Updated 7 June 2021
Steelx Group Pty Ltd ACN 130 683 779, its subsidiaries and related bodies corporate and its brands (including but not limited to THE Shed Company) (collectively referred to in this document as “we” “our” or “us” or as the context requires otherwise); our website https://theshedcompany.com.au/; and any software application for mobile devices (Application) that we operate.
This Policy sets out the types of personal information that we usually collect, the purposes for which we collect it, to who we disclose it, how we hold and keep it secure, and your rights in relation to your personal information, including how to complain and how we deal with complaints. This Policy should be read together with our website Terms and Conditions and any location specific legal notice. Our businesses and websites operate from Australia and this Policy provides information in accordance with our obligations under the Privacy Act 1988 (Cth).
In this Policy, personal information means any information about an individual from which that individual can be identified or reasonably identified. It does not include information that has been de-identified (anonymous data). Privacy Act means the Privacy Act 1988 (Cth) and includes the Australian Privacy Principles (APPs) and applicable privacy regulations. Services means any products and services that we offer or provide, including but not limited to rural steel building solutions, the design, construction and sale of sheds, garages, patios, carports, workshops, horse stables, industrial steel building kits, kit homes and commercial shed construction.
1. Your acknowledgement and consent
By visiting our website, enquiring about or purchasing any Services, or providing us with your personal information (either directly or allowing another person to do so on your behalf), you acknowledge and agree that the personal information we collect about you will be collected and handled in accordance with this Policy. If you do not agree with any part of this Policy, you must not provide your personal information to us.
If you do not provide us with your personal information, or if you withdraw any consent we are required by applicable law to have in order to process the information you have given us, this may negatively affect our ability to provide Services to you.
2. Personal information that we collect
We only collect personal information that is necessary for the dealings you have with us, for example:
(a) when you request a quote for Services, establish or access an account, order Services from us, conduct certain types of transactions such as cheque purchases or refunds, or otherwise enquire about the Services we may require you to provide us with contact information including your name, address, telephone number or email address and financial information (such as credit card details).
(b) when you submit any personal information to us when requesting a quote or leaving feedback via a third party application on our website, such as Tawk.to and Product Review.
(c) If you contact us with your opinion, feedback or questions in relation to our Services, we may keep a record of that correspondence.
(d) when you submit your name and e-mail address to sign up for our website mailing list.
(e) if you apply for a job vacancy with us or via any third party recruitment service we use, we will collect your CV and other application information required to allow us to assess your application and to retain for human resources purposes.
3. Special types of information we may collect
When required, we may collect the following types of information from you:
(a) financial information: we may via our website or through our sales facilities which is used by us solely to facilitate the transaction and bill you for the Services. Financial information we collect from you is strictly confidential and held on secure servers in controlled facilities.
(b) sensitive information: we generally do not collect any sensitive information unless it is reasonably necessary for our functions or activities and you have explicitly consented. The circumstances in which we may collect sensitive information may include during recruitment, when we may need to collect details of an applicant’s health and disability or information about immigration status.
4. Dealing with us Anonymously or using a pseudonym
Where possible and lawful, you may interact with us anonymously or using a pseudonym. For example, if you contact us with a general question we will not record your name unless we need it to adequately handle your question.
However, for many of our functions and activities we usually need your name, contact information and other details.
5. Purpose of collecting personal information
We may collect your personal information for the following purposes:
(a) to confirm your identity;
(b) contacting you about product or Service you have enquired about or ordered;
(c) to provide Services to you, including processing payment, arranging delivery, or ongoing customer service;
(d) notifying you about special offers, products or services available from us or our participating partners, whether the notice comes from us directly or via a third party advertising service;
(e) business planning, product development and research development;
(f) understanding the types of people who are interested in the Services and developing measurement, marketing and analytics measures to assist in marketing the Services to those people;
(g) fulfilling any mandatory reporting obligations required by applicable law, including communication with and notifying you where a notifiable data breach has occurred in relation to your personal information;
(h) to assess your application for a role with us and to take references;
(i) any related secondary purpose which we believe you would reasonably expect when we collected your personal information or as a result of our ongoing relationship with you;
(j) any purpose for which you have consented;
(k) any purpose for which we are required or authorised by applicable law; and
(l) to respond to and manage inquiries, complaints, feedback and claims, defend our legal interests and investigate and protect against fraud, theft and other illegal activities.
6. Disclosure of personal information
We will only disclose personal information to persons outside our business in the circumstances set out in this Policy or as otherwise notified to you at the time of collection of the information.
If we merge with or are acquired by another entity, your personal information may be transferred to that entity as a part of the merger or acquisition. In addition we may use or disclose personal information held about you where you have consented to such use or disclosure or where such use or disclosure is required under or authorised by law, or where we reasonably believe that the use or disclosure is necessary for prevention, investigation, prosecution and punishment of crimes or wrongdoings or the preparation for or conduct of proceedings before any court or tribunal or the implementation of the orders of a court or tribunal by or on behalf of an enforcement body.
7. Cross border disclosure
We may disclose personal information to overseas recipients, who are located in places such as New Zealand and other countries or jurisdictions depending on the nature of the services those recipients provide to us (for example to arrange our suppliers in New Zealand to supply you with a product or service that you have requested in New Zealand, or for those suppliers to supply you if you are part of our New Zealand franchise network).
8. Direct marketing and your consent / opting out
We may use your personal information to identify a product or service that you may be interested in or to contact you about (for example an event or promotion in your region). We may with your consent where required by applicable law, use the contact details you have provided to contact you from time to time whether by phone, email SMS or post to tell you about new products or services and special offers that we believe may be of interest to you.
You can withdraw your consent to receiving direct marking communications from us at any time by unsubscribing from the mailing list (by clicking ‘unsubscribe’ in any email from us), by contacting us on the details at the end of this Policy or by using any unsubscribe facility available in the electronic communication you receive (where available).
9. Credit Card information
We sometimes use third parties to process sales paid for via credit card, for example PayWay API (operated by Westpac Banking Corporation ABN 33 007 457 141) or PayPal Australia Pty Limited ABN 93 111 195 389 (Payment Gateway).
Where we use a Payment Gateway to process a payment via credit card, we do not directly hold any payment information other than a billing address and a contact email on the website servers. In accordance with the Payment Gateway policies, we may be able to view credit card details, however, we will only use such information for the purposes of credit card verification, transaction approval or to provide a refund. Any information collected by the Payment Gateway may be used in accordance with the Payment Gateway privacy or other policies and is beyond our control. To view the Payment Gateway policies please refer to https://www.westpac.com.au/privacy/ and https://www.paypal.com/au/webapps/mpp/ua/privacy-full.
10. Security and Storage
We place great importance on the security of all information associated with our customers, clients and contractors. We take all reasonable and appropriate steps (including organisational and technological measures) to protect your personal information from loss, misuse and interferences, as well as unauthorised access, modification or disclosure.
Where we store your information depends on what interaction you have had with us. These include:
(a) electronic databases, including those for processing customer enquiries or feedback;
(b) email databases for marketing communications; and
(c) paper based forms.
Please keep in mind that no data transmission over the Internet is guaranteed to be secure. We will take all reasonable steps to protect your information or personal details, however we cannot ensure or warrant the security of any information or personal details you provide to us. These activities are conducted at your own risk.
We only keep your personal information for as long as it is required for the purpose for which it was collected or as otherwise required by applicable laws. If we no longer need to hold your personal information for any reason, we will take reasonable steps to de-identify or destroy that information. These steps may vary depending on the nature of the information, the way it was collected and how it was stored.
11. Data breaches
The Privacy Act requires us to notify affected individuals and the Privacy Commissioner about ‘eligible data breaches’. An eligible data breach occurs when the following criteria are met:
(a) there is unauthorised access to or disclosure of personal information we hold (or information is lost in circumstances where unauthorised access or disclosure is likely to occur);
(b) the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates; and
(c) we are unable to prevent the likely risk of serious harm with remedial action.
If it is not clear whether a suspected data breach meets these criteria, we will investigate and assess the breach to determine whether the breach is an ‘eligible data breach’ that requires us to notify the affected individuals. This is to ensure you are notified if your personal information is involved in a data breach that is likely to result in serious harm. Even if the criteria are not met, we may decide it appropriate to notify you anyway as part of our commitment to taking privacy seriously.
Spam is an electronic message that is both unsolicited and commercial in nature. We confirm:
(a) we have crafted an internal policy to educate our staff and implement clear guidelines and rules on commercial electronic messages;
(b) you are free to unsubscribe from any mailing list to which you have previously subscribed, either by using the opt-out facility provided in the message or by contacting our Privacy Officer;
(c) we will not use address-harvesting software for any reason.
To assist us in combating spam, we ask you to:
(d) if you receive an unauthorised commercial or offensive message which appears to originate from our email address, please assume that it has been sent in error and notify our Privacy Officer immediately;
(e) ensure that you unsubscribe from any of our mailing lists if you decide you no longer wish to receive commercial messages from us or our contracted third parties; and
(f) if you do subscribe to any of our mailing lists, please notify us of any change to your contact details.
We may combine our cookies, information collected through the cookies and web beacons on our website with other information and use analytics services to provide better or more relevant services and advertising to you on our or third party websites.
If you would prefer not to receive cookies, you can alter your security settings on your web browser to disable cookies or to warn you when cookies are being used. However this may mean you may not be able to take advantage of all features of the website.
14. Website and online software data
Every time you use our website, information may be collected by us or on our behalf via services such as Google Analytics. This includes information such as:
(a) your server IP address and domain name of your internet service provider;
(b) the type of browser and operating system you use;
(c) pages accessed; and
(d) the date and time of your visit;
(e) any address of a recurring site and any other website you are about to visit; and
(f) the information you submit regarding payment particulars, including credit card details which are captured by our online software and database.
This information is used to provide statistical reporting on the use of our website, including the frequency and duration of visits, and which web pages you have accessed on our website.
15. Disposal of personal information
We only keep your personal information for as long as it is required for the purpose for which it was collected or as otherwise required by law. If we no longer need to hold your personal information for whatever reason, we will take reasonable steps to de-identify or destroy that information. These steps may vary depending on the nature of the information, the way it was collected and how it was stored.
16. Changes to this Policy
17. Access to and Correction of Personal Information
We are committed to maintaining accurate, timely, relevant and appropriate information about the individuals whose personal information we hold. We will endeavour to ensure that the personal information collected from you is up to date, accurate and complete.
You may request access to or correction of your personal information we hold about you at any time by contacting our Privacy Officer on the details shown in this Policy.
We will need to verify you. Subject to any applicable exceptions or requirements, we will provide you with access to the personal information you request within reasonable time and usually within 28 days. If we decide to refuse your request we will tell you why in writing and how to complain.
If you have a concern, question or complaint about this Policy or your privacy, your complaint should be in writing to our Privacy Officer using the details shown in this Policy. We will need to verify you, respond to you within a reasonable period of time to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint. If you are not satisfied with our response, you may complain directly to the Office of the Australian Information Commissioner (OAIC) via the OAIC website: www.OAIC.gov.au.
19. Contacting Us
If you require further information regarding this Policy, please contact our Privacy Officer on the following details:
P.O. Box 411
Varsity Lakes QLD 4227
Email: [email protected]
Phone: 07 5657 8819
For more information about privacy issues in Australia and protecting your privacy, visit the Office of the Australian Information Commissioner's website: www.OAIC.gov.au.