems be breached or data is misused or lost, then we will

take all reasonable and practicable means to contact individuals whose

Personal Information is involved. We will advise such individuals of the

extent of the data breach (if known) and advise individuals of the most

appropriate means of regaining control of their Personal Information. If

appropriate, we will also report any eligible data breach to the Office of the

Australian Information Commissioner in accordance with the Privacy Act.

How you can access

your Personal

Information

You may access the Personal Information Shopify hold about you, upon

making a written request to us. We will then make a request to Shopify on

your behalf. We will respond to your request within a reasonable period.

We take all reasonable steps to ensure that the Personal Information

Shopify hold, use and disclose is accurate, complete and up to date.

We may decline a request for access to Personal Information in

circumstances prescribed by the Privacy Act, and if we do, we will give you

a written notice that sets out the reasons for the refusal (unless it would be

unreasonable to provide those reasons).

If, upon receiving access to your Personal Information or at any other time,

you believe the Personal Information we hold about you is inaccurate,

incomplete or out of date, please notify us immediately. We will take

Page 6

reasonable steps to correct the information so that it is accurate, complete

and up to date.

If we refuse to correct your Personal Information, we will give you a written

notice that sets out our reasons for our refusal (unless it would be

unreasonable to provide those reasons), including details of the

mechanisms available to you to make a complaint.

If you wish to access any of your Personal Information that we hold or would

like to correct any errors in that information, please contact us using the

contact details set out in the Contact section of this policy, so that we can

consider and respond to your request. We may apply an administrative

charge for providing access to your Personal Information in response to a

request.

Transfer of Personal

Information

If you are located outside of Australia, you acknowledge and understand

that your Personal Information will be transferred, processed and stored in

Australia in accordance with this privacy policy.

When we disclose Personal Information in accordance with this privacy

policy, it may be accessed from, transferred to, and/or stored outside the

country in which you are located. The privacy laws in that country may be

of a lower standard than those in your own country. We will use our best

endeavours to safeguard your Personal Information in accordance with this

privacy policy.

Complaints You may use the contact details below to notify us of any privacy complaint

you have against us, including if you think that we have failed to comply

with the APP or any binding APP code that has been registered under the

Privacy Act. We are committed to acknowledging your complaint in a

prompt manner and will give you an estimated timeframe for when we will

respond to your complaint. We will take reasonable steps to investigate the

complaint and respond to you.

If you are unhappy with the way that we handle your complaint you may

make your complaint to the Office of the Australian Information

Commissioner or, if you are located outside of Australia, the body

responsible for administering the privacy laws in your country.

Contact If you have any queries or concerns about our privacy policy or the way we

handle your Personal Information, please contact our privacy officer at:

Email address: support@flossmates.com.au

Street address: 4 Dorset Street, Milton QLD 4046

Changes to our

privacy and

information

handling practices

This privacy policy is subject to change at any time. Please check our

privacy policy on our Site, [please insert] regularly for any changes.

More information For more information about privacy in general, you can visit the Office of

the Australian Information Commissioner website at www.oaic.gov.au.