In this Privacy Statement, ‘CC’ ‘us’ ‘we’ or ‘our’ means Custom Creed Pty Ltd (ACN 642 462 922) trading as Custom Creed and our related bodies corporate. We are committed to respecting your privacy. Our Privacy Statement sets out how we collect, use, store and disclose your Personal Data.
CC respects the privacy of individuals and is committed to its obligations under the Privacy Act 1988 of the Commonwealth of Australia (Privacy Act), the Australian Privacy Principles (APP) and the General Data Protection Regulation of the European Union (GDPR).

“Personal Data” means “Personal Information” as defined under Section 6 of the Privacy Act and “Personal Data” as defined under Article 4(1) of the GDPR which includes name, emails, phone numbers and other information relating to an identified or identifiable natural person.

We collect Personal Data about individuals for the following purposes:
• To verify your identity and to assist us to provide, develop and improve our goods and services to you including improving our products, conducting our events and activities, extending and processing invitations to attend or participate in our events and activities, marketing and sales, promotions, direct marketing;
• To enable you to access and use our website and services;
• To operate, protect, improve and optimise our website, goods and services, business and our users’ experience;
• To send you marketing and promotional messages and other information that may be of interest to you;
• For our internal administration purpose;
• To comply with our legal obligations, address any issues or to resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
• We may also disclose your Personal Data to a trusted third party who also holds other information about you. This third party may combine that information to enable them and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the services that you receive.
Individuals are not obliged to give us their Personal Data. However, if they choose not to provide us with all or part of the Personal Data requested, we may not be able to extend or process invitations to them to attend or participate in our events or activities, provide them with a full range of our goods and services, or inform them about the events and activities conducted by us, the goods and services offered by us or the goods and services of other organisations.
We take reasonable steps to ensure that the information and data we hold about individuals is accurate, complete and up to date and we invite individuals to contact us to correct any inaccurate information. We also provide individuals with access to the information we hold about them in accordance with our Privacy Policy, the APP and the GDPR. We take all reasonable steps to protect the security of the Personal Data we hold.


Privacy Policy

In this Privacy Policy, ‘CC’ ‘us’ ‘we’ or ‘our’ means Custom Creed Pty Ltd (ACN 642 462 922) trading as Custom Creed and our related bodies corporate. We are committed to respecting your privacy. Our Privacy Policy sets out how we collect, use, store and disclose your Personal Data.

CC respects the privacy of individuals and is committed to its obligations under the Privacy Act 1988 of the Commonwealth of Australia (Privacy Act), the Australian Privacy Principles (APP) and the General Data Protection Regulation of the European Union (GDPR). We will protect you with regard to the processing of your Personal Data and we will comply with the rules relating to the free movement of Personal Data. Our purpose is to protect your fundamental rights and freedoms, and your right to the protection of Personal Data.

“Personal Data” means “Personal Information” as defined under Section 6 of the Privacy Act and “Personal Data” as defined under Article 4(1) of the GDPR which includes name, emails, phone numbers and other information relating to an identified or identifiable natural person. Any terms used in this Privacy Policy that are defined in the GDPR, have the same meaning as defined in the GDPR including but not limited to “Personal Data”, “Commissioner”, “Controller”, “Processor”, “Union” and “Member State”.

By providing Personal Data to us, you consent to our collection, use and disclosure of your Personal Data in accordance with this Privacy Policy and any other arrangements that apply between us. We may update our Privacy Policy from time to time when our information handling practices change. Updates will be publicised on our website and through our email lists. We encourage you to check our website periodically to ensure that you are aware of our current
Privacy Policy. Your Personal Data includes any information or opinion about you, or from you which is reasonably identifiable. For example, this may include your name, age, gender, postcode, contact details, identification number, location data, online identifier or any reference which is specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
 
Our Privacy Obligation

We are committed to our obligations under the Privacy Act, APP and GDPR to protect the privacy of individuals.
• Privacy Act and APP - A copy of the Privacy Act, APP and guidance from the Office of the Australian Information Commissioner are available from the website of the Office of the Australian Information Commissioner at www.oaic.gov.au .
• GDPR – A copy of the REGULATION (EU) 2016/679, the privacy principles and guidance from the European Parliament and of the Council are available from the website at www.eur-lex.europa.eu 
 
Key Principles

We value your Personal Data entrusted to us and we are committed to processing your Personal Data in a fair, transparent and secure way. The key principles CC applies are as follows: 
 Lawfulness: we will only collect your Personal Data in a fair, lawful and transparent manner.
 Data minimisation: we will limit the collection of your Personal Data to what is directly relevant and necessary for the purposes for which they have been collected.
 Purpose limitation: we will only collect your Personal Data for specified, explicit and legitimate purposes and not process your Personal Data further in a way incompatible with those purposes.
• Accuracy: we will keep your Personal Data accurate and up to date. Personal Data has to be accurate and kept up to date, for that reason we will ensure that any inaccurate Personal Data (to our knowledge) will be erased or rectified without delay.
 Data security and protection: we will implement technical and organisational measures to ensure an appropriate level of data security and protection considering, among others, the nature of your Personal Data to be protected. Such measures provide for the prevention of any unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, or alteration and any other unlawful form of processing.
 Access and rectification: we will process your Personal Data in line with your legal rights.
 Retention limitation: we will retain your Personal Data in a manner consistent with the applicable data protection laws and regulations and no longer than is necessary for the purposes for which they have been collected.
 Protection for international transfers: we will ensure that any of your Personal Data transferred outside Australia and the European Economic Area (if applicable) is adequately protected.
 Safeguards towards third parties: we will ensure that Personal Data access by (and transfers to) third parties are carried out in accordance with applicable law and with suitable contractual safeguards.
 Lawfulness of direct marketing and cookies: when we send you promotional materials or place cookies on your computer, we will ensure that we do so in accordance with applicable law.
What Personal Data do we collect? We may collect the following types of Personal Data:
• Name
• Mailing or street address;
• Billing or shipping address;
• Email address;
• Telephone number and other contact details;
• Gender, age or date of birth;
• Product preference;
• Details of previous participation in our events and activities or similar events and activities held by another party;
• Purchasing or transaction history;
• Payment and banking details, including credit card information;
• Your device ID, device type, geo-location information, computer and connection
information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
• Details of the goods and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those goods and services and respond to your enquiries;
• Any additional information relating to you that you provide to us directly through our website or app, paper forms at our exhibitions or exhibition order forms or indirectly through your use of our website, app or online presence or through other websites or accounts from which you permit us to collect information;
• Information you provide to us through customer surveys; or
• Any other Personal Data that may be required in order to facilitate your dealings with us.
 
How do we collect Personal Data?
We only collect specified and explicit Personal Data for legitimate purposes to the extent that permits identification of data subjects and is necessary for our purpose. Such Personal Data will be kept in an appropriate way to ensure security of your privacy. We will only process your Personal Data where we have a legal ground to do so, for example when you have given your consent to process it, when it is necessary for the performance of a contract, when required for compliance with a legal obligation, when it is necessary to protect
your vital interest, when it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller and finally, when it is necessary for the purposes of legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of Personal Data, in particular where the data subject is a child. We will ensure that your Personal
Data is processed lawfully, fairly and in a transparent manner. We may collect these types of Personal Data either directly from you, or from third parties. We may collect this information in a number of ways, including:
• When you visit and/ or register on our website or app;
• When you enter a competition or promotion;
• When you respond to a survey;
• When you join our mailing list;
• When you communicate with us through correspondence, chats, email, phone, in person or when you share information with us from other social applications, services or websites;
• When you interact with our sites, services, content and advertising;
• When you invest in our business or enquire as to a potential purchase in our business;
• from third parties such as our related entities, business or commercial partners, credit reporting bodies, wholesale or other customers, or your representatives; or
• from publicly available sources of information.
We may also generate Personal Data about our customers from information that we have. For example, by analysing our records of a customer’s use of our products or services or the customer’s previous dealings with us.
Why do we collect, use and disclose Personal Data?
We may collect, hold, use and disclose your Personal Data for the following purposes:
• To verify your identity and to assist us to provide, develop and improve our goods and services to you, such as conducting our events and activities, extending and processing invitations to attend or participate in our events and activities, managing admission to our events and activities, marketing and sales, debtor and creditor transactions, sponsorship, promotions, direct marketing and corporate membership administration;
• To enable you to access and use our website and services;
• To operate, protect, improve and optimise our website and services, business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;
To provide goods or services to you or to receive good and services from you;
To invite you to exclusive events organised for our customers;
To develop and improve our products, services and business;
To send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
To send you marketing and promotional messages and other information that may be of interest to you;
• For our internal administration purpose;
To comply with our legal obligations, address any issues or to resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
• We may also disclose your Personal Data to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.
Individuals are not obliged to give us their Personal Data. However, if they choose not to provide us with all or part of the Personal Data requested, we may not be able to extend or process invitations to them to attend or participate in our events or activities, admit them to attend or permit them to participate in our events or activities, provide them with a full range of our goods and services, or inform them about the events and activities conducted by us, the goods and
services offered by us or the goods and services of other organisations.
 
Collection of Sensitive Information

Sensitive information includes Personal Data about a person’s racial or ethnic origin, political opinions or memberships, religious or philosophical beliefs or affiliations, professional or trade association or union memberships, sexual orientation or practices, criminal record or health (including genetic and biometric information). We do not generally collect sensitive information about individuals. If you provide sensitive information to us for any reason (for example if you
provide us with health information such as information about allergies or skin conditions) you consent to us collecting, using and disclosing that information for the purpose for which you disclosed it and as permitted in accordance with the applicable law. We will handle any sensitive information that we receive in accordance with the applicable law and this Privacy Policy.
Do we use your Personal Data for direct marketing?

We may send you direct marketing communications and information about our products or service. This may take the form of phone calls, emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the applicable law. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (e.g. an unsubscribe link).
To whom do we disclose your Personal Data?
We may disclose Personal Data for the purposes described in this Privacy Policy to:
• Our employees and related bodies corporate;
• Service providers (including providers that host our web servers, manage our IT and/ or those involved in the operation of our business or in connection with providing our products and services to you);
• Professional advisers, lawyers, accountants, insurers, auditors, dealers and agents;
• payment systems operators (e.g. merchants receiving card payments);
• our sponsors or promoters of any competition that we conduct via our services;
• anyone to whom our assets or businesses (or any part of them) are transferred;
• specific third parties authorised by you to receive information held by us;
• in certain circumstances, to third parties that require information for law enforcement or to prevent a serious threat to public safety; and/ or
• other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
We require our service providers to keep Personal Data confidential and not to use or disclose it for any purpose other than performing services for us or on our behalf.

You should be aware that some information that you upload to parts of our websites or to our social media pages may be available to be viewed by the public. You should use discretion in deciding what information to upload to such sites.
Transfer of Personal Data

When you provide your Personal Data to us, you consent to the disclosure of your information outside of Australia.
As we are an international business, some information (including Personal Data) may be transferred to countries outside of Australia in the ordinary course of our business including but not limited to our overseas related bodies corporate and/ or other parties located in USA, UK, European Union, Hong Kong, China, and New Zealand.
We may also disclose Personal Data outside of Australia to cloud and service providers located outside of Australia. The countries where these disclosures occur are primarily USA, UK, European Union, Hong Kong, China, and New Zealand. This list is not exhaustive and may change from time to time depending on who we partner with. We will endeavour to update this list on a periodic basis.
Pursuant to any applicable privacy and data protection laws (including, without limitation, the Privacy Policy, APP and GDPR), your Personal Data may be disclosed, processed and transferred by CC on a worldwide basis for the purposes of providing our services. Personal Data may be disclosed or transferred to agents or third parties authorised to act on our behalf for the purposes of providing the services. Some countries may not provide the same level of protection for your Personal Data as the
country in which your Personal Data was collected. We will, however, take reasonable steps to ensure that any overseas recipient will deal with your Personal Data in accordance with the applicable law and with suitable contractual safeguards.
 
When will we transfer your Personal Data?

a) Transfer on the basis of an adequacy decision. We will transfer Personal Data to a third country or an international organisation when the Commission has decided that the third country, territory or one or more specified sectors within that third country, or the international organisation in question ensures an adequate level of protection.
b) We will transfer personal data to a third country or an international organisation only if the Controller or Processor has provided appropriate safeguards, and on the condition that enforceable data subject rights and effective legal remedies for data subjects are available.
c) Specific situations to transfer personal data when one of the following conditions applies:
- When you have explicitly consented to the proposed transfer, after having been
informed of the possible risks of such transfers for the data subject due to the
absence of an adequate decision and appropriate safeguards;
- When the transfer is necessary for the performance of a contract between the data
subject and the Controller or the implementation of pre-contractual measures taken at the data subject’s request;
- When the transfer is necessary for the conclusion or performance of a contract
concluded between the Controller and another natural or legal person in the
interest of the data subject;
- When the transfer is necessary for important reasons of public interest;
- When the transfer is necessary for the establishment, exercise or defence of legal claims;
- When the transfer is necessary to protect your vital interests;
- When the transfer is made from a register which according to Union or Member
State law, is intended to provide information to the public and which is open to
consultation either by the public in general or by any person who can demonstrate a legitimate interest exists but only to the extent that the conditions laid down by Union or Member State law for consultation are fulfilled in the particular case.

Using our website and cookies

With the use of cookies, we may collect Personal Data about you when you use and access our website.
First-party cookies. The data we collect includes internet protocol (IP) addresses, browser type, web pages, operating system, date/time stamp. To collect this information, a cookie is set on your computer or device when you visit our website. Cookies contain a small amount of information
that allows our web servers to recognise you. We store information that we collect through cookies. You can disable cookies through your internet browser. However, certain aspects of our website may require the information collected by cookies to function and may not be available or perform optimally if the cookies function is disabled.
Third-party cookies. We might also use other third-party services in order for us to provide you with services through our website. These services might set up their own cookies to remember you.
While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit, the type of browser software used, the internet protocol address assigned to your computer and the previous website from which you linked to our website.
We may also use ‘cookies’ or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or
browsing sessions. You can disable cookies through your internet browser. However certain aspects of our website may require the information collected by cookies to function and may not be available or perform optimally if the cookies function is disabled.
We may also use cookies to enable us to collect data that may include Personal Data. We will handle any Personal Data collected by cookies in the same way that we handle all other Personal Data as described in this Privacy Policy.
How we store and secure Personal Data
We may hold your Personal Data and information in either electronic or hard copy form in storage facilities owned and operated by us, or those owned and operated by our service providers, including cloud based storage facilities. We have implemented appropriate technical and organisational controls to protect your Personal Data against unauthorised processing, misuse,
interference and loss, as well as unauthorised access, modification or disclosure and against accidental loss, damage or destruction.
The security measures we take include:
• Storing your Personal Data in a secure environment;
• Pseudonymisation and encryption of Personal Data;
• Strictly allowing access to the secure physical storage facility by authorised personnel only;
• Ensuring that providers of our cloud based storage facilities have appropriate security measures in place to protect any information stored on such facilities consistent with our Privacy Policy.
• Strictly allowing access to the secure electronic system on which your Personal
Data is stored by authorised personnel only;
• Monitoring and tracking details of any access and/or change to your Personal Data, including the date and time at which your information is accessed and/or changed, and by whom;
• A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures to ensure secured processing.
We also use several physical, administrative, personnel and technical measures to protect your Personal Data. However, we cannot guarantee the security of your Personal Data. Except to the extent liability cannot be excluded due to the operation of statute, we exclude all liability (including in negligence) for any and all consequences of any unauthorised access to your Personal Data.
Please notify us immediately if you become aware of any breach of security.
In the case of a Personal Data breach, without undue delay after having become aware of it, we will notify the Personal Data breach to the competent supervisory authority, unless the Personal Data breach is unlikely to result in a risk to the rights and freedoms of natural persons. When the Personal Data breach is likely to result in a high risk to the rights and freedoms of natural persons we will communicate in clear and plain language, the Personal Data breach to you without undue delay, the nature of the Personal Data breach and will contain at least the information and security measures taken.
When your Personal Data is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Data. However, most of the Personal Data is or will be stored in files which will be kept by us for a minimum of 7 years.
 
Links

Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content in those linked websites, and
have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.
 
Your Data Protection Rights

Please be advised that in case you allow us to collect and process certain Personal Data from you, you have the following rights:
1. Right of Access. You have the right to obtain from us confirmation as to whether or not Personal Data concerning you are processed, and, where that is the case, you have the right to request and get access to that Personal Data.
2. Right to Rectification. You have the right to obtain from us the rectification of inaccurate Personal Data and you have the right to provide additional Personal Data to complete any incomplete Personal Data .
3. Right to Erasure (“Right to be Forgotten”). In certain cases, you have the right to obtain from us the erasure of your Personal Data .
4. Right to Restriction of Processing. You have the right to obtain from us restriction of processing, applicable for a certain period and/or for certain situations.
5. Right to Data Portability. You have the right to receive from us in a structured format your Personal Data and you have the right to transmit such Personal Data to another controller.
6. Right to Object. In certain cases, you have the right to object to processing of your Personal Data, including with regards to profiling. You have the right to object at further processing of your Personal Data in so far as such data have been collected for direct marketing purposes.
7. Right to be Not Subject to Automated Individual Decision-Making. You have the right to not be subject to a decision based solely on automated processing.
8. Right to Filing Complaints. You have the right to file complaints with the applicable data protection authority on our processing of your Personal Data.
9. Right to Compensation of Damages. In case we breach applicable legislation on processing of your Personal Data, you have the right to claim damages from us for any damages such breach may cause with you.
Accessing or correcting your Personal Data
You have the right to seek access to the Personal Data we hold about you. Sometimes, we may not be able to provide you with access to all of your Personal Data and, where this is the case, we will tell you why. We may also need to verify your identity when you request your Personal Data.
You also have the right to request us to correct any Personal Data we hold about you which is inaccurate. We will take reasonable steps to ensure that it is corrected. You can ask for access to or correction of your Personal Data by contacting us using our details under the ‘Contact Us’ section below.
 
Making a complaint
If you wish to make a complaint about the way we have handled your Personal Data, you can contact us using the details set out below.
Please include your name, email address and/or telephone number and include as much details as possible in relation to your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, you may refer the issue to the Office of the Australian
Information Commissioner (at enquiries@oaic.gov.au ) or your national Data Protection Authority. Opt-out of any direct marketing activities
If you wish to opt-out of any direct marketing activities, please contact us by email at info@customcreed.com
 
Contact Us

For further information about our Privacy Policy or practices, or to access or correct your Personal Data, or make a complaint, please contact us using the details set out below:
The Privacy Officer
Custom Creed Pty Ltd
Suite 303, 220 Collins St, Melbourne, Victoria, 3000, Australia.
Email: info@customcreed.com