Last updated 16/07/2020
Who we are
Our website address is: https://ghosttreetasmania.com.au.
What personal data we collect and why we collect it.
When visitors leave comments on the site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
We only use contact form submissions for customer service purposes. And do not u se the information submitted through the contact form for marketing purposes unless otherwise stated on the form.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
The information we collect is used to improve the content of this site and the quality of our service and is not shared with or sold to other organisations for commercial purposes. That being said, your information could be shared under the following circumstances:
We use third parties to facilitate our business, including, but not limited to, sending email and processing payments. In connection with these offerings and business operations, these third parties may have access to your personal information for use in connection with those business activities.
As we develop our business, we may buy or sell assets or business offerings. Customer, email, and visitor information is generally one of the transferred business assets in these types of transactions.
We may also transfer such information in the course of corporate divestitures, mergers, or any dissolution.
If it becomes necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.
Notice of New Services and Changes
Occasionally, we may also use the information we collect to notify you about important changes to this website, new services, and special offers we think you will find valuable. As our customer, you will be given the opportunity to notify us of your desire not to receive these offers by clicking the unsubscribe link contained in each such email.
We collect information about you during the checkout process on our store.
While you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 7 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
We will also store comments or reviews if you choose to leave them.
Who on our Team has Access
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name, email address, and billing and shipping information.
Our team members have access to this information to help fulfil orders, process refunds and support you.
We use third party payment gateway Stripe to process payments.
How Do We Secure Information Transmissions?
Email is not recognised as a secure medium of communication. For this reason, we request that you do not send private information to us by email. Some of the information you may enter on this site may be transmitted securely via Secure Sockets Layer SSL, 128 bit encryption services. Pages utilising this technology will have URLs that start with HTTPS instead of HTTP.
We may disclose your personal information if required to do so by law or subpoena or if we believe that such action is necessary to (a) conform to the law or comply with legal process served on us or affiliated parties; (b) protect and defend our rights and property, our site, the users of our site, and/or our affiliated parties; (c) act under circumstances to protect the safety of users of our site, us, or third parties.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
What data breach procedures we have in place
We have procedures in place to deal with any potential or real data breaches and will notify you and any applicable regulator/s if a breach occurs if we are legally required to.
Your contact information
Our full contact details are:
Ghost Tree Tasmania
Our responsibilities as a “controller” under the General Data Protection Regulations (GDPR)
If you are a resident of the European Economic Area (“EEA”) you have certain rights and protections under the GDPR regarding the processing of your personal information. We are a controller under the GDPR as we collect, use, and store your personal information to enable us to provide you with our goods and/ or services and information about them.
We rely on the following lawful means of processing your personal information:
Where it is necessary to fulfil a contract with you. This includes where we collect your personal information to enable us to send you work, we have been contracted for.
Where you have given us valid consent to use your personal information, we will rely on that consent, and only use the personal information for the specific purpose for which you have given consent. This includes where we email newsletters or send mobile notifications.
We may also process your personal information where it is to further our legitimate interests where they are overridden by your rights or interests. This could include usage statistics, analytics and internal analysis so we can improve our services.
If you are an EEA resident, you have various rights including the:
- Right to be informed;
- Right of access;
- Right to rectification;
- Right to object;
- Right to restriction of processing;
- Right to erasure or to be forgotten;
- Right to data portability; and
- Right not to be subject to automated processing.
If you want to access the personal information, we hold about you or ask if that the information is corrected, please contact us. In some circumstances, you also have a right to object to or ask that we restrict certain processing activities or delete your personal information. If you would like to limit or request deletion of your personal information or exercise any other rights, you can do so by contacting us.
Withdrawing your consent
You can withdraw your consent to our collection or processing of your personal information. You can do so by contacting us or by opting out of email newsletter communications by following the instructions in those emails or by clicking unsubscribe. If you withdraw your consent to the use of your personal information, you may not have access to our services, and we might not be able to provide you with our services. In some circumstances where we have a legal basis to do so, we may continue to process your information after you have withdrawn consent, for example, if it is necessary to comply with an independent legal obligation or if it is necessary to do so to protect our legitimate interest in keeping our services secure.
All personal information stored on our platform is treated as confidential. It is stored securely and is accessed by authorised personnel only. Our collection is limited in relation to what is necessary, for the purpose for which the personal information is processed and kept only for so long as is necessary for the purpose for which the personal information was collected. We implement and maintain appropriate technical, security and organisational measures to protect personal information against unauthorised or unlawful processing and use, and against accidental loss, destruction, damage, theft, or disclosure. We ensure the encryption and pseudonymisation of personal information, and we have adequate cybersecurity measures in place.
By providing us with your personal information, you consent to us disclosing it to third parties who reside outside the EU. We will ensure that those third parties are GDPR compliant.