We are committed to complying with our privacy obligations in accordance with all applicable data protection laws, including the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 (Cth) (the "Privacy Act"). We comply with the EU General Data Protection Regulation ("GDPR") to the extent it applies to the personal data that we collect, hold, disclose and otherwise process ("GDPR Data").
If we amend or update this Policy, we will post the updated version on this webpage so that you will always know what personal data we gather, how we might use that information, and whether we will disclose it to anyone.
1. What is personal data?
1.1 "Personal data" has the meaning given to the term "personal information" in the Privacy Act (except in relation to GDPR Data – in which case "personal data" has the meaning given to it in the GDPR). The Privacy Act defines "personal information" as information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
1.2 Section 187LA of the Telecommunications (Interception and Access) Act 1979 extends the meaning of personal information to cover information kept under Part 5‑1A of that Act.
1.3 Article 4(1) of the GDPR defines "personal data" as any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Types of personal information we collect
Our goal is to minimise the amount of personal data we collect. Accordingly, we only collect personal data that is adequate, relevant and limited to what is necessary for the purpose for which it is to be processed and only where we are entitled by law to collect it. We may also use collected personal data for other related, directly related or compatible purposes (if and where permitted by applicable law).
2.1 In order to provide a better service to you, we may collect and process the following data about you:
(a) information that you provide by filling in forms on our site https://thewhiskymill/ ("our site"). This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. We may also ask you for information at other times, for example in connection with a promotion or when you report a problem with our site;
(b) if you contact us, we may keep a record of that correspondence;
(c) details of transactions you carry out through our site and of the fulfilment of your orders;
(d) details of your visits to our site and the resources that you access.
2.2 We only retain personal data for so long as it is necessary. Data may be archived as long as the purpose for which the data was used still exists.
3. Uses made of the information
3.1 The purposes for which information may be used by us include:
(a) ensuring that content from our site is presented in the most effective manner for you and for your computer;
(b) providing you with alerts, newsletter, education materials or information that you requested or signed up to;
(c) carrying out our obligations arising from any contracts entered into between you and us;
(d) allowing you to participate in interactive features of our service, when you choose to do so;
(e) designing and conducting surveys/questionnaires for client profiling/segmentation, statistical analysis, improving and furthering the provision our products and services;
(f) complying with laws and regulations applicable to us or any of our affiliates in or outside Australia;
(g) legal proceedings, including collecting overdue amounts and seeking professional advices;
(h) researching, designing and launching services or products including seminars/events/forums;
(i) marketing; or
(j) purposes directly related or incidental to the above.
3.2 We intend to use your data in direct marketing and we require your consent (which includes an indication of no objection) for that purpose. By using our site, unless you tell us otherwise, you agree that:
(a) your name, contact details (including address, contact number, email address),
products and services information, transaction pattern and behaviour, background and demographic data held by us from time to time may be used by us in direct marketing;
(b) the following classes of services, products and subjects may be marketed to
(i) services and products related to our site and/or our affiliates (including marketing affiliates programs we are a part of);
(ii) reward, loyalty or privileges programmes, promotional offers and related services; and
(iii) invitations to events such as seminars/webinars/tele-seminars, conferences, live programs or events.
(c) We may conduct direct marketing via fax, email, direct mail, telephone and
other means of communication or send e-newsletters to you. You may choose
not to receive promotional materials, by simply telling us (see below for contact
details), and we will cease to do so, without charge.
4. Disclosure of your information
We will keep the personal data we hold confidential but may provide information to:
(a) personnel, agents, advisers, auditors, contractors, financial institutions, and
service providers in connection with our operations or services;
(b) our offices, affiliates, business partners and counterparts (if any);
(c) persons under a duty of confidentiality to us;
(d) persons to whom we are required to make disclosure under applicable laws
and regulations in or outside Australia; or
(e) actual or proposed transferees or participants of our services in or outside
5. Cookies and other tracking technologies
5.2 You can block cookies by activating the setting on your browser that allows you to refuse all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
6.1 All information you provide to us is stored on our secure servers. Any payment
transactions will be encrypted using SSL technology. Where we have given you (or where
you have chosen) a password which enables you to access certain parts of our site, you
are responsible for keeping this password confidential. We ask you not to share a
password with anyone.
6.2 Unfortunately, the transmission of information via the internet is not completely secure.
Although we will do our best to protect your personal data, we cannot guarantee the
security of your data transmitted to our site; any transmission is at your own risk. Once we
have received your information, we will use strict procedures and security features to try to
prevent unauthorised access.
7. Notifiable data breaches
From 22 February 2018, data breaches that are likely to result in serious harm must be reported to affected individuals and the Office of the Australian Information Commissioner (OAIC), except where limited exceptions apply. For the purposes of the GDPR, certain types of data breaches must also be reported to affected individuals if the breach is likely to result in a high risk of adversely affecting individuals' rights and freedoms. In addition, the GDPR requires organisations to report certain types of data breaches to the relevant supervisory authority. We will notify affected individuals, the OAIC and relevant supervisory authorities of any data breach where we are required to do so in accordance with our legal obligations.
8. Offshore data transfers
8.1 We may transfer your personal data to our contractors and service providers who assist us with providing our products and services to you, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance.
8.2 Provided that we comply with applicable law, including the provisions of Australian Privacy Principle 8 (Cross-border disclosure of personal information), and the GDPR – in relation to GDPR Data, we may transfer your personal data to our offshore contractors and service providers as well, who may be located outside the European Union (EU) or the European Economic Area (EEA). At present, we do not transfer personal data out of Australia.
8.3 We will only engage new third parties to process GDPR Data that you instruct us to process as a processor on your behalf if you have authorised us to do so pursuant to a specific or general written authorisation and otherwise in compliance with the requirements of the GDPR.
9. Your consent and rights
9.1 By using our service, making an application or visiting our website, you consent to the
collection and use of your information and other activities as outlined in this policy.
9.2 Under the Privacy Act (the "Act"), individuals have the right:
(a) to check whether we hold personal data about you and to access such data;
(b) to require us to correct as soon as reasonably practicable any data relating to
you that is inaccurate;
(c) to ascertain our policies and practices in relation to personal data and the kind
of personal data held by us; and
(d) to withdraw your consent to the use of your personal data for marketing
purposes and we shall not use your personal data for marketing purposes after
you communicate your withdrawal of consent to us.
9.3 You may exercise your opt-out right by notifying us if you wish to withdraw your consent to the use of your personal data for direct marketing purposes.
10. Your rights under the GDPR
Under the GDPR, you have a number of rights, including:
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- rights in relation to automated decision making and profiling.
Please contact us if you wish to exercise any of your rights under the GDPR. We will handle all such requests in accordance with our legal obligations. If you withdraw your consent for processing, object to the processing of your personal data or request us to erase your personal data and as a result it is not possible or practical for us to continue providing you with our services, we may elect to terminate our business relationship with you.
Please send requests to optout and for access to data, correction of data, information regarding policies and practices and kinds of data held, questions or complaints to:
1.32/90-96 Bourke Rd, Alexandria NSW 2015
(02) 8399 5122
In accordance with the Act, we have the right to and may charge a reasonable fee for
processing any data access request.
If you are not satisfied with the outcome of a complaint or you with to make a complaint about a breach of the Australian Privacy Principles you make refer the complaint to the Office of the Australian Information Commissioner (OAIC) who can be contacted using the following details:
Call: 1300 363 992
Address: GPO Box 5218, Sydney NSW 2001
In relation to GDPR Data, you may lodge a complaint with any relevant supervisory authority.
Last updated: March 2020