Privacy Policy

Welcome to Notion Beast's Privacy Policy, which outlines how we collect, use, disclose, and protect your personal information in compliance with Australian privacy laws, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Our Commitment to Privacy

At Notion Beast, we are committed to respecting and protecting your privacy rights. This Privacy Policy explains how we handle your personal information when you visit our website, use our services, or interact with us in any way. It also outlines your rights regarding your personal information and how you can contact us for further information or to exercise these rights.

Scope of This Privacy Policy

This Privacy Policy applies to all personal information collected by Notion Beast through our website, in-store interactions, customer service inquiries, and other interactions with us. It covers how we collect, use, disclose, and secure your personal information.

Key Privacy Principles

Our Privacy Policy adheres to the following key principles:

Transparency: We are transparent about how we collect, use, and disclose your personal information.
Purpose: We collect your personal information only for specified and legitimate purposes.
Consent: We obtain your consent before collecting, using, or disclosing your personal information, except where permitted or required by law.
Security: We implement reasonable security measures to protect your personal information from unauthorized access, use, or disclosure.
Access and Correction: You have the right to access and correct your personal information held by us.
Data Integrity: We take reasonable steps to ensure that your personal information is accurate, complete, and up-to-date.
Accountability: We are accountable for our handling of your personal information and comply with Australian privacy laws.

If you have any questions, concerns, or requests regarding our Privacy Policy or the handling of your personal information, please contact our Privacy Officer at notionbeastcreative@gmail.com. We are committed to addressing your inquiries promptly and professionally.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or advancements in technology. We encourage you to review this Privacy Policy periodically for any updates.

By using our website, services, or interacting with us, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.

Providing Your Personal Data to Others

1. Consent and Notification

· Consent: Before disclosing personal data to others, organizations must obtain consent from the individual unless an exception applies (e.g., where disclosure is required or authorized by law).

· Notification: Individuals must be informed of the purpose for which their personal data will be disclosed, unless it is obvious from the circumstances.

2. Permitted Disclosures

· Primary Purpose: Personal data may be disclosed for the primary purpose for which it was collected (e.g., providing a service or fulfilling an order).

· Secondary Purpose: If personal data is to be used for a secondary purpose (e.g., marketing), consent must generally be obtained unless an exception applies.

3. Exceptions to Consent

Exceptions: Personal data may be disclosed without consent in certain circumstances, including:

When required or authorized by law (e.g., legal obligations, court orders).
When necessary to lessen or prevent a serious threat to life, health, or safety.
When necessary for law enforcement or investigative purposes.

Health and Sensitive Information: Additional protections apply to the disclosure of health information and other sensitive information.

4. Contractual Obligations and Outsourcing

Contractual Arrangements: When personal data is disclosed to third parties (e.g., service providers, contractors), organizations should use contractual arrangements to ensure that the third party handles the data in accordance with Australian privacy laws.

5. Cross-border Disclosure

Cross-border Disclosure: If personal data is disclosed overseas, organizations remain accountable for the protection of that data and must take reasonable steps to ensure the recipient complies with similar privacy principles.

6. Access and Correction

· Access: Individuals have the right to access their personal data held by organizations and request correction if it is inaccurate, incomplete, or out-of-date.

· Complaints: Individuals can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if they believe an organization has mishandled their personal data.

7. Privacy Policies

Privacy Policy: Organizations must have a privacy policy that outlines how they manage personal data, including how they disclose it to others.

Compliance and Accountability

Organizations in Australia are responsible for ensuring compliance with the Privacy Act and the APPs. Compliance involves:

Understanding the principles and requirements of Australian privacy laws.
Implementing practices and procedures to protect personal data.
Responding to individuals' requests and complaints regarding their personal data.

By adhering to these principles, organizations can promote transparency, trust, and accountability in their handling of personal data under Australian privacy laws.

For detailed guidance and specific legal advice, organizations should consult the Office of the Australian Information Commissioner (OAIC) and seek legal counsel to ensure compliance with privacy obligations.

How We Use Your Personal Data

1. Primary Purpose

· Purpose: Personal data should only be used for the primary purpose for which it was collected, unless an exception applies or the individual consents to another use.

· Example: If you provide personal data for the purpose of purchasing a product or service, we will use your data to process and fulfill your order.

2. Secondary Purpose

· Consent: If personal data is to be used for a secondary purpose (e.g., marketing, research), organizations generally need to obtain consent unless an exception applies.

· Notification: Individuals should be informed of any secondary purposes for which their personal data may be used, unless it is obvious from the circumstances.

3. Direct Marketing

Opt-out Option: When using personal data for direct marketing purposes, organizations must provide an opt-out mechanism for individuals who do not wish to receive marketing communications.

4. Employment and Recruitment

Employee Data: Personal data collected from employees or job applicants should only be used for employment-related purposes, such as recruitment, payroll, and performance management.

5. Health and Sensitive Information

Additional Protections: Special rules apply to the use of health information and other sensitive information, requiring higher standards of confidentiality and security.

6. Disclosure to Third Parties

· Consent: Personal data should not be disclosed to third parties without consent unless an exception applies (e.g., legal requirement, enforcement purposes).

· Contractual Obligations: When disclosing personal data to third parties (e.g., service providers), organizations should ensure that the third party handles the data in accordance with Australian privacy laws.

7. Cross-border Disclosure

Protection Measures: If personal data is transferred overseas, organizations must take reasonable steps to ensure that the recipient complies with similar privacy principles.

8. Data Quality and Security

· Accuracy: Organizations should take reasonable steps to ensure that personal data is accurate, complete, and up-to-date.

· Security: Adequate security measures must be in place to protect personal data from misuse, interference, loss, unauthorized access, modification, or disclosure.

9. Access and Correction

· Access: Individuals have the right to access their personal data held by organizations and request correction if it is inaccurate, incomplete, or out-of-date.

· Process: Organizations should have procedures in place to handle access and correction requests in a timely manner.

10. Retention and Disposal

· Retention Period: Personal data should only be retained for as long as necessary for the purpose for which it was collected, or as required by law.

· Secure Disposal: When no longer needed, personal data should be securely destroyed or de-identified to prevent unauthorized access.

Compliance and Accountability

Organizations in Australia are accountable for ensuring compliance with the APPs and must implement practices and procedures to protect personal data and respond to individuals' requests and complaints.

By following these rules and principles, organizations can demonstrate transparency, respect individuals' privacy rights, and build trust in their handling of personal data under Australian privacy laws.

For specific legal advice and detailed guidance, organizations should consult the Office of the Australian Information Commissioner (OAIC) and seek legal counsel to ensure compliance with privacy obligations.

In Australia, organizations must comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) when collecting personal information through technology and from third parties. Here are the key rules and considerations regarding what information can be collected through technology and by third parties in compliance with Australian laws:

Information Collected through Technology and by Third Parties

1. Collection of Personal Information

· Definition: Personal information includes any information or opinion about an identified individual or an individual who is reasonably identifiable.

· Examples: Personal information collected through technology and by third parties may include:

Technology: IP addresses, cookies, device identifiers, location data, and browsing history.
Third Parties: Information obtained from service providers, marketing partners, social media platforms, and publicly available sources.

2. Notification and Consent

· Transparency: Individuals should be informed about the collection of their personal information through technology and by third parties, including the types of information collected and the purposes for which it will be used.

· Consent: Consent may be required before collecting personal information, depending on the circumstances and the sensitivity of the information.

3. Purpose of Collection

· Primary Purpose: Personal information should be collected for a lawful purpose that is reasonably necessary for the functions or activities of the organization.

· Secondary Purpose: If personal information is collected for a secondary purpose (e.g., marketing), individuals should be informed and given the option to opt-out.

4. Use and Disclosure

· Limitation: Personal information collected through technology and by third parties should only be used or disclosed for the purpose for which it was collected, unless an exception applies (e.g., consent, legal requirement).

· Third Party Disclosure: Organizations should ensure that third parties handling personal information comply with Australian privacy laws and provide adequate protection for the information.

5. Data Security and Retention

· Security Measures: Organizations must implement reasonable security safeguards to protect personal information from misuse, interference, loss, unauthorized access, modification, or disclosure.

· Retention Period: Personal information should be retained only for as long as necessary for the purpose for which it was collected, or as required by law.

6. Cross-border Disclosure

Protection Measures: If personal information is disclosed overseas, organizations must take reasonable steps to ensure that the recipient complies with similar privacy principles.

7. Access and Correction

· Access: Individuals have the right to request access to their personal information held by organizations, including information collected through technology and by third parties.

· Correction: Individuals can request correction of their personal information if it is inaccurate, incomplete, or out-of-date.

8. Privacy Policies

Policy Requirements: Organizations should have a privacy policy that outlines how they manage personal information, including information collected through technology and by third parties.

Compliance and Accountability

Organizations in Australia are accountable for ensuring compliance with the APPs and must implement practices and procedures to protect personal information collected through technology and by third parties.

By following these rules and principles, organizations can enhance transparency, respect individuals' privacy rights, and build trust in their collection and handling of personal information under Australian privacy laws.

Changes to Personally Identifiable Information (PII)

1. Access and Correction Rights

· Access: Individuals have the right to request access to their PII held by organizations. This includes the right to know what information is held, how it is used, and who it is disclosed to.

· Correction: Individuals have the right to request correction of their PII if it is inaccurate, incomplete, or out-of-date. Organizations must take reasonable steps to ensure that PII is accurate, up-to-date, relevant, and not misleading.

2. Process for Making Changes

Request Process: Organizations should have a clear and accessible process for individuals to request changes to their PII. This process should include:

Providing contact details for making requests (e.g., email address, phone number).
Verifying the identity of the individual making the request to ensure security and prevent unauthorized access.
Responding to requests in a timely manner and within a reasonable period, typically within 30 days under the APPs.

3. Notification of Changes

Notification: When changes are made to an individual's PII, organizations should notify the individual if:

The changes affect how their information is used or disclosed.
The changes are significant and may impact the individual's rights or obligations.

4. Consent and Authorization

· Consent: Organizations generally require consent from the individual before making changes to their PII, unless an exception applies (e.g., legal requirement).

· Authorization: In cases where consent is required, organizations should obtain explicit authorization from the individual for the specific changes proposed.

5. Security and Confidentiality

· Security Measures: Organizations must implement reasonable security measures to protect PII from misuse, interference, loss, unauthorized access, modification, or disclosure.

· Confidentiality: Ensure that any changes to PII are handled confidentially and only accessible to authorized personnel.

6. Documentation and Record-Keeping

· Documentation: Maintain records of requests, changes made, and any communications related to changes in PII to demonstrate compliance with privacy obligations.

· Retention: Retain records of changes to PII for as long as necessary for legal or business purposes, and ensure secure disposal when no longer needed.

7. Complaints and Dispute Resolution

· Complaints Process: Provide individuals with information about how to lodge a complaint if they are not satisfied with how their request for changes to PII was handled.

· Dispute Resolution: Organizations should have procedures in place to resolve disputes related to changes in PII in a fair and timely manner.

Compliance and Accountability

Organizations in Australia are responsible for ensuring compliance with the APPs and must implement practices and procedures to handle changes to PII in accordance with privacy laws.

By following these rules and principles, organizations can uphold individuals' rights, promote transparency, and build trust in their management of PII under Australian privacy laws.