1. Introduction
The Crystal Garden Australia value the privacy of individuals and is committed to safeguarding information it receives in connection with its business activities.
To achieve this commitment to privacy, The Crystal Garden Australia will comply with the Privacy Act 1988 (Commonwealth) and its amendments (the Act), and the Australian Privacy Principles (APPs) set out in that Act. You can see the full text of the APPs online at the Office of the Australian Information Commissioner’s website at: https://www.oaic.gov.au/privacy/australian-privacy-principles/read-the-australian-privacy-principles/.
This policy outlines how The Crystal Garden Australia collects, uses and manages personal information about an individual and how an individual can make inquiries or complaints about our compliance with the APPs and about any personal information that we hold on file about them.
We may update or change this policy from time to time, including to take account of new or amended laws, new technology or changes to our operations. If we do so we will publish the updated policy on our website. All personal information held by us will be governed by our most recent updated policy.
This policy was last updated in March 2024.
2. Who we are
Our website address is: https://www.thecrystalgarden.com.au.
3. What is personal information?
Personal information is defined by the Act as “information or an opinion about an
identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.”
In general, the personal information we collect about you includes (but is not limited to) your name and date of birth, contact details (including phone numbers and addresses), the company you work for and your role, and financial information including credit card information and information collected from credit reporting agencies.
When dealing with The Crystal Garden Australia, you have the right to remain anonymous or use a pseudonym. However, we may require you to identify yourself if required by law or if it is impracticable for us to deal with your matter otherwise.
4. Why do we collect personal information?
We collect personal information that is reasonably necessary to conduct our business activities. Generally, personal information will be used for dealing with: your contractual obligations to us; your requests and inquiries; or our sales and marketing activities.
We may collect and hold personal information so that we can:
- identify you and conduct appropriate checks, including credit checks;
- understand your requirements and provide you with a product or service;
- set up, administer and manage our products and services and systems, including the management and administration of an account;
- assess, investigate and process any instances of loss, theft or damage arising out of the use or hire of our hire equipment;
- recruit, manage, train and develop our employees and representatives;
- manage complaints and disputes, and to report to dispute resolution bodies; and
- get a better understanding of you, your needs and how you interact with us, so we can engage in product and service research, development and business strategy including managing the delivery of our services through the ways that we communicate with you.
Personal information collected will differ depending on the purpose of collection.
When it is reasonable or practicable to do so, we will collect your personal information directly from you. For example, we may collect personal information from you in the following ways:
- when you provide us with personal information by telephone or email;
- when you access our website;
- when you complete a form; and
- during conversations between you and our representatives.
We may collect credit information about you from a third party such as a credit reporting agency in accordance with our Credit Reporting Privacy Policy.
5. How will we use and disclose personal information?
Crystal Garden will generally use, collect, hold or disclose personal information about you as required for our business functions and activities, which may include the following:
- to provide you with products and services and to send communications requested by you;
- to obtain credit history information about customers and potential customers;
- to tailor our communications to you;
- to send information about future events, promotions, regular email communications or newsletters (both electronic and hard-copy) outlining news, services, products or events;
- to conduct business processing functions;
- for our internal administrative, marketing and planning requirements;
- to compile and report statistics using de-identified information;
- for purposes that are expressly permitted under any agreement with you; and
- where it is suspected that potential or actual unlawful activity has taken place.
We may disclose your personal information to:
- our employees, related bodies corporate, contractors or service providers for the purposes of: operating of our website; conducting our business activities; fulfilling requests by you; processing credit card transactions; providing products and services to you; or for one of the purposes set out above;
- suppliers and third parties with whom we have commercial relationships, for business, marketing and related purposes;
- other organisations for authorised purposes with your consent; and
- to debt collectors when payments are overdue.
The Crystal Garden Australia may share personal information with related companies or with contractors performing services for us. In these instances, we will use reasonable endeavours to ensure that these organisations are required to comply with the APPs.
We may use personal information for direct marketing or to advise an individual about new services and marketing initiatives that may be of interest to them.
These communications may be sent in various forms, such as mail, SMS, fax and email, and social media in accordance with applicable laws. By submitting your personal information to us, you consent to us using your personal information for direct marketing purposes. Any direct marketing material will include a notice allowing you to nominate if you do not wish to receive further direct marketing communications. You can also opt-out of receiving marketing communications from us by contacting us as noted below.
In limited circumstances, we may share your personal information with recipients outside of Australia
6. Information collected via our website
To ensure we are meeting the needs and requirements of our website users, and to secure and develop our online services, we may collect information by various means including via system log files and cookies. Cookies are unique identification numbers that are placed on the browser of our website users. The cookies do not in themselves identify users personally, but are linked back to a database record about them.
When a user visits our site a cookie may be placed on their machine. Where a user has visited us before, the cookie may be read each time they re-visit the site. We do not use this technology to access any other personal information of a user in our records and a user cannot be personally identified from a cookie.
We may use cookies to track use of our website, and to compile statistics on visits to the site in an aggregated form. We may use log files to review the security and performance of our websites. Cookies and log files may contain information such as:
- The username you have used to access a secure area of our website which requires authentication by you;
- the address of a user’s server;
- a user’s top level domain (such as .com or .au);
- the date and time of a user’s visit;
- the pages a user accessed and downloaded;
- the search engine a user used;
- the type of browser that was used.
The Crystal Garden Aystralia also uses Google Analytics and Hotjar as tools to assist in collecting the abovementioned data. Further information on how this information is collected and processed can be found at https://policies.google.com/technologies/partner-sites for Google Analytics and at https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotjar for Hotjar.
7. How will Crystal Garden store and manage your data?
The internet is an insecure medium and users should be aware that there are inherent risks transmitting information across the internet. Unencrypted information submitted via email or web forms may be at risk of being intercepted, read or modified.
From time to time, personal information may be held on or within systems internal and external to The Crystal Garden Australia including public and private clouds and we will take reasonable steps to protect the personal information we hold from misuse and loss, interference and from unauthorised access, modification or disclosure. The Crystal Garden Australia may also store your data in hard copy.
Crystal Garden will securely de-identify or dispose of personal information when we have no further need to use it, or when we are required by law to do so.
8. Email Security
Any emails you send may be automatically examined and filtered for unacceptable content which may result in your email or attachments being held for review. Our IT administrators may have access to your emails to authorise the content for security purposes only and not thereafter.
9. How can I access and correct information?
You may request access to personal information that we hold about you. We will provide you with access to personal information in accordance with the Act and APPs and we may not grant you access to the personal information that we hold where the APPs allow us to do so. If you are refused access to information, we will provide you with reasons for the refusal.
The Crystal Garden Australia will take reasonable steps to make sure that the personal information we collect, use or disclose is accurate, complete and up-to-date. If you believe that the personal information we hold about you is inaccurate or out of date, please let us know and request us to amend it. We will consider your request, and if we are satisfied with your request we will take reasonable steps to correct the information. If we do not agree that there are grounds for amendments, then we will follow the procedures set out in the APPs.
All requests for access to personal information must be made in writing to The Crystal Garden Australia. We may charge a reasonable fee for processing your request.
10. Data Breach
We will provide notice to the Office of the Australian Information Commissioner and to you of any unauthorised access to, disclosure of or loss of your personal information which may result in serious harm to you (“Data Breach”). Serious harm could include physical, psychological, emotional, economic and financial harm, as well as harm to reputation. All notifications, investigations and remedial action regarding any actual or suspected Data Breach will be undertaken in accordance with the requirements of the Act.
11. Contact, complaints and further information
If you have any questions in relation to the information handling procedures of The Crystal Garden Australia, any complaint regarding the treatment of your privacy or the APPs by Crystal Garden please contact the Privacy Officer in writing with the following contact details.
By Mail: Privacy Compliance Officer – The Crystal Garden Australia
13 Driver Way, Bull Creek, 6149 WA
By email: contact@thecrystalgarden.com.au
We may need you to provide more information about your concern. If your concern is genuine, we will investigate the issue and endeavour to provide you with a written response within 28 days of receipt of your written query. Sometimes we might not be able to provide you with a written response within the time-frame specified. If that is the case, we will contact you and explain the reason for the delay and give you a new time-frame for a written response.
If you are not satisfied with our response, please notify the Privacy Compliance Officer in writing. We can escalate your matter and review the response that you were given. You may also direct your issue to the Office of the Australian Information Commissioner’s website at https://www.oaic.gov.au/about-us/contact-us
You are entitled to make an anonymous complaint or inquiry in relation to this privacy policy, the APPs or your privacy rights. However, we may require you to identify yourself if required by law or if it is impracticable for us to deal with your matter otherwise.If you have any questions in relation to the information handling procedures of Crystal Garden, any complaint regarding the treatment of your privacy or the APPs by Crystal Garden please contact the Privacy Officer in writing with the following contact details.
By mail: Privacy Compliance Officer – The Crystal Garden Australia
13 Driver Way, Bull Creek, 6149 WA
By email: contact@thecrystalgarden.com.au
We may need you to provide more information about your concern. If your concern is genuine, we will investigate the issue and endeavour to provide you with a written response within 30 days of receipt of your written query. Sometimes we might not be able to provide you with a written response within the time-frame specified. If that is the case, we will contact you and explain the reason for the delay and give you a new time-frame for a written response.
If you are not satisfied with our response, please notify the Privacy Compliance Officer in writing. We can escalate your matter and review the response that you were given. You may also direct your issue to the Office of the Australian Information Commissioner by visiting their website at www.oaic.gov.au/privacy/privacy-complaints/
12. Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
13. Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
14. Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
15. Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
16. Who we share your data with
If you request a password reset, your IP address will be included in the reset email.
17. How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
18. What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
19. Where we send your data
Visitor comments may be checked through an automated spam detection service.