SECTION 1 – WHAT DATA DO WE COLLECT FROM YOU, AND WHAT DO WE DO WITH IT?
When you purchase something from our online store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our online store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us to identify you as a unique user of the website. We use that data both to deliver the online store to you (for example, by letting you add items to your basket and to checkout) as well as to help us to understand the way that users interact with our store so that we can ensure the experience is optimised and responsive for future users.
If you choose to subscribe to our ICRA solution, then we will collect and use information about your child’s sleeping patterns each night over a 14 day period. We will also collect data from you about you and your child’s sleeping habits as part of the initial sleep questionnaire (currently 28 questions).
The data collected by ICRA is used to generate individualised reports about your child’s sleep, as well as to deliver tailored recommendations to you to help you to improve the quality and length of their sleep.
ICRA is powered by an algorithm which analyses large volumes of collected sleep data in order to constantly improve and fine-tune its suggestions. When you provide data about your child’s sleep to ICRA it will use an anonymised version of that information to improve the recommendations it makes to other users in the future.
We also use the data collected by ICRA to generate anonymised aggregated statistics that help us to (a) understand how the program is working and how it is typically used, so that we can improve it for future users, and (b) publish statistics that let people know how many parents and children ICRA has helped.
The use of ICRA is entirely voluntary and you are not required to subscribe to it in order to use a Glow Dreaming unit.
Email marketing (where applicable)
Where you consent to receive e-mail marketing from us (or, in certain circumstances, provide us with a ‘soft opt-in’ during a checkout process on our online store) we may send you emails about our store, new products, ICRA, and other related updates. You can unsubscribe from these e-mails at any time, and each one will contain an ‘unsubscribe’ option to make this process as convenient as possible.
SMS marketing (where applicable)
SMS Abandoned Cart Disclosure
Storing your data
We will hold your personal data for as long as it is required in order to deliver the goods and services which you have purchased.
We also keep records of transactions so that we are able to verify requests to return faulty products and/or to follow up any complaints about deliveries. For legal reasons, you can expect us to keep those records for at least six years from the date of your purchase.
Where you choose to subscribe to ICRA then we will keep the data collected by it for so long as you have a registered individual user account.
Please note that your ICRA account will remain registered after the initial 14 day period and if/when you stop actively using the Glow Dreaming unit at night (where, for example, you no longer need the unit to help your child enjoy a full night of sleep). If you want us to stop holding the data associated with your account then you can delete your account at any time, or you can write to us asking us to delete the account for you. However, please be aware that doing so will cause your individual account to be permanently erased. You will not be able to restore it if you wish to resume using the Glow Dreaming product with your child.
Deleting your individual account will not cause any anonymised statistics or aggregated results which we hold on our servers to be modified or erased.
SECTION 2 – CONSENT AND OTHER BASIS FOR PROCESSING YOUR DATA
Where we process your personal data to enable us to deliver orders for physical goods and/or to deliver software enabled functionality on one of our devices, we do so on the basis that processing that data is necessary to deliver the products and services which you have purchased from us, and which we are therefore contractually obliged to supply you with.
How do I withdraw my consent?
Where we process your data on the basis that you have provided a specific consent to that processing (such as where we process your data for the purposes of e-mail marketing) you can change your mind and withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at or mailing us at: Glow Dreaming 7a tara grove, Carnegie, VIC, 3163, Australia, or by using the contact details set out below at the foot of this document.
SECTION 3 – THIRD PARTY DISCLOSURES
We may disclose your personal information if we are required by law to do so, or if you violate our Terms of Service in a way that causes us to suspect a criminal act has been performed, and/or which requires us to engage the services of third parties to put that breach right (including, for example, legal advisors and law enforcement agencies).
Where you order physical products from us and are based in the UK, European Economic Area, or the European Union, we use local fulfilment agencies to dispatch and deliver those goods to you. Those agencies will receive details of your name, address and order, which they will use to enable them to ship those goods to you and to contact you if there is a problem with delivery.
The above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.
SECTION 4 – SHOPIFY
Please not that our online store is hosted on WordPress.com. They provide us with the online e-commerce platform that allows us to sell our products and services to you. That platform is known as ‘Shopify’.
Payments on Shopify:
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.
SECTION 5 – THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
Section 6 – International Data Transfers
For customers located outside of Australia, it is important that you recognise that Glow Dreaming is an Australian company. When you do business with us, by purchasing goods and services, your personal data will be processed by us in Australia as part of delivering those goods and services to you.
For our customers in the United Kingdom, European Economic Area, and European Union, this means that your data will leave the territory in which you are resident.
However, all of our customers can be assured that we take their privacy seriously. We will never sell your personal data to third parties and we will keep it secure throughout the time that it is in our possession.
SECTION 6 – SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Here is a list of cookies that we use. We’ve listed them here so you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
SECTION 7 – AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your country, state or province of residence, or that you are the age of majority in your country, state or province of residence and you have given us your consent to allow any of your minor dependants to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
SECTION 9 – INFORMATION FOR EUROPEAN CUSTOMERS
If you are resident in the UK, the European Economic Area, or the European Union then the following information about your rights is relevant to you. This part of this policy is a mandatory statement which summarises certain law applicable in your jurisdiction. It is not a replacement for, nor an extension of, your legal rights so should be read only as a summary of that legislation.
This section is not applicable to you if you do not reside in one of the regions described above.
If you are a resident of one of the regions described above then you have the following rights in relation to your personal data held by Glow Dreaming:
Right of Access
You may, at any time, request access to the personal data that we hold which relates to you (you may have heard of this right being described as a "subject access request").
Please note that this right entitles you to receive a copy of the personal data that we hold about you in order to enable you to check that it is correct and to ensure that we are processing that personal data lawfully. It is not a right that allows you to request personal data about other people, or a right to request specific documents from us that do not relate to your personal data.
You can exercise this right at any time by writing to and telling us that you are making a subject access request. You do not have to fill in a specific form to make this request.
Your Right to Rectification and Erasure
You may, at any time, request that we correct personal data that we hold about you which you believe is incorrect or inaccurate. You may also ask us to erase personal data if you do not believe that we need to continue retaining it (you may have heard of this right described as the “right to be forgotten”).
Please note that we may ask you to verify any new data that you provide to us and may take our own steps to check that the new data you have supplied us with is right. Further, we are not always obliged to erase personal data when asked to do so, if for example we have an ongoing legal obligation or need to continue processing that personal data.
You can exercise this right at any time by contacting us and telling us that you are making a request to have your personal data rectified or erased and on what basis you are making that request. If you want us to replace inaccurate data with new data, you should tell us what that new data is. You do not have to fill in a specific form to make this kind of request.
Your Right to Restrict Processing
You are entitled to ask us to stop processing your Personal Data at any time. In particular, you are entitled to ask us to stop processing your personal data (a) if you dispute the accuracy of that personal data and want us verify that data's accuracy; (b) where it has been established that our use of the data is unlawful but you do not want us to erase it; (c) where we no longer need to process your personal data (and would otherwise dispose of it) but you wish for us to continue storing it in order to enable you to establish, exercise or defend legal claims.
You can exercise this right at any time by writing to us at any time. You do not have to fill in a specific form to make this kind of request.
Your Right to Portability
Where you wish to transfer personal data that we hold about you which is processed by automated means to a third party, you may write to us and ask us to provide it to you in a commonly used machine-readable format.
Because of the kind of work that we do and the systems that we use, we do not envisage this right being particularly relevant to the majority of individuals with whom we interact. However, if you wish to transfer your to a third party we are happy to consider such requests.
Your Right to stop receiving communications
Where we send you e-mail marketing communications (or other regulated electronic messages) you have the right to opt-out at any time. You can do this by using the ‘unsubscribe’ link that appears in the footer of each communication (or the equivalent mechanism in those communications).
Alternatively, if for any reason you cannot use those links, or if you would prefer to contact us directly – you can unsubscribe by writing to us and telling us which communications you would like us to stop sending you. Please note, that where you request a change in this way it is likely to take longer for your request to take effect.
Exercising your rights
When you write to us making a request to exercise your rights we are entitled to ask you to prove that you are who you say you are. We may ask you to provide copies of relevant ID documents to help us to verify your identity.
It will help us to process your request if you clearly state which right you wish to exercise and, where relevant, why it is that you are exercising it. The clearer and more specific you can be, the faster and more efficiently we can deal with your request. If you do not provide us with sufficient information then we may delay actioning your request until you have provided us with additional information (and where this is the case we will tell you).
If you are unhappy with the way that we have processed your data then you have the right to lodge a complaint with your local data and privacy regulator. If you wish to do so then you can write to them using their published contact details.
If you are located in the United Kingdom then your local regulator is the Information Commissioner’s Office. If you are resident in the European Union then details of your local regulator are published by the European Data Protection Board.
While we are always happy to hear from you directly, you may also contact our European Data Protection Representative. Our representative is [details to confirm before policy listed online].
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at email@example.com or by mail at Glow Dreaming
[Re: Privacy Compliance Officer]
[Waterman Business Centre, Level 2, 1341 Dandenong Road, Chadstone, VIC, 3148]
Please note that the data controller of your data is Medical Sensory Solutions Pty Ltd, which trades as ‘Glow Dreaming’.