Privacy Policy
Welcome to Step One’s Privacy Notice.
Step One respects your privacy and is committed to protecting your personal information. This Privacy Notice informs you about how we use and look after your personal information, including any information you may provide through this website and our store or when you request information from Step One or otherwise communicate with us, and when your personal information is provided to us relating to our business. This Notice also informs you about your privacy rights and how the law protects you.
Who we are
Step One Clothing Australia Pty Limited collects and is and responsible for your personal information (referred to as "Step One", "we", "us" or "our" in this Privacy Notice). Step One Clothing Australia Pty Limited is also responsible for this website.
Our Privacy Officer is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to access or correct your personal information, please contact the Privacy Officer using the details set out below.
Contact Details
Our full details are:
- Step One Clothing Australia Pty Limited registered in Australia, 110 Bourke Road, Alexandria, NSW 2015, Australia
- Email address of the Privacy Department: privacy@stepone.life
If you have a complaint relating to such information, please contact the Privacy Officer using the contact details above. You have the right to make a complaint at any time to the Office of the Privacy Commissioner (“OPC”)(www.privacy.org.nz). We would, however, prefer to deal with your concerns before you approach the OPC so please contact us in the first instance.
Contents
- Personal information we collect
- How we use your personal information
- Messages to you (including marketing)
- Disclosure of personal information
- External links and social media sites
- Where we store personal information
- Changes of Business Ownership and Control
- Data access and correction
- Changes to this notice
1. Personal information we collect
We may obtain information from you directly. For example you may give us information when you buy products from us in our store at www.nz.stepone.life or when you contact us either directly or through our site. The information collected will include the following:
- name;
- contact details (e.g. email address, postal address or mobile number);
- transactional details (e.g. products ordered, quantity, dates of order, payments you make, method of payment, any returns, shipping details).
If you do not provide personal information that we request, it may mean that we are unable to provide you with the products or customer services you have requested.
We also collect personal information automatically when you use the website and when you navigate through the website. Information collected automatically may include:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your browser type and version, [time zone setting, browser plug-in types and versions, operating system and platform];
- Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. usage details, geo-location data, IP addresses and other data collected through cookies and other tracking technologies.
For more information on our use of these technologies, see our Cookie Notice which explains how you can opt out of certain non-essential cookies.
If you give us personal information about other people (for example members of your family) then you confirm that they are aware of the information in this Notice about how we will use their personal information.
2. How we use your personal information
We use personal information for a number of purposes, including to provide and improve our products and services, administer our relationship with you and our business, for marketing and in order to exercise our rights and responsibilities. More detailed information about these purposes is set out below.
- to provide you with products you have bought
- to provide technical and customer support and training and to improve our products, our website and our services to you
- to administer our relationship with you, our business and our third-party providers such as Shopify (e.g. to provide financial information or to provide you with information about your order)
- to personalise your experience with our services. If you leave our site with your shopping cart full, we may contact you later to suggest you complete the purchase. We may also retain your browsing and usage information to make your searches within our services more relevant and use those insights to target advertising to you online on our websites and apps. Your choices in relation to marketing are explained in section 3 below
- to deliver and suggest tailored content such as news about new products. We analyse the way you use our website to make suggestions to you for products or services that we believe you will also be interested in, and so that we can make our services more user-friendly
- to contact you in relation to, and conduct, surveys or polls you choose to take part in and to analyse the data collected for market research purposes
- to provide you with newsletters and other marketing as permitted by law
- to meet our internal and external audit requirements, including our information security obligations
- to enforce our terms and conditions
- to protect our rights, privacy, safety, networks, systems and property, or those of other persons
- for the prevention, detection or investigation of a crime or other breach of law or requirement, loss prevention or fraud
- to comply with requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, including where they are outside New Zealand
- in order to exercise our rights, and to defend ourselves from claims and to comply with laws and regulations that apply to us or third parties with whom we work in order to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or shares.
3. Messages to you (including marketing)
We may send you messages (by telephone, post, text and email and other digital means) to help you track your orders and keep you informed about our terms and conditions and features of our website.
We may also send you marketing messages, to inform you about products and services (including those of others) that may be of interest to you. You can ask us to stop or start sending you marketing messages at any time by contacting us (see Contact Us at the beginning of this Privacy Notice) or by following the unsubscribe instructions in our marketing messages.
4. Disclosure of personal information
We will treat all your personal information as private and confidential (even when you are no longer a customer). We will not reveal your name, address or any details of your relationship with us to anyone including other companies in our own group, other than in the following cases:
- Our third party service providers. These may include for example:
- Shopify Inc., who host our store. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall;
- our service providers who store and deliver orders for our products to customers;
- those we engage to host and maintain the website and IT systems;
- analytics and search engine service providers that assist us in the improvement and optimisation of this website;
- those who assist us with or partner with us in marketing campaigns;
- SMS/Telephony provider.
- Third parties where we have a duty to or are permitted to disclose your personal information by law (e.g., government agencies, law enforcement, courts and other public authorities); and
- Third parties where reasonably required to protect our rights, customers, systems and services (e.g. legal counsel and information security professionals).
Before we disclose personal information to a third party, we take steps to ensure that the third party will protect personal information in accordance with applicable privacy laws and in a manner consistent with this Notice. In some cases we require third parties sign a data processing agreement with us. They are required to restrict their use of this personal information to the purpose for which the information was provided.
Sometimes the third party will be outside New Zealand, in which case see section 7 for more information.
Payments
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy). Once you leave our store’s website or are redirected to a third party website or application you are no longer governed by this Privacy Notice or our website terms of service.
Step One does not hold or have access to the payment information you provide to Shopify or its payment service providers, such as your credit card or bank account details, although we do have access to the method of payment and card issuer.
5. External links and social media sites
This website and our services may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Communication, engagement and actions taken through external social media platforms are subject to the terms and conditions as well as the privacy policies of those social media platforms.
This website may use social sharing buttons which help share web content directly from our web pages to the social media platform in question. Where you use such social sharing buttons you do so at your own discretion. You should note that the social media platform may track and save your request to share a web page respectively through your social media platform account. Please note these social media platforms have their own privacy policies, and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these social media platforms.
6. Where we store personal information
The personal information relating to you that we collect may be transferred to, and stored at, locations outside New Zealand. It may also be processed by staff operating outside New Zealand who work for us or for one of our service providers. In particular personal information may be accessed by staff at our Step One company in Australia.
As described in this Privacy Notice, we may also share personal information relating to you with third parties who are located overseas, for business purposes and operational, support and continuity purposes, for example, when we use IT service providers or data storage services.
Countries where personal information relating to you may be stored and/or processed, or where recipients of personal information relating to you may be located, may have data protection laws which differ to the data protection laws in New Zealand. By submitting your personal information, you accept that personal information relating to you may be transferred, stored or processed in this way. We take measures to ensure that any international transfer of information is managed carefully and in accordance with data protection law to protect your rights and interests and in accordance with this Notice.
If you wish to ask us for more information about our safeguards, please contact the Privacy Officer (see the Contact Us section at the beginning of this Privacy Notice).
7. Changes of Business Ownership and Control
We may, from time to time, expand, reduce or sell our business, and this may involve the transfer of certain divisions or the whole business to other parties. Personal information relating to you will, where it is relevant to any division so transferred, be transferred along with that division to prospective buyers and the new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use personal information relating to you for the purposes.
8. Data Access and Correction
Under the Privacy Act 2020, you have certain rights of access to and correction of personal information that we hold. We ask that you contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate.
Please contact the Privacy Officer if you wish to access or correct your personal information.
If you have a concern about the way we are collecting or using personal information relating to you, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Office of the Privacy Commissioner at www.privacy.org.nz/about-us/contact.
9. Changes to this Notice
We review and amend our Privacy Notice from time to time. Any changes we make to this Notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this Notice. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the website.
Last updated: 23 February 2021