Privacy Policy At The Tapestry Label we are committed to respecting your personal information in accordance with this policy and the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) – which also includes the Australian Privacy Principles (‘APP’s’). The policy also accounts for the requirements of the General Data Protection Regulation (‘GDPR’) for those of you based in the European Union. In this Privacy Policy we, us or our means The Tapestry Label. The purpose of this privacy notice is to set out the type of information that we may collect about you and the purposes for which we will use and/or disclose your personal information and how it should be treated. We may change this privacy notice at any time. If we make any changes, they will be published on this page and you will have immediate access to the most up to date version of this privacy notice. We recommend that you check this page regularly. We use the information we collect about you to maximize the services that we provide to you. We respect the privacy of the personal information provided by you, and the confidence you place in us by sharing the personal information. At the end of this policy, we provide a variety of contact methods in which you may raise any concerns you might have with us. Use of cookies We use cookies to enhance the online experience for our customers. However, our website is developed to provide you with a choice as to which cookies are collected. Most commercial websites, including this website, use cookies. Cookies are pieces of information that websites send to the browser and are stored in the computer hard-drive. Cookies are designed to make using the website easier by storing information about your preferences on the website. This is our legitimate reason for using the same. Cookies will not identify you personally, unless you provide consent. The Cookies used by us and the nature of those cookies can be found here: Cookie compliance by Human-ity.co If you would prefer not to receive cookies, you can alter your security settings on your web browser to disable cookies or to warn you when cookies are being used. However, by disabling the ‘cookie’ function in your web browser you may impede your ability to use parts of the website. We will only collect non-essential cookies from you if you provide your consent, which we will record. In the event you do provide your consent, your personal information, as collected by the cookies described above may be shared with third parties, including Facebook and Google. On occasion, third parties may send you cookies that are beyond our control. These include social media related cookies such as Twitter, Facebook, YoutTube and Vimeo, which allow users of our website to share content on those social media platforms. We would encourage you to consider the privacy policies of these social media platforms. What is personal information? “Personal information” is information or an opinion relating to an individual that can be utilised to identify that person. For the purposes of this policy, personal information includes your information, and the information of others that you share with us. Your personal information [cookie plug in details – are you using a GDPR manager on your website for European compliance? Is so, can link directly to it here. If not, we need to list all the cookies on your website and their purpose] We may collect and hold personal information about you during the course of providing our service, such as: • Your name; • Contact information, including telephone number, email address, or any address; • Job position or title; • Your interests regarding our products; and • If required from time to time, financial information. • your age • your demographic information • your preferences ; • images of you; • information you provide to us through customer surveys; • details of products and services we have provided to you and/or that you have enquired about, and our response to you; • your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour; • information about your access and use of our Site, including through the use of Internet cookies, your communications with our Site, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider; • additional personal information that you provide to us, directly or indirectly, through your use of our Site, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; and • any other personal information requested by us and/or provided by you or a third party. The type of personal information we collect and hold about you will vary depending on the nature and purpose of our relationship. If the personal information you provide to us is inaccurate, or if you choose not to provide us with certain personal information, we may not be able to contact you, give you access to information you have requested or otherwise provide you with the outcome you require from us. How we collect personal information Your personal information will be collected by us through the website or otherwise through our dealings with you. We will only collect personally identifiable information that you voluntarily provide. You may choose to provide us with personally identifiable information if, for example, you contact us with an enquiry, register on the website, subscribe to our articles or newsletters, fill out a survey or other form with your personal information included or request us to provide you with information or services. If you are a client, you will be required to provide us with your personal information to allow us to comply with our obligations to you. Some examples of how we collect personal information includes: • Directly from the source to whom the personal information relates; • From referral partners, whom you have provided consent to pass the personal information on to us; • From organisations about their employees and contractors; • From organisations about their customers and suppliers; • Marketing purposes, from events, seminars, business associates, potential new clients and other third party sources; and • Contact forms and subscription forms completed by visitors to our website. We may collect certain information from visitors who access our website, including dates and time of access, IP addresses, browser type, operating system and domain names. We also may collect information via analytics software that can track use of the website. This analytic information can include navigation through the website, number of visits, duration of the visit and the areas of the website commonly used. This analytic information does not identify or disclose any personal information about the visitor and is utilised to improve performance of the website (see “Use of Cookies” above). You can opt out of the collection of this personal information. This personal information can also assist us in preventing or detecting fraud or abuses of the website, which is a legitimate purpose. By visiting our website, you are accepting and consenting to the collection of this information. The information we collect in this way will not personally identify you. Use and disclosure of personal information We use personal information collected for a number of reasons. Broadly, the reason we collect personal information, and the sole reason for its use, is to ensure that you, our customer or stakeholder, receives the best service possible. At all times, we only collect data that we have a legal ground for processing. In agreeing to provide us with personal information, you consent for us to collect, use, disclose and store your personal information for the following purposes, which are related to the purpose for which you provided the information: • • • • • • to conduct our business; to provide information or market our services that may be of interest to you; to communicate with you and manage our relationship with you; to facilitate our internal business operations, such as for internal marketing analysis; to comply with our legal obligations; and to help us manage and enhance our services. We will purposes. You consent that we may also disclose your personal information (subject to our professional or regulatory obligations) to: disclose your personal information for the purposes for which it was collected and related • our other people within our organisation; • Government organisations; • any third parties who assist us in providing services or who perform functions on our behalf (such as mailing houses, specialist consultants, lawyers and barristers, logistics businesses and other platforms such as Google, YouTube, Facebook and similar.); • protection of the intellectual property rights of you, customers, third parties, or us; • to our external service providers, who assist us in operating our business (subject to the compliance with Australian Privacy Laws and the GDPR); • courts, tribunals and regulatory authorities; and • anyone else who you authorise us to disclose it to. We do not rent, share or trade personal information. The personal information that we collect from you is limited to that which we require to obtain and store to provide our services to you. Notwithstanding this, you have a right to object to us processing this personal information. We will not continue to process any personal information unless we can demonstrate a legitimate ground that overrides your interest and rights or due to a legal claim. Cross border disclosure We will not transfer any personal information to recipients that are not located in Australia, unless: • We have the consent from the individual to whom the personal information relates (which is implied if you do not reside in Australia); and • It complies with Australian Privacy Laws or GDPR, whichever is most appropriate. Links to other websites Our website may contain links to other websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy. Right to be Forgotten In consenting to this privacy notice, you are acknowledging that we have a professional obligation to retain your personal information for a period of seven (7) years insofar as it relates to our financial records, or whilst you remain a client or ours. However, you may request that we refrain from contacting you using the personal information, and will not pass your personal information to any party, unless legally required during this period. Requests can be made using the contact information provided in this Privacy Policy. Security We may hold your personal information in different ways, including in hard copy or electronic form. We have measures in place to ensure that any personal information we hold is secure and protected from misuse, loss, fraudulent activity and unauthorised disclosure. All information is held in a secure, electronic or physical manner. Information storage methods include access-controlled premises or via electronic databases and customer relationship management databases that require logins and passwords. In the instances where a secure connection is utilised, so too is Secure Socket Layer (SSL) technology. SSL is industry standard and ensures data transmission integrity, preventing any unauthorised access by an unauthorised party. We take all reasonable steps to protect all personal information that we hold from misuse or unauthorised access. Access, Portability and accuracy of information We endeavour to ensure that the personal information we hold about you is accurate and up-to- date. You have a right to view and have a copy of, personal information about you that we hold at any time, unless we are permitted under the Privacy Amendment (Enhancing Privacy Protection) Act 2012 or the GDPR to refuse access. If you are able to establish that personal information we are holding about you is not accurate, complete and up-to-date, please let us know and we will take reasonable steps to correct it so that it is accurate, complete and up-to-date. You also have a right to the portability of the information that we retain. This means that you can request from us a copy of your information in a structured, commonly used and machine- readable format, transferred to you or another party. If you wish to exercise your right of access and correction, please contact us using the details provided below. We may charge you a reasonable fee for processing your request to access your information. Identification will also be required to access personal information. At any time, you may opt out of receiving any communications from us. Please contact us using the methods provided with the policy. Consent It is up to you whether you submit any other personal information regarding your identity when you use our website or other services. By providing your personal information you are deemed to have consented to the collection, use, disclosure and storage of that information as outlined in this privacy notice. By accepting this privacy policy via the functionality provided on the website, which includes your continued use of the website and reading this privacy policy, you consent to our collecting of the personal information provided for herewith. Grievance procedure If you wish to make a complaint about the way we have managed your Personal Information you may make that complaint verbally or in writing by setting out the details of your complaint to any of the following: Our Privacy Officer: Att: The Privacy Officer stitch@thetapestrylabel.com.au Alternatively, complaints may also be referred to a number of services as set out below: Australian Information Commissioner The Australian Information Commissioner receives complaints under the Act. Complaints can be made: Online: http://www.oaic.gov.au/privacy/making-a-privacy-complaint By phone: on 1300 363 992 By fax: on +61 2 9284 9666 In writing: Address your letter to the Australian Information Commissioner at the: Office of the Australian Information Commissioner GPO Box 5218 Sydney NSW 2001 OR Office of the Australian Information Commissioner GPO Box 2999 Canberra ACT 2601 NSW 2001 Alternatively, if you are based in the European Union, then you may lodge a complaint with your local National Data Protection Authority (‘NDPA’). Your local NDPA can be found using the European Commission website at: https://ec.europa.eu/ How we will deal with your complaint The complaint will be investigated by us in accordance with our internal procedures and processes. The complainant may be invited to participate in a conference by the staff member conducting the investigation. At the discretion of the Privacy Officer other interested parties may also be invited to participate in the conference to discuss the nature of the complaint and attempt to resolve it. This may include the presence or participation of a support person or advocate for the complainant. The complainant will be provided with a response to their complaint within a reasonable timeframe after completion of any investigation. This response will be in writing and will include the outcome of the investigation, any proposed action. How to contact us If you wish to contact us about your personal information, to obtain further information about privacy or to lodge a complaint, you should contact our Privacy Officer at the following email address: stitch@thetapestrylabel.com.au For further information, please visit the Federal Privacy Commissioner’s website at www.privacy.gov.au, or the European Commission’s website at https://ec.europa.eu/info/law/law- topic/data-protection_en Last updated: April 2022