Privacy Policy

This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or otherwise collected by us, offline or online, including through this website and the DNA app (Site).

In this Privacy Policy weus or our means DNA Men Nexus Pty Limited ABN 11 159 058 796 (DNA).

When we collect, store and use your personal information, we do so in accordance with the rules set down in the Australian Privacy Act 1988 (Privacy Act) and by the European Union General Data Protection Regulation (EU) 2016/679 (the GDPR).

 

Personal information

The types of personal information or personal data we may collect about you include:

  • your name
  • your contact details, including email address, mailing address, street address and/or telephone number;
  • your age and/or date of birth;
  • your credit card details;
  • your demographic information, such as postcode;
  • your preferences and/or opinions;
  • information you provide to us through customer surveys;
  • details of products and services we have provided to you and/or that you have enquired about, and our response to you;
  • your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
  • information about your access and use of our Site, including through the use of Internet cookies, your communications with our Site, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
  • additional personal information that you provide to us, directly or indirectly, through your use of our Site, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; and
  • any other personal information requested by us and/or provided by you or a third party.

We may collect these types of personal information directly from you or from third parties.

Collection and use of personal information

We may collect, hold, use and disclose personal information for the following purposes:

  • to enable you to access and use our Site, associated applications and associated social media platforms;
  • to contact and communicate with you;
  • for internal record keeping and administrative purposes;
  • for analytics, market research and business development, including to operate and improve our Site, associated applications and associated social media platforms;
  • to run competitions and/or offer additional benefits to you;
  • for advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you;
  • to comply with our legal obligations and resolve any disputes that we may have; and
  • to consider your employment application.

Who on our team has access

Members of our team have access to the information you provide us. For example, both Administrators and DNAstore Managers can access:

  • Order information like what was purchased, when it was purchased and where it should be sent, and
  • Customer information like your name, email address, and billing and shipping information.

Our team members have access to this information to help fulfil orders, process refunds and support you.

Disclosure of personal information to third parties

We may disclose personal information to:

  • third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;
  • our employees, contractors and/or related entities;
  • our existing or potential agents or business partners;
  • payment systems operators;
  • sponsors or promoters of any competition we run;
  • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
  • credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
  • third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you. This may include parties located, or that store data, outside of Australia; and
  • third parties to collect and process data, such as Google Analytics or other relevant businesses. This may include parties that store data outside of Australia.

Where we disclose your personal information to third parties, including data processors, we will request that the third party handle your personal information in accordance with this Privacy Policy. The third party will only process your personal information in accordance with written instructions from us and we require that the third party either complies with the privacy shield principles set out in the GDPR or another mechanism set out by applicable EU & Swiss data protection laws for the transfer and processing of personal information. When we refer to ‘processing’ in this clause and this Privacy Policy in general, we mean any operation or set of operations which is performed on personal information, whether or not by automated means, such as collecting, recording, organising, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available personal information.

Please note that we use the following third parties to process your personal information:

  • Amazon;
  • Eventbrite;
  • FreshWorks;
  • Google Analytics;
  • Guardian Mail;
  • Jetpack;
  • MailChimp;
  • Pocketmags;
  • and, Stripe.

By providing us with personal information, you consent to the disclosure of your personal information to third parties who reside outside Australia and, if you are a European Union (EU) citizen, to third parties that reside outside the EU. Where the disclosure of your personal information is solely subject to Australian privacy laws (and not subject to the GDPR), you acknowledge that we are not required to ensure that those third parties comply with Australian privacy laws.

Amazon

Our Amazon store is DNA Magazine. If you purchase from our Amazon store, Amazon will release the following information to us in order for your order to be fulfilled:-

  • Name
  • Email
  • Address
  • Phone
  • City/State/Zip
  • Unique payment identifier

You can view the Amazon (AU) privacy policy here.

DNAnews and other Email Newsletters and Communications

We use MailChimp for email subscribers to this Website and for DNAstore and Subscription Management. You can view the MailChimp privacy policy here, and they have a Knowledge Base post specific to GDPR here. We do not sell the emails collected or give them away to any 3rd party. We will only use the emails for DNA newsletters; DNA marketing or promotional materials. You can unsubscribe at any time, and we will make certain to delete your data from our MailChimp dashboard.

DNA Website Blog Comments

We use Disqus for comments on the DNA website. You can view the Disqus privacy policy here, and they have a Knowledge Base post specific to GDPR here. You can remove your account from Disqus at any time, but Disqus does not delete your comments from the DNA blog. We will have to clean up by querying the wordpress database manually as at the time of this privacy policy we are unaware of any DGPR compliant plugin.

DNA subscriptions

We use WooCommerce (Memberships and Subscriptions) for subscriptions to DNA magazine. You can cancel your membership at anytime, but this will not automatically delete your account login from our Website. We will manually remove your account when cancelled or requested. All Personal Data collected during the financial transaction is not stored by this Website and it handled by Stripe (Stripe Elements). You can view the Stripe privacy policy here.

DNA website membership

We use WooCommerce (Memberships and Subscriptions) for registrations to the DNA website. You can cancel your membership at anytime, but this will not automatically delete your account login from our Website. We will manually remove your account when cancelled or requested. You can view the WooCommerce privacy policy here.

DNAstore

We use WooCommerce for processing purchases made through DNAstore.  You can cancel your account at anytime, but this will not automatically delete your account login from our Website. We will manually remove your account when cancelled or requested. This Website does not store Personal Data collected during the financial transaction (if any) and it handled by Stripe (Stripe Elements). Information shared with Stripe to process payments includes:

  • Name
  • Email
  • Address
  • Phone
  • City/State/Zip
  • Unique payment identifier
  • Payment provider identifier

When using the Stripe payment gateway, you are not sharing your credit card information either with us, or  WooCommerce.

You can view the WooCommerce privacy policy here and the Stripe privacy policy here.

DNAsupport

We use FreshWorks (FreshDesk, FreshCaller and FreshChat) for all DNAsupport interactions with you. We will manually remove your details when cancelled or requested. You can view the FreshWorks  privacy policy here.

DNA mailing procurement

We use Guardian Mail Services for the mail processing and fulfilment of DNA monthly print subscriptions. You can view the Guardian Mail privacy policy here. Information shared with Guardian Mail to fulfil subscription mailing each month includes:

  • Name
  • Shipping Address
  • DNA subscriber number

DNA App, Digital and Online Editions

We use Pocketmags (Jellyfish Connect Ltd) for all DNA Digital and Online Edition interactions with you. You can view the Pocketmags privacy policy here.

Jetpack

We use Jetpack (part of Automattic) to back-up, secure and provide the additional features, listed below, to the Site. You can view the Automattic  privacy policy here.

– Activity Log

  • Data Used: To deliver this functionality and record activities around site management, the following information is captured: user email address, user role, user login, user display name, WordPress.com and local user IDs, the activity to be recorded, the WordPress.com-connected site ID of the site on which the activity takes place, the site’s Jetpack version, and the timestamp of the activity. Some activities may also include the actor’s IP address (login attempts, for example) and user agent.
  • Activity Tracked: Login attempts/actions, post and page update and publish actions, comment/pingback submission and management actions, plugin and theme management actions, widget updates, user management actions, and the modification of other various site settings and options. Retention duration of activity data depends on the site’s plan and activity type. See the complete list of currently-recorded activities (along with retention information).
  • Data Synced: Successful and failed login attempts, which will include the actor’s IP address and user agent.

– Infinite Scroll

  • Data Used: In order to record page views via WordPress.com Stats (which must be enabled for page view tracking here to work) with additional loads, the following information is used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code.
  • Activity Tracked: Page views will be tracked with each additional load (i.e. when you scroll down to the bottom of the page and a new set of posts loads automatically). If the site owner has enabled Google Analytics to work with this feature, a page view event will also be sent to the appropriate Google Analytics account with each additional load.

– Jetpack Comments

  • Data Used: Commenter’s name, email address, and site URL (if provided via the comment form), timestamp, and IP address. Additionally, a jetpack.wordpress.com IFrame receives the following data: WordPress.com blog ID attached to the site, ID of the post on which the comment is being submitted, commenter’s local user ID (if available), commenter’s local username (if available), commenter’s site URL (if available), MD5 hash of the commenter’s email address (if available), and the comment content. Akismet (also owned by Automattic) is enabled on the site, the following information is sent to the service for the sole purpose of spam checking: commenter’s name, email address, site URL, IP address, and user agent.
  • Activity Tracked: The comment author’s name, email address, and site URL (if provided during the comment submission) are stored in cookies. Learn more about these cookies.
  • Data Synced: All data and metadata (see above) associated with comments. This includes the status of the comment and whether or not it was classified as spam by Akismet.

– Protect

  • Data Used: In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.
  • Activity Tracked: Failed login attempts (these include IP address and user agent). We also set a cookie (jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.
  • Data Synced: Failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.

– Subscriptions

  • Data Used: To initiate and process subscriptions, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed). In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (REQUEST_URI and DOCUMENT_URI). This server data used for the exclusive purpose of monitoring and preventing abuse and spam.
  • Activity Tracked: Functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.

– Video Hosting

  • Data Used: For video play tracking via WordPress.com Stats, the following information is used: viewer’s IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. If Google Analytics is enabled, video play events will be sent there, as well.
  • Activity Tracked: Video plays.

– WooCommerce Services

  • Data Used: For payments with PayPal or Stripe: purchase total, currency, billing information. For taxes: the value of goods in the cart, value of shipping, destination address. For checkout rates: destination address, purchased product IDs, dimensions, weight, and quantities. For shipping labels: customer’s name, address as well as the dimensions, weight, and quantities of purchased products.
  • Data Synced: For payments, we send the purchase total, currency and customer’s billing information to the respective payment processor. Please see the respective third party’s privacy policy (Stripe’s Privacy Policy and PayPal’s Privacy Policy) for more details. For automated taxes we send the value of goods in the cart, the value of shipping, and the destination address to TaxJar. Please see TaxJar’s Privacy Policy for details about how they handle this information. For checkout rates we send the destination ZIP/postal code and purchased product dimensions, weight and quantities to USPS or Canada Post, depending on the service used. For shipping labels we send the customer’s name, address as well as the dimensions, weight, and quantities of purchased products to EasyPost. We also store the purchased shipping labels on our server to make it easy to reprint them and handle support requests.

– WordPress.com Secure Sign On

  • Data Used: User ID (local site and WordPress.com), role (e.g. administrator), email address, username and display name. Additionally, for activity tracking (see below): IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code.
  • Activity Tracked: The following usage events are recorded: starting the login process, completing the login process, failing the login process, successfully being redirected after login, and failing to be redirected after login. Several functionality cookies are also set, and these are detailed explicitly in our Cookie documentation.
  • Data Synced: The user ID and role of any user who successfully signed in via this feature.

– WordPress.com Stats

  • Data Used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature.
  • Activity Tracked: Post and page views, video plays (if videos are hosted by WordPress.com), outbound link clicks, referring URLs and search engine terms, and country. When this module is enabled, Jetpack also tracks performance on each page load that includes the Javascript file used for tracking stats. This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that our plugin and code is not causing performance issues. This includes the tracking of page load times and resource loading duration (image files, Javascript files, CSS files, etc.). The site owner has the ability to force this feature to honour DNT settings of visitors. By default, DNT is currently not honoured.

Data retention

We will keep personal data only for as long as we need it to maintain our relationship with our contacts, provide them with the products, services or information they have requested, to inform our research into the preferences of our customers /clients, to comply with the law, and to ensure we do not communicate with individuals that have asked us not to. When we no longer need the information, we will dispose of it securely, using specialist companies to do this work for us if necessary. Further details can be found in our Retention Policy which is available on request.

How we treat personal information that is also sensitive information

Sensitive information is a sub-set of personal information that is given a higher level of protection under the Australian Privacy Principles. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation, sexual practices or sex life, criminal records, health information or biometric information.

Provided you consent, your sensitive information may only be used and disclosed for purposes relating to the primary purpose for which the sensitive information was collected.

Sensitive information may also be used or disclosed if required or authorised by law.

 

Our responsibilities as a ‘controller’ under the GDPR

Controllers are defined by the GDPR as natural or legal persons, a public authority, agency or other body to which personal information or personal data has been disclosed, whether via a third party or not, and who determines the purposes and means of processing personal information. We are a controller under the GDPR as we collect, use and store your personal information to enable us to provide you with our goods and/or services.

As a controller, we have certain obligations under the GDPR when collecting, storing and using the personal information of EU citizens. If you are an EU citizen, your personal data will:

  • be processed lawfully, fairly and in a transparent manner by us;
  • only be collected for the specific purposes we have identified in the ‘collection and use of personal information’ clause above and personal information will not be further processed in a manner that is incompatible with the purposes we have identified;
  • be collected in a way that is adequate, relevant and limited to what is necessary in relation to the purpose for which the personal information is processed;
  • be kept up to date, where it is possible and within our control to do so (please let us know if you would like us to correct any of your personal information);
  • be kept in a form which permits us to identify you, but only for so long as necessary for the purposes for which the personal data was collected;
  • be processed securely and in a way that protects against unauthorised or unlawful processing and against accidental loss, destruction or damage.

We also apply these principles to the way we collect, store and use the personal information of our Australian customers or clients.

Specifically, we have the following measures in place, in accordance with the GDPR:

  • Data protection policies:We have internal policies in place which set out where and how we collect personal information, how it is stored and where it goes after we get it, in order to protect your personal information.
  • Right to ask us to erase your personal information:You may ask us to erase personal information we hold about you.
  • Right to ask us to restrict data processing:You may ask us to limit the processing of your personal information where you believe that the personal information we hold about you is wrong (to give us enough time to verify if the information needs to be changed), or where processing data is unlawful and you request us to restrict the processing of personal information rather than it being erased.
  • Notification of data breaches:We will comply with the GDPR in respect of any data breach.

 

Our responsibilities as a ‘processor’ under the GDPR

Where we are a processor, we have contracts containing certain prescribed terms in our contracts with controllers. Depending on circumstances, we can be a controller or processor or controller and processor. In addition to:

  • our contractual obligations with controllers (where we are solely a processor); and
  • our legal obligations under the GDPR as a controller (where we are both a controller and processor) as a processor we also have the following responsibilities under the GDPR:
    • not to use a sub-processor without the prior written authorisation of the data controller;
    • to co-operate with supervisory authorities;
    • to ensure the security of its processing;
    • to keep records of processing activities;
    • to notify any personal data breaches to the data controller; and
    • to employ a data protection officer and appoint (in writing) a representative within the European Union if required by the GDPR. (These are not required for the company at the present time).

 

Your rights and controlling your personal information

Choice and consent

Please read this Privacy Policy carefully. By providing personal information to us, you consent to us collecting, holding, using and disclosing your personal information in accordance with this Privacy Policy. If you are under 16 years of age, you must have; and warrant to the extent permitted by law to us that you have, your parent or legal guardian’s permission to access and use the Site and they (your parents or guardian) have consented to you providing us with your personal information. You do not have to provide personal information to us, however, if you do not, it may affect your use of this Site or the products and/or services offered on or through it.

Information from third parties

If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Restrict

You may choose to restrict the collection or use of your personal information.  If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict how we process your personal information, we will let you know how the restriction affects your use of our Site or products and services.

Access and data portability

You may request details of the personal information that we hold about you.  You may request a copy of the personal information we hold about you. We will provide this information in an easily readable machine format of our choosing. A reasonable fee may be charged when a request is manifestly unfounded, excessive or repetitive. This fee will be based on the administrative cost of providing the information. We may refuse to grant excessive, unfounded or repetitive requests, in which case, we will explain why we are refusing to comply and inform you of your right to appeal to our supervisory authority. You may request that we erase the personal information we hold about you at any time. You may also request that we transfer this personal information to another third party (data portability).

Correction

If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.

Complaints

If you believe that we have breached the Australian Privacy Principles or an article of the GDPR and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact the Office of the Australian Information Commissioner if you wish to make a complaint.

Unsubscribe

To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures such as encryption of personal information, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

We cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that the personal information we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

Cookies and web beacons

We may use cookies on our Site from time to time. Cookies are text files placed in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do allow third parties, such as Google and Facebook, to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our Site with personal information, this information may be linked to the data stored in the cookie.

We may use web beacons on our Site from time to time. Web beacons (also known as Clear GIFs) are small pieces of code placed on a web page to monitor the visitor’s behaviour and collect data about the visitor’s viewing of a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.

We may use Google Analytics to collect and process data. To find out how Google uses data when you use third party websites or applications, please see www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time.

Links to other websites

Our Site may contain links to other websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Amendments

This Privacy Policy may change from time to time. In the case of significant changes we will endeavour to notify you, where possible, for example via an email address registered with us. Sending of this email will constitute notification and all changes will be apparent immediately unless otherwise stated.

 

For any questions or notices, please contact our Privacy Officer at:

  • DNA Men Nexus Pty Limited ABN 11 159 058 796
  • Email: DNAsupport@DNAmagazine.com.au
  • Postal Address: PO Box 503, BAULKHAM HILLS NSW 1775, AUSTRALIA

Last update: 24 May 2018

 

DNA is Australia's best-selling magazine for gay men. Every month, you'll find great feature stories, celebrity profiles, pop culture reviews and sensational photography of some of the world's sexiest male models in our fashion stories. DNA was launched in Australia in 2000 and is available worldwide in Print (in newsagents and bookstores throughout Australia, New Zealand, Canada, USA, UK and Europe) and Digital (through DNAstore, Pocketmags, iTunes, Amazon Kindle, Windows and Google Play).

Copyright © 2018 DNA Magazine.

To Top
0

Your Cart