In this regard, the Company guarantees compliance with current regulation on the protection of personal data by the General Data Protection Regulation (EU) 2016/679 (GDPR), applying from 25th of May 2018 with the guideline of the Office of the Australian Information Commissioner (OAIC).
IDENTITY OF DATA CONTROLLER
Controller – Calleija Jewellers
ABN – 34 375 002 265
Address – Shop 102, Level One, Marina Mirage, 74 Seaworld Dr, Main Beach 4217 QLD (Australia)
Contact Number – +61 (0) 7 5528 3666
Email – [email protected]
IDENTITY OF CONTROLLER’S EU REPRESENTATIVE
Representative – by Data
ABN – 33 420 814 429
Postal Address – PO Box 42034 Branch Office 2, Valencia 46017 (Spain)
Email – [email protected]
Website – www.bydata.eu
IDENTITY OF DATA PROTECTION OFFICER (DPO)
DPO – by Data
ABN – 33 420 814 429
Postal Address – PO Box 785 Upper Coomera QLD 4209 (Australia)
Email – [email protected]
Website – www.bydata.eu
WHAT PERSONAL DATA DO WE COLLECT?
Within the framework of the different data processing on activities carried out by the Company, the following types of personal data are collected:
Identification Data: includes Name, Middle Name and Surnames, Photo ID number or equivalent, Address and Postal Address, Telephone Numbers, Signature, Electronic Signature, Email Address, Social Data, Registration, Image / Voice and other contact information.
Personal and Social Data: includes Marital Status, Date and Place of Birth, Age, Anniversary, Gender, Nationality, Mother Tongue, Physical Characteristics, Properties and Housing, Properties, Hobbies and Lifestyle, Clubs and Associations, Licenses and Permits.
Academic and Professional Data: includes Training, Degrees, Certificates and other Studies carried out, Professional Experience, Belonging to Professional Colleges.
Commercial and Marketing Data: includes your preferences in receiving Marketing from us and Third Parties (external partners) and your preferences when receiving Communications, Activities and Businesses, Subscriptions to Publications or Media, and Commercial Licenses.
Geolocation and location tracking data, only for employees and subcontractors.
Technical Data: includes Internet Protocol (IP) Address, your Login Data, data about your Browser Type and Version, Time Zone setting, Browser Plug-in Types and Versions, Operating System and Platform and other Technology on the devices you use to access this website.
Economic, Financial and Insurance Data: Income, Investments, Heritage, Credits, Loans, Guarantees, Compensation, Banking, Payroll, Superannuation or Retirement Plans, Tax, Tax Deductions, Insurance, Subsidies, Benefits, Credit or Debit Cards.
Minors Data: Personal data when the person is under 16 years old.
Security Data: includes Closed Circuit Television (CCTV) recordings within our stores for Safety and Security purposes.
Profile Data: includes purchases made by you, your Interests, Service preferences, Feedback and Survey responses.
Aggregated Data: When you visit this website, we may also collect, use, store and share Aggregated, Anonymised Statistical or Demographic data (as cookies). Aggregated Data may be derived from your Personal Data but is not considered Personal Data in law as it cannot directly or indirectly reveal your identity.
Data relating to criminal convictions and offences, only for employees and subcontractors.
FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA?
Your personal data is processed for the following purposes:
Clients and Customers: carry out the management of the sale of goods and services, billing, accounting, collections, defaults, offers, enquiries, quotes and contracts, customer service, contact and business relations.
Potential Clients: to offer business opportunities, receive specialised advice and / or free diagnosis by Calleija staff. With your consent, receive communications about news, offers and services related to the Company or our sector that may be of interest through the newsletter.
Web Users: To improve the services offered by this website and analyse navigation. The Company collects Aggregated Data (non-identifying data) obtained using cookies that are downloaded to your computer when you browse the website whose characteristics and purpose are detailed in the Cookies Policy.
Newsletter Form Users: Calleija Blog or Newsletter with articles and news related to the Company and Jewellery Industry.
Suppliers: Carry out purchasing management, accounting, payments, delivery note and order management, contact and business relations with providers of goods and services.
Contact Form Users: Respond to requests for information that arrive through this form, as well as maintain a business contact initiated in the interest in our services.
Social Network Users: If you become a follower of Calleija on social networks, the Company can inform you of its activities, products or services, as well as for any other purpose that the regulations of social networks allow.
The data categories included above, as well as by those conditions of use, privacy policies and access regulations that belong to the social network that comes in each case, and you have previously accepted. You can check the privacy policies of our social networks in these links:
In no case the Company will use the profiles of followers in social networks to send advertising individually.
LAWFULNESS OF DATA PROCESSING
Your personal data processing is lawful for any of the following applies:
You have given your consent to the processing of your personal data for one or more specific purposes;
It is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
It is necessary for compliance with a legal obligation to which the Controller is subject;
It is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where the Data Subject is a child (under 16 years of age).
PRINCIPLES APPLIED IN DATA PROCESSING
In the processing of your personal data, the Company will apply the following Principles that conform to the requirements of the General Data Protection Regulation (GDPR):
Principle of Lawfulness, Fairness and Transparency: The Company will always require the consent for the processing of your personal data that may be for one or several specific purposes on which he will previously inform you with absolute transparency.
Principle of Data Minimisation and Accuracy: The Company will request only the data strictly necessary for the purpose or the purposes that request them.
Principle of Limitation of the Storage Period: The data will be kept for the time strictly necessary for the purpose or purposes of the processing. The Company will inform you of the corresponding conservation period according to the purpose. In the case of subscriptions, the Company will periodically review the lists and delete those inactive records for a considerable time.
Principle of Integrity and Confidentiality: Your data will be processed in such a way that your security, confidentiality and integrity is guaranteed. You should know that the Company takes the necessary precautions to prevent unauthorised access or improper use of their users’ data by third parties.
HOW DO WE COLLECT YOUR PERSONAL DATA?
We use different methods to collect data from and about you:
Personal interactions. You, an agent acting on your behalf or a holder of parental responsibility over the child, may give us your Personal Data when you:
Purchase or arrange any of our products or services from us;
Visit any of our establishments or make any enquiry in ;
Contact us by post or phone call;
Attend any event we host;
By a third party, contractors or subcontractors on our behalf;
Apply for a job with us.
Electronic interactions. You, an agent acting on your behalf or a holder of parental responsibility over the child, may give us your Personal Data when you:
Fill our online Contact Form;
Purchase or arrange any of our products or services from us via our website;
Contact us via email, enter an online promotion, survey or feedback;
Subscribe to our Newsletter and direct marketing;
Follow us in our Social Media
WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
When you connect to www.calleija.com or send an email to Calleija, subscribe to our Newsletter or fill in our Online Contact Form, you are providing personal information of an identifying nature for which the Company is responsible.
To fulfill the purposes described above, when you interact with the Company, your personal data can be shared with:
Other companies in the Group of undertakings and branches acting as joint Controllers or Processors;
Professional advisers acting as Processors or joint Controllers including lawyers, bankers, consultants, security providers, auditors and insurers who provide consultancy, banking, legal, security, insurance and accounting services;
Service providers acting as processors who provide IT and system administration services on our behalf.
Approved printing contractors for sending of our printed material
When you attend our private events and parties, your image may be photographed or filmed for Calleija networks and social media, and by local, state or national media, as well as collaborating marketing and advertising entities.
The following Clouding companies:
580 Fifth Avenue, Suite 400, New York, NY 10036 – Telephone +61 7 3053 5590
New York City, USA
developed by Atlassian – www.atlassian.com
GOOGLE DRIVE (Google Company)
Menlo Park, CA, United States – Telephone +1 6502530000
CYBERSOURCE (VISA Company)
Foster City, CA, United States
CAMPAIGN MONTIOR (EMAIL marketing)
San Francisco, CA, United States
We require all third parties to respect the security of your Personal Data and to process it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
INTERNATIONAL TRANSFERS OF YOUR DATA
Your personal data is collected directly from outside the European Economic Area (EEA)* with your consent.
(EEA*: Composed of the 27 EU Member States plus Norway, Iceland and Lichtenstein).
We will share your Personal Data within the Company Group. As our head office is based in Australia, we ensure your Personal Data is protected by requiring all our Group companies and branches to follow the same rules and security procedures when processing your Personal Data.
Many of our external third parties are based outside the EEA so their processing of your Personal Data will involve a transfer of data outside the EEA.
Whenever we transfer your Personal Data to third parties which are based outside the EEA, we ensure a similar degree of protection is afforded to the data by ensuring at least one of the following safeguards is implemented:
Certain non-EEA countries to which we will transfer your Personal Data have already been deemed by the European Commission to provide an adequate level of protection. Our office in United Kingdom (UK) is included by the European Commission;
As all our establishments are located outside of the EEA, we collect and process your personal data because:
You have explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for you due to the absence of an adequacy decision and appropriate safeguards;
The transfer is necessary for the performance of a contract between you and the Controller, or the implementation of pre-contractual measures taken at your request;
The transfer is necessary for the conclusion or performance of a contract concluded in your interest between the Controller and another natural or legal person;
The transfer is necessary for the establishment, exercise or defence of legal claims;
Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
HOW LONG DO WE KEEP YOUR DATA?
Your personal data is processed during the following deadlines:
The period established by law, or
Until you exercise the right of Erasure, or
The period necessary for the purposes for which we collected your personal data, including for the purposes of satisfying any legal, accounting, or reporting requirements.
The data will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that could be derived from said purpose and the data processing, in accordance with the regulations set forth above, in addition to the periods established in the archives and documentation regulations that may apply.
WHICH ARE YOUR RIGHTS?
The Rights that assist you are the following:
Access. Right to request information from the Company. This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
Rectification. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Erasure (‘right to be forgotten’), This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to Object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law.
Note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Restriction. This enables you to ask us to suspend the processing of your Personal Data in the following situations:
If you want us to establish the data’s accuracy;
Where our use of the data is unlawful, but you do not want us to erase it;
Where you need us to hold the data even if we no longer require it because you need it to establish, exercise or defend legal claims; or
You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
Portability. The right to request that the Company will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to information which was originally collected electronically and which you either consented to us using or was used to perform a contract with you.
Object. Right of a person to object to the processing of their personal data or the cessation of these. You also have the right to object where we are processing your Personal Data for direct marketing purposes (and you will always be able to opt-out via the “unsubscribe” link on an email from us). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Not be Subject to Automated individual decision-making. Right not to be subject to a decision based solely on automated processing, including profiling, that has legal effects on it or significantly affects it in a similar way
The maximum period for the resolution of the application is 30 days from receipt, it can be extended for a maximum of 2 months whenever necessary.
To exercise your rights, you must send an email to [email protected] or by post to PO Box 883 Main Beach, Queensland, 4217 (Australia).
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to access your Personal Data or to exercise any of the other rights. However, we may charge a reasonable fee (considering the administrative costs of providing the information) if we consider your request to be unfounded, repetitive or excessive. Alternatively, in these circumstances, we may refuse to comply with your request, but we will provide you with a full explanation of this at the time.
You may withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
RIGHT TO EFFECTIVE JUDICIAL PROTECTION
You have the right to lodge a complaint with a Supervisory Authority.
You may submit a complaint if you do not receive a response to your request for the execution of your rights or if you consider that the processing of your personal data breaks the law, and it could affect your rights and freedoms.
Australian residents can submit a complaint to the Office of the Australian Information Commissioner (OAIC) www.oaic.gov.au
United Kingdom (UK) residents can submit a complaint to the Information Commissioner’s Office (ICO) www.ico.org.uk
EU residents and all affected parties can submit a complaint to the Spanish Agency for Data Protection (AEPD) www.aepd.es, as it is the EU Supervisory Authority chosen by the Company for data protection issues.
FAIL PROVIDING YOUR PERSONAL DATA
Where we need to collect Personal Data by law, or under the terms of a contract that we have with you, and you fail to provide truthful and accurate information when requested, we may not be able to perform the contract that we have or are trying to enter with you. In these circumstances, we have the right to cancel or refuse our services, but we will notify you if this is the case at the time.
FURTHER DATA PROCESSING FOR DIFFERENT PURPOSE
The Company will not process your personal data for a different purpose that was collected for.
However, in case that the Company has the intention to use your personal data for another purpose, we will contact you, prior of further processing, to provide the information on that other purpose and with any relevant further information.
SECURITY OF YOUR PERSONAL DATA
To protect your personal data, the Company takes all reasonable precautions and follows the best technical and organisational practices to avoid loss, misuse, unauthorised access, disclosure, alteration or destruction of your personal data.
This website is hosted by Italics Bold. The security of your data is guaranteed since they take all the necessary security measures for it. For more information check www.italicsbolt.com.au
CONTENTS OF OTHER WEB SITES
The pages of this website may include embedded content (for example, videos, images, articles, etc.) and links to other websites.
We use a CCTV system in our locals and establishments to protect our staff, property and assets so if you visit us on any of our establishments you will be recorded and informed through approved signals notifying you of your entry in the recording area.
All your images and videos records are secure, and we will not share any image or video records to a third party if it’s not for a legal purpose required by Justice or Police Force.
Your image will be kept for a period of 30 days, exceptions will apply under law enforcement purposes.
You can ask about our full CCTV Policy by contacting us.
LINKS TO OTHER WEBSITES
Our website may contain links to and from third parties’ websites.
The personal data that you provide through these websites is not subject to this privacy notice and the processing of your personal data by those websites is not our responsibility.
Those websites have their own privacy policies which will set out how your personal information is collected and processed when visiting those sites.
ACCEPTANCE AND CONSENT
These policies will be in effect until they are modified by others duly published.
Last update on 8th May 2023