ZAIA Lumina

Privacy Policy

Our Privacy Policy

Privacy Act 1988 (Cth)

This privacy policy applies to all your dealings with Zaia Pty Ltd A.C.N 636 947 521 (trading as, ZAIA Lumina) and its related entities (collectively, referred to, as “ZAIA”) in relation to Personal Information they obtain, to the extent that the Privacy Act 1988 (Cth) (“the Act”) and the Australian Privacy Principles (“the APPs”) applies to that Personal Information.

“Personal information” is defined under the Act as meaning, “information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not”.

General Data Protection Regulation (EU) 2016/679

The collection, control and processing of “personal data” of individuals in the European Union (“EU”) may also in some circumstances be subject to the General Data Protection Regulation (EU) 2016/679 (“GDPR”). To the extent that the GDPR applies to any personal data of individuals in the EU collected by ZAIA, this privacy policy will also apply.

“Personal Data” is defined under Article 4 of the GDPR as meaning, “any information relating to an identified or identifiable natural person who can be identified, directly or indirectly by reference to an identifier such as name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

In this privacy policy, “Personal Information” and/or “Personal Data” is referred to as “Personal Information”.

Your acceptance of this Privacy Policy

By using this website or entering into contracts with ZAIA or otherwise providing ZAIA with your Personal Information, you agree to the terms of this privacy policy. Depending on the manner in which you communicate with ZAIA, further privacy information may apply in addition to the matters discussed in this Privacy Policy.

From time to time ZAIA may update this privacy policy. When changes are made, we will revise the date of last update listed at the end of this policy. We encourage you to check our website regularly for any updates to our Privacy Policy.

Links

Our website may contain links to other websites. ZAIA is not responsible for the practices employed by websites linked to, or from, our website. We encourage you to be aware of when you leave our website, and to read the privacy policies of all websites.

What kinds of information do we collect and hold?

Personal Information/Personal Data

ZAIA only collects and holds Personal Information where the information is reasonably necessary for one or more of our functions or activities. To the extent that the information falls within the above definitions of Personal Information or Personal Data, the Personal Information or Personal Data collected may include:

  • your personal details such as your name, date of birth and gender; bank account details,
  • employment details;
  • contact details including: home address, email address; telephone number;
  • user IDs and passwords;
  • IP address, domain name,
  • records of communications between ZAIA and yourself;
  • usage information; and
  • other information disclosed by you.

Sensitive information

ZAIA only collects and holds sensitive information about you where you consent to the collection of the information and the information is reasonably necessary for one or more of our functions or activities. The kinds of sensitive information that may be collected about you include information revealing membership of a professional or trade association or union membership.

How do we collect and hold your Personal Information?

ZAIA collects and holds Personal Information in a variety of ways. For example, Personal Information may be collected:

  • when you or your business enter into business transactions with us;
  • when you fill out a form, deal with us over the phone, send us a letter, send us an email;
  • when orders are made;
  • when accounts are established;
  • when purchases or refunds are made;
  • in connection with other services and activities we make available;
  • when you visit our website, when you submit your email address to our website mailing list;
  • when you apply for a job or make an employment-related inquiry;
  • when register with us; and
  • from publicly available sources.

ZAIA will collect Personal Information directly from you where it is reasonable and practicable to do so. Sometimes we may be required to collect information about you from a third party, such as our contractors and agents, referees or from publicly available sources.

You may visit our website anonymously, or by using a pseudonym, and can refuse to supply Personal Information where it is lawful and practicable to do so. However, if you do so it may prevent you from engaging in certain activities and services with ZAIA.

Unsolicited information

If ZAIA receives unsolicited Personal Information and we determine that we could not have collected the Personal Information from you, and the information is not contained in a Commonwealth record, we will, as soon as practicable but only if it is lawful and reasonable to do so, destroy or de-identify the information.

Passive information collection

ZAIA uses various technologies, such as cookies, to collect anonymous information from users of its website. This information helps us analyse website traffic and guide development of the website.

Most web browsers automatically accept cookies but you can modify your browser settings to disable them. If you do so, some parts of the website may not function properly.

Why do we collect, hold, use and disclose your Personal Information?

ZAIA collects, holds, uses and discloses Personal Information:

  • for the purpose for which it was collected;
  • for any purpose to which you have consented to; or
  • for any related purpose where you would reasonably expect us to use or disclose the information.

Such purposes are varied and may include:

  • supplying products and services;
  • undertaking and completing transactions with parties with whom we do business;
  • meeting our legal and regulatory requirements;
  • providing customer support;
  • improving customer service;
  • developing, researching, improving, ZAIA

How do we use and disclose your Personal Information?

Disclosure of Personal Information to third parties

In the course of business, we may be required to disclose Personal Information to third parties. The types of third parties we may disclose your Personal Information to include:

  • our insurer, regulatory bodies, government agencies, law enforcement bodies, Courts or other parties we are authorised or required by law to disclose information to; and
  • our agents, contractors and external advisors who we engage to undertake our business functions and activities from time to time or who assist us in undertaking our business functions and activities.

The data may also be processed, on behalf of ZAIA, by external parties designated as external data processors, including, without limitation:

  • third-party IT service providers and IT support providers that are engaged to carry out the above activities; and
  • other ZAIA related entities, for the above purposes.

ZAIA may sell, buy or merge or reorganise its businesses and such transactions may involve the disclosure of Personal Information to purchasers or prospective purchasers or receiving Personal Information from sellers.

Cross-border disclosure of Personal Information

In conducting our business, ZAIA may be required to disclose Personal Information to third parties operating outside of Australia, including ZAIA’s related entities overseas. The countries in which these recipients may be located will vary from time to time, but may include New Zealand, Fiji and other South Pacific countries, Hong Kong and other Asian countries, France and other European countries, the United States of America, and any other countries where ZAIA or its related entities have a presence or engages third parties.

Personal Information to which only the Act applies

Under APP 8.1 an ‘Australian Privacy Principles entity’ (“APP entity”) (as defined by the Act) that discloses Personal Information to an overseas recipient has an obligation to ensure that the recipient does not breach the APPs in relation to the information unless the APP entity reasonably believes that the overseas recipient is subject to similar privacy laws applies under the Act.

The obligation under APP 8.1 does not apply to an APP entity if the APP entity expressly advises the individual of its obligations under APP 8.1 and the individual consents to those obligations not applying to the APP.

Accordingly, ZAIA expressly advises you that if you consent to the obligations under APP 8.1 not applying to ZAIA and the overseas recipient of Personal Information handles the Personal Information in breach of the APPs:

  • ZAIA will not be accountable under the Act;
  • you will not be able to seek redress under the Act;
  • the overseas recipient may not be subject to any privacy obligations or to any principles similar to the APPs;
  • you may not be able to seek redress in the overseas jurisdiction;
  • the overseas recipient is subject to a foreign law that could compel the disclosure of Personal Information to a third party, such as an overseas authority.

Your continued use of this website and your continued dealings with us constitutes your consent to ZAIA that its obligations under APP 8.1 in respect of your Personal Information disclosed to overseas entities will not apply.

You may request ZAIA not transfer your Personal Information to other countries, but if you do so we may not be able to provide the products or services to you.

Personal Data of individuals in the EU to which the GDPR applies

Personal Data from individuals in the EU may be transferred to an overseas country in the following circumstances:

  • where the EU Commission has determined the overseas country provides an adequate level of data protection (Article 45); or
  • if there has been no such determination by the EU Commission, where an individual’s enforceable rights and effective remedies are available and where appropriate safeguards are in place such as,
    • (Article 46) – approved binding corporate rules that enable transfers within a corporate group are in place; agreement that contains the standard data protection clauses adopted by the EU Commission or a data protection authority are in place; approved codes of conduct or certifications are in place and the recipient gives binding and enforceable commitments to apply appropriate safeguards; or
  • where you explicitly consent to the proposed transfer after you have been provided with information about the possible risks associated with the transfer (Article 49).

Online Apps

Some of ZAIA’s products may require software apps (“Apps”) to be downloaded from ZAIA’s related entities overseas to use in conjunction with the products. You may be required to provide Personal Information to those entities in order to download the App or to register to use the App.

To the extent that the Act applies to that Personal Information, this privacy policy will apply.

Individuals in Australia who download an App from ZAIA’s related entity overseas:

  • acknowledge that your Personal Information collected by ZAIA’s related entity overseas may be held, depending on the entity, in France, Italy other countries in the European Union, in North America or any other country referred to in ZAIA’s related entity overseas privacy policy provided to persons when downloading the App;
  • consent to any Personal Information collected by ZAIA’s related entity overseas being held by or on behalf of ZAIA’s related entity overseas in such countries; and
  • consent to the collection, use and disclosure of your Personal Information by ZAIA’s related entity overseas for the purposes set out in ZAIA’s related entity overseas licence agreement or terms of use of apps and privacy policy provided to person when downloading the App and any other purpose described in this privacy policy.

How do we market our products and services?

From time to time, ZAIA may use or disclose your Personal Information to inform you about our products and services. If you are in the EU and the GDPR applies, this will be subject to your express consent. If you do not wish to receive marketing materials from ZAIA, you may opt-out at any time by contacting the ZAIA Privacy Officer, contact details below.

How do we protect your Personal Information?

ZAIA maintains appropriate security, data collection, storage and processing practices to ensure reasonable steps are taken to protect your Personal Information from misuse, interference, loss, unauthorised access, modification or disclosure. Where this information is no longer required, ZAIA will take reasonable steps to destroy or de-identify the information.

How can you access or correct your Personal Information under the Act?

Accessing your Personal Information

To access the Personal Information we hold about you, please send a written request to the ZAIA Privacy Officer, contact details below.

Generally, ZAIA will try to grant access to the Personal Information. We may charge for giving access to the Personal Information.

ZAIA may refuse to give access to the Personal Information where, for example, giving access would disclose commercially sensitive information or information relating to existing or anticipated legal proceedings. If we refuse to provide you with access to Personal Information held about you by us, then we will provide written reasons for the refusal and advise you of available avenues of redress.

Correcting your Personal Information

Where necessary, ZAIA takes reasonable steps to ensure the Personal Information we collect and disclose is accurate, up-to-date, complete and relevant.

If, it discovers the information is inaccurate, out of date, incomplete, irrelevant or misleading, ZAIA will take reasonable steps to correct the Personal Information.

If you find that your Personal Information we hold about you is incorrect, please send a written request to the relevant ZAIA Privacy Officer, contact details below. In your request for correction, you can request that we notify any other APP entity of the correction if successful.

If we refuse your request for correction, we will provide written reasons for the refusal and advise you of the mechanisms available to you to complain about the refusal.

How can you complain about a breach of the Act?

If you believe an act or practice ZAIA has engaged in has breached the Act, you can lodge a complaint free of charge by contacting the relevant ZAIA Privacy Officer, contact details below.

If you are unhappy with our resolution of your complaint or with the way ZAIA has handled your complaint, you may be able to refer your complaint to the Office of the Australian Information Commissioner (“the Commissioner”) (see http://www.oaic.gov.au for further details).

How do you contact us in relation to privacy matters under the Act and the GDPR?

Collection of Personal Information from individuals in Australia

For privacy issues relating to ZAIA, please contact ZAIA’s Privacy Officer: [email protected]

Collection of Personal Data from individuals in the European Union (EU)

In addition to the above, to the extent that Personal Data is collected, controlled or processed by ZAIA from individuals in the EU and the GDPR applies, the following will also apply. You have the right to:

  • to request access to, erasure of and rectification of Personal Data;
  • to have incomplete Personal Data completed;
  • to request restriction of processing in the cases listed under Article 18 of the GDPR;
  • to object to processing, for reasons connected to your specific situation, in the cases where a legitimate interest is being pursued by the Controller (defined in the GDPR and, herein ZAIA);
  • where processing is based on consent or on a contract and is carried out by automated means, you have a right to receive a copy of your data in a structured, commonly used, machine-readable format, and, if technically feasible, to transmit it to another controller; and
  • you have the right to lodge a complaint with the relevant EU Data Protection Authority at any time, as well as to seek any other remedies available under the applicable law.

In order to exercise your rights, you may contact the Controller by sending an email to [email protected]

Personal Data of Children under the age of 18

ZAIA does not intentionally collect Personal Information from individuals who are under the age of 18.

If we learn that any Personal Information submitted to us is information of a child under 18 years old, we will attempt to delete the information as soon as possible.

If you believe we may have any Personal Information from a child under 18, please contact ZAIA’s Privacy Officer: [email protected] .

This Privacy Policy was last updated July 2020.