Privacy Policy

Introduction

The Privacy Act 1988 (‘the Privacy Act’) requires entities bound by the Australian Privacy Principles (APPs) to have a privacy policy. This privacy policy outlines the way Diabetes NSW&ACT handles personal information.

The specific legal obligations of Diabeteshop.com (owned and operated by Diabetes NSW&ACT) when collecting and handling your personal information are outlined in the Privacy Act, in particular in the APPs found in that Act. We will update this privacy policy when our information handling practices change.

 

Collection of your personal information

We always try only to collect and hold information that we need for a particular function or activity.

The kinds of information we may collect or hold include your name, gender, date of birth, lifestyle information, postal address, residential address, email address, phone number, credit card details and/or other payment information.

The main way we collect personal information is directly from you. This may include collecting information:

  • Online – when you purchase products or subscribe to emails;
  • Over the phone – when ordering or enquiring about products.

Indirect collection

From time to time we may also collect personal information from third parties. This may include legal guardians, organisations or health care professionals associated with the provision of the NDSS (i.e. diabetes care plans or contact details), and information providers (i.e. providers of personal information available in the public domain or list purchase providers).

Anonymity

You can remain anonymous when using some parts of our Websites. However, it may be necessary for us to collect your Personal or Sensitive Information if you would like to access certain materials or services. If you choose to withhold the information we require, we may not be able to provide the services you have requested.

Website usage & cookies

We use a range of tools provided by third parties, including Google and Bing, to collect or view website traffic information. These sites have their own privacy policies.

We also use cookies and session tools to improve your experience when accessing our websites. An individual can browse and access our website without revealing their identity.

We collect the following data from individuals who visit our website:

  • The number of visits;
  • Date and time of visits;
  • Number of pages viewed; and
  • How users navigate through the site.

A cookie is a small amount of data that is transferred to the individual’s browser by a Web server and can only be read by the server that gave it to the individual. It functions as the individual’s identification card and enables us to record the individual’s passwords, purchases, and preferences. It cannot be executed as code or deliver viruses.

Most browsers are initially set to accept cookies. An individual can set their browser to notify them when they receive a cookie, giving them the chance to decide whether to accept it or not. (For some Web pages that require an authorisation, cookies are not optional. Users choosing not to accept cookies will probably not be able to access those pages.)

While we use cookies to track individual visits to https://diabetesshop.com. Our web servers automatically log the IP/Internet address of an individual’s computer, we do not use this information to identify the individual personally.

Storage and security of your personal information

We are committed to protecting the security of all personal information we hold from misuse, interference, loss and unauthorised access, disclosure or modification.

When personal information is no longer required for carrying out our functions or activities, all reasonable steps are taken to destroy or ensure that the information is de-identified. This will apply unless we are required, under Australian law, to retain the personal information for a specified period.

 

Third Parties

Diabetesshop.com uses the platform Shopify to provide our services to you. For more information about Shopify, a copy of their privacy policy can be found here https://www.shopify.com/legal/privacy. More information on how Shopify manage security of your information can be found here https://www.shopify.com/security.

We also use Hubspot to help us provide services to visitors to our website. For more information about how Hubspot handles your information, a copy of their Privacy Policy can be found here https://legal.hubspot.com/product-privacy-policy. More information about how Hubspot manage security can be found here https://www.hubspot.com/security.

We need to share your information with them in order to provide you with information, products or services to you. These service providers are prohibited from using your Personal Data except for these purposes, and they are required to maintain the confidentiality of your information.

They will not use your personal information to independently market or advertise to you.

 

Direct Marketing

Diabetes NSW&ACT regularly contacts customers on our database to provide updates on our services. When you freely provide your personal information, you automatically opt-in to receive direct marketing communication.

How to ‘opt-out’ of direct marketing communication

You can choose to ‘opt out’ of receiving direct marketing communications at any time by selecting ‘unsubscribe’ on email communications sent by us, or by one of the following ways:

If you choose to ‘opt out’ of receiving our direct marketing communications, you may be asked to provide your full name, address, date of birth and phone number for verification purposes.

 

Disclosure of personal information

Diabetes Australia will only disclose your personal information to third parties in the following circumstances:

  • where you have consented to the disclosure;
  • where third party contractors deliver services on our behalf or to us, government agencies, mailing houses and other organisations. All external parties who receive your information must sign a confidentiality agreement that requires them to comply with the Privacy Act and our Privacy Policy;
  • where we deliver services to or on behalf of third-party contractors, including other State and Territory Agencies. All external parties who receive your information must sign a confidentiality agreement that requires them to comply with the Privacy Act and our Privacy Policy;
  • to protect or defend the legal rights or property of Diabetes NSW&ACT, our affiliated and group companies or their employees, agents and contractors (including enforcement of our agreements);
  • to protect against fraud or for risk management purposes;
  • if we believe your actions violate this Privacy Policy;
  • to comply with the law or legal process; or
  • to enable the sale of Diabetes NSW&ACT or its assets.

If Diabetes NSW&ACT should disclose personal information to third party contractors, Diabetes NSW&ACT takes steps to either:

  • De-identify the personal information; or
  • Ensure that those contractors are authorised only to use your personal information to perform the specialised function.
  • Choosing not to provide personal information may affect the services and programs we can provide to an individual.

Notifiable data breaches

The Privacy Act Amendment, Notifiable Data Breaches (NDB) Act 2017 requires Diabetes NSW&ACT to notify particular individuals and the Office of the Australian Information Commissioner about ‘eligible data breaches’. A data breach is eligible if it is likely to result in serious harm to any of the individuals to whom the personal or sensitive information relates. Diabetes NSW&ACT will make an objective assessment of whether a data breach is likely to result in serious harm and take remedial action according to its data breach response plan. See https://www.oaic.gov.au for further information.

Disclosure of personal information overseas

We use third parties to provide specialised services to you who may be based overseas or use cloud-based technologies. These third parties include Shopify and Hubspot who use servers based in the United States.

We need to share your information with them in order to provide you with information, products or services to you. They are prohibited from using your Personal Data except for these purposes, and they are required to maintain the confidentiality of your information.

 

Quality of personal information

To ensure that the personal information we collect is accurate, up-to-date and complete we:

  • record information in a consistent format;
  • promptly add updated or new personal information to existing records;
  • regularly audit our contact lists to check their accuracy; and
  • we also review the quality of personal information before we use or disclose it.

Accessing and correcting your personal information

Under the Privacy Act (APPs 12 and 13) you have the right to ask for access to personal information that we hold about you, and ask that we correct that personal information. We must respond to access and correction requests within 30 days.

Accessing your personal information

You can access your personal information collected and held by us, provided there is no Australian law preventing you. You can request access by the following methods:

  • Call us: 1800 738 193
  • By email: privacy@diabetesnsw.com.au
  • By Post: Privacy Officer, Diabetes NSW & ACT, GPO Box 9824, Sydney NSW 2001

To access your information, you must provide your full name, address, date of birth and phone number for verification purposes. Access to your personal information will be provided in the manner that you request unless it is unreasonable and impracticable for us to do so.

Correction your personal information

You can ask to correct your personal information throughout the year. This can be done by either logging onto your account at https://diabetesshop.com and editing your details, or contacting us on 1800 738 193.

 

How to make a complaint

If you have any questions about how we handle personal information, would like to complain about how we have handled your personal information, or would like further information about our Privacy Policy, please submit a written query or complaint to our Privacy Officer (by post: Privacy Officer, Diabetes NSW & ACT, GPO Box 9824, Sydney NSW 2001; or by email: privacy@diabetesnsw.com.au). If you need help lodging a complaint, you can contact us on 1800 738 193.

Our Privacy Officer will assess any complaints and liaise with you to resolve any issues within 30 days.  If we receive a complaint from you about how we have handled your personal information, we will determine what (if any) action we should take to resolve the complaint.

If you do not wish to raise the complaint with Diabetes NSW&ACT, you can contact the Office of the Australian Information Commissioner.

 

Updating our Privacy Policy

We will update our Privacy Policy from time to time. Our website will have the most current Privacy Policy https://diabetesshop.com.

 

You have successfully subscribed!
This email has been registered