Privacy Policy
(A.B.N 40 913 569 396)
Stone to Gem Opals is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information. We do not sell any of your personal information to other organisations or third parties, other than those that are contracted to us by Shopify our website processor, to keep the information confidential.
This Privacy Policy describes how stonetogemopals.com (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au.
What is Personal Information and why do we collect it?
Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include: names, addresses, email addresses, phone and facsimile numbers.
This Personal Information is obtained in many ways including via our website https://stone-to-gem-opals.myshopify.com/, your website, cookies, email, telephone, facsimile, interviews, media and publications, publicly available sources, correspondence and from third parties. We don’t guarantee website links or policy of authorised third parties.
We collect your Personal Information for the primary purpose of providing our services to you, providing information to our clients and marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing.
When we collect Personal Information, we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
Collecting Personal Information
When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.
Device information
- Examples of Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
- Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
- Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
- Disclosure for a business purpose: shared with our processor Shopify.
Order information
- Examples of Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number.
- Purpose of collection: to provide products or services to you to fulfil our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
- Source of collection: collected from customers using the site.
- Disclosure for a business purpose: shared with our processor Shopify.
Customer support information
- Examples of Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number.
- Purpose of collection: to provide customer support.
- Source of collection: collected from customers using the site.
- Disclosure for a business purpose: shared with our processor Shopify.
Sensitive Information
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Sensitive information will be used by us only:
- For the primary purpose for which it was obtained
- For a secondary purpose that is directly related to the primary purpose
- With your consent; or where required or authorised by law.
Disclosure of Personal Information
Your Personal Information may be disclosed in a number of circumstances including the following:
- Third parties where you consent to the use or disclosure; and
- Where required or authorised by law.
Third Parties
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
Sharing Personal Information
We share your Personal Information with service providers to help us provide our services and fulfil our contracts with you, as described above. For example:
- We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
- We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Using Personal Information
We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfilment of your order, and keeping you up to date on new products, services, and offers.
Disclosure of Personal Information
Your Personal Information may be disclosed in a number of circumstances including the following:
- Third parties where you consent to the use or disclosure; and
- Where required or authorised by law.
Security of Personal Information
Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.
When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.
Access to your Personal Information
You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing.
Stone to Gem Opals will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information. In order to protect your Personal information, we may require identification from you before releasing the requested information.
Maintaining the Quality of your Personal Information
It is important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
Minors
We do not intentionally collect Personal Information from minor children. If you are the parent or guardian and are concerned about Personal Information your child has provided us with, please contact us at the address below to request deletion.
Residents of the European Economic Area (EEA) lawful basis
Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:
- Your consent;
- The performance of the contract between you and the Site;
- Compliance with our legal obligations;
- To protect your vital interests;
- To perform a task carried out in the public interest;
- For our legitimate interests, which do not override your fundamental rights and freedoms.
Currency conversion (GDPR)
By using our website, you (the visitor) agree to allow third parties to process your IP address, in order to determine your location for the purpose of currency conversion. You also agree to have that currency stored in a session cookie in your browser (a temporary cookie which gets automatically removed when you close your browser). We do this in order for the selected currency to remain selected and consistent when browsing our website so that the prices can convert to your (the visitor) local currency.
Retention
When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.
Automatic decision-making
If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.
Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.
Services that include elements of automated decision-making include:
- Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
- Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.
Your rights (GDPR)
If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.
Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.
Residents of California (CCPA)
If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.
Cookies
A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.
We use the following cookies to optimize your experience on our Site and to provide our services.
Cookies Necessary for the Functioning of the Store
Name |
Function |
_ab |
Used in connection with access to admin. |
_secure_session_id |
Used in connection with navigation through a storefront. |
cart |
Used in connection with shopping cart. |
cart_sig |
Used in connection with checkout. |
cart_ts |
Used in connection with checkout. |
checkout_token |
Used in connection with checkout. |
secret |
Used in connection with checkout. |
secure_customer_sig |
Used in connection with customer login. |
storefront_digest |
Used in connection with customer login. |
_shopify_u |
Used to facilitate updating customer account information. |
Reporting and Analytics
Name |
Function |
_tracking_consent |
Tracking preferences. |
_landing_page |
Track landing pages |
_orig_referrer |
Track landing pages |
_s |
Shopify analytics. |
_shopify_s |
Shopify analytics. |
_shopify_sa_p |
Shopify analytics relating to marketing & referrals. |
_shopify_sa_t |
Shopify analytics relating to marketing & referrals. |
_shopify_y |
Shopify analytics. |
_y |
Shopify analytics. |
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.
Do Not Track
Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
Policy Updates and Changes
We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons and is available on our website.
Contact
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at stonetogem@outlook.com or by mail using the details provided below:
PO Box 2199, DEER PARK NORTH VIC 3023, Australia
If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority.
Last updated: 19/4/2022