At b.box we recognise the importance of the privacy and security of our customers, suppliers, distributors and users as well as their representatives in relation to our products, services, applications and websites. In particular, we recognise the importance of protecting the privacy of particular information that is capable of identifying an individual ("personal information").
2. Personal Information
We collect personal data about you in the following ways when you purchase our products, enter into a commercial agreement with us, set up an account, apply for a position, visit our websites, enter a competition, participate in social media functions, contact us directly or submit a request etc.
A. Information You Provide To Us Directly
We generally collect your personal data directly from you online via one of our websites, our apps, or via telephone. When you open an account with us, you will be asked to provide personal data. This information is likely to include your name, address, date of birth, email address, phone number, financial and credit card information and personal description (this is not an exhaustive list).
We may also collect personal data from you when you enter a competition, promotion or survey, participate in user testing, participate in social media functions, or when you report a problem on our website.
Depending on the type of personal data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship. We will inform you if your failure to provide any requested personal information is going to result in these consequences.
When you order from us, we require you to provide your name, address for delivery, your email address, telephone contact and credit card details. We undertake to take due care with this information; however in providing us with such information you accept that we are not liable for its misuse due to error in transmission or virus or malware.
Newsletter signup is completely voluntary and may include submitting your name and email address to receive updates, promotional material and other relevant information. This personal information will remain confidential and will never be forwarded to third parties. You will always have the option on every newsletter to unsubscribe from receiving emails from b.box, and also can do so here.
B. Information We Collect About You Indirectly
We may collect certain information from you indirectly as a result of your online behaviour including:
• Technical information such as the internet protocol (known as IP) address used to connect your computer to the internet, your log-in information, time of access, date of access, time zone setting, web page(s) visited, software crash reports, type and version of browser used, browser plug-in types and versions used, and operating system and platform to ensure the security of your account and to verify that the person operating your account is you;
• Your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our websites (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call out customer service team; and
• Information about your computer or device allowing us to analyse trends, administer our websites, track your web navigation, and gather broad demographic information for aggregated use.
Some of our business partners set web beacons and Cookies on our site. In addition, third-party social media buttons may log certain information such as your IP address, browser type and language, access time, and referring website addresses. Further, if you are logged in to those social media sites, they may also link such collected information with your profile information on that site.
3. Why We Collect Your Personal Data
We collect, use and disclose your personal data for a number of reasons, including:
• to carry out our obligations as a result of any contract entered into between you and us and to provide you with the information and services that you request from us, including to set up, manage and administer your account and to make, settle and pay payments;
• to notify you about changes to the products and services that we offer and (where you have indicated your consent) to directly market these products and services to you;
• to administer our websites for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• to allow you to participate in interactive features of our products and services;
• as part of our efforts to keep our products and services safe and secure;
• to measure or understand the effectiveness of our advertising and marketing;
• for statistical and research purposes (including market research, marketing and data analysis purposes);
• to identify your consumer behaviour, habits and preferences;
• to analyse your credit risk (if applicable);
• to handle payment and collection processes to and from customers;
• to ensure the effective operation of software and IT services procured by us (including disaster recovery);
• for anti-money laundering, prevention of terrorist financing, and identity verification purposes; and
• to comply with licensing and regulatory requirements that are applicable to us; and
• for other reasons with your consent.
We (and permitted third parties) may contact you for direct marketing purposes via social and direct messages, post, telephone, email and SMS/MMS. This marketing may relate to:
• products and services we (or permitted third parties) feel may interest you;
• information about other goods and services we offer that are similar to those that you have already used or enquired about; and
• upcoming events, promotions and new products/services or other opportunities as well as those of selected third parties.
If you no longer wish to receive marketing communications from us, you may:
• Contact b.box customer service ;
• Contact b.box customer service via the live chat function; or
• Click on the unsubscribe link on any marketing communication that you receive from us.
For information about the legal conditions which allow us to do this, please see section 10 below.
4. How We Share Your Data
Except as otherwise set forth herein, we do not sell, trade, rent or otherwise share your Personal Data with any third parties outside of b.box or with our affiliated companies for monetary or other valuable consideration.
5. Personal Information Submitted by Children
Some of the content on our Site may be directed toward children under age 16. However, we do not knowingly collect or solicit personal information from children under age 16 without parental consent, unless permitted by law. If we become aware that we have collected personal information from a child under age 16 without parental consent or unless otherwise permitted by law, we will delete it in accordance with applicable law. If you believe that a child may have provided us with Personal Data without parental consent or otherwise not permitted by law, please contact us.
6. How Long Will We Keep Your Personal Information?
We will not keep your personal data for longer than is necessary for the purposes for which we have collected it, unless we believe that the law or other regulation requires us to keep it (for example, because of a request by a tax authority, Privacy regulator or in connection with any anticipated litigation) or if we require it to enforce our agreements.
In general, we will retain your personal data for as long as we provide services to you and your account is active and following that period, for as long as we provide you directly with any other service offering.
When it is no longer necessary to retain your personal data, we will delete the personal data that we hold about you from our systems. While we will endeavour to permanently erase your personal data once it reaches the end of its retention period, some of your personal data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again.
We strive to ensure the security, integrity and privacy of personal information submitted to our sites, and we review and update our security measures in light of current technologies. Unfortunately, no data transmission over the Internet can be guaranteed to be totally secure.
However, we will endeavour to take all reasonable steps to protect the personal information you may transmit to us or from our online products and services. Once we do receive your transmission, we will also make our best efforts to ensure its security on our systems.
In addition, our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information held by us. However, we will not be held responsible for events arising from unauthorised access to your personal information.
We do not store your credit card details. When you place an order, we provide a secure server. The secure server software (SSL) encrypts all information you input before it is sent to us. Furthermore, we follow strict security procedures in the storage and disclosure of information which you have given us to prevent unauthorised access.
8. Access To Information And Your Rights
We will endeavour to take all reasonable steps to keep secure any information which we hold about you, and to keep this information accurate and up to date. If, at any time, you discover that information held about you is incorrect, you may contact us to have the information corrected. In addition, our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information held by us.
Your rights regarding your Personal Data depend on local law in the jurisdiction where you reside.
If you reside in the EU/EEA, you have various rights under the GDPR in relation to the data which we hold about you as follows:
A. Right to be Informed
You have the right to know how your data will be collected, processed and stored, and for what purposes.
B. Right of Access
You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
C. Right to Rectification
You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
D. Right to erasure (Right to be Forgotten)
You have the right to request that we "erase" your personal data in certain circumstances. Normally, this right exists where:
• The data are no longer necessary;
• You have withdrawn your consent to us using your data, and there is no other valid reason for us to continue;
• The data has been processed unlawfully;
• It is necessary for the data to be erased in order for us to comply with our obligations under law; or
• You object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so. When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data
E. Right to restrict processing
You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
F. Right to data portability
If you wish, you have the right to transfer your personal data between service providers. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the data for you.
G. Right to object
This right enables you to object to us processing your personal data where we do so for certain reasons, including for use in direct marketing databases. Where we have obtained your consent to process your personal data for certain activities (for example, for marketing), you may withdraw this consent at any time and we will cease to use your data for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition.
H. Right to avoid automated decision-making
You have the right to object to decisions made on automated processing or profiling and to require human intervention for important decisions.
To get in touch with us about any of these rights, please contact us. We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
9. Sensitive Personal Data
Unless specifically requested, we ask that you not send us, and you not disclose, on or through the website or otherwise to us, Sensitive Personal Data (e.g., religion, ethnicity, political opinions, ideological or other beliefs, health, biometrics or genetic characteristics, criminal background, trade union membership, or administrative or criminal proceedings and sanctions) unless specifically requested by us or required by law.
10. International Transfers Of Data
If you reside in the EU/EEA we note that the data that we collect from you will be transferred to, and stored at, destinations both within and outside the European Economic Area (EEA). As discussed above, we may disclose your personal data to our group companies and their service providers located in Australia and elsewhere, and to employees operating outside of the EEA who work for us or for one of our group companies or their respective service providers.
We want to make sure that your personal data is stored and transferred in a way which is secure. We will therefore only transfer data outside of the EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data. For example, this could be:
• By way of an intra-group agreement between b.box entities, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws;
• By way of a data transfer agreement with a third party, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws; or
• By transferring your data to an entity which has signed up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions; or
• By transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country's levels of data protection via its legislation; or
• Where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer your data to a benefits provider based outside the EEA); or
• Where you have consented to the data transfer.
11. Links To Other Sites And Social Media
This website may from time to time contain hyperlinks to other websites. Such links are provided for convenience only and we take no responsibility for the content and maintenance of or privacy compliance by any linked website. Any hyperlink on our website to another website does not imply our endorsement, support, or sponsorship of the operator of that website nor of the information and/or products which they provide.
You may link our website without our consent. Any such linking will be entirely your responsibility and at your expense. By linking, you must not alter any of our website's contents including any intellectual property notices and you must not frame or reformat any of our pages, files, images, text or other materials.
Personal information may be collected directly by b.box through our Social Media Pages and may be collected by the social media site hosting the b.box Social Media Page.
The social media sites where b.box has Social Media Pages may provide aggregate information and analysis to b.box about your use of our Social Media Pages. This allows us to better understand and analyse our user growth, general demographic information about the users of our Social Media Pages, and interaction with content on our Social Media Pages. Overall, this information may be used to help us understand the types of visitors and users of our Social Media Pages and use of the content.
12. Problems or Questions
For more information about privacy issues in Australia and protecting your privacy, visit the Australian Information Commissioner and Privacy Commissioner https://www.oaic.gov.au/.