PRIVACY POLICY - APRIL 2018
 
 
OVERVIEW
 
GGJC Pty Ltd operates Send and Shred and MyCard Protector. We maintain two websites for these services, sendandshred.com.au and mycardprotector.com.au
We collect, store, use and disclose personal information in order to deliver our products and services, comply with legal obligations and for related purposes. This privacy policy sets out what personal information we collect, why we collect it and what we do with it. We will update this policy from time to time and publish updates on our websites.
 
 
WHY DO WE COLLECT PERSONAL INFORMATION?
 
We collect personal information so that we can:
- market and sell our products and services;
- improve existing products and services and develop new ones;
- run our websites and process online orders; and
- provide information and support to our customers.
 
We aim to only collect the personal information that we need. Wherever possible, we de-identify or destroy personal information. 
 
 
WHAT TYPES OF PERSONAL INFORMATION DO WE COLLECT?
 
The personal information we collect will vary, but may include name and address, email address, landline and mobile telephone number.
 
We will collect additional personal information from customers that choose to complete a customer survey. This will vary, but may include age bracket, income bracket, employment status, industry and workplace details.
 
We maintain opt-in email lists. If customers opt-in by subscribing, we collect their email address and contact details. We use this information to send out the updates the customer has subscribed to and to administer the lists. We maintain these securely on a server located in Australia in accordance with the Spam Act 2003. Customers may opt-out from a subscription list at any time.
 
When we collect marketing information other than our email subscription lists, we make best efforts to de-identify it. For instance, we remove names and addresses and store marketing data in general categories (such as by age bracket or postcode).
 
We do not collect any credit card information. When customers make an order on our websites, they provide their information directly to Australia Post's SecurePay. SecurePay is a PCI DSS compliant secure gateway. The information is not processed or accessed by our website and we do not collect it at any point.
 
SecurePay has its own privacy policy on its website. Customers may contact them directly with any queries or complaints. 
 

 

HOW DO WE COLLECT PERSONAL INFORMATION?

 

The main way we collect personal information is when customers give it to us. This happens when customers:
- order a product or service from us on our websites;
- complete a customer survey from our websites;
- opt in to receive email updates about products, services and related activities; and
- contact us via email, telephone or letter to ask a question, provide feedback or make a complaint.

Website 
Our websites allow customers to order our products and services, make comments and complaints and give us feedback. When customers use our websites, we may collect their email address and other contact details in order to process their order or otherwise respond. We securely store this personal information on our servers.
 
Web tools - analytics and cookies
We use a range of tools provided by third parties to collect and view website traffic information, including Google Analytics, Google Webmaster Tool and Moz. The information collected may include the IP address of the customer's device, information about sites that IP address has come from, the pages accessed on our site and other sites visited. We do not usually collect personal information with these web tools. These sites have their own privacy policies on their websites. Customers can contact these organisations directly with any queries or complaints. Customers may be able to opt out of the collection of some of this information, such as by using the Google Analytics Opt-out Browser Add-on.

A cookie is a small text file stored on a computer browser. We use session cookies to maintain data during the online order process, such as what a customer has put into their shopping cart, and to improve the overall website experience. This is standard industry practice and almost every online order system uses cookies. Customers that are concerned about cookies can change adjust browser settings to automatically deletes cookies after every session, operate in 'private mode' or otherwise protect their privacy. 

Social Networking Services 
We use social networking services such as LinkedIn, Twitter, Facebook and YouTube to communicate about our products and services. When customers communicate with us using these services, we may collect personal information in order to respond. Each social networking service handles personal information for their own purposes. The sites have their own privacy policies on their websites. Customers can contact them directly with any queries or complaints. 
 
 
WHO COLLECTS PERSONAL INFORMATION UNDER CONTRACT TO US?
 
We deliver customer orders via Australia Post's regular letter delivery service. We use other service providers from time to time. Wherever possible, we do not allow service providers to access customers' personal information. 
 
If we must give a service provider access to personal information, we take reasonable steps to safeguard customer privacy. For instance, our IT and website service provider, One Touch Web Design, has limited access to personal information in order to maintain our website and IT system and to provide us with technical support. Our contract requires One Touch Web Design to handle personal information in a manner consistent with the Australian Privacy Principles and prohibits disclosure to third parties unless required by law.
 
Our websites contains links to other websites. We are not responsible for the privacy practices or the content of such websites. Customers can contact them directly with any queries or complaints.
 
 
HOW DO WE STORE PERSONAL INFORMATION?
 
We securely store personal information on our servers. We protect this personal information from internal and external threats with procedures limiting access, regular security audits and standard cyber security measures.
 
 
CONSENT TO CONTACT A CUSTOMER ABOUT AN ORDER
 
Our orders process requires customers to provide their contact details. This is so that we can contact them about their order if necessary. By giving us these contact details, the customer consents to us contacting them about their order and agrees that their consent remains in place until they tell us otherwise.
 
 
DISCLOSURE TO OVERSEAS RECIPIENTS
 
We only disclose personal information to overseas recipients if we need to in order to deliver our services or comply with our legal obligations.
 
One Touch Web Design is our trusted IT service provider. They provide services across Europe and Australia and are located in Serbia. They have limited access to customers' personal information in order to maintain our websites and IT system and to provide us with technical support. Our contract requires One Touch Web Design to handle personal information in a manner consistent with the Australian Privacy Principles and prohibits disclosure to third parties unless required by law.
 
Web traffic information is disclosed to Google Analytics when you visit our website. Google stores information across multiple countries. For further information, see Google's privacy policy, Google Data Centres and Google Locations.

When customers communicate with us through a social network service such as Facebook or Twitter, the social network provider and its partners may collect and hold your personal information overseas. For further information, see the privacy policies for these sites.

 
 
ANONYMITY AND PSEUDONYMITY
 
For our functions and activities, we need each customer's name, contact details and enough information about the matter to enable us to handle the order, inquiry, request or complaint. It is not usually practicable for us to deal with customers anonymously or via a pseudonym. For this reason, we will ask customers for their name and accurate contact details in any exchange.
 
Customers may lodge a complaint or feedback anonymously or via a pseudonym using the contact details on our website. However, without accurate contact details, we may not be able to follow through and resolve the matter.
 
 

SPECIAL SEND AND SHRED CONDITIONS

Send and Shred is our secure destruction and recycling service for paperwork. Customers purchase an empty package online, fill it with confidential paperwork and lodge it in any post office. We have the contents securely shredded and recycled.

We contract out primary services for Send and Shred:

  • Australia Post, who process, transport and track packages once lodged; and
  • Shred-X, who securely shred and recycle packages and their contents.

Australia Post and Shred-X are bound by the Australian Privacy Principles and have their own privacy policies on their websites. Customers can contact them directly with any queries or complaints.

We protect the personal information sealed inside packages. Packages are securely transported by Australia Post. All reasonable steps are taken to keep packages secure, sealed and tracked during transport and handling.

Australia Post transports packages to Locked Bags in the secure staff-only area of post offices. There they are collected by our secure destruction company, Shred-X, and taken to Shred-X's shredding facility. That facility maintains security with locks, alarms, CCTV monitoring, Australian Federal Police clearances and security vetting for staff, staff training and restricted access procedures. Bags and their contents are shredded so that all information is completely destroyed. After complete shredding, paper is baled and recycled.

We take all reasonable steps to protect the documents sealed inside packages. However, in certain circumstances, we or our contractors may come in contact with these. For instance, a package that is not properly sealed may leak documents, and a package that is suspected to contain a prohibited substance will need to be opened and inspected for safety reasons. In such cases, we and our contractors take all reasonable steps to ensure documents are kept secure and are destroyed as soon as possible.

 
 
ACCESSING PERSONAL INFORMATION
 
Customers can access their personal information by contacting the Director (see below). We will ask the customer questions to verify that the personal information is theirs. We will then take reasonable steps to provide access to information and update or correct it as requested.
 
 
HOW TO CONTACT US OR MAKE A COMPLAINT?
 
Customers may contact us any time with a query, feedback or complaint. General contact details appear on our websites. Customers who wish to complain about our privacy policy and practices or wish to access and correct their own personal information should contact us by writing to the Director, GGJC Pty Ltd, 103/222 City Walk Canberra City, ACT, 2601. Please include the word 'Privacy' in the header or first line of the letter.