-->
Effective Date: 14 March, 2024
Last Updated on: 23April 2024
The DIY Privacy Commitment to You
About DIY
Scope of this Privacy Notice
Photos
Children’s Data and Health Data
Collection of Personal Data and Our Use
How and where does DIY collect Data?
We collect Data from a variety of sources
What types of Data do we collect?
How we use the Data
Disclosure of Personal Data
Sometimes Information is Vital
Other People’s Privacy
Use of Personal Data in the US and Elsewhere
Security
Data Retention
Data We Collect
Use of Personal Data
of Personal Data
Your Rights and Choices
Right to Know and Data Portability
Right to Delete and Correct
Exercising Your Rights to Know or Delete
Do Not Sell or Share My Personal Data – Opt-Out Rights
Response Timing and Format
Not Track or Global Privacy Setting
Non-Discrimination
The Cookie Notice
What is a Cookie?
Your Choices Regarding Cookies
Cookie Preferences Selection
Browser Settings
Industry Programs
How Long Do Cookies Last?
What Cookies Does DIY Use & Why?
Strictly Necessary Cookies
Functional Cookies
Analytics Cookies
Targeting Cookies
Inabox is owned and operated by DIY Resolutions PTY LTD, an Australian owned business and part of the Australian Homeware Enterprises PTY LTD family of companies and brands. We have had such wonderful success in Australia and New Zealand that we are now launching our storage solutions and mobile app, “Organise by Inabox” (the App), in the United States. Our storage and organization solutions include our website https://inaboxsolutions.com.au (Site), the actual boxes and storage containers from Inabox, and our innovative digital system and App to help you track and find your belongings (our Services). Please note, certain Services mentioned specifically in this notice may not be immediately available on the Site or App at this time. Because DIY’s digital tools require personal information to help you stay organized, we want to provide you with information and be clear about what we do with the data we collect through our Services and during other communications with us. In this Privacy Notice (Notice), we work to be clear to build trust in us regarding the collection and use of any personal information provided to us (Personal Data or Data).
For purposes of this Notice, “DIY,” “Inabox,” “we,” “us,” or “our,” refer to and include the companies and brands of Australian Homeware Enterprises PTY LTD (for more about us, please see Section G below). DIY was founded in Australia and now offers products in the US. DIY works hard to do things in an orderly, organized and correct way, offering solutions and services to home-organizing enthusiasts in Australia, New Zealand, the UK and now to customers in the US. Note “DIY” or “Inabox” as used in this Notice refers to our Services in the US, and not our businesses in the rest of the world.
Our goal is to help consumers organize their homes and keep track of their stuff with affordable, durable, and on-trend pieces. DIY strives to continually improve so customers look forward to shopping with us and using our Services. We believe that to do this, we must also communicate clearly with our customers, which includes providing this Notice, so users know what Personal Data we have, where it goes, and what the Data is used for.
DIY collects personal information relating to or that identifies individuals (again, Personal Data or Data) from several sources. This Privacy Notice describes how DIY collects, uses, discloses, and safeguards that Data. Unless otherwise indicated, DIY follows this Notice with respect to Data obtained from or about individuals in the United States.
This Notice only applies to DIY Services where we determine why and how we use the Personal Data we collect to deliver the Services including sales of products, customer service, marketing, or other legitimate business purposes, and how in that capacity we act as the “Controller” of the Data we collect. To be clear, this Notice does not cover Data our customers collect and share with DIY where we are not the Controller, but rather a “Processor” or “Service Provider.” Additionally, the App, the Site, or any of our communications may contain links to other sites (such as social media websites), applications, and services from third parties which we have no control or authority over. The privacy and data security practices of those third-party sites are governed by the privacy notices of those third parties, and not DIY.
The App works in conjunction with physical QR code stickers to help individuals effortlessly organize and track their belongings. When utilizing the QR code feature as part of the Services, our customers have the option to take or upload pictures and link them to a QR code sticker affixed to a DIY storage container. We will collect and store the information shared with us, including any Personal Data captured in photos provided through the App. While storing photos linked to QR stickers is a crucial part of our Services, we store the images only to enable a user to access them as part of our Services. Photos uploaded by App users are accessible only by the account holder. DIY does not access, use or analyze data within photos.
The App and Services are for adults only. To use our App or Services, a user must be at least eighteen (18) years of age or the age of majority, whichever is older, in the jurisdiction of residence. If you are an adult, please restrict children from downloading our App or creating an account. Our Services, including the App, are not geared or in any way directed to individuals under the age of eighteen (18) and we do not intentionally or knowingly collect information from or about children under eighteen (18). If your child or information about your child has been captured in a photo shared with DIY, or if Data about your child has been shared with us without parental consent, please contact us by emailing privacy@austbrush.com.au or by any method identified in the “How to Contact Us“ section, and we will take steps to delete that Data from our systems.
Likewise, we do not intentionally collect health data. If health data has been captured in a photo provided to us or shared with us in any way, please notify us by emailing privacy@austbrush.com.au or by any method identified in the “How to Contact Us“ section, and we will take steps to delete that Data from our systems.
The Personal Data we collect is generally determined by the user and their interaction with us, our partners, publications, and other resources. DIY works with service providers to host its Site and App, manage and present web-store content to Site visitors, process and fulfill any orders, market our Services, and process payments. While DIY does not sell Personal Data in the traditional sense of the word “sell,” we do utilize third-party service providers for marketing efforts across the internet, including social media platforms. You can Opt-Out of Sale or Sharing of your Data with third-party marketing and other non-essential uses here in our Preference Center, and learn more about such uses in our Cookie Notice, here.
DIY collects Personal Data from job candidates, potential customers, customers, participants at our events (in-person or virtual), business partners and vendors and their employees, advisors, contractors, and other individuals who use our Services on others behalf (collectively, Individuals) who:
i. Visit and/or shop at our Site;
ii. Visit and/or shop at third-party vendor locations, including online storefronts such as eBay, Bunnings, MyDeal, and others;
iii. Receive or send communications from or to us, including but not limited to email, phone calls, texts, and mail;
iv. Use the App to take or store photos containing Data, though DIY does not access or use that Data;
v. Use our Services as a customer or authorized user (for example logging into your account);
vi. Register for, attend, and/or take part in our events, promotions, contests, etc.;
vii. Report a problem with our Site, Services, or App;
viii. Communicate with us using the “Contact Us” web form on the Site;
ix. Interact with the content we post on social media;
x. Apply to work with us, view, or share job postings;
xi. Download or otherwise engage with the App, content, or publications;
xii. Submit an inquiry about the App or QR stickers, or for support or information;
xiii. Participate in online or recorded meetings or events;
xiv. Engage with our customer service, sales team, or our other DIY employees; or
xv. Work at a partner or supplier of ours and interact with DIY in the course of doing business or contemplating doing business with us.
i. The person who is the subject of the Personal Data;
ii. Publicly available sources (such as voting record, business information, social media);
iii. Service providers;
iv. Business partners and/or vendors;
v. Third-party advertisers;
vi. Social media posts and interactions on our accounts;
vii. The device used when you download or use the App or visit the Site.
i. Identifying Information: We collect this type of Data when you create a profile, make a purchase, take advantage of offers, or communicate with us. For example, name, zip code, email, telephone number(s), birthdate, and security question answers. When you contact us via the DIY email address, we will collect your contact information and any information included in your email.
ii. Event Information: This information is gathered when a user signs up for events, such as contact information and mailing address.
iii. Sensitive Data Not for Inferring Characteristics: We collect user names and passwords to protect our Services and your security and to the extent permitted or required by applicable law.
iv. Demographic Information: We will collect this information when a user takes part in a contest, promotion, or survey. We might collect for instance, gender or zip code.
v. Device Information: We collect device information when you visit the Site, use or download the App, or open our emails. We might collect information about the device used to access our App, including IP address, or mobile operating system.
vi. Location Information: We collect Data about location when or if a device is set to allow disclosure of location information. Please see our Cookie Notice for more information.
vii. Commercial Information: We collect this information when a purchase is made. For example, details about the products purchased, obtained, or considered, as well as other purchasing or consuming histories or tendencies.
viii. Internet or other Network Activity Information: This type of Data is collected when a user visits the Site, uses our App, opens an email from us, or interacts with our other technologies. This Data is either automatically collected or is customer-initiated. For example, browsing history, search history, and other information regarding interactions with our Site or App.
ix. Other Information: We may look at how often a user uses the Site or App and where it was downloaded or accessed from based on IP address. This information includes things such as pages and files viewed, operating system, searches, system configuration, and date/time stamps associated with usage. When someone calls our customer service team, we record calls for quality assurance and operational purposes.
Like most websites and other places on the Internet, our Site and Services may use cookies, web beacons, pixels and/or other technologies (collectively, cookies) to gather information. To read more about if or how we use cookies, please visit our Cookie Notice. You can manage your consent to the Personal Data we collect on our Site by visiting our Cookie Preferences Center, here.
DIY collects Personal Data for a number of purposes, including but not limited to the following:
i. Product and Services fulfillment.
1. Complete, fulfill, manage, and communicate about purchases;
2. Communicate about the App, the Services, the Site, or any experience and feedback related to the Services, etc.;
3. Set up and service a user account;
4. Provide customer service and alert a user about features and functions in our Services; and
5. Enhancing our products and Services.
ii. Internal operations.
1. Improve the effectiveness of our Site, App, merchandise, inventory, third-party vendors, and customer service;
2. Conduct research and analytics for our operations and Services; and
3. Perform other logistics and operation activities as needed.
iii. Payment Processing.
1. Processing customer payments;
2. Address inquiries or requests about purchases with us or a third-party store front.
iv. Security, compliance, legal obligations and fraud prevention.
1. Protect our assets (on and offline) and prevent fraudulent activities;
2. Validate credentials and authenticate users logging into the App or account;
3. Protect the security and integrity of our Services and our data; and
4. Assist law enforcement and respond to legal/regulatory inquiries, if necessary.
v. Marketing, promotions and advertising.
1. Send our information about our products, Services, and promotions like personalized offers in email;
2. Personalize online content so it applies to customer interests;
3. Spot customer items and shopping preferences;
4. Track activity on our Site, the products you are interested in, how often you visit our or affiliate sites, etc., and
5. Oversee contests, promotions, or surveys.
We may disclose Personal Data to vetted third parties for certain purposes, including the following:
i. General Business Purposes: We may share Data with consultants and service providers for customer or technical support, sales, operations, account management, and legitimate general business purposes.
ii. Compliance with the Law: We may disclose information to a third party where legally required to comply with applicable laws, regulations, legal processes, or government requests.
iii. Protection of our Rights: We may disclose Data to protect or exercise, establish, or defend our legal rights.
iv. Business Transfers: We may share or transfer Data to support negotiations of or for a merger, sale of company assets, financing, or acquisition of all or a portion of our business.
v. Managing Events: Managing Events: If you use our Site to register for an event organized by a partner, we may share your Data with that partner to process your registration and participation in the event; when this happens, our partner will process the Data as a separate Controller and their use and control over your Personal Data will be governed by their privacy notice and policies.
vi. Receiving Professional Advice: In certain instances, we may share Personal Data with professional advisers acting as Processors or joint Controllers, including lawyers, bankers, auditors, and insurers where we operate, who provide their professional services, but only to the extent we are legally obliged or have a legitimate interest in sharing information.
vii. Publicly Shared Information: Any Personal Data or other data you choose to submit in communities, forums, blogs, social media, or elsewhere may be read, collected, and used by others who visit these places, depending on account settings.
Where we need to collect and use Personal Data by law, or to complete a transaction or fulfill a contract with you, and you fail to provide the Data required, such a deficiency is likely to prevent us from meeting our obligations.
If you as a user provide us with Personal Data relating to another person, you must first confirm you have informed them of our identity and why their Personal Data is required, as well as how it will be used. The other person must have given consent to you in order for you to share their information with us. THEY have to consent. Please know you may not and cannot consent for them.
Our App’s servers are located in the US, and our third-party service providers and partners have disclosed their data processing occurs in Australia, Europe and the US. This means when we collect Personal Data, it may be processed outside the US in Australia and in Europe. Regardless of where Data is used, stored, or processed, we employ measures designed to reasonably protect the Personal Data we hold, including maintaining the security of our systems and employing commercially reasonable measures such as encryption and limiting access.
We use appropriate technical, organizational, and administrative security measures designed to protect the security, confidentiality, and integrity of information.
DIY will retain the Personal Data we collect from our customers in connection with use of the Services for the length of time necessary to complete our relationship with them, or as long as there is an ongoing legitimate business need to do so and we have a valid reason to use the Data. We determine the length of our retention periods for Data on the basis of the purposes for the information; the amount, nature, and sensitivity of the information used; any potential risk from unauthorized use or disclosure of that Data; and whether we can achieve the purposes through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).When we have no ongoing legitimate business need to process a user’s Personal Data, we will either delete or anonymize it or, if this is not possible (for example, because it is stored in backup archives), we will securely store and isolate it from further processing until deletion is possible.
You may have the following privacy rights under applicable law:
1. If you wish to access, correct, update, or request deletion of Personal Data, please contact us by sending an email to privacy@austbrush.com.au or by using the contact details provided under the “How to Contact Us“ heading below. We will of course need to verify you are who you say you are before we provide any access to anyone’s Personal Data. If you do have an inquiry, please provide us with the following:
a. your name;
b. type of request;
c. approximate data of collection of the information; and
d. a valid email address to contact you.
2. We provide additional information below for residents of US states with applicable state privacy laws who wish to submit access, correction, or deletion requests. DIY does not use or process Personal Data that would subject a person to a decision based solely on automated processing, including profiling, that produces legal effects (Automated Decision-Making). Automated Decision-Making currently does not take place on our Site or in or as part of our Services.
3. Residents of certain states have the right to opt-out of marketing communications, which you may do at any time by visiting our Preference Center, here. You can also exercise this right by clicking on the “Unsubscribe” link in the marketing communications we send or by using the contact details provided under the “How to Contact Us“ heading below. Please note opting-out of the receipt of marketing communications from us does not opt-you-out of receiving important business communications related to your current relationship with us, such as communications about your purchases, shipping, service announcements, or security information.
4. While DIY does not sell Personal Data in the traditional sense of the word “sell” DIY does share or disclose Data to third parties for behavioral advertising or targeting purposes. You may have the right under your State Privacy Law to “Opt-Out of Sale or Sharing” of this type of sharing and disclosure, and you may do so here in our Preference Center. You can learn more about such Data use in our Cookie Notice, here.
5. If we have collected and used your Data with your consent, you can withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the use conducted in reliance on lawful processing grounds other than consent.
6. Our site does not recognize the Global Privacy Control (GPC) signal. The GPC is a browser setting that allows consumers to opt-out of targeted advertisements and/or the sale of Personal Data through a pre-determined signal. The GPC allows you to make a single opt-out request that applies to all websites that are able to recognize the signal. The Site at this time is unable to recognize such a signal.
If you seek to exercise your privacy rights or options with respect to our Services, please contact us through any of the available methods listed under the “How to Contact Us” section at the end of this Notice.
This section of our Privacy Notice supplements the information above and applies to those consumers who reside in a state in the US with an active and enforceable data privacy law (consumers or you). The enforceable privacy laws at the time of publication of this Notice include the laws of California (California Consumer Privacy Act (CCPA)), Virginia (Virginia Consumer Data Protection Act (VCPA)), Connecticut (Connecticut Personal Data Privacy and Online Monitoring Act (CTDPA)), Utah (Utah Consumer Privacy Act (UCPA)), and Colorado (Colorado Privacy Act (CPA)) (collectively, State Privacy Law), and will be adjusted to include others in the future.
The terms used in this Notice will have substantially the same meanings as those in applicable State Privacy Law, to the extent they are able to be reasonably interpreted in comity and uniformity with each other.
Data We Collect
As noted above in Section A, we collect Data that identifies, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular consumer (Personal Information or Personal Data or Data). Personal Data, however, does not include:
a. Publicly available information.
b. De-identified or aggregated consumer information.
c. Information excluded from most State Privacy Laws’ scope, such as:
i. health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data;
ii. personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994;
iii. data collected in the business-to-business (B2B) context (except for California consumers, as defined under the California Consumer Privacy Act); and
iv. data collected in the human resources (HR) context.
DIY has collected the following categories of Personal Data from consumers within the last twelve (12) months:
Category | Examples | Collected |
---|---|---|
A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. | Yes |
B. Personal information categories listed in the California Customer Records statute. | A name, signature, address, telephone number, driver’s license, education, employment, or employment history. Some Personal Data included in this category may overlap with other categories. | Yes |
C. Protected classification characteristics under state or federal law. | ONLY FOR PURPOSES OF JOB APPLICANTS: Age, citizenship, marital status, sex, or veteran or military status. | No |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Yes |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, face-prints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | No |
F. Internet or other similar network activity. | Browsing history, search history, or information on a consumer’s interaction with a website, application, or advertisement. | Yes |
G. Geolocation data. | Physical location or movements. | Yes. However, this is not” precise” geolocation as defined under applicable laws. |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | Yes, limited to customer service recordings. |
I. Professional or employment-related information. | Current or past job history or performance evaluations. | Yes, limited to the employment context |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | No |
K. Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | Yes |
Directly from you, from forms completed or products and Services purchased;
From publicly available sources, such as a voting record or business information;
Indirectly from you, including observing actions on our App;
From business partners or vendors, such as at events, conferences, and business contacts.
2.Use of Personal Data
In the past twelve (12) months, we may have used or disclosed the Personal Data we collected from consumers for one or more of the following purposes:
To fulfill or meet the reason you provided the information. For example, if a name and contact information was shared to inquire about a price or ask a question about our products or Services, we will use that Data to respond to that inquiry.
To provide, support, personalize, and develop our products, Site, and Services.
To create, maintain, customize, and secure your user account with us.
To process any requests, purchases, transactions, payments and prevent fraud.
To provide support and respond to inquiries, including to investigate and address any concerns and monitor and improve our responses.
To personalize experiences on our Site and Services and deliver content, product, and Services relevant to your interests, including offers via email.
To maintain the safety, security, and integrity of our Site, products, Services, databases and other technology assets, and business.
For testing, research, analysis, and product development, including to develop and improve our Site, App, products, and Services.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
As described when collecting your Personal Data.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by us is among the assets transferred.
We will not collect additional categories of Personal Data or use the Data collected for materially different, unrelated, or incompatible purposes without providing notice and obtaining consent where necessary.
3.Disclosure of Personal Data
We may disclose Personal Data by providing it to a third party for a valid business purposes under a written contract that describes the purposes of the Data use, requires the recipient to keep the Data confidential, and prohibits use of the disclosed Data for any purpose except performance of the contract. In the preceding twelve (12) months, DIY has disclosed Data for certain business purposes to the categories of third parties identified in the table below.
DIY does not sell Personal Data in the traditional sense of the word “sell.” Note, however, that we do share or disclose Data to third parties for behavioral advertising or “targeting” purposes, which is considered a “sale” of Data under certain State Privacy Law. You may have the right to “Opt-Out of Sale or Sharing” for targeted advertising based on your State Privacy Law, and may do so here in our Preference Center. You can learn more about this type of Data use in our Cookie Notice, here.
Personal Data Category | Category of Third-Party Recipients | |
---|---|---|
Business Purpose Disclosures | Sales | |
A: Identifiers. | Marketing and advertising service providers and vendors; security services; payment and chargeback processors; suppliers; mailing and shipping services; government entities and law enforcement, if necessary; employee-related service providers; affiliates | Not for traditional “sale” of data. DIY does “share” Identifiers for targeted advertising with marketing and advertising service providers and vendors. |
B: Customer Records Personal Data categories. | Marketing and advertising service providers and vendors; security services; payment and chargeback processors; suppliers; mailing and shipping services; government entities and law enforcement, if necessary; employee-related service providers; affiliates | Not for traditional “sale” of data. DIY does “share” information for targeted advertising with marketing and advertising service providers and vendors. |
C: Protected classification characteristics under state or federal law. | Not collected. Not disclosed. | Not collected. Not disclosed. |
D: Commercial information. | Supplier sales and marketing representatives, marketing and advertising service providers and vendors; government entities and law enforcement, if necessary; affiliates. | Not for traditional “sale” of data. DIY does “share” information for targeted advertising with marketing and advertising service providers and vendors. |
E: Biometric information. | Not collected. Not disclosed. | Not collected. Not disclosed. |
F: Internet or other similar network activity. | Marketing and advertising service providers and vendors; security services; suppliers; government entities and law enforcement, if necessary; employee-related service providers, affiliates. | Not for traditional “sale” of data. DIY does “share” information for targeted advertising with marketing and advertising service providers and vendors. |
G: Geolocation data. | Not precise geolocation data; general location used for marketing and advertising service providers and vendors; security services; government entities and law enforcement, if necessary; affiliates. | Not for traditional “sale” of data. DIY does “share” information for targeted advertising with marketing and advertising service providers and vendors. |
H: Sensory data. | Limited to customer service recordings. | No. |
I: Professional or employment-related information. | Employee-related service providers; affiliates; Limited to the employment context. | No |
J: Non-public education information. | Not collected. Not disclosed. | Not collected. Not disclosed. |
K: Inferences drawn from other Personal Data. | Marketing and advertising service providers and vendors; security services; suppliers; government entities and law enforcement, if necessary; affiliates | Not for traditional “sale” of data. DIY does “share” information for targeted advertising with marketing and advertising service providers and vendors. |
4.Your Rights and Choices
The State Privacy Laws provide consumers (the state residents) with specific rights regarding their Personal Data. This section describes consumer rights under applicable laws and explains how consumers may exercise those rights. However, some of the State Privacy Laws do not apply to Personal Data collected in the business to B2B or HR context.
We will not process privacy rights requests where these exceptions apply.
a. Right to Know and Data Portability
If you are protected by applicable law, you have the right to request access and disclosure of certain information about our collection and use of your Personal Data over the past twelve (12) months as well as to have a copy of that Data (collectively referred to here as the right to know). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will disclose the following information to you:
i. The categories of Personal Data we collected about you.
ii. The categories of sources for the Personal Data we collected about you.
iii. Our business or commercial purpose for collecting the Personal Data.
iv. The categories of third parties with whom we share the Personal Data.
v. If we disclosed your Personal Data for a business purpose, in separate lists disclosing:
sales, identifying the Data categories each category of recipient purchased; and
disclosures for a business purpose, identifying the Data categories each category of recipient obtained.
vi. The specific pieces of Personal Data we collected about you.
vii. A copy (if requested) of the Personal Data collected and maintained in a commonly used electronic format.
b. Right to Delete and Correct
If you are protected by applicable law, you have the right to request that we delete or correct the Personal Data collected or maintained about you, subject to certain exceptions (collectively referred to here as the right to delete). Once we receive a request and confirm the identity of the requestor (see Exercising Your Rights to Know or Delete), we will review the request to see if an exception allowing us to retain the Data applies. We may deny a deletion request if retaining the information is necessary for us or our Service Provider(s) to:
i. Complete the transaction for which we collected the Data, provide a good or Service requested, take actions reasonably anticipated within the context of our ongoing business relationship with the consumer, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with any consumer.
ii. Detect security incidents; protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for such activities.
iii. Debug products to identify and repair errors that impair existing intended functionality.
iv. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
v. Comply with applicable state law, including the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
vi. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if informed consent was previously provided.
vii. Comply with a legal obligation.
Upon receipt of your verifiable request, we will delete or de-identify and/or correct Personal Data not subject to one of these exceptions from our records and will direct our service providers to take similar action.
NOTE: Deletion of our App from your device will not delete Personal Data held by DIY about you from DIY’s systems. To delete your Data from DIY’s systems to the extent we are able to do so, please submit a request to delete to DIY, as provided in the Exercising Your Rights to Know or Delete section below.
c. Exercising Your Rights to Know or Delete
To exercise the rights to know or delete described above, please submit a request by either:
i. Calling us at 1800 913 219
ii. Emailing us at privacy@austbrush.com.au
iii. Submitting a deletion request through the secure web form available to account holders at https://inaboxsolutions.com.au/app-account.
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Data. You may only submit a request to know twice within a twelve (12) month period. Your request to know or delete must:
a. Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative; and
b. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
c. We cannot respond to your request or provide Personal Data if we cannot verify your identity or authority to make the request and confirm the Data relates to you. An account does not need to be created with us to submit a request to know or delete; however, we do consider requests made through a password protected account sufficiently verified when the request relates to Personal Data associated with that specific account.
We will only use Personal Data provided in the request to verify the requestor’s identity or authority to make it.
d. Do Not Sell or Share My Personal Data – Opt-Out Rights
DIY Does Not Outright “Sell” Personal Data.
We do not collect the Personal Data of consumers and sell Personal Data in the traditional sense of the word “sell.” DIY does, however, share (see below) Data in a way that is considered a “sale” under certain State Privacy Laws.
DIY Does Engage in the “Sharing” of Personal Data for Targeted Advertising
DIY does utilize third parties to conduct cross-contextual behavioral advertising (targeted advertising) on our behalf. Your State Privacy Law may provide you with the right to Opt-Out of the Sale or Sharing of your Personal Data, including any for targeted advertising. The CCPA, for instance, defines “sharing” to include certain sharing of your Personal Data for purposes of serving you advertisements that are relevant to you based on your activity across our services and other sites. Like many companies, we use services to help deliver interest-based ads to you, and our Site may use cookies or similar technologies which allow advertising partners to collect your Personal Data for our or their benefit. On our Site, we provide you with the right to Opt-Out of the Sale or Sharing of your Personal Data via our Cookie Preferences Center, which provides you the notice and the opportunity to opt-out of our use of those cookies which would follow your use and behavior across our Site and the internet.
To Opt-Out of the Sale or Sharing (or to change your mind after opting-out), you may limit or adjust your Data collection preferences by accessing our Cookie Preferences Center, here.
Please note certain cookies and other technologies are used to allow our Site to securely operate, provide you a better shopping experience, and facilitate purchases you may choose to make from DIY. Those essential, functional, and analytic technologies provide you with a more efficient and functional experience, and help us to understand how you navigate and use our Site. When you refuse those supporting technologies, it will affect how our Site functions and whether our Site recognizes you as a prior user or not.
Also, some transfers of your Personal Data may not be considered “sharing,” and certain exemptions may apply under State Privacy Law. Your choices do not affect other disclosures of your Personal Data, as outlined in this Privacy Notice, such as when we process payments, provide services to you, or prevent fraud.
DIY does not collect “sensitive” data from consumers as that is defined under most State Privacy Law except under the CCPA, which includes a user name and password as a “sensitive” data category. However, this category of sensitive Personal Data collected by us is collected or processed to provide Services requested by the customer, not for the purpose of inferring characteristics about the consumer and is thus not subject to requests to limit under applicable law.
e. Response Timing and Format
We will confirm receipt of your request to know or delete within ten (10) business days. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the Data from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
5.Do Not Track or Global Privacy Setting
The Global Privacy Control (the “GPC”) signal is a browser setting that allows consumers to opt-out of targeted advertisements and/or the sale of Personal Data through a pre-determined signal. The GPC allows one to make a single opt-out request that applies to all websites that are able to recognize the signal. DIY is not able to recognize the GPC signal at this time. Please note we are working to do so and will update this policy as soon as we are able to implement this functionality. Please note you may Opt-Out of the Sale or Sharing (or to change your mind after opting-out) to limit or adjust your Data collection preferences by accessing our Cookie Preferences Center, here.
To learn more about browser tracking signals and Do Not Track, please visit https://www.allaboutdnt.com.
6.Non-Discrimination
We will not discriminate against you for exercising any of your privacy rights under applicable law. However, we may offer you certain financial incentives that can result in different prices or rates. Any permitted financial incentive we offer will reasonably relate to the Personal Data’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent that you may revoke at any time by via one of the methods in the “How to Contact Us” section below.
We will update and amend this Notice when needed, which may occur at any time. When we make changes to this Notice, we will post the updated Notice on our App and update the effective date. Continued use of our App following the posting of changes constitutes notice of and acceptance of such changes.
The Australian Homeware Enterprises PTY LTD is an Australian-based company consisting of several affiliate companies and their brands. We pride ourselves on building effective, durable and innovative products and services, all intended to help people live and build an amazing life. For purposes of this Notice, when we use “Inabox,” “we,” “us,” or “our,” we are referring to and including all of the companies under Australian Homeware Enterprises PTY LTD ownership, governance and control, which include the following
Brands
Inabox
Kaboodle Kitchen
Monarch
Groove Furniture
Flatpax
Connected Spaces
Pro Renovator
DIY Resolutions Pty Ltd
Australian Brushware Corporation
Australia Homeware Enterprise Pty Ltd
Hardware Lane Distributors Ltd
Asia International Trading Company Ltd
If you have questions or comments about this Notice or the ways in which DIY collects and uses Personal Data it processes, please do not hesitate to contact us at:
Phone Number: 1800 913 219
Email Address: privacy@austbrush.com.au
Postal Address:
DIY Resolutions PTY LTD
Attn: Privacy Officer
P.O. Box 338
Somerton VIC 3062
Australia
If you need to access this Notice in an alternative format due to having a disability, please contact info@austbrush.com.au
1.The Cookie Notice
DIY respects the privacy of visitors using our Site. This Cookie Notice is part of our Privacy Notice and provides you with clear and detailed information about the cookies and other technologies we use and our purposes for using them.
Like most other sites, our Site uses cookies in combination with other code such as pixels, scripts, tags, and beacons (collectively referred to herein as cookies) to distinguish you from other users of our Site. You can find out more about the different types of cookies used on our Site below. You should be aware that refusing certain types of cookies may impact your experience of our Site. You can change your preferences at any time by visiting our Cookie Preferences Center, here.
2.What is a Cookie?
A cookie is a small file of letters and numbers a website asks your browser to store on your device. Cookies store bits of information used to help make our Site work. Cookies set by DIY are called “first-party cookies” (e.g. cookies placed by https://inaboxsolutions.com.au). We also use third-party cookies, which are cookies set by a domain other than the current site you are visiting. Additional information about cookies is available at: www.whoishostingthis.com.
3.Your Choices Regarding Cookies
a. Cookie Preferences Selection
You have the option of changing Cookie Preferences when you first visit DIY’s Site through our Cookie Preferences Center, found here, or by clicking on the Cookie Preferences Center link at the bottom of this Notice. When you visit our Site, strictly necessary cookies will be placed on your device so our Site is able to function. You will be asked to consent or agree to other cookies via the Cookie Preference Center. You can give consent by clicking on the appropriate button, or by setting your preferences when prompted.
b. Browser Settings
Some browsers allow a “do not track” (DNT) setting to request that a web application disable its tracking of a user. When you choose to turn on the DNT setting in your browser, your browser will send a signal to websites, analytics companies, ad networks, and other web services to stop tracking your activity.
Internet browser cookie settings are usually found in the “settings,” “preferences,” or “options” menu of your browser. In order to understand more about these settings, the following links may be helpful. You can also use the “Help” option in your browser for more details.
The Site is unable to recognize Do Not Track opt-out preference signals at this time. Although our Site currently does not have the mechanisms to recognize all the various web browser Do Not Track signals, we do offer our customers choices to manage their cookie preferences as described in our Cookie Preferences Center, here..
Industry Programs
You can also take advantage of industry-sponsored programs allowing you to better manage how some companies advertise to you, including but not limited to the following resources:
The Global Privacy Control: https://globalprivacycontrol.org/
The Network Advertising Initiative’s Opt-Out page https://thenai.org/opt-out/
The Digital Advertising Alliance’s WebChoices tool https://optout.aboutads.info/
Additional information on cookies and online advertising choices are offered by:
Adobe Marketing Cloud: If you would like more information on how to remove yourself from the tracking and reporting functions performed by Adobe Marketing Cloud, please visit the Opt-Out page at https://www.adobe.com/privacy/marketing-cloud.html.
Google: For information on how Google Analytics uses data, please visit “How Google uses information from sites or apps that use our services,” located at https://policies.google.com/technologies/partner-sites.
4.How Long Do Cookies Last?
Except for Strictly Necessary cookies, the cookies we run on our Site will expire as follows:
Session cookies: They allow site operators to follow a user’s actions through a browser session. A browser session begins when a user opens the browser window and ends when the browser window is closed. Session cookies are temporary. Once the browser is closed, all session cookies are deleted.
Persistent cookies: These remain on a visitor’s device for a time period set by the cookie. They are activated each time a user visits the site that created that cookie.
5.What Cookies Does DIY Use & Why?
The cookies used on our Site are categorized as follows:
Strictly necessary
Functional
Analytics
Targetinga.
a. Strictly Necessary Cookies
These cookies are necessary for the Site to function and cannot be switched off in our systems. They allow you to move around the Site and use essential features. Without these cookies, we cannot provide the requested services.
We use Strictly Necessary Cookies to:
Distinguish humans from bots;
To store your cookie consent preference for the Site;
To present Site content;
Identify and/or authenticate a user as being logged into the Site;
Ensure a user connects to the right service if a change is made; and
Security purposes.
You can set your browser to block or alert you about these cookies. However, if they are blocked, DIY cannot guarantee performance of the Site or security during a visit.
b. Functional Cookies
Functional cookies are used to enable enhanced functionality and personalization. Such cookies may be set by third-party providers whose services are added to our Site. Although important, these cookies are not required for your use of the Site. Without these cookies, certain functionality may become unavailable.
c. Analytics Cookies
Analytics cookies collect information about how you use our Site including pages visited and any errors experienced during your visit. Analytics cookies typically do not collect information that could specifically identify you and are only used to improve the Site, understand the interests of our users, and measure the effectiveness of content.
Analytics cookies are used for:
Web analytics: to provide anonymous statistics on how the Site are used; and
Error management: Improves the Site by measuring errors.
If you do not allow these cookies, we will not know when you have visited our Site nor be able to monitor their performance. Some analytics cookies are managed by third parties, such as Google Analytics.
d. Targeting Cookies
Targeting cookies are used to help attract customers with targeted ads and can be shared with other advertisers so the performance of the ads themselves can be monitored and measured. Targeting cookies can be used to build user profiles and for offering our customers the best suited ads for their needs. These cookies follow users across websites (for example, from Amazon to here, and back to Amazon) to show ads in banners or other sites online even after you have left this Site and moved to another.
Social media cookies and tags are used by us and social media platforms to enable users of the platforms to share content across our Site and theirs. We also work with social media platforms to deliver ads to you when you use these platforms. This targeting is done by the platform under its own terms of use.
Advertising cookies and tags are used by us, our service providers, and third parties to personalize the ads delivered to you on our Site and on other sites. These cookies collect data about online activity and allow ads to be displayed that may be of relevant interest to the user. These cookies also record which ads a user sees and whether a user engaged with the ad. These cookies help make sure that the ads you see are valuable to you and not repetitive.
If you do not add these cookies, then some of these services may not function properly.
Note: DIY does not request, require, or knowingly allow such third parties to use cookies for purposes other than those identified above.
Applicable State Privacy Laws may provide you with the right to Opt-Out of the Sale or Sharing of your Personal Data, including any for targeted advertising. The CCPA, for instance, defines “sharing” to include certain sharing of your Personal Data for purposes of serving you advertisements relevant to a user based on their activity across our Services and other sites. As noted above, we use cookies to help deliver interest-based ads to you, and our Site may them or similar technologies to allow advertising partners to collect your Personal Data for our or their benefit. On our Site, we provide you with the right to Opt-Out of the Sale or Sharing of your Personal Data via our Cookie Preferences Center, which provides you the notice and the opportunity to opt-out of our use of those cookies which would follow your use and behavior across our Site and the internet.
To Opt-Out of the Sale or Sharing (or to change your mind after opting-out), you may limit or adjust your Data collection preferences by accessing our Cookie Preferences Center, here.