Privacy policy

At Gumnut, we are committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. This Privacy Policy explains how we collect, use, and protect your personal information when you visit or use our website, gumnut.com.au (the "Website"), purchase our products, or interact with us in any other way. Please read this policy carefully before using the Website or submitting any personal information.

By using the Website www.gumnut.com.au (the “Site” or “we”), you are accepting the practices described in this Privacy Policy. These practices may be changed, but any changes will be posted and changes will only apply to activities and information on a going forward, not retroactive basis. You are encouraged to review the Privacy Policy whenever you visit the site to make sure that you understand how any personal information you provide will be used.

In Australia, we are bound by Australian privacy legislation which includes the Australian Privacy Principles (or APP's) in the Privacy Act 1988 (Cth). Personal information is defined in the Privacy Act 1988 (Cth) and means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Collecting Personal Information

We collect information from you when ie. (but not limited to) you visit and/or register on our site, place an order, subscribe to a newsletter, respond to a survey, fill out a form, contact us via another email or other means, or enter information on our site, or when you provide us with feedback on our products or services.

In this Privacy Policy, we refer to any information about an identifiable individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.

User information of unused accounts is automatically removed 1 year after the last login. This does not apply to Newsletter subscribers, though. If you subscribed to our Newsletter, your email address will remain stored in our mailing list until you actively unsubscribe, even if other user data was removed because you didn’t log in to our website for more than 1 year. If a user asks to remove all stored personal data, we will do so immediately.

We may use your personal information for the following purposes:

To process and fulfill your orders
To communicate with you regarding your orders, account, or customer service inquiries
To personalise and improve your experience on the Website
To send you marketing communications, including newsletters, promotions, and other updates, if you have opted in to receive them
To conduct research and analyse Website usage and trends
To protect the security and integrity of our Website and business
As otherwise required by law or legal process

Device information

Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
Source of collection: collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
Disclosure for a business purpose: shared with our processor Shopify.
Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.

Order information

Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
Source of collection: collected from you.
Disclosure for a business purpose: shared with our processor Shopify, where applicable Paypal, StarshipIT, Cin7.
Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers, Paypal), email address, and phone number.

Customer support information

Purpose of collection: to provide customer support.
Source of collection: collected from you
Disclosure for a business purpose: Shopify, Gmail

Sharing Personal Information

We may share your Personal Information with third parties under the following circumstances:

With service providers who assist us in fulfilling your orders, processing payments, or providing other services on our behalf
In response to a court order, subpoena, or other legal processes
To protect our rights, property, or safety or the rights, property, or safety of others
In connection with a sale, merger, or other business transfer involving Gumnut

We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.

We will not sell or rent your personal information to third parties for their marketing purposes without your explicit consent.

Behavioural Advertising

As described above, we may use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

We, along with third-party vendors such as Google use first-party cookies (such as Google Analytics cookies) and third-party cookies (such as the DoubleClick and Google Analytics Advertising cookies) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad services functions as they relate to our website. Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt-out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out browser add-on.
We may use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
We may share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We may collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).
We may use Shopify Audiences to help us show ads on other websites with our advertising partners to buyers who made purchases with other Shopify merchants and who may also be interested in what we have to offer. We may also share information about your use of the Site, your purchases, and the email address associated with your purchases with Shopify Audiences, through which other Shopify merchants may make offers you may be interested in.

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by:

FACEBOOK - https://www.facebook.com/settings/?tab=ads

GOOGLE - https://www.google.com/settings/ads/anonymous

BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads]

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: https://optout.aboutads.info/.

Using Personal Information

We may use the information we collect from you when you register, make a purchase, sign up for our Newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

To process orders and invoice them correctly.

To send purchased orders, we need information as required by postal services (name, address, email, tel.no., etc.).

To send information regarding orders and additional information related to your product and/or service.

To quickly process your transactions.

To send information, respond to inquiries, and/or other requests or questions.

To send out Newsletters, only to persons who explicitly register for our Newsletter.

To personalise your experience and to allow us to deliver the type of content and product offerings in which you are most interested.

To improve our website in order to better serve you and get an insight on the audience we reach on our website.

To allow us to better respond to your customer service requests.

To administer a contest, promotion, survey, or other site feature.

To ask for ratings and reviews of services or products.

To follow up after correspondence (live chat, email, or phone enquiries).

Lawful basis

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:

Your consent;
The performance of the contract between you and the Site;
Compliance with our legal obligations;
To protect your vital interests;
To perform a task carried out in the public interest;
For our legitimate interests, which do not override your fundamental rights and freedoms.

Retention

When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights' section below.

Automatic decision-making

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We DO NOT engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processor Shopify may use limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

Temporary blacklist of IP addresses associated with repeated failed transactions. This blacklist persists for a small number of hours.
Temporary blacklist of credit cards associated with blacklisted IP addresses. This blacklist persists for a small number of days.

Your rights

GDPR

In addition to the rights set out in previous paragraphs, the General Data Protection Regulation 2016/679 (“GDPR”) provides individuals within the European Union and the European Economic Area with enhanced rights in respect of their personal data. These rights may include, depending on the circumstances surrounding the processing of personal data (and except as limited under applicable law):

Right of Access: the right to be informed of and request access to the personal data we process about you;
Right to Rectification: the right to request that we amend or update your personal data where it is inaccurate or incomplete;
Right to Erasure: the right to request that we delete your personal data;
Right to Restrict: the right to request that we temporarily or permanently stop processing all or some of your personal data;
Right to Object:

the right, at any time, to object to us processing your personal data on grounds relating to your particular situation;
the right to object to your personal data being processed for direct marketing purposes;

Right to Data Portability: the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service; and
Right not to be subject to Automated Decision-making: the right to not be subject to a decision based solely on automated decision-making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.

Note that we may need to request additional information from you to validate a request relating to the exercise of any of the rights above.

For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.

Cookies

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We may use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance, whether it’s their first time visiting or if they are frequent visitors.

We use the following cookies to optimize your experience on our Site and to provide our services.

Cookies Necessary for the Functioning of the Store

Name	Function	Duration
_ab	Used in connection with access to admin.	2y
_secure_session_id	Used to track a user's session through the multi-step checkout process and keep their order, payment, and shipping details connected.	24h
_shopify_country	For shops where pricing currency/country is set from GeoIP, that cookie stores the country we've detected. This cookie helps avoid doing GeoIP lookups after the first request.	session
_shopify_m	Used for managing customer privacy settings.	1y
_shopify_tm	Used for managing customer privacy settings.	30min
_shopify_tw	Used for managing customer privacy settings.	2w
_storefront_u	Used to facilitate updating customer account information.	1min
_tracking_consent	Used to store a user's preferences if a merchant has set up privacy rules in the visitor's region.	1y
_cmp_a	Used for managing customer privacy settings.	1d
c	Used in connection with checkout.	1y
cart	Used in connection with shopping cart.	2w
cart_currency	Set after checkout is completed to ensure that new carts are in the same currency as the last checkout.	2w
cart_sig	A hash of the contents of a cart. This is used to verify the integrity of the cart and to ensure the performance of some cart operations.	2w
cart_ts	Used in connection with checkout.	2w
cart_ver	Used in connection with shopping cart.	2w
checkout	Used in connection with checkout.	4w
checkout_token	Used in connection with checkout.	1y
dynamic_checkout_shown_on_cart	Used in connection with checkout.	30min
hide_shopify_pay_for_checkout	Used in connection with checkout.	session
keep_alive	Used in connection with buyer localization.	2w
master_device_id	Used in connection with merchant login.	2y
previous_step	Used in connection with checkout.	1y
discount_code	Used in connection with checkout.	session
remember_me	Used in connection with checkout.	1y
secure_customer_sig	Used to identify a user after they sign into a shop as a customer so they do not need to log in again.	1y
shopify_pay	Used in connection with checkout.	1y
shopify_pay_redirect	Used in connection with checkout.	1 hour, 3w or 1y depending on value
shop_pay_accelerated	Used in connection with checkout.	1y
source_name	Used in combination with mobile apps to provide custom checkout behavior, when viewing a store from within a compatible mobile app.	session
storefront_digest	Stores a digest of the storefront password, allowing merchants to preview their storefront while it's password protected.	2y
tracked_start_checkout	Used in connection with checkout.	1y
checkout_session_lookup	Used in connection with checkout.	3w
checkout_prefill	Used in connection with checkout.	5m
checkout_queue_token	Used in connection with checkout.	1y
checkout_queue_checkout_token	Used in connection with checkout.	1y
checkout_session_token	Used in connection with checkout.	3w
checkout_session_token_<<token>>	Used in connection with checkout.	3w
identity-state	Used in connection with customer authentication	24h
identity-state-<<token>>	Used in connection with customer authentication	24h
identity_customer_account_number	Used in connection with customer authentication	12w
card_update_verification_id	Used in connection with checkout.	20m
customer_account_new_login	Used in connection with customer authentication	20m
customer_account_preview	Used in connection with customer authentication	7d
customer_payment_method	Used in connection with checkout.	1h
customer_shop_pay_agreement	Used in connection with checkout.	20m
pay_update_intent_id	Used in connection with checkout.	20m
localization	Used in connection with checkout.	2w
profile_preview_token	Used in connection with checkout.	5m
login_with_shop_finalize	Used in connection with customer authentication	5m
preview_theme	Used in connection with the theme editor	session
Shopify-editor-unconfirmed-settings	Used in connection with the theme editor	16h

Reporting and Analytics

Name	Function	Duration
_landing_page	Track landing pages.	2w
_orig_referrer	Track landing pages.	2w
_s	Shopify analytics.	30min
_shopify_d	Shopify analytics.	session
_shopify_fs	Shopify analytics.	30min
_shopify_s	Shopify analytics.	30min
_shopify_sa_p	Shopify analytics relating to marketing & referrals.	30min
_shopify_sa_t	Shopify analytics relating to marketing & referrals.	30min
_shopify_y	Shopify analytics.	1y
_y	Shopify analytics.	1y
_shopify_evids	Shopify analytics.	session
_shopify_ga	Shopify and Google Analytics.	session
customer_auth_provider	Shopify analytics.	session
customer_auth_session_created_at	Shopify analytics.	session

Additional Third Party Reporting, Analytics and Advertising

Third-Party	Description	Privacy Policy
Google Analytics	We may use Google Analytics to help measure how users interact with our websites.	https://policies.google.com/privacy
Facebook Connect	We may use Facebook Connect to allow visitors to our website to interact with and share content via Facebook’s social media platform.	https://www.facebook.com/policy.php
Facebook Pixel	We may use Facebook Pixel to help measure how users interact with our websites.	https://www.facebook.com/privacy/explanation
Google Tag Manager	We may use Google Tag Manager to help manage analytics vendors.	https://policies.google.com/privacy
Facebook Custom Audiences	We may use Facebook Custom Audiences to deliver targeted advertisements to individuals who visit our websites.	https://www.facebook.com/policy.php
Google	We may use Google Ads to deliver targeted advertisements to individuals who visit our websites.	https://policies.google.com/privacy

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. More information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org or www.cookiesandyou.com.

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.

Do Not Track

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

How do we protect your information?

We take appropriate security measures to protect your personal information from unauthorised access, disclosure, alteration, or destruction. These measures include the use of Secure Socket Layer (SSL) encryption, firewalls, and access controls. However, please be aware that no security measures can guarantee absolute protection, and we cannot ensure or warrant the security of any information you transmit to us.
All payment transactions are processed through a gateway provider and are not stored or processed on our servers. We don’t store transaction details like bank or credit card info. Depending on the country you reside in and the platform that you use, we may use these transaction service providers and their payment gateways: Stripe, and Paypal. Should a data breach occur, we commit to taking responsive action. All stored users will be notified via email within 3 business days. We will also notify everyone via in-site notification within 3 business days.

Changes

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be posted on this page and the date of the last update will be indicated at the top of the policy. Your continued use of the Website after any changes have been posted constitutes your acceptance of the revised Privacy Policy.

By using the Website, you signify your acceptance of this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Website. Your continued use of the Website following the posting of changes to this Privacy Policy will be deemed your acceptance of those changes.

Third-Party Websites

Our Website may contain links to third-party websites, which are not governed by this Privacy Policy. We are not responsible for the privacy practices or the content of these external websites. We encourage you to review the privacy policies of any third-party websites you visit.

Children’s Privacy

Our Website is not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently received personal information from a child under the age of 13, we will delete such information from our records.

Contact

After reviewing this policy, if you have additional questions, want more information about our privacy practices, or would like to make a complaint, please contact us by e-mail at info{at}gumnut.com.au

Complaints

As noted above, if you would like to make a complaint, please contact us by e-mail or by mail using the details provided under “Contact” above.

If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority. You can contact your local data protection authority, or our supervisory authority here:

The Office of the Australian Information Commissioner (OAIC)

https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us

Last updated: 31/03/2023