When we collect, store and use your personal information, we do so in accordance with the rules set down in the Australian Privacy Act 1988 (Privacy Act) and by the European Union General Data Protection Regulation (EU) 2016/679 (the GDPR).
The types of personal information or personal data we may collect about you include:
- your name
- your contact details, including email address, mailing address, street address and/or telephone number;
- your age and/or date of birth;
- your credit card details;
- your demographic information, such as postcode;
- your preferences and/or opinions;
- information you provide to us through customer surveys;
- details of products and services we have provided to you and/or that you have enquired about, and our response to you;
- your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
- information about your access and use of our Site, including through the use of Internet cookies, your communications with our Site, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
- additional personal information that you provide to us, directly or indirectly, through your use of our Site, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; and
- any other personal information requested by us and/or provided by you or a third party.
We may collect these types of personal information directly from you or from third parties.
Collection and use of personal information
We may collect, hold, use and disclose personal information for the following purposes:
- to enable you to access and use our Site, associated applications and associated social media platforms;
- to contact and communicate with you;
- for internal record keeping and administrative purposes;
- for analytics, market research and business development, including to operate and improve our Site, associated applications and associated social media platforms;
- to run competitions and/or offer additional benefits to you;
- for advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you;
- to comply with our legal obligations and resolve any disputes that we may have; and
- to consider your employment application.
Who on our team has access
Members of our team have access to the information you provide us. For example, both Administrators and DNAstore Managers can access:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name, email address, and billing and shipping information.
Our team members have access to this information to help fulfil orders, process refunds and support you.
Disclosure of personal information to third parties
We may disclose personal information to:
- third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;
- our employees, contractors and/or related entities;
- our existing or potential agents or business partners;
- payment systems operators;
- sponsors or promoters of any competition we run;
- anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
- credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
- courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
- third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you. This may include parties located, or that store data, outside of Australia; and
- third parties to collect and process data, such as Google Analytics or other relevant businesses. This may include parties that store data outside of Australia.
Please note that we use the following third parties to process your personal information:
- Google Analytics;
- Guardian Mail;
- and, Stripe.
By providing us with personal information, you consent to the disclosure of your personal information to third parties who reside outside Australia and, if you are a European Union (EU) citizen, to third parties that reside outside the EU. Where the disclosure of your personal information is solely subject to Australian privacy laws (and not subject to the GDPR), you acknowledge that we are not required to ensure that those third parties comply with Australian privacy laws.
Our Amazon store is DNA Magazine. If you purchase from our Amazon store, Amazon will release the following information to us in order for your order to be fulfilled:-
- Unique payment identifier
DNA is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.au and affiliated sites.
DNAnews and other Email Newsletters and Communications
We use MailChimp for email subscribers to this Website and for DNAstore and Subscription Management. We do not sell the emails collected or give them away to any 3rd party. We will only use the emails for DNA newsletters; DNA marketing or promotional materials. You can unsubscribe at any time, and we will make certain to delete your data from our MailChimp dashboard.
DNA Website Blog Comments
We use WooCommerce (Memberships and Subscriptions) for subscriptions to DNA magazine. You can cancel your membership at anytime, but this will not automatically delete your account login from our Website. We will manually remove your account when cancelled or requested. All Personal Data collected during the financial transaction is not stored by this Website and it handled by Stripe (Stripe Elements).
DNA website membership
We use WooCommerce (Memberships and Subscriptions) for registrations to the DNA website. You can cancel your membership at anytime, but this will not automatically delete your account login from our Website. We will manually remove your account when cancelled or requested.
We use WooCommerce for processing purchases made through DNAstore. You can cancel your account at anytime, but this will not automatically delete your account login from our Website. We will manually remove your account when cancelled or requested. This Website does not store Personal Data collected during the financial transaction (if any) and it handled by Stripe (Stripe Elements). Information shared with Stripe to process payments includes:
- Unique payment identifier
- Payment provider identifier
When using the Stripe payment gateway, you are not sharing your credit card information either with us, or WooCommerce.
We use FreshWorks (FreshDesk, FreshCaller and FreshChat) for all DNAsupport interactions with you. We will manually remove your details when cancelled or requested.
DNA mailing procurement
We use Guardian Mail Services for the mail processing and fulfilment of DNA monthly print subscriptions. Information shared with Guardian Mail to fulfil subscription mailing each month includes:
- Shipping Address
- DNA subscriber number
DNA App, Digital and Online Editions
We use Pocketmags (Jellyfish Connect Ltd) for all DNA Digital and Online Edition interactions with you.
We use Jetpack (part of Automattic) to back-up, secure and provide the additional features, listed below, to the Site.
– Activity Log
- Data Used: To deliver this functionality and record activities around site management, the following information is captured: user email address, user role, user login, user display name, WordPress.com and local user IDs, the activity to be recorded, the WordPress.com-connected site ID of the site on which the activity takes place, the site’s Jetpack version, and the timestamp of the activity. Some activities may also include the actor’s IP address (login attempts, for example) and user agent.
- Activity Tracked: Login attempts/actions, post and page update and publish actions, comment/pingback submission and management actions, plugin and theme management actions, widget updates, user management actions, and the modification of other various site settings and options. Retention duration of activity data depends on the site’s plan and activity type. See the complete list of currently-recorded activities (along with retention information).
- Data Synced: Successful and failed login attempts, which will include the actor’s IP address and user agent.
– Infinite Scroll
- Data Used: In order to record page views via WordPress.com Stats (which must be enabled for page view tracking here to work) with additional loads, the following information is used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code.
- Activity Tracked: Page views will be tracked with each additional load (i.e. when you scroll down to the bottom of the page and a new set of posts loads automatically). If the site owner has enabled Google Analytics to work with this feature, a page view event will also be sent to the appropriate Google Analytics account with each additional load.
– Jetpack Comments
- Data Used: Commenter’s name, email address, and site URL (if provided via the comment form), timestamp, and IP address. Additionally, a jetpack.wordpress.com IFrame receives the following data: WordPress.com blog ID attached to the site, ID of the post on which the comment is being submitted, commenter’s local user ID (if available), commenter’s local username (if available), commenter’s site URL (if available), MD5 hash of the commenter’s email address (if available), and the comment content. Akismet (also owned by Automattic) is enabled on the site, the following information is sent to the service for the sole purpose of spam checking: commenter’s name, email address, site URL, IP address, and user agent.
- Activity Tracked: The comment author’s name, email address, and site URL (if provided during the comment submission) are stored in cookies. Learn more about these cookies.
- Data Synced: All data and metadata (see above) associated with comments. This includes the status of the comment and whether or not it was classified as spam by Akismet.
- Data Used: In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.
- Activity Tracked: Failed login attempts (these include IP address and user agent). We also set a cookie (jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.
- Data Synced: Failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.
- Data Used: To initiate and process subscriptions, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed). In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (REQUEST_URI and DOCUMENT_URI). This server data used for the exclusive purpose of monitoring and preventing abuse and spam.
- Activity Tracked: Functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.
– Video Hosting
- Data Used: For video play tracking via WordPress.com Stats, the following information is used: viewer’s IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. If Google Analytics is enabled, video play events will be sent there, as well.
- Activity Tracked: Video plays.
– WooCommerce Services
- Data Used: For payments with PayPal or Stripe: purchase total, currency, billing information. For taxes: the value of goods in the cart, value of shipping, destination address. For checkout rates: destination address, purchased product IDs, dimensions, weight, and quantities. For shipping labels: customer’s name, address as well as the dimensions, weight, and quantities of purchased products.
– WordPress.com Secure Sign On
- Data Used: User ID (local site and WordPress.com), role (e.g. administrator), email address, username and display name. Additionally, for activity tracking (see below): IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code.
- Activity Tracked: The following usage events are recorded: starting the login process, completing the login process, failing the login process, successfully being redirected after login, and failing to be redirected after login. Several functionality cookies are also set, and these are detailed explicitly in our Cookie documentation.
- Data Synced: The user ID and role of any user who successfully signed in via this feature.
– WordPress.com Stats
- Data Used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature.
We will keep personal data only for as long as we need it to maintain our relationship with our contacts, provide them with the products, services or information they have requested, to inform our research into the preferences of our customers /clients, to comply with the law, and to ensure we do not communicate with individuals that have asked us not to. When we no longer need the information, we will dispose of it securely, using specialist companies to do this work for us if necessary. Further details can be found in our Retention Policy which is available on request.
How we treat personal information that is also sensitive information
Sensitive information is a sub-set of personal information that is given a higher level of protection under the Australian Privacy Principles. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation, sexual practices or sex life, criminal records, health information or biometric information.
Provided you consent, your sensitive information may only be used and disclosed for purposes relating to the primary purpose for which the sensitive information was collected.
Sensitive information may also be used or disclosed if required or authorised by law.
Our responsibilities as a ‘controller’ under the GDPR
Controllers are defined by the GDPR as natural or legal persons, a public authority, agency or other body to which personal information or personal data has been disclosed, whether via a third party or not, and who determines the purposes and means of processing personal information. We are a controller under the GDPR as we collect, use and store your personal information to enable us to provide you with our goods and/or services.
As a controller, we have certain obligations under the GDPR when collecting, storing and using the personal information of EU citizens. If you are an EU citizen, your personal data will:
- be processed lawfully, fairly and in a transparent manner by us;
- only be collected for the specific purposes we have identified in the ‘collection and use of personal information’ clause above and personal information will not be further processed in a manner that is incompatible with the purposes we have identified;
- be collected in a way that is adequate, relevant and limited to what is necessary in relation to the purpose for which the personal information is processed;
- be kept up to date, where it is possible and within our control to do so (please let us know if you would like us to correct any of your personal information);
- be kept in a form which permits us to identify you, but only for so long as necessary for the purposes for which the personal data was collected;
- be processed securely and in a way that protects against unauthorised or unlawful processing and against accidental loss, destruction or damage.
We also apply these principles to the way we collect, store and use the personal information of our Australian customers or clients.
Specifically, we have the following measures in place, in accordance with the GDPR:
- Data protection policies:We have internal policies in place which set out where and how we collect personal information, how it is stored and where it goes after we get it, in order to protect your personal information.
- Right to ask us to erase your personal information:You may ask us to erase personal information we hold about you.
- Right to ask us to restrict data processing:You may ask us to limit the processing of your personal information where you believe that the personal information we hold about you is wrong (to give us enough time to verify if the information needs to be changed), or where processing data is unlawful and you request us to restrict the processing of personal information rather than it being erased.
- Notification of data breaches:We will comply with the GDPR in respect of any data breach.
Our responsibilities as a ‘processor’ under the GDPR
Where we are a processor, we have contracts containing certain prescribed terms in our contracts with controllers. Depending on circumstances, we can be a controller or processor or controller and processor. In addition to:
- our contractual obligations with controllers (where we are solely a processor); and
- our legal obligations under the GDPR as a controller (where we are both a controller and processor) as a processor we also have the following responsibilities under the GDPR:
- not to use a sub-processor without the prior written authorisation of the data controller;
- to co-operate with supervisory authorities;
- to ensure the security of its processing;
- to keep records of processing activities;
- to notify any personal data breaches to the data controller; and
- to employ a data protection officer and appoint (in writing) a representative within the European Union if required by the GDPR. (These are not required for the company at the present time).
Your rights and controlling your personal information
Choice and consent
Information from third parties
You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict how we process your personal information, we will let you know how the restriction affects your use of our Site or products and services.
Access and data portability
You may request details of the personal information that we hold about you. You may request a copy of the personal information we hold about you. We will provide this information in an easily readable machine format of our choosing. A reasonable fee may be charged when a request is manifestly unfounded, excessive or repetitive. This fee will be based on the administrative cost of providing the information. We may refuse to grant excessive, unfounded or repetitive requests, in which case, we will explain why we are refusing to comply and inform you of your right to appeal to our supervisory authority. You may request that we erase the personal information we hold about you at any time. You may also request that we transfer this personal information to another third party (data portability).
If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.
If you believe that we have breached the Australian Privacy Principles or an article of the GDPR and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact the Office of the Australian Information Commissioner if you wish to make a complaint.
To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.
Storage and security
We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures such as encryption of personal information, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
Cookies and web beacons
We may use web beacons on our Site from time to time. Web beacons (also known as Clear GIFs) are small pieces of code placed on a web page to monitor the visitor’s behaviour and collect data about the visitor’s viewing of a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.
We may use Google Analytics to collect and process data. To find out how Google uses data when you use third party websites or applications, please see www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time.
Links to other websites
For any questions or notices, please contact our Privacy Officer at:
- DNA Men Nexus Pty Limited ABN 11 159 058 796
- Email: DNAsupport@DNAmagazine.com.au
- Postal Address: PO Box 503, BAULKHAM HILLS NSW 1775, AUSTRALIA
We’re here to help. If you have any queries, please contact us here.
Last update: 3-Mar-19
- Freshworks Data Processing Addendum added (3-Mar-19)