SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address. When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system. Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
SECTION 2 - CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only. If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at email@example.com or mailing us at:
Wallaby Shop - 10 Noel Street, CLONTARF QLD 4019
SECTION 3 - DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service or Privacy Statement.
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers. In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So, if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 7 - COOKIES
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer. cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
SECTION 8 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at firstname.lastname@example.org or by mail at:
Wallaby Shop - 10 Noel Street, CLONTARF QLD 4019
The Australian Rugby Union Limited (ARU, 'we', 'us', 'our') respects the privacy of the individuals in relation to whom we collect, use, disclose and hold personal information and is committed to managing personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Commonwealth).
Where we refer to "Participant(s)" in this Policy we mean any person that, by way of registration or another process, has agreed to be bound by the ARU Constitution, ARU Policies and Codes or any laws, regulations and By-Laws of World Rugby applying from time to time. For the avoidance of doubt, a Participant includes any player (whether amateur or professional), referee, touch judge or other match official, selector, coach, trainer, manager or other team official and any individual involved in the organisation, administration or promotion of Rugby Union including a director, other officer, employee or volunteer of a Rugby Body.
What information do we collect and how do we collect it?
The ARU will, where possible, collect personal information directly from you. This will be done in accordance with the APPs. We may collect your personal information on paper-based or electronic forms (online), over the phone or when you engage with us on social media or via our website.
As appropriate, we will notify you of the collection of your personal information and tell you why we are collecting it and how we plan to use it, or these things will be obvious at the time when the information is collected.
When you register to become a Participant by way of an ARU Registration Form or online registration platform (i.e. RugbyLink or Interfuse) a record that contains personal information is made by the ARU (or on behalf of the ARU by the club you have registered with). If you are a junior participant, we will collect your personal information from your parent or guardian.
Personal information about Participants is recorded in RugbyLink (the national player registration database) or Interfuse (the player registration database for NSW Premiership Rugby and NSW Suburban Rugby) in addition to the Australian Rugby Customer Relationship Management System, Salesforce.
The personal information that the ARU holds may include:
- Your name, address, telephone and email contact details;
- Your gender, date of birth and marital status;
- Information about rugby clubs you have played with or participated in;
- Details of rugby programs you have participated in;
- Details of rugby club memberships you have purchased;
- Details of any accreditations you hold; and
- Your playing status and history.
If you are a match official the personal information the ARU holds may also include:
- Details of any accreditations you hold or courses you have completed (including, if required, working with children certification);
- Your availabilities and preferences (including times and locations/venues) for scheduling purposes; and
- Data relating to your performance as a match official for training and development purposes.
If you are a coach the personal information the ARU holds may also include:
- Details of any accreditations you hold or courses you have completed (including, if required, working with children certification); and
- Your Individual Development Plan (which may include your coaching history and developmental goals).
With your consent we may also collect information about your health or other information which is defined by privacy laws as 'Sensitive Information'. Examples of circumstances in which this may occur include:
- collecting information about your health (such as injuries you have suffered e.g. concussions) to:
- ensure our programs are run safely and you are participating in an appropriate competition;
- record and collate injury history, medications and supplement use for professional and semi-professional players through an athlete data management system in accordance with the ARU Medical Policy and ARU Sports Supplements Policy (and equivalent policies for the National Rugby Championship, Super Rugby U20s, Uni Sevens Series, Australian School Boys Championships and other ARU competitions);
- administer competition rules; and
- administer anti-doping rules and the ARU Illicit Drug Policy;
- collecting information about your criminal history to determine your fitness to participate in rugby in the capacity in which you participate or intend to participate;
- collecting information about your racial or ethnic origin (such as when we conduct games or competitions for indigenous players);
- collecting information regarding your gender status for the purposes of ensuring you are safely participating in an appropriate competition; and
- collecting information to administer the Professional Players Code of Conduct and Anti-Corruption and Betting Policy (including any ARU policy or World Rugby regulation).
Rugby supporters and other individuals
We may collect information about individuals who are not Participants. This may include:
- Rugby supporters;
- Members of ARU supporter programs;
- Ticket purchasers; and
- Individuals who have made enquiries about the ARU and our programs.
The ARU collects personal information in the course of administering the game of Rugby Union in Australia, including without limitation when we provide you with services, and when you:
- Request services be provided to you;
- Purchase tickets for Rugby Union matches;
- Enter into competitions and promotions;
- Subscribe to, or seek to be registered in or for, our membership programs or newsletters; and/or
- Access our websites or social media platforms.
The personal information which the ARU collects and holds may include:
- Your name, age, billing and/or shipping address, email address, gender, occupation and telephone number;
- Your game attendance history;
- Opinions and beliefs provided via surveys and questionnaires;
- Your credit card information; and
- Details of items ordered or purchased from us.
Prospective employees, interns and applicants
We may collect personal information when recruiting personnel such as your name, contact details, qualifications and work history. Generally, we will collect this information directly from you. We may also collect personal information from third parties, such as recruitment agencies or referees you have nominated.
Before offering you a position, we may collect additional details such as your tax file number and superannuation information.
We may collect sensitive information in the process of conducting background checks in order to assess your suitability for certain roles (for example, positions which involve working with children and people with disabilities).
Personnel of other organisations
We may collect personal information about individuals who interact with us (such as individual service providers and contractors to the ARU, as well as other individuals who interact with the ARU on a commercial basis). In such situations, this information would typically include your name, contact details, professional details and information regarding interactions with the ARU. This information is collected for the purpose of administration, management and operation of the ARU and its programs.
Visitors to our web sites
You may visit our web sites without identifying yourself. If you identify yourself (for example, by providing your contact details in an enquiry), any personal information you provide to the ARU will be managed in accordance with this Policy.
When you visit our web sites, our systems may record certain information about your use of those websites, including which web pages you visit and the time and date of your visit.
We may use 'cookies' (Cookies) to collect some personal information about you. We will treat this information in the same way as other personal information we collect about you. You can use the settings in your browser to control how your browser deals with cookies. However, in doing so, you may be unable to access certain pages, features or content on our web site.
We may also collect 'IP addresses' (IP Addresses) relating to you when you access and use the web sites. We may collect and manage IP addresses for internet session management and security purposes.
Dealing with the ARU anonymously
The ARU will provide individuals with the option of dealing with us anonymously or by pseudonym where it is lawful and practicable. However, choosing to do so may mean that you cannot participate in our programs. For example, it would not be practicable to be involved as a participant without identifying yourself.
How do we use and disclose your personal information?
If you are a Participant, we will use and disclose your personal information in order to:
- Organise, promote and conduct competitions and matches;
- Convene clinics, camps and player development activities;
- Assist with the education and development;
- Appoint and schedule;
- Select and administer teams; or
- Administer the rules of ARU competitions.
We may disclose your personal information to:
- A club you are registered with;
- Other governing bodies and competition administrators of Rugby Union;
- Persons and organisations responsible for administering anti-doping rules;
- Sponsors, commercial partners and broadcasters (where you would reasonably expect us to do so); or
- Regulatory bodies and/or law enforcement.
Rugby supporters and other individuals
We may use your personal information for the primary purpose for which it was collected and secondary purposes related to the primary purpose1. Such primary and secondary purposes may include, without limitation, use of your personal information to:
- Verify your identity;
- Develop, run, administer and market competitions, programs and activities relating to Rugby Union;
- Market products, services, merchandise and special offers made available by us or our respective corporate partners, licensees, suppliers and sponsors;
- Administer and manage our respective websites and provide you with access to those websites;
- Keep you informed of news and information (such as advance notice of ticket sales) relating to Rugby Union, including by distributing newsletters, publications and other communications via various media;
- Research and develop new competitions, programs, activities and other events relating to Rugby Union; or
- Research and develop new products, services and merchandise relating to Rugby Union.
Other uses and disclosures
The ARU will also use and disclose personal information for a range of administrative, management and operational purposes. This includes:
- Planning, managing, monitoring and evaluating our programs;
- Training staff, contractors, other workers and volunteers;
- Risk management and management of legal liabilities and claims;
- Responding to enquiries and complaints regarding our services;
- Obtaining advice from consultants and other professional advisers; and/or
- Responding to subpoenas and other legal orders and obligations.
We may use and disclose your personal information for other purposes explained at the time of collection or otherwise as set it out in the Policy.
How do we deal with unsolicited personal information?
If we receive unsolicited personal information (for example a complaint or query about a rugby participant that contains personal information) we will assess, according to the APPs, and the limits of relevant policies and laws, whether the information could have been solicited. If this is not the case, we will, as soon as practicable (if it is lawful to do so) destroy the information or ensure that it is de-identified.
Is your personal information used for direct marketing?
From time to time, we may contact you to provide you with information regarding other products, programs and services offered by us.2 This may include:
- Newsletters or other communications about our programs or information which we think might be of interest to you; and
- Promotional offers regarding our competitions, events and merchandise including offers from our corporate partners and sponsors. For an up to date list of the corporate partners from which you may receive such offers, please use the following link: www.aru.com.au/SponsorOffersandPromotions
What do I do if I no longer want to receive marketing communications from the ARU?
If you do not wish to receive marketing material from the ARU, please click the unsubscribe link found in the footer of emails and at the bottom of text messages you receive from the ARU and its corporate partners and sponsors.
You can also contact us at any time to let us know that you would like to be removed from our direct marketing lists. Our contact details can be found at the conclusion of this Policy.
Will your personal information be sent offshore?
In some cases, we may transfer personal information about you to individuals or organisations that are based in a foreign country (for example, a foreign rugby union, SANZAAR or World Rugby) including:
- To external providers for information storage purposes;
- For the purposes of administrating or facilitating overseas supporter's programs;
- To a foreign rugby union or foreign anti-doping authority;
- To World Rugby (World Rugby); or
- To Foreign law enforcement (if necessary).
As required by law, if we transfer personal information to a foreign country we will take reasonable steps to ensure that the overseas recipient does not breach the APPs or this Policy.
How do we hold the information we collect?
The information we collect is held in multiple systems including local storage, cloud based and third-party systems (such systems may have data storage facilities offshore).
How secure is your personal information?
The ARU will also take reasonable steps to protect your personal information from misuse, loss and unauthorised access, modification, interference or disclosure. Your information shall be protected either at the ARU or in overseas storage facilities. However, as the internet is not a secure environment, any information you send us via that method is sent at your own risk.
Our website may contain links which enable you to access other websites. We are not responsible for the content or privacy practices of those sites.
We will take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any legitimate purpose. This requirement does not apply where the information is contained in a Commonwealth record or where we are required by law or a court/tribunal order to retain the information.
How can you ensure that the personal information we hold about you is accurate?
The ARU takes all reasonable precautions to ensure that the personal information we collect, use and disclose is accurate, complete and up-to-date. However, we rely on the accuracy of personal information as provided to us both directly and indirectly.
If you find that the personal information we hold about you is inaccurate, incomplete or out-of-date, please contact us immediately (our contact details are at the conclusion of this Policy) and we will take reasonable steps to ensure that it is corrected (including, if it is practicable to do so, taking reasonable steps to correct information disclosed to third parties). There will be no cost to you in relation to your request to have your personal information corrected.
How can you access the personal information we hold about you?
You have a right to request access to the personal information we hold about you.
To request access to your personal information, please contact our Privacy Officer using the contact details set out below. You will not be charged for making a request to access your personal information but you may be charged for the reasonable time and expense incurred in compiling information in response to your request and expenses incurred in providing access in the manner you have requested. If we are able to provide access, we will endeavour to do so within a reasonable period of time after the request is made.
The ARU is not under any obligation to provide personal information to you where we are not required to do so under the APPs or otherwise at law. If we do refuse your request, we will provide you with reasons for our decision. If you would like to complain about our refusal to give you access to information please contact the Policy Officer on the details provided below.
The following is a non-exhaustive list of reasons why your request for access to information may be refused:
- giving access may pose a threat to the life, health or safety of any individual, or to public health or public safety;
- giving access would have an unreasonable impact on the privacy of other individuals;
- the request for access is frivolous or vexatious;
- the information relates to existing or anticipated legal proceedings;
- denying access is required or authorised by Australian law or a court/tribunal order;
- giving access would prejudice the investigation or hearing of suspected unlawful activity or misconduct;
- giving access would likely prejudice one or more enforcement related activities conducted by or on behalf of the ARU; and/or
- giving access may reveal commercially sensitive information or decision-making processes.
How can you make a complaint about how your personal information is handled?
You may contact the ARU at any time using the contact details below if you have any questions about this Policy or about how your personal information has been handled.
The ARU takes all privacy complaints seriously and will investigate your complaint in a confidential manner. We will inform you of the outcome of the investigation within a reasonable period of time.
The ARU may modify or amend this Policy from time to time. Please see the ARU website for the latest version of this Policy.
Changes to this Policy will not affect our use of previously provided personal information.
How can I contact the ARU?
The contact details for the ARU are:
PO BOX 800
Surry Hills NSW 2010
|Telephone||(02) 8005 5555|
1 sensitive information will only be used for secondary purposes directly related to the primary purpose
2 sensitive information will only be used for direct marketing purposes with your consent.