Data Protection Policy
At Industrie, we are committed to protecting the privacy of the personal information we collect and receive.
This Data Protection Policy sets out the way that Industrie collects, uses, discloses and/or processes personal data. It is intended to enable customers and others who interact with Industrie to understand what types of personal information we collect and what we do with such information in performing our functions in light or our privacy obligations.
In some cases, the laws of jurisdictions outside of Australia in which Industrie operates have additional requirements. We are committed to complying with all such requirements.
This policy applies to the Industrie Clothing Group which consists of Industrie Clothing Pty Limited ACN 087 743 762, its subsidiaries and all other related entities (Industrie).
All full-time, part-time and casual employees of Industrie as well as contractors, temporaries and subcontractors working for or on behalf of Industrie or any associated companies in the Industrie workplace, (jointly Employees), must comply with this policy. It also applies to any third party organisations contracted to host Industrie personal data.
What is personal information?
Personal information means information or an opinion, whether true or not and whether recorded in a material form or not, about a living individual who is either identified or reasonably identifiable.
Examples include an individual's name, address, contact number and email address.
Industrie is required to comply with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act).
The APPs regulate the manner in which personal information is handled throughout its life cycle, from collection/receipt to use and disclosure, storage, accessibility and disposal.
We are also required to comply with other laws, including more specific privacy legislation in some circumstances and in some jurisdictions, such as:
- applicable data protection and privacy legislation of the other national and international jurisdictions in which Industrie operates.
- the Spam Act 2003 (Cth); and
- the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act.
Industrie is generally exempt from the Privacy Act when it collects and handles employee records. However, our policy is to protect the personal information of its employees as it does other personal information.
The purposes for which we collect, hold, use and disclose personal information
Industrie needs personal information to be able to perform its core functions, mainly to:
- transact with customers, including taking payments for sales, processing exchanges and refunds
- provide quality service to customers
- alert customers to benefits and promotions in which they may be interested
- answer queries and resolve issues, including with respect to customer complaints and faulty products
- maintain and grow our VIP program
- use aggregated information for business analysis
- recruit employees, contractors and agency staff
- partner with other individuals or organisations to perform the above functions
Industrie may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or:
- which are required or authorised by or under law (including, without limitation, privacy legislation); or
- for which the individual has provided their consent
Industrie may use personal information of customers, specifically names and relevant address details and information about their preferences for direct marketing with respect to:
- the preferred communication channels for receiving direct marketing from Industrie
- the types of products of interest to let customers know about Industrie’s promotions and products, where recipient consent has been received.
Under Australian law, Industrie is not permitted to undertake direct marketing unless consent is obtained. Other jurisdictions have different regulations on direct marketing. Industrie is committed to abiding by the law in all jurisdictions.
Under Australian law, customers may communicate consent to Industrie’s use of personal data by:
- when providing personal data on the website, clicking on the button to indicate consent
- when providing Industrie with personal data through a form, signing on the form indicating consent
Where permitted by law to do so, Industrie may contact individuals for direct marketing in a variety of ways, including by mail, email, SMS, telephone or online advertising.
Subject to the above, where consent has been obtained to receive direct marketing, consent will remain in force until advised otherwise by the individual. At any point in time, an individual can opt out at no cost by:
- updating their communication preferences
- calling Head Office
- using the “unsubscribe” facility included in electronic messages (such as emails and SMSs)
The kinds of personal information we hold and collect
The type of information collected and held by Industrie depends on the type of interaction:
- Online customers – name, billing address, delivery address, contact number, email address, communication preferences and payment details
- VIP customers – name, billing address, delivery address, contact number, email address, communication preferences and payment details
- Customers signed up in store – name and email address
- Customers who call head office – depending on the nature of your enquiry, we record details about you relating to the enquiry
- Wholesale customers – name, delivery address, contact number, email address, bank account or credit card details, director/partner/sole trader details, trade references
- Suppliers and corporate partners– contact address details, usually including but not limited to all forms of contact and address, billing information (including bank account details), information about the goods or services you supply and trade references
- Recipients of donations – contact address details, usually including but not limited to all forms of contact and address, billing information (including bank account details) and information about the donation being made
- Prospective employees – information you include in your application for employment, including your cover letter, resume, contact details, referee details, VISA details, TFN, bank details, date of birth, gender and information to conduct a criminal check.
- Employees – in addition to the information collected for prospective employees, Industrie may also collect employment contracts, performance feedback (positive or negative), health and other certificates relating to leave or incidents in the workplace.
In each case, Industrie seeks to keep the personal information required updated and accurate.
Under Australian law, sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection. Sensitive information includes health and genetic information and information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record and some types of biometric information.
Industrie’s policy is only to collect sensitive information where it is reasonably necessary for our functions or activities and either:
- the individual has consented
- we are required or authorised by or under law (including applicable privacy legislation) to do so.
For example, we may collect:
- information regarding dietary needs when conducting internal training
- information regarding medical/health conditions for employees when an absence of leave is required, or the employee is on worker’s compensation
- identification in relation to nationality for VISA purposes
- information with regard to criminal convictions
- professional membership information where required
Collection of information through our website
Most internet browsers are set to accept cookies. If an individual prefers not to receive them, they can adjust their internet browser to reject cookies, or to notify them when they are being used.
There are also software products available that can manage cookies for individuals. Rejecting cookies can, however, limit the functionality of websites (such as preventing users from logging on and making purchases).
What if you don't want to provide your personal information?
Industrie’s policy is to provide individuals with the option of not identifying themselves, or using a pseudonym, when dealing with Industrie if it is lawful and practical to do so. A pseudonym is a name or other descriptor that is different to an individual’s actual name.
For example, Industrie’s policy is to enable individuals to access our website and make general phone queries without having to identify themselves. In some cases however, if the individual does not provide us with their personal information when requested, we may not be able to respond to their request or provide them with the product they are after.
How we collect and hold personal information
Methods of collection
Industrie is required by the Privacy Act to collect personal information only by lawful and fair means. If it is reasonable and practicable, we will collect personal information we require directly from the individual.
Industrie collects personal information in a number of ways, including:
- by email
- over the telephone
- through written correspondence (such as letters, faxes and emails)
- on hard copy forms (in-store, credit applications, new supplier forms)
- in person (for example, at job interviews and in-store)
- through our website (for example, if the individual makes an online purchase or creates an account)
- on social media through interaction on our facebook or instagram page, including involvement in competitions and free giveaways
- through surveillance cameras (which we use for security purposes); and
- from third parties, including
- payment providers (banks, Afterpay, Braintree and other gateway providers)
- direct marketing database providers
- the ATO or ASIC
- public sources, such as telephone directories, public websites, bankruptcy searches, Facebook
- companies registered to complete VISA and criminal checks
Unsolicited personal information is personal information Industrie receives that we have taken no active steps to collect (such as an employment application sent to us by an individual on their own initiative, rather than in response to a job advertisement).
Industrie may keep records of unsolicited personal information if the Privacy Act permits it (for example, if the information is reasonably necessary for one or more of our functions or activities). If not, the information is destroyed as soon as practicable, provided it is lawful and reasonable to do so.
Disclosure of personal information to third parties
Personal information may be disclosed to the following third parties where appropriate:
- financial institutions for payment processing
- our insurers
- a workers compensation body
- a professional association or registration body that has a proper interest in the disclosure of the personal and sensitive information
- persons involved in external dispute resolution involving Industrie, its employees, products or practices
- regulatory bodies for Anti-Money Laundering and Counter-Terrorism, and combatting fraud and other crime, in compliance with legislative requirements
- bodies such as the Financial Ombudsman Service for the resolution of complaints and disputes
- ASIC and similar bodies to comply with our legal obligations
- in the context of immigration and citizenship, to government and regulatory bodies such as the Department of Home Affairs and the Department of Education and Training; and to an individual's migration agent (in connection with applications for General Skills Migration)
- referees whose details are provided to us by job applicants
- Industrie’s contracted service providers, including:
- information technology service providers
- marketing and communications agencies for the purpose of distributing Industrie promotions and EDMs
- freight and courier services
- organisations undertaking criminal checks
- external business advisers (such as recruitment advisers, auditors and lawyers); and
- law enforcement and regulatory bodies as required by law
In the case of the above contracted service providers, Industrie may disclose personal information to the service provider and the service provider may in turn provide Industrie with personal information collected from the individual in the course of providing the relevant products or services.
Personal information may also be disclosed to third parties with the consent of the individual.
Cross border disclosure of personal information
Industrie has employees, customers, contractors and contracted service providers in other countries including but not limited to New Zealand, Hong Kong, the USA and Europe.
Disclosure of personal information to these countries/regions may occur in the normal course of Industrie’s business. Under these situations, Industrie’s policy is to comply with the requirements of the Privacy Act that apply to cross border disclosures of personal information, as well as with any legal requirements applicable in the relevant jurisdiction.
Data quality and security
Industrie holds personal information in a number of ways, including in electronic databases, email contact lists, and in paper files held in drawers and cabinets, locked where appropriate. Paper files may also be archived in boxes and stored offsite in secure facilities. Industrie takes reasonable steps to:
- make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant; and
- protect the personal information that we hold from misuse, interference, loss and from unauthorised access, modification or disclosure
The steps we take to secure the personal information we hold include:
- information and communication technology such as encryption, firewalls, anti-virus/anti-malware software, login and password protection
- physical controls, eg secure office access and locked cabinets
- network monitoring
- surveillance cameras
- personnel security, training and workplace policies
Industrie processes customer, supplier and other payments using EFTPOS, Afterpay, credit card and online technologies. Industrie’s policy is to ensure that all transactions processed meet industry security standards to ensure payment details are protected.
While Industrie strives to protect the personal information and privacy of website users, we cannot guarantee the security of any information disclosed online - this information is disclosed at the other party’s own risk. However, if an individual is concerned about sending their information over the internet, they can contact Industrie by phone or post, where applicable.
An individual can assist in protecting the privacy of their personal information by keeping passwords secret and by ensuring that they log out of the website when they have finished using it. In addition, if they become aware of any security breach, they should let Industrie know as soon as possible.
Third party websites
Access and correction of your personal information
Individuals have a right to request access to the personal information that Industrie holds about them and to request its correction.
Retail customers who have registered an account with Industrie can readily access and correct their own personal information, including changing their communication preferences, by visiting the "My Account" page on our websites.
Wholesale customers can contact the Finance Department at Industrie to access or correct the personal information held about them. We may ask for verification of identity before allowing access to any information to ensure that the personal information we hold is properly protected. Any updates required should be supplied in writing on letterhead before processed.