Owner and Data Controller
The Puzzle Cube Pty Ltd
Trading as Flower of Light
29 Orion Street
Lismore NSW 2480 Australia
ACN: 092 295 746
Owner and Data Controller Email: firstname.lastname@example.org
Flower of Light is committed to safeguarding the privacy of our customers and your Personal Information you have entrusted to us. It is important for you to understand what Personal Information we will collect, how we will use it, and who may access it.
Personal Information means information about an identifiable individual. It includes information that you have provided to us or was collected by us from other sources. It may include details such as your name and address, age and gender, personal financial records to the extent permitted by local laws.
If you are an existing customer of ours, further details about how we use your Personal Information is set out in your customer contract with us. Further notices highlighting certain uses we wish to make your Personal Information together with the ability to opt in or out of selected uses may also be provided when we collect Personal Information from you.
Our websites may contain links to other third-party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your Personal Information. Please check these policies before you submit any Personal Information to such third-party websites.
- What Personal Information about you we may collect
- How we may use your Personal Information
- Who we may share your Personal Information with
- How we protect your Personal Information
- Contacting us and your rights to prevent marketing and to access and update your Personal Information
- Our Cookies Policy
2. Information we may collect about you
We will collect and process all or some of the following Personal Information about you:
- The information you provide to us: Personal Information that you provide to us, such as when using the contact form on our website, including your name, email address, and other contact details;
- Our correspondence: if you contact us, we will typically keep a record of that correspondence;
- Information about how you use our products and support services: such as information about the amount of time you use our products/support services for, your typing patterns, the pages you visit, and other information about your activities or while logged into your H2-4You account. We collect this in order to provide feedback about your products and our support services, and to understand what your preferences are so that our marketing is relevant to you;
- Survey information: we may also ask you to complete surveys that we use for research purposes. In such circumstances, we shall collect the information provided in the completed survey;
- Promotions: we may request Personal Information to administer your participation in contests, sweepstakes or other promotions that we organise;
- Device Information: such as information about your operating system, browser, software applications, IP address, geo-location, security status and other device information in order to improve your experience, to protect against fraud and manage risk;
- Marketing preference information: details of your marketing preferences (e.g. communication preferences) and information relevant to selecting appropriate products and support services to offer you;
- Website and communication usage: details of your visits to the websites and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, weblogs, posts on the H2-4You forums, Blogs, other communication data, and the resources that you access;
- Activities on Social Networking Sites (SNS): if you choose to participate (for example, by “liking” H2-4You profile on YouTube channel, Facebook or Twitter, posting a message, or answering a quiz or poll), we will have access to the information you divulge which may include Personal Information, depending on your SNS privacy settings.
3. Uses made of your Personal Information
In this section, we set out the purposes for which we use Personal Information that we collect via our website and, in compliance with our obligations under European law, identify the “legal grounds” on which we rely to process the information.
These “legal grounds” are set out in European Data Protection Law, which allows companies to process personal data only when the processing is permitted by the specific “legal grounds” set out in law:
Consent: where you have consented to our use of your information.
Contract performance: where your information is necessary to enter into or perform our contract with you.
Legal obligation: where we need to use your information to comply with our legal obligations.
Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place.
Please note that in addition to the disclosures we have identified below, we may disclose Personal Information for the purposes we explain in this notice to service providers, contractors, agents, advisors (e.g. legal, financial, business or other advisors) and affiliates of Flower of Light that perform activities on our behalf.
(a) To provide and manage products and support services you have requested: to administer our support services, including to carry out our obligations arising from any agreements entered into between you and us, or to notify you about changes to our support services and products.
Use justifications: contract performance; consent, legitimate interests (to enable us to perform our obligations and provide our support services to you or to notify you about changes to our service).
(b) To communicate with you regarding products and support services that may be of interest: to provide you with updates and offers, where you have chosen to receive these. We may also use your information to market our own and our selected business partners’ products and support services to you by way of in-app alerts, post, email, phone, SMS or online or social media advertisement. Where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option on the appropriate platform to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you.
Use justifications: legitimate interests (to keep you updated with news in relation to our products and support services); consent.
(c) To understand our customers and to develop and tailor our products and support services: we may analyse the Personal Information we hold in order to better understand your usage patterns, preferences, and marketing requirements, as well as to better understand our business and develop our products and support services.
Use justifications: legitimate interests (to ensure the quality and legality of our support services and to allow us to improve our support services).
Use justifications: contract performance, legal obligations, legal claims, legitimate interests (to ensure that the quality and legality of our support services).
(e) To inform you of changes: to notify you about changes to our support services and products.
Use justifications: legitimate interests (to notify you about changes to our service).
(f) To ensure website content is relevant: to ensure that content from our websites is presented in the most effective manner for you and for your device, which may include passing your data to business partners, suppliers and/or service providers.
Use justifications: legitimate interests (to allow us to provide you with the content and support services on the websites).
(g) To reorganise or make changes to our business: in the event that we:
(i) are subject to negotiations for the sale of our business or part thereof to a third party;
(ii) are sold to a third party; or
(iii) undergo a re-organisation, we may need to transfer some or all of your Personal Information to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or re-organisation. We may also need to transfer your Personal Information to that re-organised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this policy.
Use justifications: legitimate interests (in order to allow us to change our business).
(h) In connection with legal or regulatory obligations: We may process your Personal Information to comply with our regulatory requirements or dialogue with regulators as applicable which may include disclosing your Personal Information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
Use justifications: legal obligations, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities).
4. Profiling and Automated Decision Making
The advertisements and recommendations (including online, while you are logged into your H2-4You account, and while you are using our mobile app) which we show you are chosen by analysing the Personal Information you provide to us as described in section 2, including information about your past purchases from us, the way in which you use our products and/or support services, and previous advertisements which you have clicked on. To choose advertisements which are tailored and most likely to be of interest to you, we compile and analyse information received from all our customers to gain a better understanding of your preferences from customers similar to you.
We use similar predictive techniques to combat payment fraud, as described below:
Processing of payments on our site
This process may result in you not being able to complete a purchase on our site. You may want to check your payment information or try again using a different method of payment.
Otherwise, you may request that we provide information about our decision-making methodology and ask us to verify that the automated decision has been made correctly. We may reject the request, as permitted by applicable law, including when providing the information would result in a disclosure of a trade secret or would interfere with the prevention or detection of fraud or other crime but generally in these circumstances we will ask payment providers to verify that its algorithm and source data are functioning as anticipated without error or bias.
5. Sharing your Personal Information (and transfers outside of the EEA)
Sharing outside the Flower of Light: Personal Information may be provided to third parties, including anti-fraud organisations, legal, regulatory or law enforcement authorities in cases of suspected criminal activity or contravention of law, for the detection and prevention of fraud, or when required to satisfy the legal or regulatory requirements of governments, regulatory authorities or other self-regulatory organizations, or to comply with a court order or for the protection of our assets (for example, collection of overdue accounts).
Sharing within the Flower of Light: We may share your Personal Information within the Flower of Light, including locations outside of the European Economic Area where we do business, for marketing purposes, for legal and regulatory purposes, to manage credit risk and other business risks, to perform analytics, to ensure we have correct or up to date information about you (such as your current address or date of birth) and to better manage your relationship with us.
Business sale or reorganisation: Over time, we may buy new businesses or sell some of our businesses. Accordingly, Personal Information associated with any accounts, products or support services of the business being purchased or sold will be reviewed as part of the due diligence process and subsequently transferred as a business asset to the new business owner. We may also transfer Personal Information as part of a corporate reorganisation or other change in corporate control.
Sub-contractors and agents: We may use affiliates or other companies to provide support services on our behalf such as data processing, account administration, fraud prevention and detection, analytics and marketing. Such companies will be given only the Personal Information needed to perform those support services and we do not authorize them to use or disclose Personal Information for their own marketing or other purposes. We have contracts in place holding these companies to the same standards of confidentiality by which we are governed.
Where we transfer Personal Information from inside the European Economic Area (the EEA) to outside the EEA, we may be required to take specific additional measures to safeguard the relevant Personal Information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export Personal Information to these jurisdictions. In countries which have not had these approvals (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm), we will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses, or other legal grounds permitted by applicable legal requirements.
6. Security of your Personal Information
We use physical, electronic and procedural safeguards to protect against unauthorized use, access, modification, destruction, disclosure, loss or theft of your Personal Information in our custody or control.
We have agreements and controls in place with third party service providers requiring that any information we provide to them must be safeguarded and used only for the purpose of providing the service we have requested the company to perform.
Security over the Internet
No data transmission over the Internet or website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your Personal Information in accordance with data protection legislative requirements.
All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
Retention of your Personal Information
Our retention periods for personal data are based on business needs and legal requirements. We retain your Personal Information for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When Personal Information is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the data.
7. Your rights and contacting us
Most of our processing is permitted by “legal grounds” other than consent (see section 2 above). In relation to Direct Marketing, where we are required to do so, we will obtain your consent before using your Personal Information for this purpose. If you prefer not to receive our Direct Marketing Communications and/or not have your Personal Information shared among the members of Flower of Light for the purpose of marketing, you can have your name deleted from our Direct Marketing and/or shared information lists.
Direct Marketing means our communication with you such as mail, telemarketing or email, using your contact information, to inform you about products and support services that we think may be of interest and value to you. This does not include communications regarding products or support services that you currently have, including improved ways to use the products, or additional features of the products as well as transactional information.
We will use reasonable endeavours to ensure that your Personal Information is accurate. In order to assist us with this, you should notify us of any changes to the Personal Information that you have provided to us by contacting us as set out in the “Contacting Us” section below.
If you have any questions in relation to our use of your Personal Information, you should first contact us as per the “Contacting Us” section below. Under certain conditions, you may have the right to require us to:
(a) provide you with further details on the use we make of your information;
(b) provide you with a copy of information that you have provided to us;
(c) update any inaccuracies in the Personal Information we hold;
(d) delete any Personal Information we no longer have a lawful ground to use;
(e) where processing is based on consent, to withdraw your consent so that we stop that particular processing;
(f) object to any processing based on the legitimate interest grounds unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
(g) restrict how we use your information whilst a complaint is being investigated.
Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.
If you have any questions or concerns about our privacy practices or the privacy of your Personal Information or you want to change your privacy preferences, please let us know.
Contact the Flower of Light Data Protection Officer at email@example.com.
8. Website Cookies
Cookies are useful because they allow a website to recognise a user’s device. Cookies allow users to navigate between pages efficiently, remember preferences, help to identify you when you come back to the website and generally improve the user experience. They can also be used to tailor advertising to your interests through tracking your browsing across websites.
Visitors to our website via third parties’ sources, such as AdRoll/AdWords/Google Analytics, may have cookies placed on their browsers for targeted advertising purposes by these third parties. The Website cookies contain cookie identifiers and website activity information.
For more information on the website, cookies follow this link http://www.allaboutcookies.org/
We make use of analytic cookies to analyse how our visitors use our Website and to monitor Website performance. This allows us to provide a high-quality experience by customising our offering and quickly identifying and fixing any issues that arise. For example, we might use performance cookies to keep track of which pages are most popular, which method of linking between pages is most effective, and to determine why some pages are receiving error messages. We might also use these cookies to highlight articles or site services that we think will be of interest to you based on your usage of the website. The information collected by these cookies is not associated with your personal information by us or by our contractors.
Our site has links to other websites not owned or controlled by us. We are not responsible for these sites or the consequences of you going on to those sites.
We use anonymous tracking in Google to track website visitors’ activity. This helps us optimise the site for ease of use.
Strictly Necessary Cookies
Cookies are essential in order to enable you to move around the website and use its features. Without these cookies, services you have asked for (such as navigating between pages) cannot be provided.
Website Functionality Cookies
If you do not agree to the use of these cookies please disable them by following the instructions for your particular browser or device. Please note that some of the website services may not function if cookies are disabled.
Some browsers make it possible for you to signal that you do not want your internet browsing activity to be tracked. Disabling tracking may interfere with some uses of the Website and the services provided on the Website.
After your initial visit to the Website, we may change the cookies we use. We will always allow you to know who is placing cookies, for what purpose the cookies are placed, and give you the means to disable them. Such third parties could be Google AdWords or Analytics, Adroll and our payment providers as mentioned in the section above titled: Processing of payments on our site.
When you come to our Website a pop-up message will inform if cookies will be used and enable you to disable them if you wish.
9. Linked websites and third-party services
Our websites and services may provide links to other third-party websites and services which are outside our control and not covered by this policy. We encourage you to review the privacy policies posted on these (and all) sites you visit or services you use.