1.  BACKGROUND

1.1   General 

Florentia Pty Ltd (Florentia, we, us, our) is committed to protecting your personal information, in accordance with the Australian Privacy Principles in the Privacy Act, the Spam Act, the Do Not Call Register Act and applicable health privacy laws. 
This Policy explains how we collect, use, disclose and otherwise handle personal information. By 'personal information' we mean information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable (for example, your name, email address and phone number). 

A copy of this Privacy Policy is available on our website at www.Florentia.com.au, or www.Florentia.com (depending upon your location) or you can request a copy by contacting us (details under heading 10 below).

2.  What we collect

2.1  General
The type of personal information that we collect about you depends on the dealings you have with us. For example, if you: make an in-store purchase, we may collect your credit card details and purchase details create an online account with us (which you must to do make an online purchase), we will collect your name, email address and password, and we may collect your phone number and address
make an online purchase, we will use your online account information and collect details of the order you place, shipping address, billing address (if different from shipping address), phone number, payment information and credit voucher details (if applicable)
sign up for our newsletter, we will collect your email address; name, and we may collect your phone number, address, age and sex
visit our stores or corporate premises, we may collect video and sound recordings of you through surveillance cameras
attend a Florentia function or event, we will collect your name, contact details and any dietary and/or accessibility requirements
enter a Florentia competition or promotion, we will collect your name, contact details and any other information you provide when submitting your entry
work for a supplier, we may collect details such as your name, job title, address, telephone number and email address
send us an enquiry or provide us with feedback, we may collect your name, contact details, details of your enquiry or feedback and information about our response
apply for a job with us, we will collect the information you include in your job application, including your cover letter, resume, contact details and referee details

2.2  Sensitive information
We only collect sensitive information (such as health information) where it is reasonably necessary for our functions or activities and either you have consented, or we are required or authorised by law to do so.

2.3  Collection of information other than personal information through our website
When you visit our website, some of the information that is collected about your visit is not personal information, as it does not reveal your identity.

Site visit information 
For example, we record your server address, the date and time of your visit, the pages you visited, any documents you downloaded, the previous site you visited and the type of device, browser and operating system you used. 
We use and disclose this information in anonymous, aggregated form only, for purposes including statistical analysis and to help us identify the most effective areas of the website and improve the less popular ones. You are not individually identified, however we reserve the right to use or disclose this information to try to locate an individual where we reasonably believe that the individual may have engaged in any unlawful or inappropriate activity in connection with our website, or where we are otherwise required or authorised by law to do so. 

Cookies 
A cookie is a small string of information that a website transfers to your browser for identification purposes. The cookies we use do not identify individual users, although they do identify the user's internet browser. 
We use cookies to hold anonymous session information. This information is used to personalise your current visit to the website, for example to allow the website to remember who you are. 
Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your internet browser to reject cookies, or to notify you when they are being used. There are also software products available that can manage cookies for you. Rejecting cookies can, however, limit the functionality of our website.

3.  How we collect personal information

 3.1  Methods of collection

We collect personal information in a number of ways, including:

- in person (for example, if you make an in-store purchase)
- through our website (for example, if you sign up for our newsletter, create an online account or order items online)
- through our social media pages
- over the telephone
- through written correspondence (such as letters, faxes and emails)
- on hard copy forms (for example, competition entry forms)
- through surveillance cameras (if you visit a store or our corporate premises)

3.2  Collection notices 

Where we collect personal information about you, we will take reasonable steps to provide you with certain details about that collection (such as why we are collecting the information and who we may share it with). We will generally include this information in a collection notice. 
Collection notices provide more specific information than this Privacy Policy. The terms of this Privacy Policy are subject to any specific provisions contained in collection notices and in the terms and conditions of particular offers, products and services. We encourage you to read those provisions carefully.

4.  Why we collect personal information

4.1  General
The main purposes for which we collect, hold, use and disclose personal information are to:
process transactions for products or services, both in-store and online and to deliver products and services
operate our loyalty program
promote ourselves and our products and services, including through direct marketing, events, competitions and social media (see under heading 4.2 below)
procure products and services for our business
perform research and statistical analysis, including for marketing, customer satisfaction, product development and service improvement purposes
protect the security of our offices, stores, staff, customers and merchandise (including fraud and loss prevention)
answer queries and resolve complaints
recruit staff and contractors

4.2  Direct marketing and opting out
We may use your personal information to let you know about us and our products and services (including promotions, special offers and events), either where we have your express or implied consent, or where we are otherwise permitted by law to do so. We may contact you for these purposes in a variety of ways, including by mail, email, SMS, telephone, social media or online advertising.
Opting out 

Where you have consented to receiving marketing communications from us, your consent will remain current until you advise us otherwise. However, you can opt out at any time, by:
contacting us (details under heading 10 below)
using the unsubscribe facility that we include in our electronic messages (such as emails, SMSes and MMSes)

5.  Who we may share your personal information with

We may share your personal information with third parties where appropriate for the purposes set out under heading 4, including:
financial institutions for payment processing
referees whose details are provided to us by job applicants
prospective purchasers in the event of a proposed or actual sale of our business
our contracted service providers, including
  - delivery and shipping providers
  - information technology and data storage providers
  - venues and event organisers
  - marketing and communications agencies
  - research and statistical analysis providers
  - hard copy and electronic mail houses
  - regulatory or government bodies to comply with laws
  - external business advisers (such as recruitment advisors, accountants, auditors and lawyers)

In each case, we may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.

6.  Cross border disclosure of personal information

We may disclose personal information to third parties located overseas in the following situations:
financial institutions for payment processing
our contracted service providers, including
  - delivery and shipping providers
  - information technology and data storage providers
  - venues and event organisers
  - marketing and communications agencies
  - research and statistical analysis providers
  - hard copy and electronic mail houses
  - regulatory or government bodies to comply with laws
  - external business advisers (such as recruitment advisors, accountants, auditors and lawyers)
In each case, we will comply with the relevant requirements of the Privacy Act.

7.  Data quality and security

7.1  General
We hold personal information in a number of ways, including in electronic databases, email contact lists, and in paper documents held in drawers and cabinets. Paper files may also be archived in boxes and stored offsite in secure facilities. We take reasonable steps to:
make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant;
protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure; and
destroy or permanently de-identify personal information that is no longer needed for any purpose permitted by the APPs.

7.2  Security 
The steps we take to secure the personal information we hold include website protection measures (such as firewalls and anti-virus software), security restrictions on access to our computer systems (such as login and password protection), controlled access to our corporate premises and restriction of access to personal information on our systems to staff who need the information to perform their roles. 

While we endeavour to protect the personal information and privacy of users of our website, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact us by telephone or post (details under heading 10 below). 

If you have an online account with us, you can also help to protect the privacy of your personal information by maintaining the confidentiality of your password and by ensuring that you log out of the website when you have finished using it. In addition, if you become aware of any security breach, please let us know as soon as possible. 
Third party websites 

Links to third party websites that are not operated or controlled by us are provided for your convenience. We are not responsible for the privacy or security practices of those websites, which are not covered by this Privacy Policy. Third party websites should have their own privacy and security policies, which we encourage you to read before supplying any personal information to them.

 

8.  Access and Correction

Please contact us (details under heading 10 below) if you would like to access or correct the personal information that we hold about you. We may require you to verify your identity before processing any access or correction requests, to make sure that the personal information we hold is properly protected.

8.1  Access
We will generally provide you with access to your personal information, subject to some exceptions permitted by law. We will also generally provide access in the manner that you have requested (eg by providing photocopies or allowing a file to be viewed), provided it is reasonable and practicable for us to do so. We may charge a fee to cover our reasonable costs of locating the information and providing it to you. If you have an online account with us, you can also access your account information by logging into your account through our website.

8.2  Correction
If you ask us to correct personal information that we hold about you, we will take reasonable steps to correct that information. If we refuse to correct personal information in the manner you have requested, you may ask us to associate your request with the information and we will take reasonable steps to do so.

8.3  Timeframe
Except in the case of more complicated requests, we will endeavour to respond to access and correction requests within 30 days.

9.  Complaints 

If you have a complaint about how we have collected or handled your personal information, please contact us (details under heading 10 below). 
We will endeavour in the first instance to deal with your complaint and take any steps necessary to resolve the matter within a week. If we are not able to do so, we will ask you to submit your complaint in writing. 

In most cases, we expect to investigate written complaints and provide a response within 30 days of receipt. If the matter is more complex and our investigation may take longer, we will contact you and tell you when we expect to provide our response. 

If you are not satisfied with our response, you can refer your complaint to the Office of the Australian Information Commissioner (see here for further information).

10.  Our contact details 

Please contact us if you have any queries about the personal information that we hold about you or the way we handle that personal information. Our contact details are set out below. 
Mail:

Florentia Privacy 
Unit 18, 19 McCauley Street
Matraville NSW 2036 
Sydney, Australia 
Email: info@florentia.com.au 
Telephone:
(02) 9637 5076 (for callers within Australia) 
+61 2 9637 5076 (for callers outside Australia)

11.  Changes to this Policy 

We may amend this Privacy Policy from time to time. The current version will be posted on our website and a copy may be obtained by contacting us (details above).