PRIVACY STATEMENT - SIMPLE EXPLANATION
SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
SECTION 2 - CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at firstname.lastname@example.org or by mail at
Privacy Compliance Officer
13 Allerton Ave Culburra Beach New South Wales 2540 AUSTRALIA
SECTION 3 - DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 7 - COOKIES
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
SECTION 8 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at email@example.com or by mail at
[Re: Privacy Compliance Officer]
13 Allerton Ave Culburra Beach New South Wales AU 2540
LEGALS & COMPLIANCE WITH European General Data Protection Regulation (GDPR)
Protecting your privacy is important to SeaHouse Imagery. (“SeaHouse”)
SeaHouse provides digital products and services. SeaHouse has adopted this Privacy Statement to guide you through the collection, use, retention, and disclosure of Personally Identifiable Information (“Personal Data”, as further described below) that you may provide while using SeaHouse’s website and services (collectively referred to as “Services”). SeaHouse encourages you to read this Privacy Statement, as well as our Terms and Conditions of Use, in order to understand how we collect and process Personal Data in the course of providing the Services and your interaction with the Services.
By using the Services, you consent to the collection, use, retention, and disclosure of your Personal Data for processing as described in, and subject to the limitations set out in, this Privacy Statement.
Note to Residents of the European Union: In order to comply with the requirements of the European General Data Protection Regulation (GDPR) for our European users, this Privacy Statement outlines the legal basis on which we process your Personal Data and provides other information required by the GDPR.
Personal Data is any information that would identify a person directly, or indirectly in combination with data from other sources. For example, a full name, home or work address, phone number, national identification number (SSN, SIN, etc.), email address, banking details, IP address, biometric data, usage data, or any information that may individually identify a person.
SeaHouse may collect Personal Data including without limitation your name, shipping and billing addresses, phone number, email address, payment information, IP address, and device identifiers and/or geolocation information, in the course of its Services, and may use or disclose that Personal Data as described with this Privacy Statement.
Consent and Collection of Personal Data
If you use SeaHouse’s website, or conduct a transaction through a SeaHouse Service where Personal Data is essential, your consent is implied to collect and use your Personal Data to facilitate that use or complete that transaction requested or initiated by you only. Examples of instances in which Personal Data may be collected by SeaHouse are, but are not limited to:
- When you purchase a product from the SeaHouse website/online store, including digital products or memberships.
- When you access and navigate the SeaHouse website, or engage in communication and/or business transactions with SeaHouse Services.
- If you knowingly submit Personal Data through the SeaHouse website for the purpose of registering for a service, a contest, or authentication.
During these instances, we may collect data such as, but not restricted to: areas of the Services or SeaHouse website you visit, transaction type(s) you engage in or request (and amounts thereof), content you view, your IP address, data downloaded or submitted by you, payment information provided by you, shipping and billing information entered by you, as well as the nature, quantity and price of the goods or services you exchange and the individuals or entities with whom you communicate or transact business using the Services.
In the event SeaHouse requests Personal Data for scenarios independent of the above, such as marketing-related questions via questionnaires, surveys, and profile data, it will include a specific consent request. The consent request will include a clear purpose and goal for the collection of Personal Data, along with a means of withdrawing consent. In these scenarios, we may ask for data such as, but not limited to: your contact information (name, telephone numbers, email address, mailing address), date of birth, product and/or cosmetic concerns, which brands and products you use, user authentication and security information (e.g. username and password).
If at any point you wish to withdraw consent to Personal Data collection, please contact the SeaHouse Privacy Officer via the Contact & Questions area at the bottom of this Privacy Statement. Please note that certain Services may only be able to be offered or provided to you if you disclose the Personal Data necessary to facilitate those Services, and therefore SeaHouse may not be able to provide you with certain Services in the event that you choose not to disclose that Personal Data to SeaHouse.
Age of Consent
The Services offered by SeaHouse are directed towards and designed for the use of persons above the age of majority in your province, state, or country. Persons under the age of majority are not permitted to use the Services on their own, and SeaHouse will not approve applications of, or establish, or maintain accounts or memberships for, any persons below their respective region’s age of majority.
SeaHouse does not solicit or knowingly collect Personal Data from persons below the age of majority of their region. If we discover we have received Personal Data of a person below the age of majority, we will delete such information from our systems. Additionally, if a parent or legal guardian believes that Personal Data regarding a minor in their care has been provided to SeaHouse, they may request the minor’s information be corrected or deleted by contacting the SeaHouse Privacy Officer via the Contact & Questions area at the bottom of this Privacy Statement.
When you interact with a SeaHouse Service, similar to most other websites and online services, certain anonymous technical information about your visit is automatically logged and collected by SeaHouse. This may include information about the type of browser you use, operating system, the date and time you access the Service, the links you accessed while using the Service, and the internet address of the website, if any, which linked directly to the SeaHouse Service. This information is used for system administration purposes such as diagnosing problems with SeaHouse’s Services, servers and websites, compiling aggregated and statistical information, and to improve the operation and content of the SeaHouse website and Services. It is not personally identifiable, and is not considered Personal Data and subject to this Privacy Statement.
Personal Data Use
SeaHouse may use collected Personal Data for such purposes as:
- Helping to establish and verify the identity of users, and to keep user accounts secure,
- Opening, maintaining, administering and servicing users’ accounts or memberships,
- Providing Services and support to users,
- Improving SeaHouse’s website, including tailoring its website to users’ preferences,
- Providing users with product or Service updates, promotional notices and offers, and other information about SeaHouse,
- Corresponding with you, and responding to your questions, inquiries, comments, and instructions,
- Maintaining the security and integrity of SeaHouse systems, and,
- Complying with applicable laws.
Once collected, SeaHouse will store and process your Personal Data in secure locations. SeaHouse may transmit data outside of Australia for the purposes of processing and executing transactions related to the Services, in connection with its online store. Where this transmission occurs, the security measures outlined in this Privacy Statement will continue to apply.
Personal Data will only be retained by SeaHouse for the length of time required, to fulfil the purpose, or complete, the transaction for which it was collected, or as may be required by law. Beyond that point, Personal Data in the possession or control of SeaHouse will be made anonymous or securely destroyed.
Legal Basis for Processing
This section addresses the legal basis for processing your Personal Data if you reside outside of Australia and in the European Economic Area (within Australia, you typically provide consent when you receive notice of this Privacy Statement in a website link).
Lawful Basis for Processing
Data protection law in the European Union requires a “lawful basis” for collecting and retaining Personal Data from citizens or residents of the European Economic Area. SeaHouse collects and processes your Personal Data for a variety of purposes outlined in this Privacy Statement. In certain cases, separate consent to this processing is not required, including:
- For the performance of a contract: To perform our contractual obligations to you, including account registration, fulfilling orders or purchases you have made (including processing of payment), contacting you in relation to any issues with your order, in relation to the provision of the Services, where SeaHouse needs to provide your Personal Data to our service providers to provide the Services, or to aggregate and centralize data for the performance of the Services.
- To meet legal obligations: To comply with laws, regulations, court orders, or other legal obligations or to assist in an investigation.
- For legitimate interests: To operate SeaHouse’s business and provide the Services, other than in performing our contractual obligations to you, except where overridden by the interests or fundamental rights and freedoms that require protection of Personal Data. For example, the following areas include processing permitted due to legitimate interests:
- Respond to Your Requests. To respond to your requests for technical support, online services, product information or to any other communication you initiate. This includes accessing your account to address technical support requests.
- Promotional Messages. SeaHouse processes your non-sensitive Personal Data to provide you with promotional messages, including when you communicate with SeaHouse or sign up for promotional materials, when you participate in special activities, offers, or programs, when we aggregate and centralize data, and when we share Personal Data with our service providers and vendors.
- Surveys. To send you surveys in connection with our Services, unless commercial in nature. In those cases, a survey request may be sent to you if you have given SeaHouse your consent to receive marketing from us.
- Compliance with Law and Public Safety. To assist in the investigation of suspected illegal or wrongful activity, including sharing information with other entities for fraud, loss, and crime prevention purposes. To protect and defend SeaHouse’s rights and property, or the rights or safety of third parties.
- Improvement and Development. To develop, provide, enhance, and improve SeaHouse Services and your experience, including to enable, you to use the full range of our Services. For internal purposes related to certain research, analytics, innovation, testing, monitoring, customer communication, risk management, and administrative purposes.
Consent as a Basis for Processing
In some cases, SeaHouse will ask for your consent, to process your Personal Data. You may indicate your consent in a number of ways, including, as may be presented by SeaHouse and permitted by law, ticking a box (or equivalent action) to indicate your consent when providing us with your Personal Data through our Services or a form, or registering or creating an account with us. Note that certain country/region-specific rules regarding consent may also apply, depending upon the jurisdiction in which you reside.
SeaHouse maintains reasonable physical, technical, and administrative security measures to minimize the risk of unauthorized loss, theft, copying, misuse, access, disclosure, alteration, or destruction of your Personal Data.
If transactions are offered as part of a SeaHouse Service, transaction information is transmitted to and from SeaHouse in encrypted form using industry-standard Secure Socket Layer (SSL) connections to help protect such information, including Personal Data transmitted in the course of these transactions, from interception.
SeaHouse also restricts access to your Personal Information to only those persons who have a legitimate business need or legal requirement to view it in connection with the Services. You, as a Personal Data owner, may also authorize any persons you may choose to have access to your Personal Data.
Although SeaHouse does utilize security measures appropriate to the level of risk, no method of data transfer or storage on the internet is 100% secure and security risks cannot be eliminated entirely. As such, SeaHouse cannot guarantee perfect security, integrity, or confidentiality of Personal Data.
SeaHouse maintains a security incident response protocol to be put in place in the event that the security of your Personal Data in the possession or control of SeaHouse is compromised. In the event of a data breach or security incident involving the Services, SeaHouse will apply this protocol to enable SeaHouse to effectively and efficiently respond to, and contain, the breach or incident. SeaHouse may also seek to notify you in such event. If notification is appropriate or required, SeaHouse may notify you by email, messaging to your device, or other reasonable means.
Disclosure of Personal Data
SeaHouse does not provide Personal Data to unaffiliated third parties for their use in marketing directly to you. We may use unaffiliated companies, or trusted third party service providers, to help maintain and operate our Services for reasons related to our business operations and to better serve you, and those companies may receive your Personal Data for that purpose (including the Shopify Platform, Memberships apps and other apps used in the SeaHouse online store). For example, SeaHouse may use third party payment processor services in connection with the Services and its websites, and the payment information that you provide to SeaHouse may be disclosed to and used by these payment processors for the purposes of completing and executing transactions requested or initiated by you. When SeaHouse shares Personal Data with third-party services that support our delivery of the Services, we require that they use your Personal Data only for the purposes we’ve authorized, and that they protect your Personal Data to at least the same standards used by SeaHouse.
SeaHouse may also disclose Personal Data about you in connection with legal requirements, such as in response to an authorized subpoena, governmental request or investigation, or as otherwise permitted by applicable law (including, without limitation, to prevent fraud or abuse, or to protect SeaHouse’s legal rights, property, or the safety of SeaHouse, its employees, users or others).
If you believe your Personal Data has been disclosed other than as described in this Privacy Statement, please contact the SeaHouse Privacy Officer via the Contact & Questions area at the bottom of this Privacy Statement.
Transfers of Your Personal Data to Other Countries
The Personal Data SeaHouse processes, and associated Services and systems, may be housed on servers in various locations where SeaHouse maintains servers or facilities, including Australia, Canada, the United States, and the EU. Please be aware that Personal Data we collect may be processed and stored in one or more of these locations. The data protection and privacy laws in these locations may offer a different level of protection than in your country/region, however, as noted earlier in this Privacy Statement, SeaHouse takes steps, including through contracts, intended to ensure that the Personal Data it collects continues to be protected wherever it is located in a manner consistent with the standards of protection required under applicable law.
Where Personal Data is transferred from the European Economic Area to a country that has not received an adequacy decision by the European Commission, SeaHouse relies on appropriate safeguards, such as for example the European Commission-approved Standard Contractual Clauses and EU-U.S. Privacy Shield Frameworks, to transfer the Personal Data. By using our Services and submitting your Personal Data, you agree to the transfer, storage, and/or processing of your Personal Data in the locations contemplated above. Where and as required, we will seek your explicit consent as outlined in this Privacy Statement.
“Cookies” and Advertisers
The SeaHouse website, or the third party companies used to host, operate, or maintain this website, may place a “cookie” on your computer in order to allow you to use thewebsite and to personalize your experience.
A “cookie” is a small piece of data, or an alphanumeric identifier, that can be sent by a web server to your computer or device, which then may be stored by your browser on your computer or device. Cookies allow SeaHouse to recognize your computer or device while you are on our website and help customize your online experience and make it more convenient for you. Cookies are also useful in allowing more efficient log-in for users, tracking transaction histories, and preserving information between browsing sessions. The information collected from cookies may also be used to improve website functionality.
Most web browsers have features that can notify you when you receive a cookie or prevent cookies from being sent. If you disable cookies, however, you may not be able to use certain personalized functions of SeaHouse website.
Rights With Respect to Personal Data
SeaHouse is committed to ensuring you retain full access to and control of your Personal Data. To that end, we endeavour to respect your right to be informed regarding the collection, use and disclosure of Personal Data, and your right of correction and access to it, via this Privacy Statement.
If you would like to access, correct, remove, request a copy of, withdraw consent to collection of your Personal Data, or are looking for any additional information on how your Personal Data may be collected, used or disclosed by SeaHouse, please contact the SeaHouse Privacy Officer via the Contact & Questions area at the bottom of this Privacy Statement. Subject to certain exceptions and limitations that may be prescribed by applicable law, you will be provided with reasonable access to your Personal Data, and will be entitled to have it amended or corrected as appropriate.
In certain circumstances, you may have the right to have your Personal Data, or certain components of your Personal Data, erased by SeaHouse, to have your Personal Data moved, copy or transmitted from SeaHouse’s systems to other systems, or to object to or restrict certain processing of your Personal Data by SeaHouse. In the event that you wish to inquire about, or seek to exercise any of these rights (as they may be applicable), please contact SeaHouse’s Privacy Officer.
SeaHouse Services may contain links to other websites, apps, or services, including those of advertisers or third party content providers who offer downloads as part of a SeaHouse Service. SeaHouse is not responsible for the privacy practices or the content of other websites, apps, or services. We encourage you to read the privacy statements published by such third parties before divulging your Personal Data to them.
Changes to this Privacy Statement
SeaHouse reserves the right to modify or supplement this Privacy Statement in its discretion, at any time. If a material change to the terms of this Privacy Statement is made, we will post a notice to our Blog and a link to the new or amended Privacy Statement. The collection, use and disclosure of your Personal Data by SeaHouse will be governed by the version of this Privacy Statement in effect at that time. Your continued use of SeaHouse’s website and/or Services subsequent to any changes to this Privacy Statement will indicate your consent to the collection, use and disclosure of your Personal Data in accordance with the amended Privacy Statement.
Contact & Questions
If you have any questions or comments regarding this Privacy Statement or any aspects of SeaHouse’s Services, please contact SeaHouse’s Privacy Officer via email info@firstname.lastname@example.org.
Subject to applicable law, if you are a citizen or resident of the European Economic Area, you also have the right to (i) object to SeaHouse’s use of your Personal Data and (ii) lodge a complaint with your local data protection authority.
13 Allerton Ave, Culburra Beach, New South Wales, 2540 Australia.