1. PRIVACY STATEMENT
1.2 Personal information is defined in the Regulation and is information or an opinion about an identified individual or an individual who is reasonably identifiable. Examples include an individual's name, address, contact number and email address.
2. COLLECTION OF PERSONAL INFORMATION
2.1 We may collect personal information in a variety of ways, including:
(a) from you directly (such as when you interact with us in writing, electronically or by telephone);
(b) when you visit and communicate with us through our Website or social media sites;
(c) when you complete a transaction with us; or
(c) when you participate in any competition or promotion run by us.
2.2 The kinds of personal information that we collect and hold about you will depend on the circumstances of collection, including whether we collect the information from you as a consumer, supplier, contractor, job applicant or in some other capacity. For example, if you are a consumer, we may collect:
(a) your name;
(b) your contact details including your email, home/delivery address and billing address;
(c) your payment details; and
(d) other personal information that we collect in the course of a transaction or that you provide to us when you contact us.
If you deal with us in some other capacity (for example, as a supplier, contractor or job applicant), we may collect your name and contact details and any other information you choose to provide to us. We may also collect details of the interactions that you have with us.
2.3 We only collect sensitive information (also called special categories of personal data) in circumstances where you consent to the collection of this information (unless we are otherwise required or authorised by or under law to do so). Sensitive information includes health information and information about a person's race, ethnic origin, political opinions, membership of political, professional or trade associations or a trade union, religious beliefs and criminal history. In the event consent was given, you have the right to withdraw such consent given at any time by sending a written notice or e-mail to us. See contact details below.
2.5 If you are or become an employee of 2XU, the handling of your personal information may be exempt from the APPs and the Regulation if it is directly related to your current or former employment relationship with us.
4. USING AND DISCLOSING YOUR PERSONAL INFORMATION AND LAWFUL BASIS OF PROCESSING
4.1 We collect and use personal information for a range of purposes, including to:
(a) supply our products and process payment for our products;
(b) respond to your inquiries and provide you with information about, or samples of, our products;
(c) if you enter one of our competitions or promotions, administer your participation in that competition or promotion;
(d) deal with any complaints or feedback you have;
(e) conduct research and development;
(f) manage our relationships with our business customers, suppliers and contractors; and
(g) consider job applicants for current and future employment.
4.2 We may use your information for other purposes required or authorised by or under law (including purposes for which you have provided your consent),for the purpose of other legitimate interests or in order to comply with a legal duty imposed on us.
4.3 If 2XU is unable to collect personal information from or about you, we may not be able to respond to your inquiries or requests or do business with you.
4.4 We may use your personal information to contact you with 2XU news, offers and information about our products and events. In particular, when you register with our Website, you consent to us using your personal information, such as your email address, for direct marketing purposes. This includes sending you promotional emails. You can opt out of receiving direct marketing communications at any time by using the unsubscribe function located on every eDM (Electronic Direct Mail) or by contacting us (using the contact details at the end of this policy).
4.5 In conducting our business, we may sometimes need to disclose personal information to third parties. These include, where appropriate, our related bodies corporate and third parties that provide services to us, including third parties that provide our payment gateway, marketing, logistics and technology support services. We may also disclose your personal information to other third parties and for other purposes where we are required or authorised by or under law to do so (including where you have provided your consent).
4.6 Some of our related bodies corporate and service providers are located overseas. As a result, personal information collected and held by us may be transferred outside Australia to countries without an adequate data protection level (including to the USA, New Zealand & Canada).
The transfer of personal data to such a country shall only take place if contractual clauses (e.g. the EU Model Clauses, Privacy Shield, etc. ) have been put into place.
5. DATA PROCESSING RULES
We process your personal information in compliance with the Regulation which is based on the processing principles set out below. Personal information must be:
(a) processed lawfully, fairly, and in a transparent manner;
(b) collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the pur-poses for which they are processed, is erased or rectified without delay;
(e) kept in a form which permits identification for no longer than is necessary for the purposes for which the personal data is processed;
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organi-zational measures.
6. SECURITY OF YOUR PERSONAL INFORMATION
We take reasonable steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure and against other misuse. This includes taking appropriate security and organisational measures to protect electronic materials and materials stored and generated in hard copy.
7. YOUR RIGHTS
Under the Regulation you have the following rights:
(a) the right to be informed about the collection and use of personal data by us;
(b) the right of access to the personal data we hold about you;
(c) the right to rectification if any personal data we hold about you is inaccurate or incomplete;
(d) the right to be forgotten – i.e. the right to ask us to delete any personal information we hold about you;
(e) the right to restrict (i.e. prevent) the processing of the personal information;
(f) the right to data portability (obtaining a copy of the personal data to re-use with another service or organization);
(g) the right to object to us using the personal information for particular purposes; and
(h) rights with respect to automated decision making and profiling (where applicable).
Please contact us (using the contact details at the end of this policy) if you have any concerns or complaints about the manner in which 2XU has collected or handled your personal information. 2XU will inquire into your complaint and respond to you in writing within 30 days. If you are not satisfied with our response, you can contact us to discuss your concerns or lodge a complaint with the Australian Information Commissioner (www.oaic.gov.au) or any other competent supervisory authority in the EU (e.g. https://ico.org.uk/).
9. CONTACT DETAILS AND ADDITIONAL INFORMATION
If you would like more information about 2XU's approach to privacy, or if you wish to contact us regarding the information set out in this policy, please contact us:
• by phone on +61 3 9819 9700
• by email at firstname.lastname@example.org
• by post at 53 Cremorne Street, Cremorne VIC 3121, AUSTRALIA
10. CHANGE TO THIS POLICY
We may amend this policy from time to time at our discretion. Amended versions will be posted on our website at www.2xu.com.au.