PRIVACY POLICY

1. Introduction

Newbale Clothing Pty Limited (ABN 33 136 405 091) trading as M.J. Bale (M.J. Bale) acknowledges and respects the privacy of individuals. This Policy explains how we collect, use, disclose, retain and manage your personal information (Information) in the course of our business. M.J. Bale is committed to complying with the Privacy Act 1988 (Cth) (Privacy Act), the 13 Australian Privacy Principles (APPs) in the Privacy Act.

You are not obligated to provide your Information to us, however, if you do not provide us with the Information we require, or where Information provided is inaccurate or irrelevant, we may not be able to engage with you or may be limited in our ability to engage with you and provide you access to our services.

We reserve the right to make changes or updates to this Privacy Policy from time to time. Should we do so, we will update the policies on www.mjbale.com (‘Website’) for Australia and New Zealand, and www.global.mjbale.com (‘Global Website’) for other regions (collectively referred to as ‘Websites’) accordingly. Consequently, please check the Websites regularly to stay informed of any updates. Your continued engagement with M.J. Bale, including your use of the Websites, or the provision of further Information to us after this Privacy Policy has been revised, constitutes your acceptance of the revised policy and you consent to us collecting, holding, using, disclosing and managing your Information in the way described in this Privacy Policy or permitted under the Privacy Act.

If you do not agree with the practices described in this Privacy Policy, please do not provide us with your Information or interact with our Websites.

2. Collection Of Your Information

2.1. Personal Information

We collect Personal Information, as defined in the Privacy Act when you access or use our Services.

M.J. Bale engages with various individuals, including but not limited to customers, members, visitors of the Websites and employees.

During the provision of M.J. Bale’s services, the types of information that M.J. Bale collects will depend on the service requested by you. Generally, the kinds of personal information M.J. Bale collects include:

(a) contact and identification details (e.g. name, addresses, email address and phone number);

(b) gender and date of birth;

(c) occupation;

(d) location;

(e) browsing behaviour;

(f) purchase history;

(g) financial information (e.g. credit card details); and

(h) other information relevant in the circumstances

M.J. Bale collects your personal information in various ways including when you:

(a) visit or become a member of the Websites (or any application managed by us);

(b) interact with our advertisements;

(c) register for our newsletter;

(d) interact or follow our social media pages or profiles;

(e) enter into a competition or promotion through any medium;

(f) participate in a survey or other market research activities;

(g) request information from us or submit any feedback or query;

(h) submit job applications or other forms;

(i) or otherwise provide us with personal information in person or via telephone, email, fax, post or other means.

We will, in most cases, collect personal information directly from you through written and verbal communication. There may be other occasions when we collect your personal information from other sources such as internet service providers, publicly maintained records, including records publicly available through social media, or other third parties. Generally, we will only collect your personal information from sources other than you if it is unreasonable or impracticable to collect your personal information from you, or if those sources are authorised to do so.

You expressly consent to the use of your Personal Information for the provision of Services in accordance with our Terms.

2.2. Sensitive Information

Sensitive information is information about your racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional/trade association or trade union, sexual preferences or practices, criminal record, and health or genetic information. It is not our general practice to collect sensitive information unless you have consented, or the collection is required under law or for the establishment, exercise or defence of a legal or equitable claim.

2.3. Passive Information

Each time you visit the Websites, our server passively collects and automatically records certain information using various technologies such as cookies, internet tags, web beacons, and navigational data collection methods (log files, server logs, clickstream), IP address, browser and device type, internet service provider, mobile phone carrier, platform type, the website from which you came and the website to which you are going when you leave our Services, date and time stamp and cookies that may uniquely identify your browser or account.

When accessing our Services using a mobile device, we may also receive and collect identification numbers associated with your device, mobile carrier, device type and manufacturer, and, if enabled, geographical location data (including GPS). Please note that some of the information we collect, for example an IP address, can sometimes be used to approximate a device's location.

This passive information is collected for statistical and marketing purposes, and to help us improve our services. This information can include the type of browser and system you are using, whether you have interacted with any advertisements or links, the address of the Websites you have come from and move to after your visit, the date and time of your visit and your server’s Internet Protocol (IP) address.

You can set your browser to accept or reject all cookies, or to notify you whenever cookies are offered so that you can decide each time whether to accept them.

Should you reject all cookies, your ability to use the Websites may be limited as certain features may not function correctly.

2.4. Advertising Cookies

M.J. Bale also uses advertising cookies to collect anonymous data, including visitor demographics and interests, as part of our implementation of the following Google Analytics Advertising Features: Remarketing with Google Analytics, DoubleClick Platform integrations and Google Analytics Demographics and Interest Reporting.

Cookies are stored by a user’s browser while the user browses a website. Cookies do not usually contain information that personally identifies a person, but each time the user visits the website, the browser sends the cookie data back to the server to notify the system of the user's previous activity. If you wish to disable cookies, you may do so through your browser settings.

We and our third-party vendors and advertising partners, such as Google, use first party cookies (such as the Google Analytics cookie) or other first party identifiers, and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to optimise and serve advertisements to you across the internet on the Google Display Network to analyse your interaction with advertisements. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.

Information on how to opt-out of the use of your information by DoubleClick can be found at http://www.google.com/ads/preferences/?hl=en and how to opt-out of Google Analytics at https://tools.google.com/dlpage/gaoptout.

Please see this link for how your data is collected and this link for instructions on how to opt-out of any Google Analytics data tracking.

3. Use And Disclosure of Your Information

3.1. Use

We use your Information for the purposes for which it is provided to us, other related purposes and as permitted or required by law. Generally, we will collect, use and hold your Information if it is reasonably necessary for or directly related to the performance of our functions and for the purposes of:

(a) for provision of the services;

(b) registration information required to become a member of our services;

(c) confirming your identity;

(d) providing you with our dressing room services and services purchased via the stores and Websites;

(e) facilitating payment for our services and processing via third-party gateways and alternative payment methods (such as Global-e);

(f) communicating with you and providing messaging and/or communications to you in association with the functions and features of the Services;

(g) communicating to you any announcements and updates, updated terms, conditions and policies, security alerts, technical notices, support and administrative messages;

(h) monitoring, auditing and evaluating our products and services;

(i) providing you with marketing information about other products or services, contests and rewards, upcoming events and other news that we, our related entities and other organisations that we have affiliations with, offer that may be of interest to you;

(j) aggregating customer data to create analyses, indexes, reports and benchmarkings;

(k) facilitating our internal business operations (including the management and improvement of services, analysing future client needs, modelling data, maintaining our relationship with you, data testing and security);

(l) complying with any legal or regulatory requirements;

(m) dealing with any complaints or enquiries;

(n) assessing your application (i.e. employment);

(o) informing you of future activities or events and to facilitate improvements to the services provided to you;

(p) for security purposes, including to protect the Services and our property from abuse, fraud, malicious, unauthorised access or potentially illegal activities, and to protect our rights, safety and property and that of our other users;

(q) identifying users to prepare customised web pages;

(r) for contact tracing purposes, as required by law or regulations; and

(s) any other purposes where consent described at the time of collection or as consented to in relation to our services..

For any of the above purposes we may contact you by electronic or other means.

Information you provide is considered a company asset and may be included among transferred assets if we merge, combine or divest part of our business unless prohibited from doing so by law.

Generally, the particular purpose for which Information is collected is either specified or reasonably apparent at the time the Information is collected.

We also use API functionality to connect with Facebook and Pinterest to share certain information (see more on this below) that is collected electronically via our Shopify platform. This may involve those parties or us storing hashed information in your browser.

4. Storage And Protection of Personal Information

4.1. Storage Of Personal Information

We take reasonable steps to protect your Personal Information in accordance with this Privacy Policy. The Personal Information we collect from you is transferred and stored electronically via a secured SSL connection, in secured, password-protected servers located in the USA, Europe and Asia. You agree and consent to MJ Bale storing your Personal Information on such servers.

4.2. Who Can Access Your Personal Information

Your Personal Information is accessible to our employees, contractors and our third-party service providers such as our website host and technical support providers. We may also store your Personal Information in password-protected email databases for the purpose of sending out communications and marketing emails in accordance with this Privacy Policy.

Please note that no method of electronic transmission or storage is 100% secure and we cannot guarantee the absolute security of your Personal Information. Transmission of Personal Information over the Internet is at your own risk and you should only enter, or instruct the entering of, Personal Information to the Services within a secure environment. It is your responsibility to ensure that you keep your Personal Information safe, including keeping your software up to date to prevent security breaches.

We reserve the right to maintain and store any information or data where, we reasonably believe, in our sole discretion, that such action is required to comply with any legal or regulatory obligations, to prevent criminal or other unlawful activity whether immediate or in the future, or where we have a legitimate business reason to do so, including collection of amounts owed, resolving disputes, enforcing our Terms or for record keeping integrity.

We destroy or de-identify your Personal Information after 2 years where it is no longer needed for the purposes outlined in this Policy. However, we may also be required to keep some of your personal information for specified periods of time, for example under certain laws relating to corporations, money laundering, and financial reporting legislation.

5. Disclosure

5.1. Disclosure To MJ Bale

We disclose your Information for the same purposes for which we collect it. That is, generally, we will only disclose your Information for the purposes listed above, if we have obtained your consent, or otherwise as set out in this Policy. This may include disclosing your Information to:

(a) us, including our directors, employees, officers and contractors. You consent to us providing your Personal Information, including Sensitive Information to our Related Bodies Corporate (as defined in the Corporations Act 2001 (Cth));

(b) our related entities to facilitate our and their internal business processes;

(c) third-party service providers, who assist us in operating our business (including professional advisors, financial advisors and dealers, and technology service providers);

(d) M.J. Bale’s contractors and suppliers, including IT contractors and database designers;

(e) any other third parties engaged to perform functions or activities on our behalf, including direct marketing;

(f) any other entity, with your consent, or to whom disclosure is required or authorised by law;

(g) any other third parties engaged to perform administrative or other services; and

(h) any party to whom we are required by law to provide your Personal Information and to any party to whom disclosure is permitted under the Australian Privacy Principles, or where we reasonably believe that disclosure is required to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities, if such disclosure is required by law. Where possible and appropriate, we will notify you if we are required by law to disclose your Personal Information.

This disclosure is done on a confidential basis or otherwise in accordance with the law.

We disclose your Information to Facebook and Pinterest via an API for the purpose of optimising our marketing to you. Any information provided to Facebook or Pinterest will be dealt with in accordance with their individual privacy policies, of which you should be aware.

5.2. Disclosure To Third Parties

We may share your Personal Information with third parties if it is reasonably related to the provision of our Services. The third parties that we may share your Personal Information with includes consultants, contractors, credit agencies, debt collection agencies and other service providers to us that perform services on our behalf. Such services we procure may include identifying and disseminating advertisements, enforcement of our Terms, providing fraud detection and prevention services, processing payments or providing analytics services. We may also share your Personal Information with our business partners who offer goods or services to you jointly with us (for example, contests or promotions). If we engage a third-party to perform services which involves handling your Information, the third-party will be subject to the same privacy obligations as we are to protect your Information. However, you should note that other third parties may collect, hold, use and disclose your Information in accordance with their own privacy policies and procedures and these may be different from our own. We may share your Personal Information where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities.

We may also share your Personal Information with third parties with your consent in a separate agreement, in connection with any company transaction (such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business by another company or third party) or in the event of bankruptcy, dissolution, divestiture or any related or similar proceedings.

Unless the California Consumer Privacy Act (CCPA) applies to you, we reserve the right to sell your Personal Information to third parties and you expressly consent to such sale. If the CCPA applies to you, we will not sell your Personal Information to third parties without your written consent, and you have a right to opt out of such sale.

Note that we reserve the right to share your Personal Information with other third parties where, in our sole discretion, it is required to:

(a) investigate and defend ourselves against any third party claims or allegations;

(b) protect against harm to the rights, property or safety of MJ BALE, its users or the public as required or permitted by law; and

(c) detect, prevent or otherwise address criminal (including fraud or stalking), security or technical issues.

5.3. Overseas Disclosure

You acknowledge and consent to the disclosure of, and transfer of your Information, including information relating to your purchase, to Facebook and Pinterest, which may be located in countries such as the United States of America or Canada. Once Information has been provided to Facebook and Pinterest, it will be handled in accordance with their respective privacy policies.

We use reasonable steps to ensure that these parties are either governed by substantially similar, accessible and enforceable laws to the Australian Privacy Principles or adhere to the Australian Privacy Principles, however you acknowledge and agree that to the maximum extent permitted by law, we are not liable for the privacy practices of any third parties.

Other than as disclosed above, we do not disclose your Information overseas; however, our third-party services providers may disclose your Information to overseas recipients. By giving us your Information, you consent to the disclosure of this Information. By consenting to the disclosure of your Information, Australian Privacy Principle 8.1 will not apply, and you agree that we do not have to take reasonable steps to ensure the Information is treated in accordance with the APPs.

In circumstances where the provision of your Information to an overseas recipient may be deemed use rather than disclosure, we will instead comply with our use policy as outlined above.

Please note that the transfer of your Personal Information to such overseas parties may pose risks to the security of your Personal Information as these countries may not have been issued with an adequacy decision as set out in the General Data Protection Regulation (GDPR) or have appropriate safeguards in place, however by providing your Personal Information to us, you acknowledge and consent to disclosure of Personal Information to such overseas recipients.

5.4. Direct Marketing

We may collect, hold, use and disclose your Information in order to inform you of products and services that may be of interest to you. You agree and expressly and indefinitely consent to us using or disclosing Personal Information (other than Sensitive Information) to keep you informed about our products and services and other products and services that we consider may be of interest to you. For this purpose, disclosure may be made to our third-party service providers. We may communicate with you via phone, email, social media, SMS, or regular mail. If you have indicated a preference for a method of communication, we will endeavour to use that method wherever practical to do so.

In the event you do not wish to receive such communications, you can opt-out by contacting us via the contact details set out below or through any opt-out mechanism contained in a marketing communication to you.

6. Security

M.J. Bale stores and holds Information electronically and/or in hard copy. We will take reasonable steps to store and hold Information in a secure and restricted manner and to protect Information from misuse, loss and unauthorised access, modification or disclosure.

Access to your Information is limited to those individuals who require such access in order to perform their duties and responsibilities. Any Information held by a third-party storage provider is done so under a contractual obligation of confidentiality and non-disclosure.

While the Websites have secure password and transaction protections in place, you should be vigilant and note that there are inherent risks associated with transmitting Information via the internet. This means we cannot guarantee that data transmission will be 100% secure or safe from attack from unauthorised intruders and no data protection or security measure is completely secure, particularly in relation to online transmissions. You must take care to ensure you protect your Information (for example, by protecting your usernames and passwords) and you must notify us as soon as possible after you become aware of any security breaches.

Your Information, where not stored electronically, is stored in our secure office premises with restricted access or with an offsite secure storage facility. If we no longer require the use of your Information, we will take reasonable steps to destroy or permanently de-identify it.

7. 'Forget Me' Option

In some circumstances, we may provide a checkbox for you to select 'Forget me and this visit after 30 days – I do not wish to become an M.J. Bale member'. If you select this option, your Information will no longer be accessible by M.J. Bale employees after 30 days, however it will remain on our system for the purposes of restoration if requested by you. The Information will automatically be permanently deleted after 180 days or earlier, if requested by you in writing.

8. Access And Accuracy of Your Information

We will take reasonable steps to ensure that the Information we collect is accurate, up to date and complete.

At any time, you may request access to Personal Information we hold about you. We may refuse to provide access if the law allows us to do so, in which case we will provide reasons for our decision as required by law.

You have a right to access, and request the correction of, any of your Information at any time. You may also request that we delete your Information at any time. Any such requests should be made to the Customer Service Team. M.J. Bale will grant access to the extent required or authorised by the Privacy Act or other law and take steps reasonable in the circumstances to correct Information where necessary and appropriate. There may be circumstances in which we cannot provide you with access or make a correction. We will advise you of the reasons if we deny you access or do not correct your Information.

MJ Bale will process your request as soon as reasonably practicable, provided we are not otherwise prevented from doing so on legal grounds. If we are unable to meet your request, we will let you know why.

9. Third-Party Links

The Website may contain links to other websites of third parties. A link to a third-party website is not an endorsement of the accuracy or trustworthiness of that website, or its content and any information collected by such websites will be subject to that website's privacy policy. We cannot and do not assume any responsibility for the privacy or security practices of any other websites that you may be able to access through our Websites. You are responsible for checking the privacy policy of any such websites and applications so that you can be informed of how they will handle Personal Information.

The Websites and/or any electronic methods of communication, including without limitation social media, may be accessible through or contain connections to areas where you may be able to publicly post Information, communicate with others, review products and submit media content. Prior to posting in these areas please read our Terms and Conditions and this Privacy Policy set out on the Website carefully. All the Information you post may be accessible to anyone with internet access and any Information you include in your posting may be read, collected and used by others.

10. Social Media Platforms

We run pages on a number of social media platforms, including Facebook, Instagram, Pinterest and Google Plus (Social Media Platforms). By accessing, interacting with and using our social media pages, you agree to the terms and privacy policy of those Social Media Platforms. You acknowledge and agree that these Social Media Platforms may collect your information and that the privacy practices of those Social Media Platforms are not controlled by us and that we hold no responsibility for such privacy practices.

Social Media Platforms also allow public access to your public social media profile, which may include your username, age range, country/language, list of friends or other information that you make publicly available, and you understand that such information may therefore be accessible by us if you interact with its social media pages.

We may from time to time, have access to statistics regarding the number of views, navigation patterns, posts that you like, comment on or share and any user interactions with our Social Media Platforms and may use such information for the purpose of its marketing and promotion strategies.

You also agree that we may share your Information with the Social Media Platforms via an API or direct link to our website for marketing purposes.

11. Consent

You consent to us, our agents, contractors, authorised employees and any related party collecting, holding, using, disclosing and managing your Information in accordance with this Privacy Policy for the purposes contemplated herein.

12. How To Stop Receiving Communication From Us

To stop receiving email correspondence from us, simply click on the link to unsubscribe or manage preferences.

To stop receiving the SMS service follow link to manage preferences.

To remove your details from any of our marketing and communication databases simply email the Customer Service Team at service@mjbale.com.

13. How To Contact Us

If you have any queries or wish to make a complaint about a breach of this Policy, the Privacy Act or a privacy code that applies to us, you can contact or lodge a complaint to our Customer Service Team at service@mjbale.com. You will need to provide sufficient details regarding your complaint as well as any supporting evidence and/or information.

Our Customer Service Team will respond to your query, or if a complaint has been made, investigate your complaint and determine the steps that we will undertake to resolve your complaint. We will contact you if we require any additional information from you and will notify you in writing (which includes electronic communication via email or fax) of the relevant determination. If you are not satisfied with the determination, you can contact us to discuss your concerns or complain to the Australian Privacy Commissioner via www.oaic.gov.au.

14. Application Of GDPR

For the purpose of clarity, data processing of individuals in the European Union (EU) is carried on only occasionally and as such, no EU representative has been designated, however the General Data Protection Regulation (EU) 2016/679 may apply to you if you are resident of, reside in or are located in the EU.

If the GDPR applies, in this Privacy Policy, “Personal Information” shall also include the definition of “Personal Data” under the GDPR and terms that are defined in the GDPR shall be defined in this Privacy Policy in accordance with the GDPR.

If the GDPR applies, this paragraph applies in addition to the above paragraphs to the extent that we are acting as a “Data Controller” with respect to your Personal Information.

15. Consent And Right to Withdraw Consent

By clicking accept to this Privacy Policy or otherwise notifying us of your acceptance of this Privacy Policy, you agree that you are providing express, freely given consent to us processing your Personal Information for the purposes outlined above and that we may lawfully process your Personal Information on the basis of this consent.

To the extent that our legal basis for processing your Personal Information is consent, you have a right to withdraw consent to the collection of your Personal Information at any time by sending us a written request to do so via the contact details above.

15.1. Legal Basis

Our legal bases for collecting and processing your Personal Information for the purposes listed above may be:

(a) your express consent;

(b) for our legitimate interests in providing information about the Services to you or providing the Services to you and improving and developing the Services; and/or

(c) in order to perform a contract (whether verbal or written) for you in order to provide paid Services to you.

15.2. Your rights

We have summarised your rights under the GDPR, but please note that not all of the details of your rights have been included in these summaries. Please ensure to read the relevant laws and guidelines for a full explanation of these rights.

You may exercise these rights by contacting us to notify us of the rectification or provide information to complete your Personal Information.

(a) Right of access

You have a right to obtain confirmation as to whether or not your Personal Information is being processed and, if so, you may request access to that Personal Information and further information including the purposes of the processing, the categories of Personal Information concerned and the recipients of the Personal Information. The first copy of such information will be provided free of charge, but additional copies may be subject to a reasonable fee.

(b) Right of rectification

You have the right to obtain the rectification of inaccurate Personal Information concerning you and you have the right to have incomplete Personal Information completed.

(c) Right to erasure

You have the right to obtain the erasure of your Personal Information without undue delay if:

(i) the Personal Information is no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(ii) you withdraw consent to consent-based processing;

(iii) you object to the processing under certain rules of the GDPR; or

(iv) the Personal Information has been unlawfully processed.

However, there are exclusions of the right to erasure such as where processing is necessary to exercise the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.

(d) Right to restriction of processing

You have the right to restrict the processing of your Personal Information if:

(i) you contest the accuracy of the Personal Information;

(ii) processing is unlawful but you oppose erasure;

(iii) we no longer need the Personal Information for the purposes of our processing, but you require Personal Information for the establishment, exercise or defence of legal claims; or

(iv) you have objected to processing, pending the verification of that objection.

Where processing has been restricted on this basis, we may continue to store your Personal Information, however we will only process it with your consent, for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest.

(e) Right to data portability

To the extent where your Personal Information has been provided based on consent, under a contract, or where processing is carried out by automated means, you have a right to receive Personal Information concerning you in a structured, commonly used and machine-readable format and you have a right to transmit that data to a Data Controller, except where this would adversely affect the rights and freedoms of others.

(f) Right to object

You have the right to object to our processing of your Personal Information for direct marketing purposes. If you make such an objection, we will cease to process your Personal Information for this purpose.

16. Application of CCPA

If you are a California resident, there are some additional rights that may be available to you under the CCPA. Please email us at service@mjbale.com to request that we:

(a) disclose certain information to you about the collection, use, and disclosure of your personal information over the past 12 months and to request access to such information; and

(b) delete any of your personal information that it has collected from you and retained;

(c) not sell your personal information.

When you make a request, we may require you to provide further information to assist in verifying your request including your first and last name, email address, telephone number or address. We will only use the information received in a request for the purposes of responding to the request.

We will not discriminate against you for exercising any of your rights under the CCPA including by:

(a) withholding our goods or services;

(b) charging you different prices or rates for goods or services; or

(c) providing you with differing quality of goods or services.

We are not required to respond to your request for access to personal information more than twice in a twelve (12) month period.