SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
SECTION 2 - CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at email@example.com or mailing us at:
The Paint Store Australia
27 Whitehaven Ave Quakers Hill New South Wales AU 2763
SECTION 3 - DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 7 - COOKIES
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
SECTION 8 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at firstname.lastname@example.org or by mail at
The Paint Store Australia
[Re: Privacy Compliance Officer]
27 Whitehaven Ave Quakers Hill New South Wales AU 2763
Terms For Conversion Tracking, Custom Audiences From Your Website, and Custom Audiences From Your Mobile App
Facebook provides certain features and tools, such as pixels, SDKs and APIs (“Facebook Tools”) that you can add to your websites or apps to allow you to send data to Facebook, including about actions that people take on your websites or apps (“Event Data”). By clicking “Accept” and using these features and tools, you agree to the following:
A. Facebook will use the Event Data received to provide you with the Facebook services you choose to use, such as providing you with insights about the effectiveness of your ads or the use of your websites/apps, or to create your custom audience for advertising, and in accordance with our Data Policy (https://www.facebook.com/about/privacy/). Event Data will also enable us to better target ads and to optimize our systems. In connection with such targeting and optimization, Facebook will: (i) use Event Data collected from your website or mobile app for ads optimization only after such Event Data has been aggregated with other data collected from other advertisers or third parties or otherwise collected on Facebook and (ii) not allow other advertisers or third parties to target advertising solely on the basis of Event Data collected from your website or mobile app.
B. Event Data will not be disclosed to other advertisers or to third parties, unless we have your permission or are required to do so by law. Facebook will maintain the confidentiality and security of Event Data, including by maintaining technical and physical safeguards that are designed to (a) protect the security and integrity of data while it is within Facebook's systems and (b) guard against the accidental or unauthorized access, use, alteration or disclosure of data within Facebook's systems.
C. You agree and confirm that you (or your data providers) have provided robust and sufficiently prominent notice to and obtained the necessary consent from your users regarding the Event Data collection, sharing and usage enabled by your use of the Facebook Tools. This must include, at a minimum:
In jurisdictions that require informed consent for the storing and accessing of cookies or other information on an end user’s device (such as but not limited to the European Union), you must ensure, in a verifiable manner, that an end user provides the necessary consent before you use Facebook Tools to enable Facebook to store and access cookies or other information on the end user’s device. (For suggestions on implementing consent mechanisms, visit Facebook’s Cookie Consent Guide for Sites and Apps.)
D. You agree not combine any information obtained in connection with these terms with personally identifiable information. You further agree that you will not share with us information that you know or reasonably should know is from or about children under the age of 13 or that includes health, financial, or other categories of sensitive information (including any information defined as sensitive under applicable law).
E. You agree that Facebook may include notice in or around your advertisements explaining that the ad is targeted, and you agree that you will not modify, obscure, or otherwise interfere with these notices, including any technical components that enable users to access additional information or choice mechanisms.
F. Facebook may modify, suspend or terminate access to, or discontinue at any time the availability of Facebook Tools. You may discontinue your use of the Facebook Tools at any time. If applicable, you may delete your custom audience from the Facebook system at any time through your account tools.
G. If you are using any of these features on behalf of a third party, you also represent and warrant that you have the authority as agent to such party to use such features on their behalf and will bind such party to these terms.
These Terms govern your use of the Facebook Tools. The Facebook Tools are part of “Facebook” under Facebook’s Statement of Rights and Responsibilities (https://www.facebook.com/legal/terms, the “SRR”), and your use of these tools is deemed part of your use of, and actions on, “Facebook.” These Terms do not replace any terms applicable to your purchase of advertising inventory from Facebook, and such terms will continue to apply to your ad campaigns for which you are using the Facebook Tools. In the event of any conflict between these Terms and such terms or the SRR, these Terms will govern solely with respect to your use of Facebook Tools, and solely to the extent of the conflict. Facebook reserves the right to monitor or audit your compliance with these terms and to update these terms from time to time, and your continued use of these features constitutes acceptance of those changes.
Last updated on January 13th, 2017
Custom Audiences Terms
Facebook’s custom audience feature enables you to create an audience using your data such as email addresses and phone numbers. When using Facebook’s custom audience feature, your data is locally hashed on your system before you upload and pass such data to Facebook to be used to create your custom audience (the “Hashed Data”). Without limiting any agreement between you and Facebook, by clicking “I accept” and passing to Facebook the Hashed Data, you agree to the following:
You represent and warrant that you (or your data provider) have provided appropriate notice to and secured any necessary consent from the data subjects whose data will be hashed to create the Hashed Data, including as needed to be in compliance with all applicable laws, regulations and industry guidelines. If you have not collected the data directly from the data subject, you confirm, without limiting anything in these terms, that you have all necessary rights and permissions to use the data. If you are using a Facebook identifier to create a custom audience, you must have obtained the identifier directly from the data subject in compliance with these terms.
You confirm that the Hashed Data does not relate to data about any data subject who has exercised an option that you have, directly or indirectly, committed to honoring or provided to opt out of having that data used by you or on your behalf for targeted advertising. To the extent a data subject exercises such an opt-out after you have used data relating to that data subject to create a custom audience, you agree to remove that data subject from the custom audience.
The Hashed Data you provide to us will only be used for the matching process, will not be shared with third parties or other advertisers and will be deleted promptly after the match process is complete. Facebook will maintain the confidentiality and security of the Hashed Data and the collection of Facebook User IDs that comprise your custom audience (“your custom audience”), including by maintaining technical and physical safeguards that are designed to (a) protect the security and integrity of data while it is within Facebook's systems and (b) guard against the accidental or unauthorized access, use, alteration or disclosure of data within Facebook's systems. Further, Facebook will not give access to or information about your custom audience to third parties or other advertisers, use your custom audience to append to the information we have about our users or build interest-based profiles, or use your custom audience except to provide services to you, unless we have your permission or are required to do so by law.
Facebook may modify, suspend or terminate access to, or discontinue the availability of, the custom audiences feature at any time. You may discontinue your use of the custom audience feature at any time. You may delete your custom audience from the Facebook system at any time through your account tools.
If you are providing Hashed Data on behalf of a third party, you also represent and warrant that you have the authority as agent to such party to use such data on their behalf and bind such party to these terms.
You may not use the custom audience feature unless you are an advertiser (or an agency acting on behalf of an advertiser), Ads API or Custom Audiences API partner, a data partner that has signed an agreement with us which grants you permission to upload and create a custom audience, or have obtained express, written permission from Facebook. If you are providing Hashed Data on behalf of a third party, you may only use that third party’s own data to create custom audiences on its behalf and may not augment or supplement that data with other data. You may not sell or transfer custom audiences, or authorize any third party to sell or transfer custom audiences.
A note to EU data controllers: Facebook, Inc. has made commitments under the EU-US Privacy Shield that may apply to data transferred under these Custom Audience Terms. When applicable as the means to transfer personal data regarding EU data subjects to Facebook, Inc., you acknowledge that the Privacy Shield Terms (https://www.facebook.com/legal/privacyshieldtermsforadvertisers) apply to such data in addition to these Custom Audience Terms.
These Custom Audiences Terms and, to the extent applicable, the Privacy Shield Terms, govern the provision by you of Hashed Data to us and your use of the custom audiences feature. They do not replace any terms applicable to your purchase of advertising inventory from Facebook (including but not limited to the Facebook Advertising Guidelines at https://www.facebook.com/ad_guidelines.php), and such terms will continue to apply to your ad campaigns targeted to your custom audience. The custom audiences feature is part of “Facebook” under Facebook’s Statement of Rights and Responsibilities (https://www.facebook.com/legal/terms, the “SRR”), and your use of the custom audiences feature (including your use of data) is deemed part of your use of, and actions on, “Facebook.” In the event of any express conflict between these Custom Audiences Terms and the SRR, these Custom Audiences Terms will govern solely with respect to your use of the custom audiences feature and solely to the extent of the conflict. Facebook reserves the right to monitor or audit your compliance with these terms and to update these terms from time to time.
Last Modified December 2, 2017