Inabox U.S. Trial Period Privacy Notice

Effective Date:  14 March, 2024

Last Updated on: 14 March 2024

 

A. General Information

  1. Our Inabox App, Trial Services, and the DIY Privacy Commitment

Inabox is owned and operated by DIY Resolutions PTY LTD, an Australian owned business and part of the Australian Homeware Enterprises PTY LTD family of companies and brands (for more about us, please see Section G below. Inabox is such a wonderful success in Australia and New Zealand that we are now launching a limited release of our mobile app “Organise by Inabox” (the “App”) to give prospective customers in the United States, particularly their employees acting in the course of their employment, (“Retail Shops”, “you”, or “your”) the opportunity to experience our App firsthand, empowering them to fully evaluate our products and solutions for their Retail Shops (our “Trial Services”). DIY’s digital tools require personal information to help Retail Shops explore our App, which is designed to help organize personal items, belongings, and anything else to be stored and organized. We believe it is our responsibility to be clear about what we do with the information provided to us when there are communications with us or via the use pf our Trial Services. In this Privacy Notice (or “Notice”), we work to be clear to build trust in us regarding the collection and use of any personal information provided to us (“Personal Data” or “Data”) during the Trial Period.

 

  1. About DIY

For purposes of this Privacy Notice, “DIY,” “Inabox,” “we,” “us,” or “our,” refer to and include all of the companies under Australian Homeware Enterprises PTY LTD (see Section G, below). DIY was founded in Australia and is working to launch its products in the United States. DIY works hard to do things in an orderly, organized and correct way, offering solutions and services to home-organizing enthusiasts in Australia, New Zealand, the UK and now to Retail Shops in the U.S. during this Trial Period. Note “DIY” or “Inabox” as used in this Notice refers only to our Trial Services during the Trial Period effort in the US, and not our businesses in the rest of the world.

Our ultimate goal is to help consumers organize their homes and keep track of their stuff with affordable, durable, and on-trend pieces, all available at their local Retail Shop. DIY strives to continually find ways to improve so that customers look forward to finding our products at your Retail Shop. We believe that to do this, we must also communicate clearly with Retail Shops, which includes providing this Notice, so users know what Data we have, where it goes, and what is done with the Data we use.

 

  1. Scope of this Privacy Notice

This Privacy Notice applies only to Data collected from Retail Shops in connection with their use of the Trial Services during the Trial Period. For now, our App is available only to Retail Shops testing our Inabox products as part of their business offerings (the “Trial Period”). While our App’s Trial Services are accessible on the Apple Store and Google Play, during this Trial Period, the App and QR stickers are only functionally available to Retail Shops.

This Privacy Notice does not apply to data collected through our website. We will have a U.S. consumer Privacy Notice for the website when we launch our consumer services in the U.S. In the meantime, please refer to our Privacy Policy available at https://inaboxsolutions.com.au/privacy-policy to learn more about our practices and your Data options connected with use of our website.

DIY has not yet launched consumer Inabox products or a consumer directed App in the United States. This Notice does not address Data associated with any incidental DIY interactions with U.S. consumers. DIY is not marketing the Trial Services to U.S. consumers at this time, nor is DIY seeking information from U.S. consumers during the Trial Period. Because the Trial Services are not meant for U.S. consumers, this Notice does not apply to consumer data we may collect.

If you are not an employee of a Retail Shop, do not use the App or our Trial Services.

In addition to the distinctions above, this Notice only applies to DIY Trial Services where we determine why and how we use the Personal Data we collect during the Trial Period to deliver the Trial Services and customer service, marketing, or other legitimate business purposes connected with the Trail Services, and how in that capacity we act as the “Controller” of the data we collect. To be clear, this Notice does not cover any Personal Data our customers collect and share with DIY where we are not the Controller, but rather a “Processor” or “Service Provider.” Additionally, the App or any of our communications may contain links to other sites (such as social media websites), applications, and services from third parties which we have no control or authority over. The privacy and data security practices of those third-party sites are governed by the privacy notices of those third parties, and not DIY.

 

  1. Photos

The App works in conjunction with physical QR code stickers to help individuals more effortlessly organize and keep track of their belongings. When utilizing the QR code feature as part of the Trial Services, Retail Shops will have the option to take or upload pictures and link them to a QR code sticker affixed to a DIY storage container. We collect and store any information shared with us, including any Personal Data captured in photos provided through the App. While storing photos linked to QR stickers is a crucial part of our services, we store the images only to enable a user to access them as part of our services. We do not use or analyze the data within photos.

 

  1. Children’s Data and Health Data

The App and Trial Services are for adults only. To use our App or Trial Services, a user must be at least eighteen (18) years of age or the age of majority, whichever is older, in the jurisdiction of residence. If as a representative of a Retail Shop, you are an adult, please restrict children from downloading our App or creating an account. Our services, including the Trial Services, and our App, are not geared or in any way directed to individuals under the age of eighteen (18), and we do not intentionally or knowingly collect information from or about children under eighteen (18). If your child or information about your child has been captured in a photo shared with DIY, or if Personal Data about your child has been shared with us without parental consent, please contact us by emailing info@inaboxsolutions.com.au or by any method identified in the “How to Contact Us“ section, and we will take the steps needed to delete any such Data from our systems if so requested.

Likewise, we do not intentionally collect health data. If health data has been captured in a photo provided to us or shared with us in any way, please let us know by emailing info@inaboxsolutions.com.au or by any method identified in the “How to Contact Us“ section, and we will take the steps needed to delete any such Data from our systems if so requested.

 

B. Collection of Personal Data and Purposes of Use

 

  1. Collection of Personal Data and Our Use

During the Trial Period, DIY collects information relating to or that identifies individuals (again, “Personal Data” or “Data”) from several sources. The Personal Data we collect is generally determined by the user and their interaction with us, our partners, publications, and other resources. Retail Shops have access to QR code stickers free of charge for use with the Trial Services, and no payments will be processed by us or on our behalf in connection with your use of our Trial Services. During the Trial Period we are not utilizing third-party Service Providers for marketing across the internet, including any social media platforms. If and when we do this in the future, we will update this notice and consumers will be able to “opt-out” of third-party marketing and other non-essential uses of Personal Data in a preference center, or learn about any such use in a DIY Cookie Notice. However, at this time, our App does not use cookies with identifiable data in connection with the Trial Services, and the Personal Data collected during a Trial Period is limited to supporting any use of our Trial Services, our App, and providing other services or products we are asked to provide.

During the Trial Period, DIY will not sell Personal Data collected during the Trial Period in the traditional sense of the word “sell.” Any Data collected during the Trial Period will be segregated and limited in its purposes to only provide the Trial Services to you, and to help us manage and improve those Services to you.

After the Trial Period, we will not share or disclose Personal Data to third parties for behavioral advertising or “targeting” purposes without first obtaining any required consent to do so and providing an opportunity for a consumer to opt out.

If a user continues to use our services and product after the Trial Period as a consumer, we will provide an updated notice, alerting them to any changes in the processing of any Personal Data collected after the Trial Period in the event it is shared or disclosed to third parties for behavioral advertising or “targeting” purposes. At that time, we will provide a mechanism to “opt-out” of this type of sharing and or for behavioral advertising. We will also provide a Cookie Notice with information about how we use this type of Data.

 

a. How and where does DIY collect Data during the Trial Period?

During the Trial Period, DIY will collect Personal Data from Retail Shops and their representatives acting on their behalf in connection with the Trial Services when they:

  1. Receive or send communications from or to us, including but not limited to email, phone calls, texts, and mail;
  2. Use the App to take or store photos containing Personal Data;
  • Register for, attend, and/or otherwise take part in our events, promotions, contests, etc.;
  1. Download or otherwise engage with the App, content, or publications;
  2. Submit an inquiry about the App or QR stickers, or for support or information;
  3. Participate in online or recorded meetings or events;
  • Engage with our customer service, sales team, or our other DIY employees; or
  • Interact with DIY in the course of doing business or contemplating doing business with us.

b. We collect Data from a variety of sources, including but not limited to:

  • The person who is the subject of the Personal Data;
  • Publicly available sources (such as a voting record, business information, social media);
  • Service Providers; and
  • Business partners and/or vendors.

 

c. What types of Data do we collect?

  1. Identifying Information: We collect this type of Data when a profile is created, or for communications with regard to use of the Trial Services. For example, name, address, zip code, email, telephone and cell number(s), birthdate, and security question answers.
  2. Event Information: This information is gathered when a Retail Shop user signs up for events. Such as contact information and mailing address.
  3. Demographic Information: We will collect this information when a Retail Shop user takes part in a contest, promotion, or survey. We might collect for instance, gender or zip code.
  4. Device Information: We collect device information when the App is used or downloaded. We might collect information about the device used to access our App, IP address, or mobile operating system.
  5. Location Information: We collect data about location when or if a device is set to allow disclosure of location information.
  6. Commercial Information: We collect this information when a purchase is made. For example, details about the products purchased, obtained, or considered, as well as other purchasing or consuming histories or tendencies.
  7. Internet or other Network Activity Information: This type of data is collected when a Retail Shop user uses our App, or interacts with our other technologies. This data is either automatically collected or is customer-initiated. For example, other information regarding interactions with our App.
  8. Other Information: We may look at how often a Retail Shop user uses the App and where it was downloaded. When someone calls our customer service team, we record calls for quality assurance and operational purposes. This information also includes things such as pages and files viewed, operating system, searches, system configuration, and date/time stamps associated with your usage.

 

d.How We Use the Data

DIY is collecting Personal Data during the Trial Period for the exclusive purposes of evaluating the functioning of our Trail Services when used, improving our Trial Services, any legal compliance, security, business development aimed at fostering business relationships with Retail Shops in the United States. In furtherance of this purpose, DIY’s use of Personal Data includes but is not limited to the following:

  • Product and Service related purposes.
    1. Communicate about the App, the Trial Services, or any experience and feedback related to the Trial Services, etc.;
    2. Set up and service an account on the App;
    3. Provide customer service and alert a Retail Shop user about features and App functions; and
    4. Enhancing our products and services.

 

  • Internal operations.
    1. Improve the effectiveness of our App, merchandise, inventory, third-party vendors, and customer service;
    2. Conduct research and analytics related to our operations and services; and
    3. Perform other logistics and operation activities as needed.

 

  • Security, compliance, legal obligations and fraud prevention.
    1. Protect our assets (on and offline) and prevent fraudulent activities;
    2. Validate credentials and authenticate users logging into the App or account;
    3. Protect the security and integrity of our services and our assets; and
    4. Assist any law enforcement and respond to legal/regulatory inquiries, if necessary.

 

e. Disclosure of Personal Data

We may disclose Personal Data collected during the Trial Period to vetted third parties for certain purposes, including the following:

 

  1. General Business Purposes: We may share data with consultants and Service Providers for customer or technical support, sales, operations, account management, and legitimate general business purposes;
  2. Compliance with the Law: We may disclose information to a third party where we are legally required to comply with applicable laws, regulations, legal processes, or government requests.
  3. Protection of our Rights: We may also disclose information where it is needed to protect or exercise, establish, or defend our legal rights;
  4. Business Transfers: We may share or transfer data to support negotiations of or for a merger, sale of company assets, financing, or acquisition of all or a portion of our business;
  5. Receiving Professional Advice: In certain instances, we may share Personal Data with professional advisers acting as Processors or joint Controllers, including lawyers, bankers, auditors, and insurers where we operate, who provide their professional services, but only to the extent we are legally obliged or have a legitimate interest in sharing information;

 

  1. Other People’s Privacy.

If you as a Retail Shop user provide us with Personal Data relating to another person, you must first confirm you have informed them of our identity and why their Personal Data is required, as well as how it will be used. The other person must have given consent to you in order for you to share their information with us. THEY have to consent. Please know you may not and cannot consent for them.

 

C. International Transfers, Security and Data Retention

 

  1. Use of Personal Data in the US, and Elsewhere

Our App’s servers are located in Ohio, and our third-party Service Providers and partners have disclosed to us that they process our data in Australia and the United States. This means when we collect Personal Data, it may be managed and used outside of the United States. Regardless of where Data is used, stored, or processed, we employ measures designed to reasonably protect the Personal Data we hold, including maintaining the security of our systems and employing commercially reasonable measures such as encryption and limiting access.

 

  1. Security

We use appropriate technical, organizational, and administrative security measures designed to protect the security, confidentiality, and integrity of information.

 

  1. Data Retention

DIY will retain the Personal Data we collect from Retail Shops in connection with use of the Trial Services for the length of time necessary to complete our relationship with a Retail Shop for the Trial Period, or as long as there is an ongoing legitimate business need to do so and we have a valid reason to use the Personal Data. For Retail Shops engaging with our Trial Services, this means we will retain Personal Data collected during the Trial Period for the time needed to facilitate the Trial Services, develop and maintain our ongoing business relationship, including maintaining Retail Shop records. Determination of the length of retention periods for Personal Data is done on the basis of the purposes for the information; the amount, nature, and sensitivity of the information used; any potential risk from unauthorized use or disclosure of that Personal Data; and whether we can achieve the purposes of the use through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).When we have no ongoing legitimate business need to process a user’s Personal Data, we will either delete or anonymize it or, if this is not possible (for example, because it has been stored in backup archives), we will securely store and isolate it from further processing until deletion is possible.

 

D. Privacy Rights and Options

 

A Retail Shop user may have the following privacy rights:

  1. If you wish to access, correct, update, or request deletionof Personal Data, please contact us by sending an email to info@inaboxsolutions.com.au or by using the contact details provided under the “How to Contact Us heading below. We will of course need to verify you are who you say you are before we provide any access to anyone’s Personal Data. If you do have an inquiry, please provide us with the following:
    1. your name;
    2. type of request:
    3. approximate data of collection of the information; and
    4. a valid email address to contact you.

 

  1. We provide additional information below for those who wish to submit access, correction, or deletion requests. DIY does not use or process any Personal Data or Personal Information that would subject a person to a decision based solely on automated processing, including profiling, that produces legal effects (“Automated Decision-Making”). Automated Decision-Making currently does not take place on our Sites or in or as part of our Services.

 

  1. If we have collected and used your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the use conducted in reliance on lawful processing grounds other than consent.

If you seek to exercise any privacy rights or options with respect to our Trial Services, please contact DIY representative with whom you have direct contact, or please email us at info@inaboxsolutions.com.au.

 

E. Additional Information About Privacy Rights and Options

 

This section of our Privacy Notice supplements the information contained above and may apply to certain U.S. consumers. However, DIY is not collecting or targeting U.S. consumer data during the Trial Period or in connection with our Trial Services. Please refer to Section A.3 of this Notice for further information about the scope of this Privacy Notice. The terms used in this Privacy Notice will have substantially the same meanings as those in applicable U.S. state privacy laws, to the extent they are able to be reasonably interpreted in comity and uniformity with each other.

 

  1. Data We Collect

As noted above in Section A, for purposes of the Trial Period and in support of the Trial Services, we collect data that identifies, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular consumer (“Personal Information” or “Personal Data” or “Data”). Personal Data, however, does not include:

  • Publicly available information.
  • De-identified or aggregated consumer information.
  • Information excluded from most U.S. state privacy laws’ scope, such as:
    1. health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data;
    2. personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994;
    3. data collected in the business-to-business (B2B) context (except for California consumer, as defined under the California Consumer Privacy Act); and
    4. data collected in the human resources (HR) context.

DIY has collected the following categories of Personal Data from Retail Shops during the Trial Period within the last twelve (12) months:

 

Category

 

Examples

 

Collected

 

A. Identifiers.

 

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.

 

Not at this time

 

B. Personal information categories listed in the California Customer Records statute.

 

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license, education, employment, or employment history.

Some Personal Data included in this category may overlap with other categories.

 

Not at this time

 

C. Protected classification characteristics under state or federal law.

 

ONLY FOR PURPOSES OF JOB APPLICANTS: Age, citizenship, marital status, sex, or veteran or military status.

 

Not at this time

 

D. Commercial information.

 

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

 

Not at this time

 

E. Biometric information.

 

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, face-prints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

 

Not at this time

 

F. Internet or other similar network activity.

 

Browsing history, search history, or information on a consumer’s interaction with a website, application, or advertisement.

 

Not at this time

 

G. Geolocation data.

 

Physical location or movements.

 

Not at this time

 

H. Sensory data.

 

Audio, electronic, visual, thermal, olfactory, or similar information.

 

Not at this time

 

I. Professional or employment-related information.

 

Current or past job history or performance evaluations.

 

Not at this time

 

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

 

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

 

Not at this time

 

K. Inferences drawn from other personal information.

 

Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

 

Not at this time

 

‌When obtained, we will collect the categories of Personal Data listed above from the following categories of sources:

  1. Directly from a Retail Shop user, from forms completed or products and services purchased.
  2. From publicly available sources, such as a voting record or business information;
  3. Indirectly from a Retail Shop user, including observing actions on our App;
  4. From business partners or vendors, such as at events, conferences, and through business contacts.

 

  1. Use of Personal Data

In the past twelve (12) months, we may have used or disclosed the Personal Data we collect from Retail Shops during the Trial Period for one or more of the following purposes:

  1. To fulfill or meet the reason a Retail Shop user provided the information. For example, if a name and contact information was shared to inquire about a price or ask a question about our products or Trial Services, we will use that Data to respond to that inquiry.
  2. To provide, support, personalize, and develop our products and Trial Services.
  3. To create, maintain, customize, and secure a Retail Shop user account with us.
  4. To process any requests, purchases, transactions, payments and prevent fraud.
  5. To provide support and respond to inquiries, including to investigate and address any concerns and monitor and improve our responses.
  6. To personalize experiences on our Trial Services and to deliver content, product, and Trial Services relevant to a Retail Shop user’s interests, including offers via email or text message (with consent, where required).
  7. To maintain the safety, security, and integrity of our products and Trial Services, databases and other technology assets, and business.
  8. For testing, research, analysis, and product development, including to develop and improve our products and Trial Services.
  9. To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  10. To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us is among the assets transferred.

We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without providing notice and obtaining consent where necessary.

  1. Disclosure of Personal Data

We may disclose Personal Data by providing it to a third party for a valid business purposes under a written contract that describes the purposes of the Data use, requires the recipient to keep the Personal Data confidential, and prohibits any use of the disclosed Data for any purpose except performance of the contract. In the preceding twelve (12) months, DIY has disclosed Personal Data for certain business purposes to the categories of third parties identified in the chart below.

We do not knowingly sell Personal Data collected during the Trial Period or allow our third-party recipients to do so.

Personal Data Category

 

Category of Third-Party Recipients

 

Business Purpose Disclosures

 

Sales

 

A: Identifiers.

 

Not at this time

 

Not at this time

 

B: Customer Records Personal Data categories.

 

Not at this time

 

Not at this time

 

C: Protected classification characteristics under state or federal law.

 

Not at this time

 

Not at this time

 

D: Commercial information.

 

Not at this timeNot at this time

 

E: Biometric information.

 

Not at this timeNot at this time

 

F: Internet or other similar network activity.

 

Not at this time

 

Not at this time

 

G: Geolocation data.

 

Not at this time

 

Not at this time

 

H: Sensory data.

 

Not at this time

 

Not at this time

 

I: Professional or employment-related information.

 

Not at this time

 

Not at this time

 

J: Non-public education information.

 

Not at this time

 

Not at this time

 

K: Inferences drawn from other Personal Data.

 

Not at this time

 

Not at this time

 

 

 

  1. Privacy Rights and Choices

The state privacy laws provide consumers (their residents) with specific rights regarding their Personal Data. This section describes consumer rights under applicable laws and explains how consumers may exercise those rights. However, some of the State Privacy Laws do not apply to Personal Data collected in the business to B2B or HR context.

We will not process privacy rights requests where these exceptions apply.

DIY is not collecting or targeting U.S. consumer data during the Trial Period or in connection with our Trial Services. Please refer to Section A.3 of this Notice for further information about the scope of this Privacy Notice.

 
  • Right to Know and Data Portability

Consumers have the right to request access and disclosure of certain information about our collection and use of Personal Data over the past twelve (12) months as well as to have a copy of that Data (collectively referred to here as the “right to know”). Once we receive a request from a consumer and confirm their identity (see Exercising Your Rights to Know or Delete), we will disclose the following:

  1. The categories of Personal Data we collect.
  2. The categories of sources for the Personal Data we collected.
  3. Our business or commercial purpose for collecting the Personal Data.
  4. The categories of third parties with whom we share the Personal Data.
  5. If we disclosed Personal Data for a business purpose, in separate lists disclosing:
    • Sales (not applicable to Trial Services during the Trial Period), identifying the Personal Data categories each category of recipient purchased; and
    • disclosures for a business purpose, identifying the Personal Data categories that each category of recipient obtained.
  6. The specific pieces of Personal Data we collected.
  7. A copy (if requested) of the Personal Data collected and maintained in a commonly used electronic format.

b. Right to Delete and Correct

Consumers have the right to request that we delete or correct the Personal Data collected or maintained about them, subject to certain exceptions (collectively referred to here as the “right to delete”). Once we receive a request and confirm the identity of the requestor (see Exercising Your Rights to Know or Delete), we will review the request to see if an exception allowing us to retain the Data applies. We may deny a deletion request if retaining the information is necessary for us or our Service Provider(s) to:

  1. Complete the transaction for which we collected the Data, provide a good or service requested, take actions reasonably anticipated within the context of our ongoing business relationship with the consumer, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with any consumer.
  2. Detect security incidents; protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with applicable state law.
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if informed consent was previously provided.
  7. Comply with a legal obligation.

We will delete or de-identify and/or correct Personal Data not subject to one of these exceptions from our records and will direct our Service Providers to take similar action. DIY is not collecting or targeting U.S. consumer data during the Trial Period or in connection with our Trial Services. Please refer to Section A.3 of this Notice for further information about the scope of this Privacy Notice.

c. Exercising Your Rights to Know or Delete

To exercise the rights to know or delete described above, a request may be submitted by either:

  1. Emailing us at info@inaboxsolutions.com.au
  2. Submitting a deletion request through the secure web form available to account holders at https://inaboxsolutions.com.au/app-account.

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Data. A consumer may only submit a request to know twice within a twelve (12) month period. The request to know or delete must:

  1. Provide sufficient information that allows us to reasonably verify the requestor is the person about whom we collected Personal Data or an authorized representative; and
  2. Describe the request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to a consumer requests or provide Personal Data if we cannot verify the requestor’s identity or authority to make the request and confirm the Personal Data relates to the identified consumer. An account does not need to be created with us to submit a request to know or delete, however, we do consider requests made through a password protected account sufficiently verified when the request relates to Personal Data associated with that specific account.

We will only use Personal Data provided in the request to verify the requestor’s identity or authority to make it.

 

d. Personal Data Sales or Sharing Opt-Out Rights

DIY Does Not Engage in the “Sale” of Personal Data collected from Retail Shops during the Test Period.

DIY is not collecting or targeting U.S. consumer data during the Trial Period or in connection with our Trial Services. As a result, we do not collect the Personal Data of consumers or sell, or intentionally disclose, Personal Data in any way that could constitute a sale for value within the scope of our activities for the Trial Services during the Trial Period. Please refer to Section A.3 of this Notice for further information about the scope of this Privacy Notice. DIY does not disclose information it collects from Retail Shops during the Test Period to third parties.

DIY Does Not Engage in “Sharing” of Personal Data collected from Retail Shops during the Test Period for Targeted Advertising

DIY does not utilize third parties to conduct cross-context behavioral advertising (targeted advertising) on our behalf. Some state privacy laws provide consumers with the right to opt out of such “sharing” of their Personal Data, including any for targeted advertising. The CCPA, for instance, defines “sharing” to include certain sharing of Personal Data for purposes of serving advertisements that are relevant to the consumer based on their activity across their use of the internet.

Please note certain technologies are used to allow our App to securely operate and provide a better user experience. Those essential, functional, and analytic technologies provide a more efficient and functional experience, and help us to understand how a user may navigate and use our App. If a Retail Shop user refuses those supporting technologies, it will affect how our App functions and whether our App recognizes a Retail Shop user as a prior user or not.

Some transfers of Personal Data may not be considered “sharing,” and certain exemptions may apply. Such choices do not affect other disclosures of Personal Data, as outlined in this Privacy Notice, including when we provide our Trial Services to a Retail Shop user, or prevent fraud.

DIY does not collect “sensitive” data from Retail Shops during the Trial Period as that is defined under most state privacy laws.

 

e. Response Timing and Format

Although DIY is not collecting or targeting U.S. consumer data during the Trial Period or in connection with our Trial Services or within the scope of our activities covered by this Privacy Notice, if state law requires it, we will confirm receipt of a consumer’s request to know or delete within ten (10) business days. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of receipt. If we require more time (up to another 45 days), we will inform the requestor of the reason and extension period in writing.

If the requestor has an account with us, we will deliver our written response to that account. If the requestor does not have an account with us, we will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide the Personal Data that is readily useable and should allow the data subject or authorized representative to transmit the Data from one entity to another entity without hindrance.

We do not charge a fee to process or respond to verifiable consumer requests unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will explain why we made that decision and provide a cost estimate before completing t request.

  1. Do Not Track or Global Privacy Setting

The Global Privacy Control (the “GPC”) signal is a browser setting that allows consumers to opt-out of targeted advertisements and/or the sale of Personal Data through a pre-determined signal. The GPC allows one to make a single opt-out request that applies to all websites that are able to recognize the signal. For purposes of our Trial Services during the Trial Period, DIY does not recognize the GPC signal, as there is no sale or tracking activity of Personal Data to block, and thus no purpose for implementing GPC settings on our website.

To learn more about browser tracking signals and Do Not Track, please visit https://www.allaboutdnt.com.

 

  1. Non-Discrimination

We will not discriminate for the exercise any of privacy rights under applicable law. However, we may offer certain financial incentives that can result in different prices or rates. Any permitted financial incentive we offer will reasonably relate to the Personal Data’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires prior opt-in consent, that may be revoked at any time by via one of the methods in the “How to Contact Us” section below.

 

F. Changes to this Privacy Notice

We will update and amend this Notice when needed, which may occur at any time. When we make changes to this Notice, we will post the updated Notice on our App and update the effective date. Continued use of our App following the posting of changes constitutes notice of and acceptance of such changes.

 

G. Australian Homeware Enterprises PTY LTD

The Australian Homeware Enterprises PTY LTD is an Australian-based company consisting of several affiliate companies and their brands. We pride ourselves on building effective, durable and innovative products and services, all intended to help people live and build an amazing life. For purposes of this Notice, when we use “Inabox,” “we,” “us,” or “our,” we are referring to and including all of the companies under Australian Homeware Enterprises PTY LTD ownership, governance and control, which include the following

  • Brands
    • Inabox
    • Kaboodle Kitchen
    • Monarch
    • Groove Furniture
    • Flatpax
    • Connected Spaces
    • Pro Renovator
  • DIY Resolutions Pty Ltd
    • Australian Brushware Corporation
    • Australia Homeware Enterprise Pty Ltd
    • Hardware Lane Distributors Ltd
    • Asia International Trading Company Ltd

 

H. How to Contact Us

If you have questions or comments about this Notice or the ways in which DIY collects and uses Personal Information it processes, please do not hesitate to contact us at:

  • Website: https://inaboxsolutions.com.au/contact-us
  • Email Address: info@inaboxsolutions.com.au
  • Postal Address:

DIY Resolutions PTY LTD

Attn: Privacy Officer

P.O. Box 338

Somerton VIC 3062

Australia

 

If you need to access this Notice in an alternative format due to having a disability, please contact info@inaboxsolutions.com.au