Privacy Policy

This Privacy Policy describes how simplysoftr.com (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.

Collecting Personal Information

When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.

Device information

• Examples of Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
• Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
• Source of collection: collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels 
• Disclosure for a business purpose: shared with our processor Shopify 

Order information

• Examples of Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers),email address, and phone number.
• Purpose of collection: to provide products or services to you to fulfil our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
• Source of collection: collected from you.
• Disclosure for a business purpose: shared with our processor Shopify 

Customer support information

• Examples of Personal Information we collect: examples include name, email address, bank, physical address, date of birth, sex, account details etc.
• Source of collection: collected from you.

PURPOSE OF COLLECTING AND PROCESSING YOUR DATA

        i. In general, we rely on the following for the legal processing of your personal data:

• Where we need to perform the contract we enter into with you i.e. contractual obligations;
• Where it is necessary for our legitimate interests and your fundamental rights do not override those interests;
• Where we need to comply with a legal or regulatory obligation;
• Where you have provided us with explicit consent.

        ii. Where you provide us with consent to process your personal data, you have the right to withdraw this consent at any time. If you wish to withdraw consent please see Article 9 for more information.

        iii. We do not process your personal data to create a profile of you and you shall not be subjected to automated decisions.

Minors

The Site is not intended for individuals under the age of 18. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address below to request deletion.

Sharing Personal Information

        i. We share your Personal Information with service providers to help us provide our services and fulfil our contracts with you, as described above. For example:

• We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.

• We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

        ii. We will not be held liable in any way for direct or indirect damages caused by a wrongfully or improper use of the personal data by a third party.

Transfer of Data

Please keep in mind that whenever you voluntarily make your personal information available for viewing by third parties online – for example on message boards, web logs, through email, or in chat areas – that information can be seen, collected and used by others besides us. We cannot be responsible for any unauthorised third-party use of such information.

Please also note that as our business grows, we may buy or sell various assets. In the unlikely event that we sell some or all of our assets, or one or more of our websites is acquired by another company, information about our users may be among the transferred assets. You will be notified of this event if it occurs and you have the right to restrict processing of your personal data and/or withdraw consent.

From time to time we share your personal data with contractors and/or service providers that may be located outside of Australia. When we do, we ensure that there is an adequate level of protection for personal data in the receiving party.

Third Party External Links

We may include links to third party websites, applications, plug-ins. By clicking on those links you may allow third parties to collect or share data about you. We do not control these third party websites and this Privacy Policy does not cover the processing performed by them. We suggest you check the third party websites for more information about how they handle personal data.

Security Measures

We have implemented an appropriate technical and organisational measures, procedures and safeguards are in place to prevent the destruction, loss, adjustment, accidental notification to a third party, removal and unauthorised access of personal data.

We only allow access to your personal data to those employees, contractors and other third parties who have a business need to know. They only process your personal data on our instructions and are subject to a duty of confidentiality. 

Using Personal Information

We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfilment of your order, and keeping you up to date on new products, services, and offers.

Lawful basis

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:

• Your consent;
• The performance of the contract between you and the Site;
• Compliance with our legal obligations;
• To protect your vital interests;
• To perform a task carried out in the public interest;
• For our legitimate interests, which do not override your fundamental rights and freedoms.

Data Retention

When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.

Data Transfer

        i. We may share your data with the following categories of third parties:

• Contractors in order to provide services
• Freelancers and contractors for IT support
• Payment processors in order to process online payments, bank transfers and merchant banks
• Professional advisors such as accountants, auditors
• Legal authorities and law enforcement such as the police, tax authorities
• Mailing software such as the one to manage our newsletters
  

        ii. We do not allow our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

        iii. We guarantee a similar level of protection by imposing contractual obligations to our subcontractors that are similar to this Privacy Policy.

Automatic decision-making

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We DO NOT engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

• Temporary deny list of IP addresses associated with repeated failed transactions. This deny list persists for a small number of hours.
• Temporary deny list of credit cards associated with deny listed IP addresses. This denylist persists for a small number of days.

Your rights

Under the General Data Protection Regulation, data subjects within the European Economic Area are entitled to the following rights:

• Right of access
  You have the right to be informed on how we use your personal data and you have the right to request access to the personal data that we have collected about you;
• Right of rectification
  You have the right to correct inaccurate information that we may have about you;
• Right to restrict processing
  You have the right to request us to suspend processing under certain circumstances;
• Right to data portability
  You have the right to obtain a copy of your personal data in an easily readable format in order to transfer to another service.
• Right to erasure
  Otherwise known as the ‘right to be forgotten’ meaning that you have the right to request that we delete all the personal data that we have on you (with certain legal exceptions).
• Right to withdraw consent –

Where the processing is based on consent, you have the right to at all times, withdraw your consent.

v. For data subjects outside the EEA, you may have rights under the Privacy Act 1988.

vi. If you wish to exercise any of your rights under the General Data Protection Regulation please contact us by sending an email to info@simplysoftr.com

Do Not Track

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

Changes

We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons. For example, new rules or guidance issued under the General Data Protection Regulation and the Australian Privacy Act 1988 or other relevant data protection and privacy legislation.

We will always notify you of the changes and ensure that the most recent Privacy Policy will be available to you.

It is your responsibility to periodically check the Privacy Policy. We will not be responsible if you are not aware about the changes made to this Privacy Policy.

Contact

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at info@simplysoftr.com or by mail using the details provided below:
Simplysoftr: PO Box Q1321 Queen Victoria Building NSW 1230

Please note that you will be requested to provide specific identification information in order to verify your identity before your request can be processed. This is a security measure that we have implemented to ensure that there is no unauthorised access to personal data by third parties.

We are committed to providing you with a response to your request within 30 days. However if there are delays in providing you with your request, we will notify you of the delay, the reason for the delay and extend our response time.

If you are not satisfied with our response then you have the right to make a complaint as per the following section.

Right to Make a Complaint

Individuals in the EEA have the right to make a complaint anytime with the supervisory authority of your country of residence.

Individuals in Australia may have a right to complain to the Office of Australian Information Commissioner.