Privacy Policy

1.  Introduction

We manage personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles. This condensed policy applies to information collected by Grace Josephine Books.

We only collect information that is reasonably necessary for the proper performance of our activities or functions.

We do not collect personal information just because we think it could be useful at some future stage if we have no present need for it.

We may decline to collect unsolicited personal information from or about you and take steps to purge it from our systems.

By following the links in this document, you will be able to find out how we manage your personal information as an APP Entity under the Australian Privacy Principles (APPs).

If you have any questions please contact us.

1.1.             APP Entity

Grace Josephine Books manages personal information, as an APP Entity, under the Australian Privacy Principles (APPs).

Due to postage requirements, it is necessary for us to gain customers personal details.

If you wish to know whether this applies to you, please contact us.

1.2.             Information Flow

When we collect your personal information:

  • we check that it is reasonably necessary for our functions or activities  (see Section 3 – ‘Purposes’) as a book seller;

  • we check that it is current, complete and accurate. This will sometimes mean that we have to cross check the information that we collect from you with third parties;

  • we record and hold your information in our Information Record System  [see Section 5.1 - How your personal information is held]. Some information may be disclosed to overseas recipients [see Section 6.2 - Overseas Disclosures].

  • we retrieve your information when we need to use or disclose it for our functions and activities  (see Section 3 – ‘Purposes’). At that time, we check that it is current, complete, accurate and relevant.

  • subject to some exceptions, we permit you to access [see Section 7 - Access & Correction] your personal information in accordance with APP:12 of the (APPs).

  • we correct or attach associated statements to [see Section 7  - Access & Correction] your personal information in accordance with APP:13 of the (APPs).

  • we destroy or de-identify your personal information when it is no longer needed for any purpose  (see Section 3 – ‘Purposes’) for which it may be used or disclosed provided that it is lawful for us to do so. We do not destroy or de-identify information that is contained in a Commonwealth Record.

2.  Kinds of information that we collect and hold

Personal information that we collect and hold is information that is reasonably necessary for the proper performance of our functions and activities as a book seller.

2.1.             For Customers

The type of information that we typically collect and hold about Customers is information that is necessary to be able to sell and send you your book purchase(s) and includes:

  • Contact information.

  • Postage Information

  • Banking Details

  • Billing Information

3.  Purposes

The following sections are also; relevant to our use and disclosure of your personal information:

  • Our Policy on Direct Marketing (see Section 3.4 - Our Policy on Direct Marketing]

  • Overseas Disclosures (see Section 6.2 - Overseas Disclosures]

Personal information that we collect, hold, use and disclose about Clients is typically used for:

  • Postage reasons

  • Billing reasons

  • Contact reasons

3.4.             Our Policy on Direct Marketing

Grace Josephine Books may use your personal information for direct marketing purposes.   You have option whether or not to receive marketing communications.  Please contact us to update your preferences.

4.  How your personal information is collected

We sometimes collect information from third parties and publicly available sources when it is necessary for a specific purpose such as checking information that you have given us or where you have consented or would reasonably expect us to collect your personal information in this way.

Sometimes the technology that is used to support communications between us will provide personal information to us - see the section 4.5 in this policy on Electronic Transactions

See also the section 4.4 on Photos & Images.

4.1.             For Customers

Personal information will be collected from you directly when you fill out and submit one our purchase form or any other information you may provide when contacting us directly.

4.5.             Electronic Transactions

Sometimes, we collect personal information that individuals choose to give us via online forms or by email, for example when individuals:

  • ask to be on an email list such as a job notification list;

  • make a written online enquiry or email us through our website;

  • make a purchase

It is important that you understand that there are risks associated with use of the Internet and you should take all appropriate steps to protect your personal information.  It might help you to look at the OAIC's resource on Internet Communications and other Technologies

You can contact us by land line telephone or post if you have concerns about making contact via the Internet.

5.  How your personal information is held

Personal information is held in our Information Record System [see Section 5.1 - Information Record System] until it is no longer needed for any purpose for which it may be used or disclosed at which time it will be de-identified or destroyed provided that it is lawful for us to do so.

We take a range of measures [see Section 5.2 - Information Security] to protect your personal information from:

  • misuse, interference and loss; and

  • unauthorised access, modification or disclosure.

5.1.             Our Information Record System

Our Information Record System:

  • Your  information is stored in electronic format - including on password protected portable electronic devices;

  • Your information is stored on our secure cloud document storage system.

5.2.             Information Security

Information about some of our staff policies & measures that we take to protect information including:

  • Staff training

  • "Clean desk" procedures

  • Need-to-know and authorisation policies

  • Just-in-time collection policies

  • Password protection

  • Policies on laptop, mobile phone and portable storage device security;

  • Policy on timely culling

  • Culling procedures including shredding and secure disposal etc.

6.  Disclosures

We may disclose your personal information for any of the purposes [see Section 3 - Purposes] for which it is primarily held or for a lawful related purposes.

We may disclose your personal information where we are under a legal duty to do so.

Disclosure will usually be:

  • internally and to our related entities

  • mailing purposes

  • billing purposes

6.1.             Cross-Border Disclosures

Some of your personal information is likely to be disclosed to overseas recipients. We cannot guarantee that any recipient of your personal information will protect it to the standard to which it ought to be protected. The costs and difficulties of enforcement of privacy rights in foreign jurisdictions and the impracticability of attempting to enforce such rights in some jurisdictions will mean that in some instances, we will need to seek your consent to disclosure.

The likely countries, type of information disclosed and recipients are indicated, so far as is practicable, in the following table:

Table

Country USA

Type of Information All personal data stored on servers.

Likely Recipients IT Personnel and Contractors of our technology providers who may access data for maintenance and software upgrade purposes

7.  Access & Correction

Subject to some exceptions set out in privacy law, you can gain access to your personal information that we hold.  

For more information about access to your information see our Access Policy.

For more information about applying to correct your information see our Correction Policy.

7.1.             Access Policy

If you wish to obtain access to your personal information you should contact our Privacy Co-ordinator.  You will need to be in a position to verify your identity.

7.2.             Correction Policy

If you find that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to correct it by contacting us. 

We will take such steps as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.

If we have disclosed personal information about you that is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to notify the third parties to whom we made the disclosure and we will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.

Complaints

You have a right to complain about our handling of your personal information if you believe that we have interfered with your privacy.

For more information see our Complaints Procedure.

7.3.             Complaints procedure

If you are making a complaint about our handling of your personal information, it should first be made to us in writing.

You can make complaints about our handling of your personal information to our Privacy Co-ordinator, whose contact details are: Grace Jose[hine james@prescript.com.au  

You can also make complaints to the Office of the Australian Information Commissioner.

When we receive your complaint:

  • We will take steps to confirm the authenticity of the complaint and the contact details provided to us to ensure that we are responding to you or to a person whom you have authorised to receive information about your complaint;

  • Upon confirmation we will write to you to acknowledge receipt and to confirm that we are handling your complaint in accordance with our policy.

  • We may ask for clarification of certain aspects of the complaint and for further detail;

  • We will consider the complaint and may make inquiries of people who can assist us to established what has happened and why;

  • We will require a reasonable time (usually 30 days) to respond;

  • If the complaint can be resolved by procedures for access and correction [see Section 7 - Access & Correction] we will suggest these to you as possible solutions;

  • If we believe that your complaint may be capable of some other solution we will suggest that solution to you, on a confidential and without prejudice basis in our response.

If the complaint cannot be resolved by means that we propose in our response, we will suggest that you take your complaint to any recognised external dispute resolution scheme or to the Office of the Australian Information Commissioner.