1.1. Any personal information you provide to CASA is protected by the Privacy Act 1988 (Cth). CASA can only collect, use and disclose that information in accordance with that Act.
1.2. This privacy statement explains how CASA uses the personal information you provide when you purchase something from CASA’s online store.
2. The information we collect
2.1. The type of information we collect depends on the reason for which it is provided.
2.2. When you place an order through this website, we need to know your name, email, phone number, address and credit card details. This enables us to process your order and to maintain your account.
2.3. You can choose to receive updates from us by subscribing to mailing lists through the CASA mailing lists webpage. Where you do this, we may need to know your name, email, phone number and address.
2.5. For more information about the types of information we collect, please see the section headed ‘The Information we collect’ in CASA’s website privacy statement.
3. How we use your information
3.1. We will only collect, hold, use and disclose your personal information in accordance with the Privacy Act.
3.2. We may disclose your personal information to third parties if:
(a) you have consented to that
(b) the disclosure is required or authorised by or under law
(c) you have violated the terms and conditions for the online store, or
(d) the disclosure is otherwise permitted by the Privacy Act.
3.3. For information about how CASA holds, protects and disposes of your information, please see –
(b) the section headed ‘Securing your information’ in CASA’s website privacy statement.
3.4. Your credit card details will be stored not by us but by our service provider, Shopify Inc. For information about how your credit card details are stored, please see sections 4 and 5.
4.1. The online store is managed by BRN Benchmark Pty Limited and is hosted by Shopify Inc. They provide us with the online e‑commerce platform that allows us to sell our products and services to you.
4.2. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
5.1. If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
5.2. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
5.3. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
5.4. For more information about how Shopify holds, protects and disposes of your credit card data, please see Shopify’s privacy statement.
6. Third Party Services
6.1. In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
6.2. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your transactions.
6.3. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
6.4. The third party services we use include Google Analytics. For more information about this and other third party services we use, please see the section headed ‘Third party services’ in CASA’s website privacy statement.
7.1. To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
7.2. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
8.1. We use ‘cookies’ when you visit the online store’s website. Cookies are small pieces of information that can be stored on your hard drive or in memory. They can record information about your visit to the site, allowing it to remember you next time you visit and provide a more meaningful experience.
8.2. The following table lists the cookies we use. You can choose not to allow some or any of them.
· Allows Shopify to store information about your session (referrer, landing page, etc.).
· Persistent for 30 minutes from the last visit
· Used by our website provider’s internal stats tracker to record the number of visits
· Expires midnight (relative to the visitor) of the next day
· Counts the number of visits to a store by a single customer.
· Stores information about the contents of your cart.
· If the shop has a password, this is used to determine if the current visitor has access.
9. Links to other websites
9.1. The online store website may contain links to third party websites. We are not responsible for the content or privacy practices of those sites or for any links contained in them. We encourage you to read their privacy statements.
10. Accessing, and seeking corrections to, your information held by CASA
10.1. You have the right to access the information CASA holds about you by requesting this under the Privacy Act or the Freedom of Information Act 1982 (Cth).
11.1. If you believe CASA has breached your privacy rights, you can register a complaint with our Privacy Contact Officer. We will respond to the complaint within 30 days.
11.2. Alternatively you can make your complaint to the Office of the Australian Information Commissioner (OAIC). For information about doing that, please see the OAIC’s website.
12. Contacting us
If you would like to -
(a) access, correct or amend any personal information we have about you
(b) register a complaint, or
(c) obtain more information about a privacy matter,