Here at Mahiya we believe that your privacy is important. As an Australian company, we are subject to the Australian Privacy Principles (APP) as set out in the Privacy Act 1988 (Cth). If you are from the European Union, then the European Data Protection Regulation (GDPR) may also apply to how we handle your information.
Information that we collect
We may collect your personal information in the course of providing our products to you. We collect your personal information when you lodge an order with us via our website (or other means of lodging an order).
We may also collect your personal information when you visit our website through tracking software. This may provide us information on what parts of our website you visit and how often you do so. We keep this information so we can understand what you like about Mahiya and to help us better understand our customers.
You may also provide us personal information if you sign up with us, for example if you sign up to a mailing list. We use this information to provide you information about what products Mahiya offers from time to time.
If you place an order with Mahiya we may also collect your payment details and we will retain your purchase and payment history.
How your information is stored
We ensure that all personal information is securely stored and take steps to ensure that your personal information is not compromised.
We may share your information with other companies, some of which may be located overseas. If we do so we ensure that we only share your information where it is in accordance with the APPs.
In order to process a transaction with us your information will need to be handled by third parties, such as a bank. They receive the information you provide in order to verify the transaction so that your order can be processed.
Cookies and tracking
Cookies are a way of tracking your interactions with our website, such as when you visit the site, how long you spent browsing and so on.
Many browsers may automatically accept cookies but you should be able to change this in your preferences menu. If you disable cookies, you may not be able to use or access some aspects of Mahiya’s website.
How is your personal information shared
We may disclose your personal information, depending on how you interact with us, for example:
- The card issuing bank to confirm payment for products purchased on our website.
- Delivery providers (such as DHL, FedEx etc) so that your order can be delivered to you.
- Business partners or other organisations we engage to provide services or carry out activities on our behalf.
- Our legal, financial or other advisers.
- Where required to do so by law, for example if a request is made by a government agency.
- If our business were subject to a sale and disclosure was made as part of that process.
Personal information is generally retained within Australia.
We maintain appropriate physical, electronic and procedural safeguards to ensure your personal information is kept secure.
Access your personal information
You can access the personal information we retain about you by contacting us at firstname.lastname@example.org If we are unable to provide you with all the personal information we hold then we will tell you why.
If you wish to complain about how we deal with your personal information then you may contact our Privacy Officer on email@example.com
By contacting our Privacy Officer you may also update the information we hold, opt out of direct marketing or ask about accessing your personal information.
If there is a cost involved in accessing and retrieving your personal information you will be informed of these costs before proceeding.
General Data Protection Regulations
If you are a citizen of the European Economic Area (EEA) then information collected by Mahiya may be required to comply with the European Data Protection Regulation (GDPR). Many obligations contained in the GDPR have equivalent obligations under the Australian Privacy Principles.
If you have any queries in relation to how your data is handled, please contact our data protection officer at firstname.lastname@example.org.
If you an individual in the EEA, we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases will vary depending on the service provided. This means we collect and use your information only where:
- We need it to process your order on Mahiya’s website;
- There is a legitimate interest in collection of your data which is not outweighed by your interests in protection of your data;
- You have given us consent; or
- Your data is required to comply with a legal obligation.
If you object to Mahiya’s use of your personal data it may mean you are unable to place an order with us.
EEA residents have the following rights that they may exercise by notifying the Mahiya data protection officer:
- Right to erasure – You may have the right to erasure of your personal information under Article 17 of the GDPR. If you notify Mahiya of a request under Article 17 then we will respond within one month confirming if your data has been erased. We may not comply with such a request if the right to erasure does not apply, for example if there is a legal obligation to retain the data.
- Right to data portability – You may be entitled to request a copy of the personal data held by Mahiya. If you make such a request, we will deliver the data to you in a structured, commonly used and machine-readable format. Once you have a copy of this data Mahiya will not place any restriction on your use of that data. You may also request that Mahiya transfers your data directly to another party, if it is technically feasible to do so.
- Right to object – You may ask Mahiya to cease processing your personal data. You have the absolute right to object to the processing of personal data if it is for direct marketing purposes. There are other basis upon which you can object to your data being processed however there may also be circumstances where Mahiya will continue to process your personal data, such as if it relates to legal action.
By using Mahiya you consent to the transfer of your personal data to Australia where the website and relevant computer services are hosted. Data held in Australia is protected by the APPs. If your data is then transferred to another country then Mahiya will ensure that any such transfer is not in breach of the GDPR and appropriate protections are in place.
Where Mahiya engages an external data processor we take steps to ensure that the data processor implements appropriate technical and organisational measures to ensure compliance with the GDPR and protect your rights in relation to your data.
You may withdraw your consent to the use of your data at any time. You can do so by contacting our data protection officer.