Data Protection

Last Updated:

Introduction

Insuredtrart is committed to protecting your personal data and respecting your privacy rights. This Data Protection notice explains our approach to data protection and your rights under applicable data protection laws, including the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

Data Controller

Insuredtrart is the data controller responsible for your personal data. We are registered and operate in Australia. For any data protection queries, you can contact us using the details provided at the end of this notice.

Personal Data We Collect

We collect and process various categories of personal data depending on your interaction with our services:

Identity Data

This includes your first name, last name, username, title, date of birth, and gender. We collect this information when you create an account, place an order, or interact with our services.

Contact Data

This includes your billing address, delivery address, email address, and telephone numbers. We need this information to fulfill orders, communicate with you, and provide customer support.

Financial Data

This includes payment card details and bank account information. However, we do not store complete payment card details on our servers. Payment processing is handled by secure third-party payment processors who comply with PCI DSS standards.

Transaction Data

This includes details about payments to and from you, and details of products and services you have purchased from us. This data is essential for order fulfillment and financial record-keeping.

Technical Data

This includes internet protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.

Profile Data

This includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.

Usage Data

This includes information about how you use our website, products, and services, including page views, navigation paths, and interaction with website features.

Marketing and Communications Data

This includes your preferences in receiving marketing from us and our third parties, and your communication preferences.

How We Collect Personal Data

We use different methods to collect data from and about you:

Direct Interactions

You provide us with your personal data when you:

  • Place an order for our products or services
  • Create an account on our website
  • Subscribe to our newsletter or marketing communications
  • Request information or customer support
  • Enter a competition, promotion, or survey
  • Provide feedback or contact us

Automated Technologies

As you interact with our website, we automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this data using cookies, server logs, and similar technologies.

Third Parties

We may receive personal data about you from various third parties, including:

  • Analytics providers such as Google
  • Advertising networks
  • Payment and delivery service providers
  • Data brokers or aggregators

Legal Basis for Processing

We will only use your personal data when the law allows us to. Most commonly, we use your personal data in the following circumstances:

Performance of Contract

Where we need to perform the contract we are about to enter into or have entered into with you, such as processing your order and arranging delivery.

Legitimate Interests

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, we use your data to improve our services, prevent fraud, and ensure network security.

Legal Obligation

Where we need to comply with a legal or regulatory obligation, such as maintaining financial records for tax purposes.

Consent

Where you have given us specific consent to use your personal data for a particular purpose, such as sending marketing communications. You have the right to withdraw consent at any time.

Purposes for Which We Use Your Personal Data

We use your personal data for the following purposes:

  • To register you as a new customer and manage your account
  • To process and deliver your orders, including managing payments and collecting money owed
  • To manage our relationship with you, including notifying you about changes to our terms or privacy policy
  • To enable you to participate in competitions, promotions, or surveys
  • To administer and protect our business and website, including troubleshooting, data analysis, testing, and system maintenance
  • To deliver relevant website content and advertisements to you and measure their effectiveness
  • To use data analytics to improve our website, products, services, marketing, customer relationships, and experiences
  • To make suggestions and recommendations to you about products or services that may interest you

Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorized way. Our security measures include:

Technical Measures

  • Encryption of data in transit using SSL/TLS protocols
  • Encryption of sensitive data at rest
  • Secure authentication and access controls
  • Regular security testing and vulnerability assessments
  • Firewall protection and intrusion detection systems
  • Secure backup and disaster recovery procedures

Organizational Measures

  • Limited access to personal data on a need-to-know basis
  • Confidentiality agreements with employees and contractors
  • Regular staff training on data protection and security
  • Clear data protection policies and procedures
  • Incident response and breach notification procedures

Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period, we consider:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process your personal data
  • Whether we can achieve those purposes through other means
  • Applicable legal requirements

Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

Right to Access

You have the right to request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you.

Right to Rectification

You have the right to request correction of incomplete or inaccurate personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to request transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format.

Right to Object

You have the right to object to processing of your personal data where we are relying on legitimate interests, or where we are processing your data for direct marketing purposes.

Right to Withdraw Consent

Where we are relying on consent to process your personal data, you have the right to withdraw that consent at any time.

Exercising Your Rights

To exercise any of your rights, please contact us using the details provided below. You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and where feasible, within 72 hours of becoming aware of the breach. Our notification will include:

  • The nature of the personal data breach
  • The likely consequences of the breach
  • The measures taken or proposed to address the breach
  • Contact details for further information

International Transfers

We may transfer your personal data outside of Australia to service providers located in other countries. When we do so, we ensure that appropriate safeguards are in place to protect your personal data in accordance with applicable data protection laws.

Complaints

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue. If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Website: www.oaic.gov.au

Contact Us

If you have any questions about this Data Protection notice or our data practices, please contact us:

Insuredtrart
Data Protection Officer
12 Little Collins St
Melbourne VIC 3000, Australia
Phone: +61 3 9650 4555
Email: callback@insuredtrart.world