PRIVACY POLICY

SCOPE OF PRIVACY NOTICE

We understand and respect your privacy and the need to protect your personal data.

This Privacy Notice applies to your use of this Site (Site), regardless of how you access or use the Site, including access via mobile devices.

It describes how your personal data is collected, used, and shared when you visit or make a purchase from the Site.

We may update this Privacy Notice from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.

 

CONTROLLER

The entity responsible for the collection and processing of your personal data in connection with your use of the Site depends on where you use the Site.

 

 

DISCLOSURE TO OTHER ENTITIES OVERSEAS

We may disclose some or all of your personal data to related or third party overseas entities pursuant to the terms of this Privacy Notice.

 

DATA PROTECTION OFFICER AND CONTACT

In those countries where we are required to do so by law, we have appointed data protection officers to oversee the protection of your personal data. If you have any questions about this Privacy Notice or about data protection in general, you can contact the data protection officer responsible for your country at any time. Details of the relevant data protection for your country are as follows:

Australia:                     [Privacy Office Email: hello@xaliorganics.com]

 

All other countries:      [Privacy Officer Email: hello@xaliorganics.com]

 

WHAT PERSONAL DATA WE COLLECT AND PROCESS

When you visit the Site or make a purchase on the Site, we collect the following personal data from you.

 

PERSONAL DATA YOU PROVIDE WHEN USING THE SITE

Data that identifies you, such as your name, address, telephone numbers or email addresses.

Financial information (e.g. credit card numbers and payment details) in connection with a transaction.

Delivery, billing, and other information you provide in connection with the purchase or delivery of an item.

Other data that we are required or entitled by applicable law to collect and process and that we need for your authentication or identification, or for the verification of the data we collect.

 

PERSONAL DATA WE COLLECT IN CONNECTION WITH THE USE OF COOKIES AND SIMILAR TECHNOLOGIES

We use cookies, log file, web beacons and similar technologies to collect data when you use the Site. We collect this data from the devices (including mobile devices) with which you access the Site. The data collected includes the following usage- and device-related information:

Data about the pages you visit, the access time, frequency and duration of visits, the links on which you click and other actions you take as part of your use of the Site and in advertising and email content.

Model or device type, operating system and version, browser type and settings, device ID or individual device identifier, advertisement ID, individual device token, and cookie-related data (e.g. cookie ID).

The IP address from which your device accesses the Site.

Location data, including the location data of your mobile device. Please note that most mobile devices allow you to manage or disable the use of location services for all applications in the settings menu.

 

PURPOSES AND LEGAL BASIS FOR DATA PROCESSING

We process your personal data for various purposes and pursuant to various legal bases. We process your personal data primarily to operate and improve the Site, to provide you with a personalised user experience on this Site, to contact you about your transactions entered into on the Site, to provide customer service, to provide you with personalised advertising and marketing communications, and to comply with our legal obligations. We also share your information with entities related to us and third parties for these purposes.

 

PURPOSES FOR DATA PROCESSING

With your consent, we process your personal data for the following purposes:

Processing of data relating to you or your company for the purpose of entering into a contract with you to supply you with goods purchased through the Site and executing that contract.

Enabling the delivery of purchased items by logistics/shipping service providers including notifications in connection with the delivery (such as tracking information), the latter to the extent permitted by applicable law without your consent.

Processing of general location data (such as IP address or postcode) in order to provide you with location-based services (such as radius search and other content that is personalised on the basis of your general location data).

Marketing communications and targeted advertising by telephone or electronic mail (such as email or SMS), including communications by entities related to us or by third parties, unless these communications are permitted without your consent under applicable law.

Processing of your exact location data to provide location-based services.

Processing of your personal data on the basis of your consent, which you have given so that we or third parties can enable you to use certain services or make them available to you.

complying with applicable laws and regulations, to respond to a validly-issued subpoena, search warrant or other lawful request for information we receive, or otherwise to protect our rights.

 

ADVERTISING-RELATED THIRD PARTIES

In terms of third parties, we use Shopify to power the online store on our Site. You can read more about how Shopify uses your personal data here: https://www.shopify.com/legal/privacy.

We also use Google Analytics to help us understand how our customers use the Site – you can read more about how Google uses your personal data here: https://www.google.com/intl/en/policies/privacy/.

You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

 

TARGETED ADVERTISING

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by using the links below: 

Facebook: https://www.facebook.com/settings/?tab=ads  

Google: https://www.google.com/settings/ads/anonymous  

Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/. Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.

 

STORAGE DURATION AND ERASURE

Your personal data will be stored by us and our service providers in accordance with applicable data protection laws to the extent necessary for the processing purposes set out in this Privacy Notice. Subsequently, we will delete your personal data or take steps to properly render the data anonymous, unless we are legally obliged to keep your personal data longer (e.g. for tax, accounting or auditing purposes). 

 

RIGHTS AS A DATA SUBJECT

Subject to possible limitations under specific national law where you are resident, as a data subject, you have the right to access, rectification, erasure, restriction of processing and data portability with regard to your personal data. In addition, you can withdraw your consent and object to our processing of your personal data on the basis of legitimate interests. You can also lodge a complaint with an appropriate regulatory authority.

The following sets out your rights in more detail:

You can withdraw your consent to the processing of your personal data by us at any time. As a result, we may no longer process your personal data based on this consent in the future. The withdrawal of consent has no effect on the lawfulness of processing based on consent before its withdrawal.

You have the right to obtain access to your personal data that is being processed by us. In particular, you may request information on the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing, the right to lodge a complaint with a regulatory authority, any available information as to the personal data's source (where they are not collected from you), the existence of automated decision-making, including profiling and, where appropriate, meaningful information on its details. Your right to access may be limited by national law.

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed.

You have the right to obtain from us the erasure of personal data concerning you, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims. The right to erasure may be limited by national law.

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller ("right to data portability").

You have the right to lodge a complaint with a regulatory authority. As a rule, you can contact the regulatory authority of your usual place of residence, your place of work or the registered office of the controller.

If your personal data is processed on the basis of legitimate interests, you have the right to object to the processing of your personal data on grounds relating to your particular situation. This also applies to profiling. If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

The exercise of the above data subjects' rights (e.g. right to access or erasure) is generally free of charge. Where requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge an appropriate fee (at most our actual costs) in accordance with the applicable statutory regulations or refuse to process the application.

 

COOKIES & SIMILAR TECHNOLOGIES

When you use our Site, we and selected third parties may use cookies and similar technologies to provide you with a better, faster and safer user experience or to show you personalised advertising.

“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.

“Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.

“Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.

 

DATA SECURITY

We protect your personal data through technical security measures to minimise risks associated with data loss, misuse, unauthorised access and unauthorised disclosure and alteration. To this end we use firewalls and data encryption, for example, as well as physical access restrictions for our data centres and authorisation controls for data access.

If we suffer a data security breach that involves your personal data such that:

there is unauthorised access to or unauthorised disclosure of your personal data, or a loss of your personal data, that we hold; and

this is likely to result in serious harm to you; and

we are not able to prevent the likely risk of serious harm with appropriate remedial action

we will notify you of the details of the breach. We will also notify the relevant regulatory authority.

 

HOW TO STOP RECEIVING COMMUNICATIONS FROM US

To stop receiving email correspondence from us, simply click on the link in the email communication to unsubscribe.

To stop receiving the SMS communications from us reply to any SMS with the word 'STOP".

To remove your details from any of our marketing and communication databases simply email the relevant Data Protection Officer listed in section 3 above.