OUR COMMITMENT TO PRIVACY
KYHA Studios Pty Ltd (ACN 159 556 788) (including the businesses KYHA Studios and Chosen by KYHA), its subsidiaries and affiliates (collectively referred to as KYHA Studios nee One Day Bridal) are committed to managing personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) (Act), the General Data Protection Regulation (EU) 2016/679 (GDPR) and in accordance with other applicable privacy laws.
TERMS DEFINED IN THE ACT
The Act defines "personal information" as information or an opinion about an identified individual or an individual who is reasonably identifiable:
whether the information or opinion is true or not; and
whether the information or opinion is recorded in a material form or not.
The Act defines sensitive information to include personal information about an individual's racial or ethnic origin, political opinions, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices and criminal record and also health and genetic information about an individual.
WHAT INFORMATION DOES KYHA STUDIOS COLLECT ABOUT YOU?
Collection of personal information is not the core of our business. We only collect personal information that is necessary for the operation of our business being the design, production and sale of bridal and red carpet gowns.
WE COLLECT THE FOLLOWING PERSONAL INFORMATION:
Clients and prospective clients
When you enquire about our services or when you become a client or customer of KYHA Studios, a record is made which includes your personal information. The type of personal information that we collect will vary depending on the circumstances of collection and the kind of service that you request from us, but will typically include:
your name, email, delivery address and other contact details;
the date and location of your wedding;
photographs of you;
your body's measurements;
any additional personal information you provide to us, or authorise us to collect, as part of your interaction with us.
Credit card numbers are not stored in our systems and when purchasing from KYHA Studios your financial details are passed through to a secure server Stripe. We do not share credit card information with third parties, except with our bank for the purpose of processing payments or as required by law.
Prospective employees, contractors or applicants
We collect personal information when recruiting personnel (for example, when you send us a job application or resume) such as your name, contact details, academic and professional qualifications, work history, payroll information and any other information that we receive from our communications with you, such as feedback or survey responses that you have provided us and information collected at interviews. Generally, we will collect this information directly from you.
We may also collect personal information from third parties in ways which you would expect (for example, from recruitment agencies or referees you have nominated). Before offering you a position, we may collect additional details such as your tax file number and superannuation information and other information necessary to conduct background checks to determine your suitability for certain positions.
We may collect personal information about other individuals who are not clients or customers of KYHA Studios such as service providers, contractors, suppliers, sponsors, business partners and other individuals who interact with us on a commercial basis (or their representatives). The kinds of personal information we collect will depend on the capacity in which you are dealing with KYHA Studios. Generally, it would include your name, contact details, and information regarding our interactions and transactions with you.
You can always decline to give us any personal information we request, but that may mean we cannot provide you with some or all of the services you have requested. If you have any concerns about personal information we have requested, please let us know.
Visitors to our websites
The way in which we handle the personal information of visitors to our websites is discussed below.
HOW AND WHY DOES KYHA STUDIOS COLLECT AND USE YOUR PERSONAL INFORMATION?
KYHA Studios collects personal information reasonably necessary to carry out our business, including to assess and manage our clients needs. We may also collect information to fulfil administrative functions associated with these services, for example billing, entering into contracts with you or third parties and managing client relationships.
The purposes for which KYHA Studios usually collects and uses personal information depends on the nature of your interaction with us, but may include:
providing and improving our goods and services;
contacting you about your account;
providing you customer service;
responding to requests for information and other general inquiries;
managing, planning, advertising and administering of our goods and services;
researching, developing and expanding our facilities, goods and services;
informing you of our activities, events, facilities, goods and services;
recruitment processes (including for volunteers, internships and work experience);
responding to enquiries and complaints; and
detecting, preventing, mitigating and investigating fraudulent or illegal activities.
KYHA Studios generally collects personal information directly from you. We may collect and update your personal information over the phone, by email, over the internet or social media, or in person.
We may also collect personal information about you from other sources, for example:
our affiliated and related companies; and
third party suppliers and contractors who assist us to operate our business.
KYHA Studios also collects and uses personal information for market research purposes and to innovate our delivery of products and services.
We do not collect any sensitive information.
HOW DOES KYHA STUDIOS INTERACT WITH YOU VIA THE INTERNET?
You can use the settings in your browser to control how your browser deals with cookies. However, in doing so, you may be unable to access certain pages or content on our website.
KYHA Studios websites or mobile Apps may contain links to third-party websites. We are not responsible for the content or privacy practices of websites that are linked to our website.
We may allow you to share information with social media sites or use social media sites to interact with KYHA Studios. Those social media sites may give us automatic access to certain personal information retained by them about you (e.g., content viewed by you, content liked by you and information about the advertisements you have been shown or may have clicked on, contact details you may have provided them). Where this information is received by us, we will use this information to further personalise your experience with KYHA Studios.
Third party service providers
Personal information in respect of online customers is collected through our Shopify storefront when you place an order. This information includes your full name, email, phone number and delivery address. No payment information is stored at the time of purchase. Your email address is then used for a series of post-purchase emails to inform you of your order status, shipping and tracking of your order. Our customer care team will use this information should they need to contact you to communicate the details of your order. These details will also be transferred from Shopify to our customer help desk Gorgias.
When you place an order on our Shopify storefront and opt-in for email marketing you will enter into our Klaviyo database. This program uses automation based on your activity on our online store. Your information will be stored within Klaviyo to help us provide you with the most relevant communications. This includes personal details such as email, full name and phone number and past order details.
Personal information for retail customers is collected through Acuity at the time an appointment is made and transferred into Insightly. This information includes full name, email and phone number. No payment information is stored at the time of purchase. When you opt-in for email marketing your information will enter into our Klaviyo database. Our customer care team will use this information should they need to contact you to communicate the details of your order. These details will also be transferred from Acuity to our customer relationship management software, Insightly.
CAN YOU DEAL WITH KYHA STUDIOS ANONYMOUSLY?
KYHA Studios will provide individuals with the opportunity of remaining anonymous or using a pseudonym in their dealings with us where it is lawful and practicable (for example, when making a general enquiry). Generally, it is not practicable for KYHA Studios to deal with individuals anonymously or using a pseudonym because we need to enter into contracts with our clients for our services. If we do not collect personal information about you, you may be unable to utilise our services.
HOW DOES KYHA STUDIOS STORE INFORMATION?
KYHA Studios stores information in paper-based files or other electronic record keeping methods in secure databases (including trusted third-party storage providers based in Australia and overseas). Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed). We take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure.
KYHA Studios maintains physical security over paper and electronic data stores, such as through locks and security systems at our premises. We also maintain computer and network security, for example, we use firewalls (security measures for the internet) and other security systems such as user identifiers and passwords to control access to our computer systems.
Our websites do not necessarily use encryption or other technologies to ensure the secure transmission of information via the internet. Users of our websites are encouraged to exercise care in sending personal information via the internet.
We take steps to destroy or de-identify information that we no longer require.
DOES KYHA STUDIOS USE OR DISCLOSE YOUR PERSONAL INFORMATION FOR DIRECT MARKETING?
KYHA Studios may use or disclose your personal information for the purpose of informing you about our services, upcoming promotions and events, or other opportunities that may interest you. If you do not want to receive direct marketing communications, you can opt-out at any time by clicking the unsubscribe link or contacting us by using the contact details below.
If you opt-out of receiving marketing material from us, KYHA Studios may still contact you in relation to its ongoing relationship with you.
HOW DOES KYHA STUDIOS USE AND DISCLOSE PERSONAL INFORMATION?
For clients and customers
If you have engaged us to provide you with a bridal gown, then we will disclose your order details and measurements to our production team and may disclose your order details and measurements to our manufacturers and use your personal information to deliver the gown to you and to communicate with you about your order.
Disclosure to contractors and other service providers
KYHA Studios may disclose information to third parties we engage or partner up with in order to provide our services, including to contractors and service providers used for data processing, data analysis, customer satisfaction surveys, information technology services and support, website maintenance/development, printing, archiving, mail-outs and market research. We also provide your personal information to freight companies (for example DHL) and to Australia Post for the purposes of arranging delivery.
Personal information may also be shared between related and affiliated companies of KYHA Studios.
Other third parties
When required by law, KYHA Studios will disclose personal information to a government authority. For example, we may be required to provide personal information to customs if you are based overseas.
We may disclose your personal information to third parties in the event that we sell, buy or merge any business or assets, including the prospective seller or buyer of such business or assets.
KYHA Studios may also disclose the personal information you provide on a job application to human resources practitioners, hiring managers and to any recruitment advisors for the purpose of considering you for career opportunities within KYHA Studios.
Use and disclosure for administration and management:
KYHA Studios will also use and disclose personal information for a range of administrative, management and operational purposes. This includes:
administering billing and payments and debt recovery;
planning, managing, monitoring and evaluating our services;
quality improvement activities;
statistical analysis and reporting;
training staff, contractors and other workers;
risk management and management of legal liabilities and claims (for example, liaising with insurers and legal representatives);
responding to enquiries and complaints regarding our services;
enforcing our legal rights, for example, our intellectual property rights or website terms and conditions of use;
obtaining advice from consultants and other professional advisers; and
responding to subpoenas and other legal orders and obligations.
Other uses and disclosures:
Does KYHA Studios disclose your personal information overseas?
We use third-party service providers for cloud storage, web hosting, email hosting or other technology services including Gorgias and Shopify (IT Suppliers).
The IT Suppliers to whom we may disclose Personal Information may have servers in and operate out of locations outside Australia. As some of the IT Suppliers are of a global nature, we cannot say with certainty where their servers are located or the countries out of which they operate. Further, these locations may be subject to change without notice to us.
The Act and corresponding Australian Privacy Principle 8.1 requires us to ensure that, before disclosing Personal Information overseas, reasonable steps are taken to ensure that overseas recipients do not breach the Act or the all applicable Australian Privacy Principles. It is not always possible for us to ensure that multinational companies will not breach the Act.
HOW CAN YOU ACCESS OR SEEK CORRECTION OF YOUR PERSONAL INFORMATION?
You are entitled to access your personal information held by KYHA Studios on request. To request access to your personal information please contact our privacy officer using the contact details set out below.
You will not be charged for making a request to access your personal information, but you may be charged for the reasonable time and expense incurred in compiling information in response to your request.
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in the information we hold about you and letting us know if your personal details change.
However, if you consider any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.
We may decline your request to access or correct your personal information in certain circumstances in accordance with the Australian Privacy Principles. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.
If the GDPR applies to your personal data, we will give you access and correction rights in compliance with the GDPR.
WHAT SHOULD YOU DO IF YOU HAVE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL INFORMATION?
You may make a complaint about privacy to the privacy officer at the contact details set out below.
The privacy officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within a week.
If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.
In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
If you are not satisfied with our response to your complaint, or you consider that KYHA Studios may have breached the Australian Privacy Principles or the Act, a complaint may be made to the Office of the Australian Information Commissioner. The Office of the Australian Information Commissioner can be contacted by telephone on 1300 363 992 or by using the contact details on the website www.oaic.gov.au.
If you believe that KYHA Studios has breached the GDPR, you may lodge a complaint with a supervisory authority in accordance to Article 77 of the GDPR.
Under the Notifiable Data Breaches scheme in the Act, there is a statutory obligation to make an assessment when there are reasonable grounds to suspect that there may have been an eligible data breach. An eligible data breach involves personal information that is likely to result in serious harm to individuals.
Our privacy response team will assess all suspected or potential data breaches and, if it has reasonable grounds to believe that there has been an eligible data breach, then KYHA Studios will notify the affected individuals and the Australian Information Commissioner of that data breach.
Under the GDPR, we will advise the relevant supervisory authority of a data breach within 72 hours of becoming aware of the breach. When a data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will notify the individual without undue delay (unless an exception applies).
Where the GDPR applies to our activities, we will comply with the GDPR in the way that we process your personal data, which means any information relating to an identified or identifiable natural person.
the purposes for which we process your personal data; and
the recipients or categories of recipients of the personal data.
You will not be subject to a decision based solely on automated processing, including profiling.
Special categories of personal data
We will not process special categories of personal data including:
personal data which reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; and
genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
Lawful basis for processing personal data
We must have a lawful basis for processing your personal data. Depending on the circumstances, this basis will be:
Where you have given us your consent to the processing for one or more specific purposes.
Your consent must be freely given, specific, informed and an unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to you. Your consent can be withdrawn at any time.
Performance of a contract
Where the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
Where the processing is necessary for compliance with a legal obligation to which we (as the controller) are subject.
Where the processing is necessary for the purposes of KYHA Studios legitimate interests such as:
for internal administrative purposes relating to employees, customers and clients; or
to ensure information security.
KYHA Studios will only transfer personal data to a third country if that country has been determined by the European Commission to offer an adequate level of data protection in accordance with Article 45 of the GDPR. If a country does not offer an adequate level of data protection, then we will only transfer personal data to that country or an international organisation where we have provided appropriate safeguards, including:
standard data protection clauses adopted by the European Commission, which can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en; or
binding corporate rules, a copy of which you can obtain by contacting us.
Period for which personal data will be stored
It is not possible for us to state the precise period for which your personal data will be stored. We will only store your personal data for as long as it is necessary for us to store it, after which time we will de-identify it (unless we are required by law to keep it). For example, it is necessary for us to store your personal data:
while you are employed or engaged by us as an employee or contractor;
while you are a representative of an organization with whom we have an ongoing contract;
while we are providing services to you or your organisation;
if you have made an enquiry or complaint and we are in the process of resolving it.
You have the following rights:
Right to be informed
You have the right to know what data is being collected, how it's being used, how long it will be kept and whether it will be shared with any third parties.
Right of access
You have the right to request a copy of the information that we hold about you.
Right of rectification
You have the right to correct data that is inaccurate or incomplete.
Right to erasure
You have the right to request that KYHA Studios erase your personal data, under certain conditions.
Right to restrict processing
You have the right to request that KYHA Studios restrict the processing of your personal data, under certain conditions.
Right to object to processing
You have the right to object to KYHA Studios processing of your personal data, under certain conditions.
Right to data portability
You have the right to request that KYHA Studios transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
Right related to automated decision-making including profiling
You have the right to request a review of automated processing.
HOW CAN YOU CONTACT KYHA STUDIOS?
The contact details for KYHA Studios are:
KYHA Studios privacy officer (or data protection officer):
407 City Road, South Melbourne VIC 3205
(03) 9686 7744