Privacy & Cookies

Dindi Store privacy and cookies policy

Updated 29 May 2020

Background

General

The Dindi Store (The Dindi Store, we, us or our) is an online store that is operated by the Murrindindi Shire Council ABN83 600 647 004 (Council). It is an initiative of Council to help support local businesses in Murrindindi Shire through and beyond the COVID-19 pandemic and is co-funded by the Victoria Government.

Council owns and operates www.thedindistore.com.au (Site).

We are committed to protecting your privacy, in accordance with applicable Australian privacy laws.

This policy (Privacy Policy) is designed to give you a greater understanding of how we collect, use, disclose and otherwise handle personal information.

A copy of this Privacy Policy is available on our website at www.thedindistore.com.au/pages/privacy-cookies or you can request a copy by contacting our office at msc@murrindindi.vic.gov.au.  

What is personal information?

In general terms, legislation defines 'personal information' as information or an opinion about an identified individual or an individual who is reasonably identifiable, whether the information is true or not and whether the information or opinion is recorded in a material form or not.

Our obligations

We comply with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act).  The APPs regulate the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, security, accessibility and disposal.

The Privacy Act also includes a data breach notification regime, which requires us to address data breaches involving personal information held by us. 

We also comply with more specific privacy legislation in some circumstances, such as the Spam Act and the Do Not Call Register Act.

Employee records

We are generally exempt from the Privacy Act when we collect and handle employee records and this Privacy Policy does not apply to that information. However, where State or Territory health privacy legislation applies, we are still required to protect the privacy of employee health information.  This Privacy Policy will apply in those circumstances. 

Collection and use of device and personal information

General

You may be asked to provide your personal information when you are in contact with The Dindi Store.

The personal information collected may vary depending on your particular interaction with us but will be limited to that information necessary to record and manage our interaction with you and to that information required to enable you to participate in our services and other products being offered on our Site.

Below are some examples of the types of personal information The Dindi Store may collect. 

  • When you create an account on the Site, purchase a product, download a product, contact us including by social media or participate in an online survey, we may collect a variety of information, including your name, mailing address, phone number, email address, contact preferences, location information, credit card information and profile information where the contact is via social media.
  • When you share your content with family and friends, send gift certificates and products, or invite others to participate in services or forums, we may collect the information you provide about those people such as name, mailing address, email address and phone number.

 

Sensitive information

Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection, such as health information.  We generally do not collect sensitive information about an individual.

Collection and use of non-personal information

We also collect data in a form that does not, on its own, permit direct association with any specific individual. We may collect, use, transfer and disclose non-personal information for any purpose. The following are some examples of non-personal information that we collect and how we may use it:

  • We may collect information regarding customer activities on the Site . This information is aggregated and used to help us provide more useful information to our customers and to understand which parts of the Site , products and services are of most interest. Aggregated data is considered non‑personal information for the purposes of this Privacy Policy.
  • We may collect and store details of how you use our services, including search queries. This information may be used to improve the relevancy of results provided by our services. Except in limited instances to ensure quality of our services over the Internet, such information will not be associated with your IP address.

 If we do combine non-personal information with personal information the combined information will be treated as personal information for as long as it remains combined.

Cookies and other technologies

The Dindi Store Site, online services, email messages and advertisements may use “cookies” and other technologies such as pixel tags and web beacons. These technologies help us better understand user behaviour, tell us which parts of our websites people have visited, and facilitate and measure the effectiveness of advertisements and web searches. We treat information collected by cookies and other technologies as non‑personal information. However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered personal information by local law, we also treat these identifiers as personal information. Similarly, to the extent that non-personal information is combined with personal information, we treat the combined information as personal information for the purposes of this Privacy Policy.

The Dindi Store also uses cookies and other technologies to remember personal information when you use the Site or online services. Our goal in these cases is to make your experience with The Dindi Store more convenient and personal. For example, knowing your first name lets us welcome you the next time you visit The Dindi Store. Knowing your country and language helps us provide a customised and more useful shopping experience.

If you want to disable cookies and you’re using a browser, check with your provider to find out how to disable cookies.

As is true of most internet services, we gather some information automatically and store it in log files. This information includes IP addresses, browser type and language, Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data. We use this information to understand and analyse trends, to administer the site, to learn about user behaviour on the site, to improve our product and services, and to gather demographic information about our user base as a whole. The Dindi Store may use this information in our marketing and advertising services.

In some of our email messages, we use a “click-through URL” linked to content on The Dindi Store consumer websites. When customers click one of these URLs, they pass through a separate web server before arriving at the destination page on the Site. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our customer communications. If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages. Pixel tags enable us to send email messages in a format customers can read, and they tell us whether mail has been opened. We may use this information to reduce or eliminate messages sent to

What if you don't provide us with your personal information?

We will provide individuals with the option of not identifying themselves, or of using a pseudonym, when dealing with us if it is lawful and practicable to do so.  A pseudonym is a name or other descriptor that is different to an individual’s actual name.

You are not required to provide the personal information that we have requested, in some cases however, if you don't provide us with your personal information when requested we may not be able to provide you with our products or services or respond to any queries you may have. For example, you must register yourself to sell goods and services at the Site.

How we collect personal information

Method of collection

We collect personal information in a number of ways, including:

  • through our Site (for example, if you register an account or make an online enquiry)
  • through our social media pages (for example, through Twitter, Instagram, or our Facebook page or YouTube channel)
  • over the telephone
  • through written correspondence (such as emails)
  • on hard copy forms (for example, competition entry forms and surveys)
  • from our partners and third parties, including Dindi directory

Unsolicited information

Unsolicited personal information is personal information we receive that we have taken no active steps to collect. We may receive your personal information from other persons if that person shares their content with you using The Dindi Store products, sends gift certificates and products, or invites you to participate in services or forums.

We may keep records of unsolicited personal information if the Privacy Act permits it (for example, if the information is reasonably necessary for one or more of our functions or activities).  If not, we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.

How we use your personal information

The main purposes for which we collect, hold, use and disclose personal information are set out below:

  • to validate the information you provided
  • to fulfil our obligations as the operator of The Dindi Store
  • to fulfil our obligations as a local government body
  • to carry out our obligations arising from any contracts entered into between you and us
  • to make your experience with The Dindi Store more convenient and personal
  • to help us create, develop, operate, deliver and improve our products, services, content and advertising
  • to communicate with you, including sending important notices, such as communications about purchases and changes to our terms, conditions and policies and keeping you posted on Council’s latest tourism announcements and upcoming events
  • to conduct auditing, data analysis, and research to improve The Dindi Store products, services and customer communications
  • to administer competitions, contests or similar promotions  
  • to process transactions for payments and for our billing and account purposes
  • to administer our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
  • to promote The Dindi Store, the products and services, including through direct marketing, events and competitions
  • to perform research and statistical analysis, including for customer satisfaction and service improvement purposes
  • to assist you with enquiries, resolving complaints or to improve our customer service
  • to update our records
  • to comply with legal and regulatory obligations including notifying you of matters that we may be required by law to notify you of

We may also use your personal information for loss prevention and anti-fraud purposes and for account and network security purposes, including in order to protect our services for the benefit of all our users, and pre-screening or scanning uploaded content for potentially illegal content, including child sexual exploitation material. Where we use your information for anti-fraud purposes it arises from the conduct of an online transaction with us. We limit our uses of data for anti-fraud purposes to those which are strictly necessary and within our assessed legitimate interests to protect our customers and our services.

We may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or:

  • which are required or authorised by or under law (including, without limitation, privacy legislation); and
  • for which you have provided your consent.

Direct marketing

You consent (until such time as you opt out, as described below) that we may use your personal information to let you know about us, The Dindi Store and our products and services (including promotions, special offers and events) and our third party products and services, either where we have your express or implied consent, or where we are otherwise permitted by law to do so. We may contact you for these purposes in a variety of ways, including by mail, email, SMS, telephone and online advertising.

Opting out

Where you have consented to receiving marketing communications from us, your consent will remain current until you advise us otherwise.  However, you can opt out at any time, by:

  • contacting us (details under heading 13 below)
  • advising us if you receive a marketing call that you no longer wish to receive these calls
  • using the unsubscribe facility that we include in our commercial electronic messages (such as emails and SMSes)

Once you do this, we will update your profile to ensure that you don’t receive further marketing messages. Stopping marketing messages will not stop service communications (such as contract updates).

Third-party marketing

We will get your express opt-in consent before we share your personal data with any entity or company that does not have a direct connection with The Dindi Store or Council for marketing purposes.

Notification of source

If we have collected the personal information that we use to send you marketing communications from a third party (for example a direct mail database provider), you can ask us to notify you of our source of information, and we will do so, unless this would be unreasonable or impracticable.

Who we may share your information with

Disclosure to third parties

We may disclose your personal information, and you consent to us disclosing your personal information, to third parties  to provide or improve our products and services, including to deliver products at your request, or to help the Dindi Store to market to consumers. For example, when you purchase a product from The Dindi Store, you authorise The Dindi Store and their partners to exchange the information you provide during the activation process to carry out the purchase and delivery of the items.

Partners and service providers

We may also disclose your personal information, and you consent to us disclosing your personal information, to our partners and service providers who provide services such as fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys.

Those partners and service provider may in turn provide us with personal information collected from you in the course of providing the relevant services.

Others

It may be necessary − by law, legal process, litigation and/or requests from public and governmental authorities − for the Dindi Store to disclose your personal information. We may also disclose information about you, but only where there is a lawful basis for doing so, if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. This could include providing information to public or governmental authorities. Additionally, in the event of a re-organisation, merger or sale we may transfer any and all personal information we collect to the relevant third party.

Cross border disclosure of personal information

We do not currently disclose personal information to third parties located overseas.  If this changes at some time in the future, we will comply with the requirements of the Privacy Act that apply to cross border disclosures of personal information and this Privacy Policy will be amended accordingly.

Use of Government related identifiers

We will not:

  • use a government related identifier of an individual (such as a Medicare number or driver's licence number) as our own identifier of individuals; or
  • otherwise use or disclose such a government related identifier,
  • unless this is permitted by the Privacy Act (for example, use of an identifier to verify an individual's identity or uses or disclosures required or authorised by or under an Australian law).

Data quality and security

General

We are committed to keeping your personal information secure and confidential. All reasonable precautions will be taken to protect personal information from loss, misuse, unauthorised access or alteration. We also take reasonable steps to:

  • make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant;
  • protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure; and
  • destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the APPs.

You can help us keep your information up to date, by letting us know about any changes to your details, such as your address, email address or phone number. 

You acknowledge that the security of online transactions you conduct using the Site cannot be guaranteed.  To the fullest extent permitted at law, we not accept responsibility for misuse of or loss of, or unauthorised access to, your personal information where the security of that information is not within our control.

Within Council, access to personal information is restricted to personnel on a need to know basis.  Council has directed its staff that personal information must be dealt with in accordance with this Privacy Policy and kept secure from unauthorised access or disclosure. We educate our staff about their duty to protect your privacy and provide training regarding this Privacy Policy.

Security

We take the security of your personal information very seriously. The Dindi Store protects your personal information by using encryption such as Transport Layer Security (TLS) as well as using appropriate website protection measures (such as firewalls and anti-virus software). When your personal data is stored by The Dindi Store we use computer systems with limited access housed in facilities using physical security measures.

However, when you post on a social networking service, the personal information and content you share is visible to other users and can be read, collected or used by them. You are responsible for the personal information you choose to share or submit in these instances. For example, if you list your name and email address in a social media posting, that information is public. Please take care when using these features.

Website security

While we strive to protect the personal information and privacy of users of our Site, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact us by telephone or post (details under heading 13 below).

IP Address

An IP (internet protocol) address is a number that is automatically assigned to your computer by your internet service provider when you log on. Your IP address is not linked to your personal information but we do preserve the right to use IP addresses to identify individuals who may threaten our site, services or clients.  IP addresses may also be used to help diagnose problems with our Site and to gather broad demographic information. 

Third party sites and services

The Site may contain links to third-party websites, products and services. Our products and services may also use or offer products or services from third parties − for example, a gift hamper.

Information collected by third parties, which may include such things as location data or contact details, is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.

Online credit card payment security

The Dindi Store uses the Stripe Payment Gateway for its online credit card transactions. Stripe processes online credit card transactions for thousands of Australian merchants, providing a safe and secure means of collecting payments via the Internet.

All online credit card transactions performed on the Site using the Stripe gateway are secured payments.

  • Payments are fully automated with an immediate response.
  • Your complete credit card number cannot be viewed by The Dindi Store or any outside party.
  • All transactions are performed under 128 Bit SSL Certificate.
  • All transaction data is encrypted for storage within Stripe’s bank-grade data centre, further protecting your credit card data.
  • Stripe is an authorised third party processor for all the major Australian banks.
  • Stripe at no time touches your funds; all monies are directly transferred from your credit card to the merchant account held by The Dindi Store.

For more information about Stripe and online credit card payments, please visit www.stripe.com

Data breaches

If there is any breach of your personal information, we will deal with such breach and notify you in accordance with its obligations under the Privacy Act.

How long we keep your information

We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Policy and our service specific privacy summaries. When assessing these periods we carefully examine our need to collect personal information at all and if we establish a relevant need we only retain it for the shortest possible period to realise the purpose of collection unless a longer retention period is required by law.

If you close an account you have with us or you decide not to go ahead with any transaction with us, we may still keep your information.

Mail and email information

If you wish to stop receiving any e-mails or other communications from us which may be sent to you in the future, or if you have submitted personal information through the Site and would like to have that information deleted from our records, please unsubscribe through the link at the bottom of any email or notify us at msc@murrindindi.vic.gov.au

We will preserve the contents of any e-mail message that you send if we believe that we have a legal requirement to do so. E-mails sent to or from us are routinely monitored for quality control, systems administration and legal compliance purposes.

Your privacy rights

The Dindi Store makes it easy for you to keep your personal information accurate, complete and up to date.

You can help ensure that your contact information and preferences are accurate, complete and up to date by contacting us at store@murrindindi.vic.gov.au; we will provide you with access (including a copy) for any purpose including to request that we correct the data if it is inaccurate or delete the data if the Dindi Store is not required to retain it by law or for legitimate business purposes.

We may decline to process requests that are frivolous/vexatious, jeopardise the privacy of others, are extremely impractical, or for which access is not otherwise required by local law. We may also decline aspects of deletion or access requests if we believe doing so would undermine our legitimate use of data for anti-fraud and security purposes as described earlier. For the exercise of access, de-activation/restriction, correction or deletion requests are available by emailing store@murrindindi.vic.gov.au

Privacy questions

If you have any questions or concerns about the Privacy Policy or data processing, you may contact our office at msc@murrindindi.vic.gov.au, or if you would like to make a complaint about a possible breach of local privacy laws, please contact us. You can always contact us by phone on 03 5772 0333.

When a privacy question or question about personal information received in response to an access/download request is received we have a dedicated team which triages your contact to address your issue. Where your issue may be more substantive in nature, we may request more information from you. All such substantive contacts receive a response within seven (7), days wherever possible – providing a response on the issue raised, requesting additional information where necessary or indicating that a response will require additional time. You may at any time refer your complaint to the relevant regulator in your jurisdiction if you are unsatisfied with a reply received from us. If you ask us, we will endeavour to provide you with information about relevant complaint avenues which may be applicable to your circumstances.

Where your complaint indicates an improvement could be made in our handling of privacy issues we will take steps to make such an update at the next reasonable opportunity. In the event that a privacy issue has resulted in a negative impact on you or another person we will take steps to address that with you or that other person.

The Dindi Store may update its Privacy Policy from time to time. When we change the policy in a material way, a notice will be posted on the Site along with the updated Privacy Policy.

The Dindi Store,

 PO Box 138, Alexandra VIC 3714.