A. INTRODUCTION & BACKGROUND FACTS THAT YOU SHOULD KNOW
In DYZ, we take your privacy seriously and we will only collect, record, hold, store, use and/or process your personal data or information as outlined below. We appreciate and thank for your precious time in going through our Personal Data Protection Policy (to be referred as “the PDPP”) for a better and safer online shopping experience with us.
1. As part of the E-Commerce’s community’s member, we strongly believe that data protection is a matter of mutual trust and your privacy is important to us. We shall therefore only process your name and other information which relates to you in the manner set out in the PDPP including but not limited to the existing legislation, sub-regulations, policies and/or regulatory guidelines (whichever is applicable).
2. We will only collect data or information where it is necessary for us to do so and for you to enjoy online experience with us. We will only collect data or information if it is relevant to our dealings or transactions with you. We will only keep your data or information for as long as we are either required to do so by law or as is relevant for the purposes for which it was collected.
3. We do not practice compulsory user’s registration practice in DYZ. In order to increase better online shopping experience, you can always visit our website and browse through your favourite products without having to register a user account with us which would include to providing your personal data or information to us. As such, you may choose to remain anonymous and at no time we would be able to identify your personal identity unless you choose and/or have registered a user account with us on our online shopping website (DYZ Marketplace) and subsequently logged on by using your registered username and password for the purpose of procuring or purchasing the products in DYZ.
4. We are committed to protecting all personal data or information kept by us and providing you with the highest levels of customer service within our capabilities. We therefore hereby set out a number of personal data protection principles concerning the exercise and/or process of your personal data or information in Australia. For the purpose of this PDPP, the definition of some salient terms including but not limited to the following:
4.1 “Personal Data”
means any personal data or information relating to DYZ’s customer or website registered user that has been provided to DYZ or made available to DYZ due to his/her contract with DYZ, e.g. name, identity card or passport number, address, contact number, account number, payment history and/or account activity that relates directly or indirectly to an individual to the extent that the individual can be identified or is identifiable from such information.
4.2 “Sensitive Personal Data”
means and including but not limited to the personal data or information relating to your physical or mental health condition, political opinions, religious beliefs or other beliefs of a similar nature, commission or alleged commission of any offence or any other personal data determined by existing legislation; and
4.3 “3rd Party”
means an individual, incorporated or unincorporated entity who is not a party to a contract or a transaction with DYZ but excluding DYZ’s authorised agents, subsidiaries, contractors, sub-contractors and professional advisors or representatives.
5. DYZ hereby expressly reserves the right to amend, alter or change any portion of this PDPP. We will announce such amendments, alterations or changes through our dedicated webpage at http://www.dyzglobal.com.
B. SCOPE OF THE PERSONAL DATA PROTECTION POLICY
6. This PDPP applies to all operations and business units of DYZ. We are responsible for the users’ access and correction of personal data or information, notice and choice process to limit processing of personal data or information. We also responsible for monitoring the administration of this PDPP and its compliance.
7. This PDPP is effective as at [date].
C. SCOPE OF THE PERSONAL DATA PROTECTION PRINCIPLES IN THE PDPP
8. GENERAL PRINCIPLE
8.1 DYZ will use, process, record, hold, store, share and disclose (“the Process”) the Personal Data with your consent during your course of dealing with us in any manner.
8.2 Your continuance of use of DYZ’s services including but not limited to browsing of our website, purchasing of the available online products and/or procuring of our services be it necessary or incidental shall nevertheless amount to your consent for the processing of the Personal Data by DYZ;
8.3 DYZ will record and maintain a record or register of consent by your continued use of our services as stated above as appearing on our active customer database; and
8.4 If you are under age of 18, you should ensure that you have obtained the consent of your parent(s) or legal guardian(s) before using any services on DYZ;
8.5 DYZ does not sell, share or trade your Personal Data collected or processed with any unauthorised third party(ies);
8.6 When you register a user account with DYZ, the Personal Data that we may collect and process would include your:
Date of birth; and
8.7 DYZ does not collect and process any data or information regarding to your credit or debit card details including the payment methodology. The payment gateway offered by DYZ does not belong to DYZ but authorised third party, vendor, supplier and/or service provider. DYZ does not retain such data or information instead of the parties mentioned above or your own respective bank or financial institutions;
8.8 Despite the above, DYZ may also collect your Personal Data from a range of sources including but not limited to any events, activities, contests, promotional activities, surveys, social media tools or pages;
8.9 The Personal Data that we collect from you will be used and share within our group of entities and to authorised third party for one or the following purposes:
to process, manage and/or verify your actual identity;
to maintain, upgrade and/or improve the website and/or our services to you from time to time;
to perform and/or validate your purchases, reservations and/or bookings of products or services available through DYZ;
to process your orders and to provide you with customer support services and information through our website and which you may request;
to allow us administer, maintain and/or support your registered account with us;
to verify and carry out financial transactions in relation to payments you may make online on our website such as the process of the financial information or payment made through our website will be processed by the appointed agent, vendor and/or supplier as such disclosure is necessary for the purpose of conducting the sales transaction(s) that you have opted for;
to communicate with you and to maintain, upgrade and/or improve our customer relationship with you including to provide customer support to you;
to conduct market surveys and/or research, customer profiling and its analysis, usage and activity trends pertaining to the website;
to protect and/or enforce parties’ legal rights including but not limited to initiating or defending any legal proceeding;
to detect, investigate or prevent any fraudulent or illegal activities or misuse of the website for illegal purpose and/or purposes or intention that violates the legislation or any governmental policies;
to transfer, assign and/or validate the parties’ rights, interests and/or obligations under any contractual agreement entered between us;
for DYZ’s internal administrative work purposes;
in addition to the Personal Data that mentioned or outlined aforesaid, you may be asked to subscribe to our marketing and/or promotional materials including but not limited to activities below which may come from our group of entities or through affiliation with authorised third party(ies), if any. You are at your liberty and choice to unsubscribe from marketing information at any time by opting for the unsubscribe function within the electronic marketing material or available options:
announcements on products, services, contests, events, activities, promotions, campaigns, offers or surveys by DYZ;
to send seasonal or festive greetings or messages to you;
events or activities organised or jointly organised by us and our business partners which may be of interest to you.
8.10 Your actual purchase or procurement order may be stored with us or authorised third party(ies) but may not be retrieved directly by us, depending on the circumstances from time to time. However, you may access and view such information by logging into your account on the website. You undertake and guarantee to treat the Personal Data that can be accessed by you confidentially and not make it available to unauthorised third party(ies). We cannot and would not assume any liability for any misuse of passwords unless this misuse is through our own fault.
9. NOTICE AND CHOICE PRINCIPLE
9.1 Please be informed that DYZ will process your Personal Data for the following reasons and subject to your choice but possible limitation of services, may disclose the Personal Data to:
individuals, companies, organisations or entities for the performance of DYZ's contract of providing any services to you;
profiling your service preferences;
individuals, companies, organisations or entities for compliance with any legal and/or regulatory obligations to which DYZ is subject, in addition to any obligation imposed under DYZ’s contract with you;
other service providers or 3rd Parties nominated by DYZ either solely or jointly with other service providers for the purposes of establishing and maintaining a common database of customers or processing data as an outsourced entity both within and outside Australia (if required) towards the common target to serve you better and accomplished your online shopping experience with us;
send you information, promotions, updates and newsletters including marketing and advertising materials or related or similar contents in relation to our services and those of organisations selected or nominated by DYZ;
regulatory bodies or other government authorities in compliance with requirements or compulsions under any legislation or orders or towards the detection, assistance, investigation or prevention of any criminal activities;
any parties involved in or related to a legal proceeding in the courts of law in Australia and for the purposes of such proceedings;
protect DYZ’s vital interests;
for the administration of justice and/or facilitating the legal or justice system in Australia;
promote any of DYZ’s services, or products, services and special offers of 3rd Party whose products and services we think may be of interest or beneficial to you; and
for the exercise of any functions, responsibilities or obligations conferred on any person by or under any legislation, law and order of courts of law in Australia.
9.2 DYZ collects personal data from online user account registration in order to assess your needs and provide you better service. DYZ may transfer your personal data to third parties both in Australia and overseas providing outsourced data storage or data processing services for DYZ.
9.3 Any customers who have provided your personal data prior to this PDP Policy may inform DYZ using the contact details set out below to know what types of Personal Data have been processed and the purpose of the processing.
9.4 Save in accordance with this PDP Policy and except as permitted or required under any enactment, law, regulations, statute or code, DYZ will not use or disclose the Personal Data without prior written consent.
9.5 You will be given the opportunity to ‘opt-out’ of having your Personal Data used for purposes not directly related to the services of DYZ at the point where we ask for information. If you do not wish to receive our promotional updates you may opt-out of receiving these communications by contacting DYZ at the methods listed below. Please take note that should you decide to ‘opt-out’, we may not be able to provide you with certain services and your subscription.
10. DISCLOSURE PRINCIPLE
10.1 DYZ will only disclose the Personal Data to comply with any government agency notification requirements and/or for the purpose for which the Personal Data is processed where you have consented to disclosure;
10.2 DYZ may from time to time contact you on behalf of external business partners about particular goods, offers or services that may be of interest to you. In those cases, the Personal Data that may identify you will not be transferred to the third party. All communication whether from DYZ or DYZ’s business partners will be sent to you by DYZ;
10.3 Despite the above, DYZ may still disclose some of your Personal Data to the following third parties for legitimate purposes, such as:
your immediate family members and/or emergency contact person as may be notified to us or requested by us from time to time;
any individual or entity that under a duty of maintaining confidentiality to whom has undertaken such duty to keep your Personal Data in confidential engaged by us;
professional advisers appointed or engaged by us including but not limited to lawyers, auditors, accountants and others;
data centres or servers situated outside the country of Australia to process or store the Personal Data where you hereby expressly consent to us to transfer your Personal Data out of the country(ies) other than Australia which might not provide or offer the same or better level of data protection measures;
insurance company(ies) to apply and obtain insurance policy(ies), if any;
to the public at large when you become the winner in any contests or activities;
any other or relevant party pertaining to any proposed or actual corporate restructure activities, merger or acquisitions, sale, consolidation, joint venture, assignment, transfer, funding or realisation of assets, share sale relating to any portion of DYZ’s business or in the highly unlikely event of insolvency, bankruptcy, winding up or receivership whichever is applicable.
11. SECURITY PRINCIPLE
11.1 DYZ is responsible for taking prudent steps to safeguard the confidentiality and security of all Personal Data, including appropriate procedural, organisational and technical steps to protect Personal Data from accidental or unlawful destruction or accidental loss, alteration or disclosure. These steps include entering into written agreements with subcontractors who process Personal Data in accordance with DYZ’s instructions and incorporating DYZ’s own data protection standards as a minimum;
11.2 We will place or procure various reasonable security measures to safeguard all Personal Data that has been collected or processed by us within our reasonable and commercial capacity as the internet transmission is not a 100% secured medium of communication;
11.3 DYZ ensures that all information collected and processed will be safely and securely stored. We protect your Personal Data by allowing access to Personal Data via passwords and securely destroying your Personal Data when it is no longer needed for our record retention purposes.
11.4 DYZ does not accept responsibility or liability for any unauthorised access, loss, unlawful interceptions, hacking activities, installation or download of prohibited or unwanted software including but not limited to spyware, malware or virus which caused the loss of the Personal Data transmitted to or from DYZ after performance or procurement of such reasonable security procedures that are within the commercial capacity of DYZ.
12. RETENTION PRINCIPLE
DYZ in executing its responsibilities with respect to the confidentiality of Personal Data, DYZ will employ a number of safeguards, appropriate to the sensitivity of the information, to protect Personal Data against loss or theft, as well as unauthorised access, disclosure, copying, use or modification. Such safeguards will include physical measures, organisational measures and technological measures, for example locked filing cabinets, restricted access to offices, security clearances and limiting access on a “need to know” basis and use of passwords and encryption. Procedures for implementing these measures will be communicated to all DYZ's employees and third parties to ensure compliance with this principle.
13. DATA INTEGRITY PRINCIPLE
13.1 DYZ strives to maintain complete, current and accurate information about its customers. Any inaccurate information that is brought to DYZ’s attention will be corrected as quickly as possible after notification. Procedures will be maintained to ensure that any reported inaccuracies are promptly and effectively handled and that customers’ information remains as accurate, current and complete as possible;
13.2 You are obliged to provide your Personal Data to DYZ. Failure to provide a complete and correct information to DYZ as required in the website or Terms and Conditions may result in your registration with DYZ be declined and the offers and services to be provided in consequential.
14. ACCESS PRINCIPLE
14.1 Any person dealing with DYZ can have access to his or her Personal Data that DYZ has in its possession or control and may request that his or her Personal Data be amended for purposes of accuracy and completeness subject to such written request or notification be provided to DYZ;
14.2 Under such circumstances, you may request to access or request for a copy of your Personal Data that held by us or to request to update or rectify the accuracy of your Personal Data which may subject to a minimal administrative fee to cover the costs involved in processing your request to access to your Personal Data;
14.3 You may also opt to rectify or update your previous Personal Data that has been registered and/or collected by DYZ by editing your profile on the “Settings” page on the website. However please take note that you may not delete information that has been associated with any past transactions.
15. SENSITIVE PERSONAL DATA
15.1 DYZ does not collect and process any Sensitive Personal Data in its ordinary course of business;
15.2 If need arises, DYZ will obtain explicit consent from you before it collects and processes any Sensitive Personal Data;
15.3 DYZ may process Sensitive Personal Data without your consent only in limited circumstances as permitted by law, if any.
16. OUR WEBSITE (TO BE READ WITH OUR TERMS AND CONDITIONS)
16.1 DYZ provides products and services via our dedicated website(s). When you visit our website the web servers will generally record anonymous information such as the time, date and URL of the request. This information assists DYZ to improve the structure of its website(s) and monitor the performance. From time to time DYZ may also use third parties to analyse this anonymous information;
16.2 As mandatory in the usage of the DYZ’s websites, DYZ may require standard information such as login ID, password, Personal Data for verification purposes, contact details and/or identification information. This information is necessary for DYZ to provide the products and services you are subscribing for. You are required to maintain your secrecy of own login ID and password enabling the access to the DYZs website(s). It is strongly stressed that DYZ will not be able to secure the Personal Data if you choose to reveal your own login ID and password to anyone and as such, is not liable for any breach or leakage of Personal Data.
17. YOUR IP ADDRESS(ES), COOKIES AND OTHER CAPTURES
17.1 DYZ may collects Internet Protocol (IP) addresses. IP addresses are assigned to computers on the internet to uniquely identify them within the network. DYZ also collects and manages IP addresses as part of the service of providing internet session management, if any and for security purposes;
17.2 DYZ’s website(s) may transmit to your computer a feature known as ‘cookies’. It is a package of data that allows DYZ’s server to identify and interact more effectively with your computer instead of having to spend more time on identifying each user and/or visitor, thereby also providing additional login convenience. However, you are at your liberty or choice to configure, personalise the web browser to refuse, reject or even delete such cookies;
17.3 DYZ may also collect and/or record the information that your browser sends whenever you visit our website including but not limited to browser type, webpage that you were visiting before you came to our website, the pages that within DYZ you visit, time spent on these pages, items and information searched for on our website, access times and dates and other statistics which are not specifically mentioned herein;
17.4 The computer data and/or information other than Personal Data as mentioned aforesaid may be collected for analysis and evaluation in order to assist to improve the website, services and products we provide and will not be used in association with any other Personal Data.
18. INTEREST BASED ADVERTISING (IBD)
DYZ may collect and process your Personal Data and/or anonymous information about the web browsing activity of a customer internet-enabled device and use that information to associate your browser with one or more pre-defined interest categories. This enables DYZ to provide advertisements to you that are tailored to your interests. IBD is a way of making the advertisements on the websites you visit more relevant to you. It makes the advertising more relevant to you for your convenience and interest.
19. CONTACT METHOD
We are committed to protect the Personal Data of all customers and/or users. If you have any questions in relation to this PDP Policy and/or wish to withdraw your consent, access or modify the Personal Data that we have collected or processed or complaints pertaining to this PDP Policy, please contact us with the following method and we will respond to such request promptly or within three (3) working days either through email or any other methods available.