Privacy Policy
Our website address is: https://trixcircus.com
Privacy Act statement
Our business is not bound by the Privacy Act 1988 (Act) and the Australian Privacy Principles (APP). Our business is not an APP entity as defined in s 6(1) of the Act. However out of an abundance of caution for customer care we endeavour to use best practices wherever reasonably possible.
Overview
We collect and hold personal information relating to our customers and to other people and entities associated with our customers as may be provided or disclosed to us in the course of business (Visitors or You). Such personal information may include, but is not limited to, names, tax file numbers, addresses, telephone numbers, social media details, email addresses, occupations, wage records, bank account details, asset and investment details, financial planning records, taxation records, medical records and relationship details.
Personal information is collected from our customers in the following ways:
- by providing it to us directly;
- by authorising third parties to provide it to us;
- by other parties providing it to us either voluntarily or pursuant to compulsory processes we conduct on our customer’s behalf.
Kinds of personal information we collect and store
We endeavour to not collect or store any private information that is not necessary. We also outsource to contractors where it may be better we do so, such as by payment gateway.
The kinds of information we may collect and/or store include:
- Customer comments
- Product reviews
- Media
- Contact form information
- Cookies
- Embedded content from other websites
- Analytics
- Security capabilities
- Payment card details
Comments and Reviews:
When Visitors leave comments or reviews on the site we collect the data shown in the comments form and also the Visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Contact forms
When users submit feedback or questions via our contact forms, we will request their name and email address and some personal circus information. We use this information solely to respond to the Visitor enquiries and communicate with them and this information will not be shared with a third party except when required to fulfill the Visitor’s request.
Media
If Visitors upload images to the website, they should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
If Visitors leave a comment on our site they may opt-in to saving your name, email address and website in cookies. These are for the Visitor’s convenience so that they do not have to fill in their details again when they leave another comment. These cookies will last for up to one year.
If Visitors have an account and log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When Visitors log in, we will also set up several cookies to save their login information and their screen display choices. Login cookies last for two days, and screen options cookies last for a year. If Visitors select “Remember Me”, their login will persist for two weeks or more depending on their browser’s settings. If users log out of their account, the login cookies will be removed.
If Visitors edit or publish an article, an additional cookie will be saved in their browser. This cookie includes no personal data and simply indicates the post ID of the article they just edited. It expires after one day.
Embedded content from other websites
Articles and products on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the Visitor has visited the other website.
These websites may collect data about Visitors, use cookies, embed additional third-party tracking, and monitor Visitor interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
Our website logs non personally identifiable information about our Visitors, their locations, user actions, and IP addresses. This data is captured by Google and only used for analytics. This data is not shared with any other third parties besides Google.
Security Capabilities and Policy for Transmission of Payment Card Details
For credit card transactions, the Visitor’s information is secured by using 2048 bit Secure Sockets Layer (SSL) technology, which encrypts all imputed information. Credit card data is shared with Visa, Mastercard, Maestro, American Express, JCB, Apple Pay, and/or Google Pay through Stripe and/or PayPal.
How is personal information received and held?
Personal information may be received and held either as a hard copy, paper, or a soft copy being electronic data, in any available form including our web server, other cloud servers and on local computer drives. In any case, we take the security of personal information very seriously. We secure hard copy documents carefully in and out of our office. We use cyber-security systems to protect soft copy documents. This information may be held indefinitely.
For what purpose is personal information collected, held, used and disclosed?
All data processed by the business is done on a lawful basis. The purposes for which we collect, hold, use and disclose personal information are:
- to offer our products and services to our customers. In doing so we may disclose personal information to other people or entities involved in the provision of the product or service, such as government departments, payment processors, shipping companies and individuals. Unless compelled by law, we will never disclose personal information without the customer’s knowledge and consent;
- to facilitate our internal and external administrative processes including financial and business operations and reporting requirements;
- to obtain, maintain and comply with the terms of our professional indemnity and other insurance policies; and
- to comply with applicable laws.
How can personal information be accessed or corrected?
Customers may access their personal information and seek correction of it at any time by applying to our office in person or in writing.
Customers will be formally identified before releasing or amending any personal information.
Is personal information disclosed outside of Australia?
Where necessary we will disclose personal information to overseas recipients, including a related body corporate. The possible countries that information might be sent to include the USA and China.
What is the complaints process relating to personal information?
If there is a breach of this privacy policy, either of the Act or the Australian Privacy Principles (APP), a complaint may be made by the customer to:
- our customer services team; or
- the Office of the Australian Privacy Commissioner.
Data breaches
All staff are responsible for protecting the confidentiality of customer information and business information. Refer any data breaches, or suspected data breaches, to the customer services team as soon as possible.
What is an eligible data breach?
An eligible data breach, defined in s 26WE(2) of the Act, is when:
- both of the following conditions are satisfied:
- there is unauthorised access to, or unauthorised disclosure of, the information;
- a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates; or
- the information is lost in circumstances where:
- unauthorised access to, or unauthorised disclosure of, the information is likely to occur; and
- assuming that unauthorised access to, or unauthorised disclosure of, the information were to occur, a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates;…
If there is a suspicion of a breach
If we suspect that there has been an eligible data breach, a reasonable and expeditious assessment will be conducted within 30 days.
If we believe or have reasonable grounds to believe there has been a breach then a statement will be prepared setting out:
- the business’s details;
- a description of the breach;
- the kind or kinds of information concerned; and
- recommendations about the steps that we will take in response to it.
If practicable, we will advise the contents of the statement to each of the affected customers who may be at risk from the breach. If this is not practicable we will publish the statement on our website and take other reasonable steps to publicise its contents. Communications with individuals will be via their preferred communication method.
The statement will be submitted to the Privacy Commissioner.
Exception to reporting
Mandatory notification requirements are waived if remedial action can be taken that results in a reasonable person concluding that the access or disclosure is not likely to result in serious harm to any of those individuals.
Company name and contact details
The company (we, our) is Trix Circus Pty Ltd ACN 098 101 547.
Our privacy officer is Amanda Lynch amanda@trixcircus.com . You may ask Ms. Lynch to:
- access your personal information;
- ask for a correction; or
- lodge a complaint.