Cart 0

Quadpack Australia Privacy Policy

Introduction

Quadpack Australia Pty Ltd ACN 123 783 782 (Quadpack, we, us or our) is a manufacturer and provider of hybrid packaging solutions for beauty brands. Established in 2003, we have offices and production facilities in Europe, the US and the Asia-Pacific region and a global strategic network of manufacturing partners. Our headquarters and central test laboratory are located in Barcelona, Spain. 

We are committed to respecting and protecting your privacy.

This privacy policy (Privacy Policy) explains how we will collect, use, disclose, store, and protect personal information collected from you. This Privacy Policy also describes the way in which you may access or correct your personal information that we hold, and how to contact us if you have any complaints in relation to your privacy.

We will handle your personal information in accordance with applicable privacy and health records laws, including the Privacy Act 1988 (Cth) and its Australian Privacy Principles (APPs).

 

What is 'personal information’? 

‘Personal information’ includes information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in a material form or not. For example, this may include your name, age, gender, postcode and contact details.

 

Why do we collect your personal information?

We may collect personal information from you so that we can supply goods and services to you.

When you purchase something from our store, when you make an inquiry, or you otherwise contact us, we collect the personal information you give us such as your name, address, and email address. We do this so that we can process orders, send you project request forms , contact requests  and updates and newsletters (where you choose to subscribe). We also keep personal information so that we can respond to queries and provide support.

We do not collect sensitive information.

You are not required to disclose your personal information to us. However, if you do not provide the information requested, you may not be able to receive the full benefit of our goods or services.

 

What types of personal information do we collect? 

We may collect the following personal information from you:

  • your name, role, address, email and phone number at your business;

We may collect personal information from individuals who are not our customers, such as job applicants, suppliers, third party service providers (such as Shopify) or contractors, to enable us to work or transact with them. This may include personal information provided through job applications, proposals and contracts.

 

How do we collect your personal information?

We will collect your personal information in a lawful and fair way and in a manner that is not unreasonably intrusive.

We will only collect your personal information:

  • where you have given it to us;
  • where you have given it to a third party for the purpose of acquiring our goods and services or otherwise engaging us;
  • where you have consented; or
  • otherwise in accordance with the law. 

We will seek and acquire your consent at the time you give the information. Separately, by providing personal information to us, you consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us.

If you are a customer, we will collect your personal information directly from you through your interactions with us or with our platform. This may include when you: 

  • register with us;
  • interact with our platform; 
  • communicate with us through our website or platform, through correspondence, chats or email;
  • share information with us from other social applications, services or websites;
  • complete a transaction;
  • verify your credit card;
  • place an order, arrange for a delivery or return a purchase. 
  • otherwise interact with our business.

When you do any of these things, you consent to our collecting and using your personal information for the purpose so described or intended. 

When we collect your personal information, we will as soon as is practicable take reasonable steps to notify you of the details of the collection (including notifying you through this Privacy Policy), such as the purposes for which the information was collected, the organisations (if any) to which the information will be disclosed, and also notify you that this Privacy Policy contains details on how you may access or correct your information, and how you may raise any complaints.

 

If we ask for your personal information for a secondary purpose, such as marketing, we will either ask you directly for your consent, or provide you with an opportunity to say no.

 

How do we use your personal information? 

We generally use your personal information for the following main purposes:

  • to provide you with access to and use of our website and platform (including your use of Shopify);
  • to provide support for the use of our website and platform;
  • to provide you with information regarding our platform and other goods and services we provide;
  • to respond to your questions or complaints; and
  • to maintain and improve our platform and the supply of our goods and services, including to request your participation in a quality improvement activity (such as a survey).

If you are a job applicant, supplier, service provider or contractor, we may use your personal information to manage our relationship with you.

We may also use your personal information for purposes which are permitted under the applicable privacy laws, which include:

  • where we use your information for purposes which are directly related to the main purpose for which we collected it, in circumstances where you would reasonably expect us to use your information for these purposes; or
  • where we reasonably believe that use of your information is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety, and it is unreasonable or impracticable to obtain your consent.

 

Do we disclose your personal information to others?

We respect the privacy of your personal information and we will take reasonable steps to keep it confidential and protected.

The System has integrations with third-party software and systems (third-party vendors) to enable:

  • supply of goods and services; and
  • payments for goods and services

  

Third party services

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services and integrated functions they provide to us. This occurs so that we can provide and services to you. As with many businesses, these include third party information technology and data service providers.

Certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies, so you can understand the manner in which your personal information will be handled by these providers.

Certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So, if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act. 

Another example of this is that we will provide information (including personal information) to Shopify.

Our store is hosted on Shopify Inc. Shopify is an e-commerce platform for online stores and retail point-of-sale systems. Shopify provides us with an online e-commerce platform that allows us to sell our products and services to you.

Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall. The storage of your data is subject to Shopify's privacy policy found at www.shopify.com/legal/privacy.

We will not disclose your personal information to third parties for other reasons unless you have consented, or we are otherwise permitted or required to do so by law. This may include disclosure of your personal information in the following circumstances: 

  • disclosure to comply with our legal obligations, including, but not limited to, where we are required to provide information under a subpoena or Court order or other mandatory reporting requirements under law;
  • to communicate with the Office of the Australian Information Commissioner if you make a privacy complaint or that body makes an inquiry of us; or 
  • where we are otherwise authorised or permitted to do so under law, including:
  • where we disclose your information for purposes which are directly related to the main purpose for which we collected it, in circumstances where you would reasonably expect us to disclose your information for these purposes;
  • where we reasonably believe that disclosure of your information is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety, and it is unreasonable or impracticable to obtain your consent; or

 

  • where this is reasonably necessary for the establishment, exercise or defence of any legal claim.

If you are a job applicant, supplier, service provider or contractor, we may disclose your personal information to manage our relationship with you.

If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you. 

 

Payment

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption.  Although no method of transmission over the Internet or electronic storage is 100% secure, we follow Payment Card Industry Data Security Standard (PCI-DSS) requirements and implement additional generally accepted industry standards. 

If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the PCI-DSS requirements. Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. 

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more insight, please refer to Shopify’s Terms of Service at https://www.shopify.com/legal/terms or Privacy Statement at www.shopify.com/legal/privacy. 

 

Will we transfer your personal information overseas? 

Yes we will transfer personal information overseas. 

Shopify hosts data on its servers in the USA. When the data is transferred to Quadpack it will be hosted in Dublin and other locations in Europe (subject to EU General Data Protection Regulation (GDPR).

Where we disclose personal information overseas, we will comply with the requirements of the Privacy Act 1988 (Cth). We will only disclose your personal information overseas:

  • to our suppliers and contractors for the purpose of providing our website, our platform and/or our goods and services;
  • as part of supplying the goods and services you have acquired; 
  • if you have provided your prior consent;
  • if the receiving person or organisation is subject to a law, binding scheme or binding contract that provides substantially similar protection to the APPs which you can access and enforce; or 
  • if the disclosure is otherwise required or authorised by law. 

We will in all cases take reasonable steps to ensure that any such recipient of your personal information does not breach the APPs.

 

Direct marketing

If we intend to engage in any marketing communications, we may send you such communications in accordance with any previous consent you have provided or any marketing communication preferences that you have notified to us, and in accordance with the requirements under the Privacy Act 1988 (Cth) and the Spam Act 2003 (Cth).

If you have previously agreed or consented to receiving marketing communications, but no longer wish to receive such marketing communications you can contact us using our contact details set out below to modify your preferences, or you can simply opt-out of such communications using the instructions or opt-out link provided in the marketing communication sent to you.

Please keep in mind that certain communications to you via our platform are intended to help you gain the full benefit of our offering of goods and services..

 

Quality of the personal information we hold

We take reasonable steps to ensure that the personal information we collect, use and disclose is accurate, up-to-date, complete, relevant and not misleading. You can assist us in keeping your personal information accurate by informing us of any updates to your personal information using our contact details below.

  

How can you access and correct your personal information?

You have a right to seek access to, and correction of the personal information we hold about you. 

You may also request access to the personal information that we hold about you, using our contact details set out below. In certain circumstances, we may refuse to allow you access to your personal information where this is authorised by the law, such as where providing access would have an unreasonable impact on the privacy of other individuals, providing access would pose a serious threat to the life or health of any person or to public health or safety, or giving access would be unlawful.

If you believe that the personal information we hold about you requires correction (for example, because the information is inaccurate, out-of-date, incomplete, irrelevant or misleading), you may request that the information be corrected using our contact details set out below.

If we refuse your request for access or correction, we will provide you with reasons for the refusal in writing, and details about how you may complain about the decision.

 

How do we protect your personal information?

We take reasonable steps to protect personal information we hold about you from misuse, interference and loss, and from unauthorised access, modification or disclosure.

We use physical and technological security measures to protect the personal information we hold.

We may hold your personal information in a number of ways including electronically and in physical format.

We use a secure third-party cloud storage provider with servers located in Australia.

We also use secure third-party messaging software and SMS messaging services, which are encrypted. 

 

Data breaches

We are required to comply with mandatory ‘notifiable data breach’ scheme (the NDB scheme) under the Privacy Act 1988 (Cth). The NDB scheme applies when an ‘eligible data breach’ of personal information occurs. 

An ‘eligible data breach’ occurs when:

  • there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an organisation holds;
  • this is likely to result in serious harm to one or more individuals; and
  • the organisation has not been able to prevent the likely risk of serious harm with remedial action. 

An organisation may take remedial steps to prevent the likelihood of serious harm occurring for any affected individuals after a data breach has occurred, in which case, the data breach is not an ‘eligible data breach’.

Where we have reasonable grounds to believe that we have experienced an eligible data breach (and remedial action cannot be used), we will promptly notify affected individuals and the Office of the Australian Information Commissioner about the breach in accordance with the Privacy Act 1988 (Cth).

  

Our website and cookies

We may collect your personal information through your interactions with our website at www.instockpack.com.au.

Where you upload information via our website, including via our contact form, you consent to us keeping your personal information for the purposes of dealing with your inquiries and our potentially supplying goods and services to you. 

We will deal with any personal information collected via our website in accordance with this Privacy Policy and the law.

We also collect data through our use of cookies and other internet technologies.

Cookies are small data files which are stored on your device’s browser. Cookies are stored in order for your internet browser to navigate a website. Cookies will not identify you, but they do identify your internet service provider, browser type and browsing habits.

We will not use cookies to collect your identifying personal information. The cookies may collect statistical information about your visit to our website (such as the pages you visit on the website) in order to remember your preferences and allow you to navigate the website more easily.

The default setting of most internet browsers is to accept cookies automatically, but you can choose whether to allow cookies through your browser settings. Your settings may affect your ability to use our website including that your experience at our website may be diminished and some features may not work as intended.

Here is a list of cookies that we use. We’ve listed them here, so you can choose if you want to opt-out of cookies or not:

  • session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
  • shopify_visit, no data held, Persistent for 30 minutes from the last visit, used by our website provider’s internal stats tracker to record the number of visits
  • shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
  • cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
  • secure_session_id, unique token, sessional
  • storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.

We also collect your IP address to create an audit trail of events that take place on our website and to track and aggregate non-identifiable information, your referring website addresses, browser type and access times. 

Links

If we provide links through our website or the System to third-party websites, add-ins, plug-ins and applications, those links are provided for convenience and may not remain current or be maintained.

 Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy.

We are not responsible for the privacy practices of, or any content on, those linked websites, add-ins, plug-ins or applications, and have no control over or rights in those linked websites, add-ins, plug-ins or applications. The privacy policies that apply to those other websites, add-ins, plug-ins or applications may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites, add-ins, plug-ins or applications.

 

Privacy related questions and complaints

We respect your privacy and we take all feedback, input, complaints and concerns regarding privacy very seriously.

 

If you have any questions about privacy-related issues, you would like to request access to or correction of your personal information, you would like further information about this Privacy Policy, or you have a concern or complaint your privacy or the handling of your personal information by us, you may lodge your question, concern or complaint in writing to:

  • to us at:

Email: contact@instockpack.com.au

Telephone number: +61 3 9008 5599; or

Address: Quadpack Australia (Attn: Privacy Officer)
Level 2, 15 Prince Patrick Street,
Richmond, 3121, Victoria

Australia.

Where you contact us, we will respond to you as soon as possible, but no later than 30 days from receipt of your question or complaint.

If you are not satisfied with your medical practitioner's (or the practice's) response, our response, or if you do not wish to raise a question or complaint with us directly, you may wish to contact:

  • the Office of the Australian Information Commissioner at www.oaic.gov.au
  •  

Updates to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you about any changes to this Privacy Policy through our website at www. instockpack.com.au, and we will make the most current version of the Privacy Policy available when you receive services from us, or on your request.

 

Effective: March 18, 2022