Last Reviewed: 1 July 2020
Who are ‘we’?
When we talk about “we” (or “our” or “us”), we mean Bellroy Pty Ltd and all its wholly owned subsidiaries. We are based in Australia but we supply goods all over the world.
For European Union data protection purposes, when we act as a controller in relation to your personal data, Samuel Giles is our representative in the European Union. You can contact him at firstname.lastname@example.org or email@example.com.
What is ‘Personal Data’?
We treat any data that could directly or indirectly identify you (or your family or your personal device over time and across services) as “Personal Data”. This includes information like your name, address, telephone number and your email address but in some cases it may include less obviously identifying information, like your IP Address (see below).
What data do we collect?
When you visit bellroy.com or buy Bellroy products online, we collect different types of Personal Data about you and your use of our website. We treat this information as falling into three categories: Customer Information, Usage Data and your IP Address.
Customer Information is the information you explicitly provide to us when you make an online purchase, sign up to receive our newsletters or other communications, or participate in any program or competition which requires you to complete a form on our website. This includes:
- Your name
- Your email address
- Your shipping and/or billing address
- Your payment information
- What products you purchased
Usage Data is general information about how you interact with our website or other services, such as:
- which pages you visited on our website
- how you came to the website (for example, by clicking on a link in a newsletter or from an advertisement)
- which buttons or links you clicked
- whether you have been to the website before
- geolocation data (that is, where you are located in the world - country/city)
- inferences that we may draw about you from the usage data we collect
Whenever you visit a website (including bellroy.com), the computer from which the web pages are served (i.e. our web server) needs to know your computer’s public network address so that it can send the pages you request to your browser. The public network address associated with your computer is called its “public IP Address” and is sent automatically each time you access any website. From a computer’s IP Address, it is usually possible to determine the general geographic location of that computer but often not the specific computer and if multiple people use the computer not the specific user (although if your IP Address is unique to you and is published somewhere or if you later identify yourself while using the same IP Address, it is possible that IP Address could identify you).
In many jurisdictions (including California, the EU and Australia), your IP Address is considered to be personal data, and we treat it accordingly.
How we collect data
Information you provide to us directly: When you shop with us online, we will ask you to provide personal data (such as your name and address) so we can fill your order. We may also ask you to provide personal data when you sign up for a newsletter, respond to a job application or an offer, join us on social media, take part in surveys or contact us for help. If you don’t want to provide personal data, you don’t have to, but it might limit your ability to do certain things on the website.
Information we collect automatically: When you visit bellroy.com or shop with us online, we collect some information about you automatically, including Usage Data.
How we store data
We store backups of some data, including order details (which will include Customer Information) on our servers in Australia. We use appropriate technical and organisational measures to protect the personal data that we collect and process. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data, including using 256-bit SSL (secure sockets layer) encryption technology to protect your Personal Data when you purchase from our online store. Bellroy also complies with the Australian Privacy Principles in relation to the proper use and storage of personal data.
How we use data
Where we collect your personal data, we’ll only process it:
- to fill orders placed by you, or
- where we have legitimate interests to process the personal data and our interests are not overridden by your rights, or
- in accordance with a legal obligation, or
- where we have your explicit consent.
The main reason we use your personal data is to fill orders and to manage our relationship with you (for example, dealing with questions about products, returns and warranty claims).
We also use personal data for other purposes, including:
To communicate with you: this may include providing you with information you’ve requested or that we’re required to provide to you, that relates to changes to our website or policies, marketing communications in accordance with your preferences or to invite you to provide feedback or to take part in research we are conducting.
To support you: this may include dealing with any questions you have about our products, dealing with warranty claims or any issues relating to our goods or services.
To improve our website: we use Usage Data to help us understand the online behaviour of our customers, which helps us to focus our marketing activities and improve the services we provide. Using web analytics on our website enables us to measure, collect, analyse and report on Usage Data for the purposes of understanding and optimising customers’ experiences on our website. We try to ensure that all Usage Data is pseudonymised (i.e. we cannot trace the Usage Data back to an identifiable specific person - in other words, you - either at all or without considerable effort) unless we have your consent.
Geographical location information contained in Usage Data also enables us to tailor your experience on our website by displaying different content based on your location, such as providing content in your preferred language (where possible), showing local currency and pricing, and showing relevant advertising. Again, geographical location information is pseudonymised unless we have your consent, which you gave when you either clicked the “cookie consent” banner or continued to use the site.
To protect you (and us): we use Customer Information and your IP Address to detect and prevent fraudulent activity when you want to make a purchase from us.
To market to you: we use Usage Data for remarketing (sometimes called retargeting) to better target our ads to interested customers. After you have visited our website, you (or another user of your computer) may see Bellroy ads on certain participating third party websites, such as on the Google Display Network and Facebook. This will only occur if you have consented to us using cookies by either clicking on the “cookie consent” banner or continuing to use the site. You can also opt out of targeted advertising: see http://www.aboutads.info/choices or http://www.youronlinechoices.com.
To analyse, aggregate and report: we may use the personal data we collect about you and other users of our website to produce aggregated and pseudonymised analytics and reports, which we may share with third parties.
How we can share your personal data (and how we don’t)
There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:
- handle payments securely (PayPal Inc and Braintree Payment Solutions LLC)
- fulfil your orders (FedEx, DHL, Australia Post, and third parties in our supply chain)
- send you newsletters or other updates, that you have signed up to receive (for example, Klaviyo)
- send you information relating to your purchases
- pay commissions to affiliates where you came to our site from a link they shared with you
- target advertising (for example, Google, Facebook and Klaviyo)
- protect you and us against fraud (for example, MaxMind)
Over the past 12 months, we have disclosed personal information to third parties for the following purposes (note that not all of these will apply to everyone):
- Fulfilling orders and collecting payment
- Improving our advertising analytics
- Detecting security breaches or potentially fraudulent or malicious activity
- Participating in affiliate programs
- Targeting advertising
- Sending out special offers (generally or to specific consumers)
- Obtaining information about how visitors use our website
- Collecting and collating financial and accounting data
- Providing customer support
There also may be times when we are legally required to disclose personal data, such as to regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws and regulations, or to exercise our legal rights.
We only share your Customer Information with third parties where it is either necessary to enable online transactions (such as PayPal) or where you have consented to receive direct marketing material (such as Klaviyo).
Your personal data is never disclosed to third parties for remarketing or retargeting purposes by third parties, and most importantly:
- Bellroy never sells its email lists or customer information.
International data transfers
When we do transfer data, we will make sure that there are safeguards in place to protect your personal data.
For individuals in the European Union (EU), this means that your personal data will be transferred outside of the EU. EU personal data will only be transferred to countries that have been identified as providing adequate protection for EU data (such as New Zealand) or to a third party where we have approved transfer mechanisms in place – this means that we have either entered into an appropriate Data Processing Agreement or by ensuring that the entity has appropriate data protection in place, including where the entity is Privacy Shield certified (for US-based third parties).
How long we retain your personal data depends on what it is, what we need it for (for example, keeping track of your warranty rights) and whether we are legally required to keep it (for example, for tax). Once we no longer need to retain it, we will make sure your personal data is deleted or pseudonymised.
Your personal data belongs to you, and you have the right to:
- know what personal data we hold about you
- make sure that all personal data is correct and up-to-date
- ask us to correct any personal data
- object to our continued processing of your personal data
If you no longer wish to receive any online communications, just let us know by clicking the ‘unsubscribe’ link at the bottom of any marketing communication we send you.
You can notify us if you no longer wish us to process your personal data, but note that if you do so, this may mean that we can no longer provide our services to you.
How to contact us
Bellroy Pty Ltd
5 Theatre Place
and we will respond to your request within one month. You also have the right to complain to your local Data Protection Authority about the collection and use of your Personal Data.
If you are in California: you can email us at firstname.lastname@example.org and we will respond within 45 days.
If you are in the rest of the world: you can email us at email@example.com and we will respond within 60 days.
If you have any general questions, complaints or concerns about how we manage your personal data, please contact us by emailing firstname.lastname@example.org.
Changes to this Policy