fbpx

Privacy Policy

1.    The CBR Gals’ commitment to privacy
1.1. The CBR Gals, its subsidiaries, and affiliates in Australia are committed to managing personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and in accordance with other applicable privacy laws.
1.2. This policy is referred to as The CBR Gals’ Privacy Policy, and sets out:
       a. the kinds of personal information that The CBR Gals collects and holds;
       b. how The CBR Gals collects and holds personal information;
       c. the purposes for which The CBR Gals collects, holds, uses and discloses personal information;
       d. how you may access personal information that is held by The CBR Gals and seek the correction of such information;
       e. how you may complain about a breach of the Australian Privacy Principles, and how The CBR Gals will deal with such complaint;
       f. whether The CBR Gals is likely to disclose personal information to overseas recipients; and
       g. if The CBR Gals is likely to disclose information to overseas recipients – the countries in which such recipients are likely to be located if it is practicable to specify. those countries in the policy.
1.3. In this Privacy Policy, “The CBR Gals” refers to The CBR Gals Limited, its subsidiaries, and affiliates in Australia and “you” and “individual” refers to any individual about whom The CBR Gals collects personal information.

2.    Collection of solicited personal information
2.1. The CBR Gals will only collect personal information (other than sensitive information) when it is reasonably necessary and/or directly related to The CBR Gals’ functions or activities, including:
       a. administering membership to The CBR Gals;
       b. subscribing to direct marketing;
       c. submitting a testimonial or review of your experience with The CBR Gals; and
       d. administering the online products and events shop.
2.2. The personal information that The CBR Gals collects in performing its functions or activities may include your:
       a. if 2.1.a. or 2.1.b. applies – your name and email address;
       b. if 2.1.c. applies – your name, email address and an image of you;
       c. if 2.1.d. applies – your name, email address and financial information such as your bank account details or an address to send an invoice, as necessary to facilitate payments and information required for tax purposes; and
       d. other information that you choose to provide and/or that enables you to be personally identified.
2.3. The CBR Gals will not collect your sensitive information unless:
       a. you consent to the collection of the information; and
       b. the information is reasonably necessary for, or directly related to, one or more of The CBR Gals’ functions or activities.
2.4. Situations where the collection of your sensitive information may be permitted include:
       a. the collection of the information is required or authorised by or under an Australian law or a court/tribunal order;
       b. a permitted general situation under section 16A of the Privacy Act 1988 (Cth) that exists in relation to the collection of the information by The CBR Gals;
       c. a permitted health situation under section 16B of the Privacy Act 1988 (Cth) that exists in relation to the collection of the information by The CBR Gals;
       d. the collection of the information is reasonably necessary for, or directly related to, one or more of The CBR Gals’ functions or activities;
       e. the information relates to the activities of The CBR Gals; and
       f. the information relates solely to the members of The CBR Gals, or to individuals who have regular contact with The CBR Gals in connection with its activities.
2.5. The CBR Gals will only collect your personal information by lawful and fair means.
2.6. The CBR Gals will collect your personal information only from you unless:
       a. you consent to the collection of the information from someone other than you;
       b. The CBR Gals is required or authorised by or under an Australian law, or a court/tribunal order, to collect the information from someone other than you; or
       c. it is unreasonable or impracticable to do so.

3.   Dealing with unsolicited personal information
3.1. Where The CBR Gals receives unsolicited personal information it will, within a reasonable period after receiving the information, determine whether or not The CBR Gals could have collected the information under Australian Privacy Principle 3.
3.2. The CBR Gals may use or disclose the personal information for the purposes of making the determination under sub-clause 3.1.
3.3. If The CBR Gals decides it could not have collected the unsolicited personal information it will, as soon as practicable but only if it is lawful and reasonable to do so, return the information, destroy the information or ensure that the information is de-identified.
3.4. If The CBR Gals decides it could have collected the unsolicited personal information then Australian Privacy Principles 5 to 13 apply in relation to the information as if The CBR Gals had collected the information under Australian Privacy Principle 3.

4.   Notification of the collection of personal information
4.1. At or before the time or, if that is not practicable, as soon as practicable after, The CBR Gals collects your personal information it will take such steps (if any) as are reasonable in the circumstances to:
       a. notify you of such matters referred to in subclause 4.2 as are reasonable in the circumstances; or
       b. otherwise ensure that you are aware of any such matters.
4.2. The matters for the purposes of subclause 4.1 are as follows:
       a. provide you with the relevant contact details within The CBR Gals;
       b. where:
              i. The CBR Gals collects the personal information from someone other than you; or
              ii. you may not be aware that The CBR Gals has collected your personal information;
          the fact that The CBR Gals so collects, or has collected, the information and the circumstances of that collection;
       c. the purposes for which The CBR Gals collects your personal information;
       d. the main consequences (if any) if all or some of your personal information is not collected by The CBR Gals;
       e. any other APP entity, body or person, or the types of any other APP entities, bodies or persons, to which The CBR Gals usually discloses personal information of the kind collected by The CBR Gals;
       f. that this Privacy Policy contains information about how you may complain about a breach of the Australian Privacy Principles, and how The CBR Gals will deal with such a complaint;
       g. whether The CBR Gals is likely to disclose the personal information to overseas recipients; and
       h. if The CBR Gals is likely to disclose the personal information to overseas recipients – the countries in which such recipients are likely to be located if it is practicable to specify those countries in the notification or to otherwise make you aware of them.

5.   Use or disclosure of personal information
5.1. Where The CBR Gals holds your personal information that was collected for a particular purpose (the primary purpose), The CBR Gals will not use or disclose the information for another purpose (the secondary purpose) unless:
       a. you have consented to the use or disclosure of the information; or
       b. subclause 5.2. applies in relation to the use or disclosure of the information.
5.2. This subclause applies in relation to the use or disclosure of your personal information if:
       a. you would reasonably expect The CBR Gals to use or disclose the information for the secondary purpose and:
               i. the secondary purpose is directly related to the primary purpose (if the information is sensitive information); or
              ii. the secondary purpose is related to the primary purpose (if the information is not sensitive information);
       b. the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order;
       c. a permitted general situation exists in relation to the use or disclosure of the information by The CBR Gals;
       d. a permitted health situation exists in relation to the use or disclosure of the information by The CBR Gals; or
       e. The CBR Gals reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
5.3. Where subsection 16B(2) of the Privacy Act 1988 (Cth) applies in relation to the collection of the personal information by The CBR Gals, The CBR Gals will take such steps as are reasonable in the circumstances to ensure that the information is de-identified before The CBR Gals discloses it.
5.4. If The CBR Gals uses or discloses personal information in accordance with paragraph 5.2.e., The CBR Gals will make a written note of the use or disclosure.

6.   Direct marketing
6.1. Where The CBR Gals holds your personal information it will not use or disclose the information for the purpose of direct marketing, subject to clauses 6.2. to 6.8.
6.2. The CBR Gals may use or disclose your information (other than sensitive information) for the purpose of direct marketing if:
       a. The CBR Gals collected the information from you;
       b. you would reasonably expect The CBR Gals to use or disclose the information for that purpose;
       c. The CBR Gals provide a simple means by which you may easily request not to receive direct marketing communications from The CBR Gals; and
       d. you have not made such a request to The CBR Gals.
6.3. The CBR Gals may use or disclose your personal information (other than sensitive information) for the purpose of direct marketing if:
       a. The CBR Gals collected the information from you or from someone other than you, and you would not reasonably expect The CBR Gals to use or disclose the information for that purpose;
       b. you have consented to use or disclose the information for that purpose or it is impracticable to obtain that consent; and
       c. The CBR Gals provides a simple means by which you may easily request not to receive direct marketing communications from The CBR Gals;
       d. in each direct marking communication with you, The CBR Gals includes a prominent statement that you may make such a request, or The CBR Gals otherwise draws your attention to the fact that you may make such a request; and
       e. you have not made such a request to The CBR Gals.
6.4. The CBR Gals may use or disclose your sensitive information for the purpose of direct marketing if you have consented to the use or disclosure of the information for that purpose.
6.5. The CBR Gals may use or disclose personal information for the purpose of direct marketing if:
       a. The CBR Gals is a contracted service provider for a Commonwealth contract;
       b. The CBR Gals collected the information for the purpose of meeting (directly or indirectly) an obligation under the contract; and
       c. the use or disclosure is necessary to meet (directly or indirectly) such an obligation.
6.6. If The CBR Gals uses or discloses your personal information:
       a. for the purpose of direct marketing by The CBR Gals; or
       b. for the purpose of facilitating direct marketing by other organisations;
     you may:
       c. if paragraph a. applies – request not to receive direct marketing communications from The CBR Gals; and
       d. if paragraph b. applies – request The CBR Gals not use or disclose the information for the purpose referred to in that paragraph; and
       e. request The CBR Gals to provide its source of the information.
6.7. If you make a request under subclause 6.6, The CBR Gals will not charge you for the making of, or to give effect to, the request and:
       a. if the request is of a kind referred to in paragraph 6.6.c. or 6.6.d. – The CBR Gals will give effect to the request within a reasonable period after the request is made; and
       b. if the request is of a kind referred to in paragraph 6.6.e – The CBR Gals will, within a reasonable period after the request is made, notify you of its source unless it is impracticable or unreasonable to do so.

7.   Cross-border disclosure of personal information
7.1. Before The CBR Gals discloses your personal information to a person (the overseas recipient):
       a. who is not in Australia or an external Territory; and
       b. who is not The CBR Gals or you;
     The CBR Gals will take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles (other than Australian Privacy Principle 1) in relation to the information.
7.2. Subclause 7.1 does not apply to the disclosure of your personal information by The CBR Gals to the overseas recipient if:
       a. The CBR Gals:
               i. reasonably believe that the recipient of the information is subject to a law, or binding scheme, that has the effect of protecting the information in that it, overall, is at least substantially similar to the way in which the Australian Privacy Principles protect the information; and
              ii. believes that there are mechanisms that you can access to take action to enforce that protection of the law or binding scheme; or
       b. you:
              i. are expressly informed by The CBR Gals that, if you consent to the disclosure of the information, subclause 7.1. will not apply to the disclosure; and
              ii. after being so informed, consent to the disclosure; or
       c. the disclosure of the information is required or authorised by or under an Australian law or an Australian court/tribunal order; or
       d. a permitted general situation exists (other than the situation referred to in items 4 or 5 of the table in subsection 16A(1) of the Privacy Act 1988 (Cth)) in relation to the disclosure of the information by The CBR Gals.

8.   Adoption, use or disclosure of government related identifiers
8.1. The CBR Gals will not adopt a governmental-related identifier of you as its own identifier of you unless:
       a. the adoption of the government related identifier is required or authorised by or under an Australian law or a court/tribunal order; or
       b. subclause 8.3 applies in relation to the adoption.
8.2. The CBR Gals will not use or disclose a government related identifier of you unless:
       a. the use or disclosure of the identifier is reasonably necessary for The CBR Gals to verify your identity for the purposes of The CBR Gals’s activities or functions;
       b. the use or disclosure of the identifier is reasonably necessary for The CBR Gals to fulfil its obligations to an agency or a State or Territory authority;
       c. the use or disclosure of the identifier is required or authorised by or under an Australian law or a court/tribunal order;
       d. a permitted general situation exists (other than the situation referred to in item 4 or 5 of the table in subsection 16A(1)) in relation to the use or disclosure of the identifier;
       e. The CBR Gals reasonably believes that the use or disclosure of the identifier is reasonably necessary for one or more enforcement-related activities conducted by, or on behalf of, an enforcement body; or
       f. subclause 8.3 applies in relation to the use or disclosure.
8.3. This subclause applies in relation to the adoption, use or disclosure by The CBR Gals of a government related identifier of you if:
       a. the identifier is prescribed by the regulations; and
       b. the adoption, use or disclosure occurs in the circumstances prescribed by the regulations.

9.   Quality of personal information
9.1. The CBR Gals will take steps as are reasonable in the circumstances to ensure that the personal information that The CBR Gals collects is accurate, up-to-date and complete.
9.2. The CBR Gals will take steps as are reasonable in the circumstances to ensure that the personal information that The CBR Gals uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant.

10.   Security of personal information
10.1. If The CBR Gals holds personal information, it will take steps as are reasonable in the circumstances to protect the information:
       a. from misuse, interference and loss; and
       b. from unauthorised access, modification or disclosure.
10.2. If:
       a. The CBR Gals holds your personal information;
       b. The CBR Gals no longer needs the information for any purpose for which the information may be used or disclosed under this Schedule; and
       c. The CBR Gals is not required by or under an Australian law, or a court/tribunal order, to retain the information;
           The CBR Gals will take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified.

11.   Third-party payment provider
11.1. Stripe Payments Australia Pty Ltd (ABN 66 160 180 343) enables The CBR Gals to process credit card transactions for purchases through the Website.
11.2. Information about the use of your personal information by Stripe can be found here: https://stripe.com/au/privacy.

12.   Storage of personal information
12.1. Your personal information will be stored in cloud storage on Google LLC. servers located in Sydney, Australia and other locations around the world.
12.2. Information about the storage and security of your personal information on Google LLC servers can be found at https://policies.google.com/privacy.

13.   Access to personal information
13.1. If The CBR Gals holds your personal information, The CBR Gals will, on your request, give you access to the information.
13.2. Despite subclause 13.1, The CBR Gals is not required to give you access to the personal information to the extent that:
       a. The CBR Gals reasonably believes that giving access would pose a serious threat to the life, health, or safety of any individual, or to public health or public safety;
       b. giving access would have an unreasonable impact on the privacy of other individuals;
       c. the request for access is frivolous or vexatious;
       d. the information relates to existing or anticipated legal proceedings between you and The CBR Gals, and would not be accessible by the process of discovery in those proceedings;
       e. giving access would reveal the intentions of The CBR Gals in relation to negotiations with you in such a way as to prejudice those negotiations;
       f. giving access would be unlawful;
       g. denying access is required or authorised by or under an Australian law or a court/tribunal order;
       h. The CBR Gals has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to The CBR Gals’ functions or activities has been, is being or may be engaged in, and giving access would be likely to prejudice the taking of appropriate action in relation to the matter and:
              i. giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
              ii. giving access would reveal evaluative information generated within The CBR Gals in connection with a commercially sensitive decision-making process.
13.3. The CBR Gals will:
respond to the request for access to the personal information within a reasonable period after the request is made; and
give access to the information in the manner you request, if it is reasonable and practicable to do so.
13.4. If The CBR Gals refuses:
       a. to give access to the personal information because of subclause 13.2 or 13.3; or
       b. to give access in the manner you request;
      The CBR Gals will take steps (if any) as are reasonable in the circumstances to give access in a way that meets the needs of you and The CBR Gals.
13.5. Without limiting subclause 13.4, access may be given through the use of a mutually agreed intermediary.
13.6. Where The CBR Gals charges you for giving access to the personal information, the charge will not be excessive and will not apply to the making of the request.
13.7. If The CBR Gals refuses to give access to the personal information because of subclause 13.1 or 13.2, or to give access in the manner you request, The CBR Gals will give you a written notice that sets out:
       a. the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so;
       b. the mechanisms available to complain about the refusal; and
       c. any other matter prescribed by the regulations.
13.8. If The CBR Gals refuses to give you access to the personal information because of subparagraph 13.2.h.ii., the reasons for the refusal may include an explanation for the commercially sensitive decision.

14.   Correction of personal information
14.1. If:
       a. The CBR Gals holds your personal information; and
       b. either:
              i. The CBR Gals is satisfied that, having regard to a purpose for which the information is held, the information is inaccurate, out-of-date, incomplete, irrelevant or misleading; or
              ii. you request The CBR Gals to correct the information;
      The CBR Gals will take such steps (if any) as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.
14.2. If:
       a. The CBR Gals corrects your personal information that The CBR Gals previously disclosed to another APP entity; and
       b. you request The CBR Gals to notify the other APP entity of the correction;
       The CBR Gals will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
14.3. If The CBR Gals refuses to correct your personal information as requested , The CBR Gals will give you a written notice that sets out:
       a. the reasons for the refusal except to the extent that it would be unreasonable to do so;
       b. the mechanisms available to complain about the refusal; and
       c. any other matter prescribed by the regulations.
14.4. If:
       a. The CBR Gals refuses to correct your personal information as requested; and
       b. you request The CBR Gals to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading;
       The CBR Gals will take such steps as are reasonable in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information.
14.5. If a request is made under subclause 14.1 or 14.4, The CBR Gals will respond to the request within a reasonable period after the request is made. The CBR Gals will not charge you for the making of the request, for correcting the personal information or for associating the statement with the personal information (as the case may be).

15.   Appendix
15.1 Definition of personal information
       a. Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
              i. whether the information or opinion is true or not; and
              ii. whether the information or opinion is recorded in a material form or not.
15.2. Definition of sensitive information
       a. Sensitive information means information or an opinion about an individual’s:
              i.    racial or ethnic origin;
             ii.    political opinions;
             iii.   membership of a political association;
             iv.   religious beliefs or affiliations;
             v.    philosophical beliefs;
             vi.   membership of a professional or trade association;
             vii.  membership of a trade union;
             viii. sexual orientation or practices;
             ix.  criminal record; that is also personal information;
             x.   health information about an individual;
             xi.  genetic information about an individual that is not otherwise health information;
             xii.  biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
             xiii. biometric templates.