- give individuals a better and more complete understanding of the sort of personal information that Changing Habits holds, and the way we handle that information
- clearly communicate the personal information handling practices of Changing Habits, and
- enhance the transparency of Changing Habits’ operations.
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not. We have addressed how we manage the personal information of customers, employees and suppliers separately below. We have used a ‘layered policy’ format with click through links to help you find the information you want faster. Please click through the links below to find out more
Queries Complaints Access and Correction
You have a right to request access to your personal information held by us and to request its correction. If you wish do to do so please use the contact details below. If you wish to make a formal complaint, please make provide your complaint in writing to our one of the addresses below. We will consider your complaint promptly and contact you to seek to resolve the matter. If we have not responded to you within a reasonable time, you are entitled under the Privacy Act to make a complaint to the Australian Privacy Commissioner within the Australian Human Rights Commission. Queries, complaints, requests for access to or correction of personal information can be sent to firstname.lastname@example.org
Or by mail or phone to
2/29 Premier Circuit
Warana Qld 4575
Phone: 07 5493 7135
Changing Habits respects the rights of individuals to determine to whom they give their personal information and how their information is used. Our customer’s privacy is very important to us and we will value the trust you place in us in giving us your personal information. We take this responsibility seriously and we are committed to safeguarding your information and using it for the purposes for which you have entrusted it to us.
What Information we collect
We collect a range of information from our customers that is directly related to the products and services you choose. Where we wish to use the information for other purposes we will seek your agreement beforehand. The kind of personal information we collect can include: name, contact details, location, demographic information like gender, age, relationship status and so on, products you are interested in, where you shop, what you buy, who you shop for, where else you like to shop, what loyalty programs you belong to.
How We Collect Information
As much as possible we collect information directly from our customers. We do this in a number of ways, including when you:
- provide us with personal information over the phone or through personal mobile computing devices, like smart phones and tablets;
- fill out application forms; or
- submit your personal details through our website.
We also collect solicited personal information indirectly, through publicly available sources, or through social media sites, like Facebook, Twitter, Google and others, who disclose to their users that the users’ personal information is provided to businesses like Changing Habits. We may also collect or have access to personal information through our related companies such as Functional Nutrition Academy. We do this where:
- the customer has consented to such collection or would reasonably expect us to collect their personal information in this way, or
- if it is necessary for a specific purpose such as the investigation of a privacy complaint
Using Personal Information
We use personal information to better understand our customers’ interests and needs, to complete purchase transactions and layby orders and to offer an ever improving quality range of amazing products. We use personal information in the following ways:
- Provide, deliver, source, administer, improve and personalise our products and services;
- Process payments and provide refunds and discounts;
- Enable our third party service providers to provide us with IT products and services, carry out product investigations, data processing, data analysis, business consulting, auditing, archiving, printing, delivery and mailing services;
- Provide more relevant marketing offers through direct marketing, database compilation, market research, data analysis and segmentation, and the processing or creation of other marketing information;
- Combine or compile with publicly available information for the processing or creation of marketing offers and information;
- Personalising our customers shopping experience, including, where appropriate, identifying individuals;
- Communicating with our customers, including product recalls and responding to queries and complaints;
- Fraud prevention, including services regarding the protection of our customers’ information, eg. credit card information;
- Develop and expand our operations to better suit our customers’ needs, such as planning for future store locations;
- Maintaining and keeping our customers information current and as accurate as possible;
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Links: When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
We do not disclose personal information to third parties unless we are permitted to do so by law or you have given us your consent to do so. Third parties we may disclose personal information to include:
- Our related companies
- Our service providers including IT service providers, major delivery companies, advertising and marketing service providers, out-sourced call centres, mail houses and third party fulfilment contractors; and
- Our professional advisors including our accountants, auditors and lawyers;
- Payment system operators and financial institutions; and
- Government agencies.
Some of our service providers provide services to us entirely or partly from overseas locations and we may in order to receive those services occasionally transfer personal information overseas, predominantly to the United States of America, Europe and the Asia Pacific Region, including where:
- we use service providers, cloud computing solutions or data storage located overseas;
- we, or our related bodies corporate, have offices overseas;
- we need to comply with foreign legal or regulatory requirements; or
- an international payment has been made.
We take active steps to protect the personal information we hold against loss, unauthorised access or use, modification or disclosure, and against other misuse. This includes any information that we disclose overseas. Where data is held overseas, we require third parties to store such data in restricted access premises and provide appropriate protection against unauthorised disclosure. As a minimum security requirement, password authentication is required to access those databases in all cases. We also use fire walls, SSL technology and encryption for transmission of data where appropriate. When the personal information that we collect is no longer required, we destroy, delete or de-identify it in a secure manner, in accordance with Changing Habits’ Document Retention and Destruction Policy.
Your Privacy choices
Where feasible, you can interact with Changing Habits anonymously or using a pseudonym. This will mean that there are some products and services that you will not be able to enjoy. These include online shopping and better access to product offers likely to be of a more direct interest to you personally. You can access the personal information that we hold about you and you can ask us to correct the personal information we hold about you.
Changing Habits Online Shopping
Our shopping cart solution is hosted and managed by Infusionsoft & WooCommerce. They provide us with the online e-commerce platform that allows us to sell our products and services to you.Your data is stored through Infusionsoft’s data storage, databases and the general Infusionsoft application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then WooCommerce stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Changing Habits utilises cookies to create a more customised experience for our users and customers. For example, we use a login cookie so members do not have to re-enter their username and password each time they return to our site. We also use tracking pixels (i.e. Google Analytics) to aid in measuring and tracking where our website traffic is coming from and to track the performance of our site. Finally, we use remarking pixels from Facebook and Google to aid in customised, targeted followup advertising.
Email and SMS Subscription Lists
We currently have an electronic Direct Marketing (eDM) email list which provides marketing offers to subscribers. If you elect to subscribe to our eDM, these services will be provided to you to communicate product information, special events and offers. We also use search engine and social media sites to make marketing offers which may be of interest to you. Our marketing subscription list is an ‘opt in’ system. You may unsubscribe easily by clicking on the unsubscribe link that appears in all of our marketing communications to you. We also send SMS to customers who have subscribed to receive SMS messages from us. Our SMS subscription list is an ‘opt in’ system. You may unsubscribe easily by clicking on the unsubscribe link that appears in all of our SMS communications to you
We will never knowingly send you electronic messages without your consent. For more information on the Spam Act 2003, please visit http://www.comlaw.gov.au/Details/C2013C00021
Changing Habits collects personal information from current, future and past employees directly and from third parties who have agreed to provide human resources related services to Changing Habits. We may collect sensitive information such as information about your health where necessary. Changing Habits uses this personal information to provide employment related services like Employee Assistance Programs, Professional Development and Coaching, Remuneration & Payroll, Injury Support, Redeployment Services, Fraud Prevention and Debt Collection through a third party delivery model. Third parties are engaged to provide some of these services and in doing so are all contractually obliged to comply with the Privacy Act.
Changing Habits collects personal information from job applicants directly and from third parties who have agreed to provide those applicants with a professional or personal reference and from organisations which provide recruitment related services to Changing Habits. Changing Habits also relies on word of mouth and personal referrals in its recruitment activities. As part of any job application process your consent to collect and use your information in this manner will be sought. The kinds of personal information we may collect include your name, address, contact details, employment and academic histories, and the names of your referees.
What information we collect and how we use it
If you send us an application or a resume for a job, we will use your personal information (including, where necessary, sensitive information such as information relating to your health) to assess your application and may disclose this information to recruitment agencies and other third party service providers for purposes such as aptitude, psychological and medical testing. These third party service providers are predominantly located in Australia. Where candidates are located overseas, Changing Habits may use overseas service providers for purposes such as aptitude, psychological and medical testing in the jurisdictions in which the candidates are located or in the jurisdictions in which the recruitment agency is located, or both depending on the nature of the recruitment. Changing Habits uses the feedback and results from such third party services in making current and future employment decisions. Changing Habits will use information you provide regarding your prior employment history to seek further information about you from referees. Changing Habits uses recruitment related information for:
- Communicating with employment candidates, including responding to queries and complaints;
- Undertaking market research, data analysis and segmentation of the job market, candidate profiles and recruitment outcomes.
Changing Habits collects information from its suppliers in relation to sourcing and purchase of its products and provision of services to Changing Habits or its customers. This information is collected for business related purposes but does contain some limited personal information related to the name and contact details of the people that it deals with at its suppliers and service providers. The information will usually be collected directly from the supplier but may also be provided by third party sourcing agencies or business contacts. Where the supplier provides products for Changing Habits’ stores, this information may be shared with Changing Habits’ related entities that are located overseas and with third party buying agencies predominantly located in the Asia Pacific region and the Americas. Changing Habits and its related entities will hold this information securely and will only disclose it for business related purposes. The information is used for activities such as
- Sourcing and acquiring products for Changing Habits;
- Product innovation and quality control;
- Communicating with Suppliers;
- Investigation of complaints;
- Maintaining and keeping our suppliers’ information current and as accurate as possible.
Age of consent
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
Handling of Privacy Complaints
This document describes the complaint management process that Changing Habits uses to handle Privacy related complaints. It describes an effective and responsive process that reflects the needs of both the complainant and Changing Habits. It provides Changing Habits with both a customer focused, consistent and systematic approach to resolving complaints received relating to the Privacy.
Information on how to make a complaint forms part of the Privacy Statement and is available on Changing Habits’ website and on request from Customer Relations.
The complaints handling process is easily accessible. Contact for making a complaint, or requesting access to information, is made by phoning a dedicated phone number or emailing email@example.com. This phone number is 07 5493 7135
Each complaint is received by email, mail or phone and acknowledged as received at that time. Each complaint is assigned a case number using the Customer Relations system and the case number is provided to the complainant. Expectations of complaint resolution timelines are to be provided to the complainant at the time the complaint is acknowledged and recorded.
Each complaint will be handled in an objective and unbiased manner.
Each complaint will be treated confidentially and information collected concerning the complaint will remain confidential as per Changing Habits internal policy and procedures. Non-disclosure agreements are in place with all team members handling complaints and individuals are covered by acceptance of the Changing Habits Code of Conduct as part of employment with Changing Habits. Where third party service providers are involved with the investigation or resolution of the complaint, their involvement is covered by the confidentiality and privacy obligations contained in the services provision contract.
Accountability for receiving complaints relating to the Privacy is assigned to the Changing Habits Customer Service Team. Accountability for resolution of complaints relating to the Privacy is assigned to the Privacy Compliance Officer and may be delegated to the Customer Service Manager. Accountability for communicating significant breaches to the Finance Director and Managing Director is assigned to the Privacy Compliance Officer. A significant breach includes, but is not limited to:
- a material compliance breach, or
- a breach that may lead to material brand reputational damage, or
- a breach has a high probability to lead to an individual or the company incurring a fine.
Complaints handling framework
Collection of information
An individual with a complaint will raise a complaint using established procedures by using the contact details publicised in the Privacy Statement. All complaints pertaining to the Privacy will be entered into the Customer Relations system by a member of the Customer Service team. The Customer Service team will investigate the complaint to establish the facts and recommend a resolution to the Customer Service Manager. If the complaint requires follow up in order to close the case it will be referred from Customer Service to the Privacy Compliance Officer. The mailbox will be permanently opened in Outlook, and will also be accessible on request by other nominated Changing Habits team members (to cater for leave, illness, etc). The mailbox is included in the Changing Habits disaster recovery planning and is backed up regularly to safe guard data. All traffic received/sent from the mailbox is logged. All incoming emails will be assessed for the nature and severity of the complaint.
Investigation of Privacy related complaint
A Customer Service team member as selected by the Customer Service Manager will conduct analysis on each complaint to determine the resolution required. Each complaint will be handled based on the nature of the complaint and the information concerned. Changing Habits Customer Service will continue to manage each case when referred to other Changing Habits internal functions and will be responsible for follow up and eventual closure of the case in the Customer Service system.
All complaint details will be recorded in the Customer Service system. Details including the date the complaint was received/closed, current status of the complaint (open/closed), details of the complaint made, details of the resolution provided and communications material pertaining to the complaint. Once a complaint has been resolved, all received and sent emails pertaining to the complaint will be filed in the Resolved Complaints folder, details in the Customer Service system updated and the case set to closed status. Customer Service will provide reporting on a regular basis to the Privacy Compliance Officer to monitor all cases pertaining to Privacy complaints. Reporting to management will contain the following;
- Number of cases logged
- Time taken to resolve complaint on closed cases
- Number open cases at current time
- Length of time elapsed on current open cases
- Severity of open/closed cases
Statistical information concerning Privacy related complaints will be reported on a weekly basis. High-level statistical information concerning Privacy complaints will be reported to the privacy Compliance Officer on a monthly basis.
All email items over 30 days are “vaulted’ into corresponding folders via the Exchange Archive and these emails retained for 7 years. Any items remaining in the Inbox and/or Sent box will by default still be open complaints, with the initial date of complaint receipt visible.
Acknowledgement of a complaint
Each complaint will be acknowledged at the time that the complaint is received and a case number advised to the complainant at this time.
Commitment to resolution of complaints
Changing Habits commits to providing a final response for complaints that it receives within 30 days of receipt of the complaint.
Response to a complaint & communication of decision
Contact will be made to each complainant within 5 working days of receiving the complaint to provide either a reply with a resolution or the current status of the complaint.
Monitoring of the complaints handling process
All cases in the Customer Service system will be reviewed; For complaints older than 10 working days, perform follow-up action; such as status/progress checking with area the complaint was referred to. For complaints older than 15 working days, reported and escalate the status/progress check to management of responsible area via the Customer Service Manager. For complaints older than 20 days, reported and escalate the status/progress check to the Privacy Compliance Officer via the Customer Service Manager. For complaints older than 25 days, reported and escalate the status/progress check to the General Manager of the responsible area via Privacy Compliance Officer. It is anticipated that NO complaints will be unresolved after 30 working days.