Privacy Policy
1 – We respect your privacy
- Creo Bella is operated by THE TRUSTEE FOR THE FAIRHURST FAMILY TRUST (ABN 76 990 013 320)(we, us or our). We respect your right to privacy and are committed to safeguarding the privacy of our clients in accordance with applicable data protection laws and regulations. We will take reasonable steps to ensure the personal information we collect, use, hold or disclose is done so, to the extent that it applies to us, in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. We will also endeavour to comply with the EU General Data Protection Regulation for clients who are in a country that is a member of the European Economic Area (EEA).This policy sets out how we manage personal information.
2 – What is personal information?
- “Personal information” is information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not, and whether the information is recorded in a material form or not.
3 – Collection of personal information
- Creo Bella will only collect and hold personal information provided by you or others, or given to us in other forms when it is necessary for the provision of our services and with your explicit consent.
- Consistent with the provision of our services, the types of personal information we may collect, and hold include your name, address, telephone number, date of birth, email address, credit or debit card details, information about your business or goals and information about the way you use the services; and any communications we may have related to all of the above.
- We may collect additional information at other times, including but not limited to when you provide feedback; when you provide information about your personal or business affairs; change your content or email preferences; respond to surveys and/or promotions; provide us with a testimonial; or communicate with us, our other clients or our customer support.
- We may also collect information about how you use our website, via third parties.
4 – Cookies
- We may from time to time use cookies on our website (creobella.com) (Website). Cookies are very small files which a website uses to identify you when you come back to the Website and to store details about your use of the Website. Each Website can send its own cookie to your browser if your browser’s preferences allow it, but you can choose to reject cookies by changing your device or computer settings. However, this may prevent you from taking full advantage of our website.
- At times personal information may also be gathered from third parties, such as Google Analytics or Facebook Pixel. These third parties may use cookies, web beacons and similar technology to collect or receive information about you from our website and elsewhere on the internet
5 – How we collect your personal information
- Typically, we collect and hold personal information which is provided to us by you and other users of the Website and through acquiring our services.
- Creo Bella collects and holds personal information provided to us through our Website, via social media, by email, over the phone and through the provision of our services. For example, when you send an email to us or give us information through the Website, we may retain this in order to respond to your inquiry or provide you with services.
- We may also collect and hold personal information provided to us from third parties. If we do, we will protect it as set out in this Privacy Policy.
- Personal information is held only for as long as the information remains relevant to the purpose for which it was collected and in accordance with applicable data retention laws.
Why we collect your personal information
- Creo Bella may use personal information collected from you to provide you with information, updates and/or our services. We may also make you aware of new and additional products, services and opportunities that may be of interest to you. We may use your personal information to improve our products and services and better understand your needs.
- We also collect personal information to analyse and enhance our business operations and improve your experience with our business. This is used as statistical information to analyse traffic to our website, and to customise content and advertising we provide.
- The Website may make third party social media features available to its users. We cannot ensure the security of any information you choose to make public in a social media feature. Also, we cannot ensure that parties who have access to such publicly available information will respect your privacy
- Where we collect your financial information, we use it to help you pay for our products and services. Only the staff that need to know this information have access to it, and we only keep it as long as it is necessary. We use SSL certificates to verify your identity, and encrypt the data you give us. All financial information is encrypted on our servers and we do not keep all your data (to prevent unauthorised and duplicate transactions). We do not keep any details of your direct debit, and all information is sent to our bank for processing.
- We won’t use or disclose your personal information for any secondary purpose, unless:
- that secondary purpose is related to the primary purpose for which we collect that information and you would reasonably expect the disclosure in the circumstances;
- you have given us your consent; or
- we are permitted to do so under the relevant legislation.
6 – Disclosure of your personal information
- We will take reasonable precautions to protect your personal information, including against loss, unauthorised access, disclosure, misuse or modification. It is kept securely and accessible only to authorised personnel. Information is kept in accordance with our legal record keeping obligations and then destroyed appropriately.
- We may disclose your personal information however to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this Policy. We may also need to share some of the information we collect about you with organisations both inside and outside Australia, but Personal information is only supplied to a third party when it is required for the delivery of our services and communicate with you.
- We may from time to time need to disclose personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request, provided that we have informed you of such disclosure where legally permissible.
- We may also use your personal information to protect the copyright, trademarks, legal rights, property or safety of Creo Bella and its officers and/or to protect the Website.
- Information that we collect may from time to time be stored, processed in or transferred between parties, including our service providers, located in countries outside of Australia. These may include, but are not limited to, the United States of America, Singapore, China, South America, United Kingdom and selected EU countries.
- In the event of a serious data breach, we shall comply with the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act 1988) and notify the Office of the Australian Information Commissioner and the affected individuals where required. Notification of a data breach may take the form of an email or a notice on our Website.
- If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer, to the extent permissible at law, our user databases, together with any personal information and non-personal information contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality. We would seek to only disclose information in good faith and where required by any of the above circumstances.
- However, we do disclose your personal information where it is necessary to obtain third party services, such as analytics, data storage, payment service providers or marketing and advertising services. To protect your personal information we endeavour to ensure that our third party service providers also comply with the Australian Privacy Principles, but some third parties we use may collect, hold and process personal information overseas. You can opt out of the collection and use of this information by changing your privacy settings or opting out.
- By providing us with personal information, you explicitly consent to the terms of this Privacy Policy and the types of disclosure covered by this Policy. You have the right to withdraw your consent at any time. Where we disclose your personal information to third parties, we will request that the third party follow this Policy regarding handling your personal information.
7 – How we make sure your personal information is protected
- All personal information stored on our website platform is treated as confidential. It is stored securely and is accessed by authorised personnel only. Our collection is limited in relation to what is necessary, for the purpose for which the personal information is processed, and kept only for so long as is necessary for the purpose for which the personal information was collected. We implement and maintain appropriate technical, security and organisational measures to protect personal information against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure. We ensure the encryption and pseudonymisation of personal information and we have adequate cyber security measures in place. By providing us with your personal information you consent to us disclosing it to third parties who reside outside the EEA countries. We will ensure that those third parties are GDPR compliant.
8 – Access to your personal information & Correction
- We will take all reasonable steps to ensure any personal data we collect, use or disclose is up to date and accurate. If you believe personal information we may hold about you is not up to date or accurate, you may ask us to correct it..
- You may ask us to provide you with details of the personal information we hold about you, how we use that information and copies of the information. We will respond to your request and, unless we are not required to do so under any relevant legislation, attempt to provide you with the data within 45 days of receipt of your request.
- If we provide you with copies of the information you have requested, we may charge you a reasonable fee to cover the administrative costs of providing you with that information.
- Please direct all requests for access and correction to us via the “Contact” page on the Website.
9 – Additional Provisions For European Citizens
- If you are a resident of the European Economic Area (“EEA”) you have certain rights and protections under the GDPR regarding the processing of your personal information. We are a controller under the GDPR as we collect, use and store your personal information to enable us to provide you with our website services and information about them. We rely on the following lawful means of processing your personal information:
- where you have given us valid express consent to use your personal information we will rely on that consent, and only use the personal or sensitive information for the specific purpose for which you have given consent;
- where we need to comply with the law, or act in an emergency, we will rely on that lawful basis for processing your personal information..
- If you are a client from the EEA, you also, in certain circumstances:
- can request us to erase your personal information.
- Once we have verified the appropriateness of your request, we will either erase or anonymise your data, depending on the specific request and applicable legal requirements. We may retain certain information about you as required by law and/or for legitimate business purposes permitted by law.
- have the right to request that the further processing of your information is restricted or to object to its processing (including for marketing purposes) and the right to data portability (to receive and have transferred the information you provided).
- Any request relating to the matters in 11.1 should be made through our Website. If we refuse any request you make in relation to these rights, we will write to you to explain why and you can make a complaint about our decision to Autoriteit Persoonsgegevens, the Dutch Data Protection Authority.
10 – Changes to privacy policy
- Please be aware that we may change this Privacy Policy from time to time. The most recent version is published on our Website. We may modify this Privacy Policy at any time, in our sole discretion and all modifications will be effective immediately upon our posting of the modifications on our website or notice board. Please check back from time to time to review our Privacy Policy.
11 – Complaints about privacy
- If you have any complaints about our privacy practices, please feel free to send in details of your complaint to us via our Website. We take complaints very seriously and will endeavour to respond to you within 30 days after receiving written notice of your complaint.
- If you do not consider our response satisfactory, you may complain to the Office of the Australian Information Commissioner (OAIC). Information on how to make a complaint to the OAIC is available on its website: oaic.gov.au, or you may also call the OAIC Enquiries Line on 1300 363 992.