PRIVACY POLICY
This is a site that cares about the privacy. safety and cybersecurity of every visitor to this site.
There’s a lot of detailed stuff below that might look pretty formal, but it’s here to reassure you that your details will be protected to the best of our ability, and we will respect your right to deal with this business in comfort and privacy. If you ever feel concerned about anything you see or experience, we’d love to hear from you so we can fix it. Use the contact page to get in touch.
The detail
Tomeandher and associated entities (known as “tomeandher”, we, us, or our) is committed to protecting the privacy of individuals’ personal information. We recognise the trust you place in us and we do everything we can to maintain that trust. Your personal information will only be used in a manner consistent with this policy.
This Privacy Policy sets out the ways in which we may collect, store, use, disclose, manage and protect your personal information in accordance with its obligations under the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) (Privacy Act).
By accessing, browsing, communicating with us, or purchasing products from us through, any website owned and/or operated by us (each a Site) or otherwise providing your information to us, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
What is personal information?
“Personal information” is information or an opinion about an identified person, or information from which a person could reasonably be identified. That is regardless of whether the information or opinion is true, and whether or not it is stored in a material or intangible/electronic form.
We do not collect “sensitive information” without your consent. When we refer to “sensitive information” we mean information about a person’s racial or ethnic origin, political opinions, religious beliefs or affiliations, philosophical beliefs, political, professional, trade association or trade union memberships, sexual orientation or practices, criminal records, or health, genetic or biometric information or templates.
Collection of personal information
From whom do we collect your personal information?
While we endeavour to only collect personal information directly from you (for example, this may occur when we contact you, enter into contracts or arrangements with you, when you attend events arranged or sponsored by us, visit our websites, when you purchase our products, when you post about us on social media or when you enter a competition), we may also collect your personal information from the following sources that you may be unaware of:
from publicly available sources and databases (for example, this may occur if it is unreasonable or impractical for us to collect the personal information directly from you, because we have provided you with a reasonable opportunity to supply personal information which we reasonably require for our activities, but you have only partially provided it, or not at all);
through statutory, regulatory and other governmental processes; and
from third parties who you have authorised to provide us with personal information (for example, agencies on our behalf or our commercial partners).
What types of personal information do we collect?
Depending on how you interact with us, we may collect the following personal information from you:
Contact details – if you contact us, we may collect details which include your name, street/postal address, email address, social media handles, and telephone number.
Visitor information, images and videos – if you visit any location managed by us including hosted events (e.g., wine and food festivals or dining functions) we may collect your abovementioned contact details, reservation details when making bookings, as well as travel details provided when you visit as a member of a tour group. From time-to-time we will collect photographs and video footage of visitors.
Customer sales information – when you purchase goods or services from us, whether in person or through our website, we may collect your abovementioned contact details, demographic and items purchased. Financial and credit card information will be retained by external providers in most cases. We may occasionally collect your credit card details or banking details in order to procure payment for goods or services you request, however such financial information will be treated in a different manner to the rest of your personal information, as detailed below.
Competition entrant details – if you enter our competitions, we may collect your abovementioned contact details.
Acquisition of other businesses – if we acquire the assets or shares of another business to whom you have disclosed your personal information, such transactions generally involve the disclosure of personal information from the vendor organisation to us, either as part of the due diligence process or as a result of a transfer of assets. In such instances, we collect the personal information held by the newly acquired business.
If you attend any of our sites, facilities or offices, we may use closed-circuit television cameras and other photographic equipment to record:
your image;
the date and time of your attendance; and
your actions whilst at the relevant site.
Unsolicited personal information
If we receive unsolicited personal information, we will assess whether we would have been entitled to collect that personal information. If we would not have been entitled to collect that personal information, we will destroy or de-identify it as soon as practicable (provided that it is lawful and reasonable to do so).
Website
We collect personal information when individuals communicate with, or purchase products from, us through our website, such as contact details, items purchased and other information you choose to provide. Payment details provided through our website are processed through Stripe, which uses secure servers to protect your information security.
When you access our website, we may receive information about you via a ‘cookie’. A cookie is a piece of information that our web server may send to your computer when you visit the website. The cookie is stored on your machine, but does not identify you or give us any information about your computer, so is not personally identifiable information under current Australia law, although it may be in other jurisdictions. A cookie helps us to recognise when you re-visit the website, and helps us to optimise your experience, troubleshoot any problems and better serve content. Through the use of sessional cookies, we collect information such as Internet Protocol ‘IP’ addresses, device IDs, MAC addresses, browser information, installed software, hardware type, access date and time, number of visitors, pages viewed, types of transactions conducted, time spent on the website and documents downloaded. We use this information to evaluate the performance and effectiveness of our website. With most internet browsers, you can erase cookies from your computer hard drive, block all cookies, or receive a warning before a cookie is stored. If you wish to do this, refer to your browser instructions or help screen to learn more.
This Privacy Policy does not apply in relation to any other websites linked to, from or associated with, our Site(s). Once you have used these links to leave our Site(s), you should note that we do not have any control over that other website and we are not responsible for the protection and privacy of any information which you provide whilst visiting such websites and such websites are not governed by this Privacy Policy. The operators of those other websites should be contacted directly for information regarding their information handling practices.
Storage and security of personal information
How do we secure your personal information?
We take all reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. We maintain physical, electronic, and procedural security measures to safeguard personal information including using appropriate computer system and network security ;
where appropriate, specifying the confidentiality of your personal information in contracts with our partners with whom we exchange information;
having contingency plans for assessing critical system functions and establishing data backup, disaster recovery and emergency mode operations;
having formal, documented policies and procedures for the receipt, storage, processing and distribution of personal information;
imposing information access controls, including policies and procedures for access to our system and the various kinds of data it contains;
having policies and procedures for internal information systems auditing;
documented system and data authorisations, security clearance policies and procedures, and security training for affected staff.
Storage of personal information
Any information that we no longer use for the purposes contained in this Privacy Policy is destroyed. The exception to this may be information required for possible data analysis at a future date, or information we are legally required or advised to hold for specific time periods. Wherever practicable subject to the above, the information will be retained in a form that does not allow you to be identified.
Transfer of information outside of Australia
Personal information may be stored and managed by systems, services and third-party platforms (including cloud-based service providers) located outside of Australia. To assists us to store and access your personal information on the Cloud, we may store your personal information with, or allow it to be accessed by, overseas third parties who provide:
software and maintenance services for the Cloud
training services in connection with using and accessing the Cloud; and
infrastructure/hardware used to access the Cloud.
As these third-party service providers are situated, and store content, offshore, your personal information may be transmitted, disclosed, stored, or accessed to/from overseas jurisdictions.
If you proceed to submit your personal information to us, you are consenting to the transmission, disclosure, storage, and access of your personal information by third parties in overseas jurisdictions. In that respect, Australian Privacy Principle 8 which ordinarily obliges us to take reasonable steps to ensure that overseas recipients of your information do not breach the Australian Privacy Principles (except Principle 1) will not apply.
Please note that if any of those overseas recipients handle your personal information in a manner which is inconsistent, or does not comply, with the Australian Privacy Principles:
to the maximum extent permitted by law, we will not be accountable under the Privacy Act for any resulting loss or damage that you may suffer;
to the maximum extent permitted by law, you will not be able to seek redress against us under the Privacy Act 1988 (Cth);
the overseas recipient may not be subject to any privacy obligations at all, or to any principles similar to the Australian Privacy Principles;
you may not be able to seek redress against the overseas recipient in their jurisdiction; and
in holding access to your personal information, the overseas recipient may be subject to foreign laws which compel their disclosure of your personal information to other parties, such as overseas government authorities.
Disclosure of personal information
We may disclose your personal information to third parties in (very) limited circumstances:
where we have sought your consent or as is otherwise allowed or required by law;
to our related companies, contractors, suppliers or service providers for the purposes of providing products and services on our behalf and performing our administration and other operations, such as payment processors, data entry service providers, marketing agencies, market researchers, mailing houses, electronic network administrators, cloud service providers, debt collectors, and, where necessary, to professional advisers, such as solicitors and accountants;
to any entity to which we propose to assign any part of our business; or
to other organisations with whom we have contractual agreements.
Use of personal information
How do we use your personal information?
We may use your personal information for the reasons we collected it and for other reasonable business purposes, which may include:
to provide our goods and administer our services, including verifying your identity, contacting you about your orders, processing deposits and payments, training our staff and testing our systems;
to develop and inform you about events, offers, promotions and our products and services;
to provide and conduct our competitions, promotions and events;
to distribute our newsletters and other communications, either ourselves or with the assistance of third-party services providers;
for customer support, including resolving and providing assistance or responding to other enquiries or requests;
for publication in articles about our functions, in newsletters or on our websites (e.g. in respect of your image);
to conduct marketing activities for our products and services, or products and services of third parties;
to conduct market and other research and analysis to improve our products, services and marketing activities, including contacting you for feedback about your experience with us;
to conduct quality audits and for risk management generally; and
to maintain records and comply with our legal obligations. For example, we use information regarding a person’s age to ensure that we do not supply alcohol to minors.
We will never sell or disclose your credit card, financial or personal information to third parties.
Do we use your personal information to conduct direct marketing?
We send to our customers and potential customers information about our products and services that we consider may be of interest. We also engage third parties to undertake those activities. These communications are sent in various forms, including mail, SMS and email. Where a person has indicated a preference in regards to a method of communication, we endeavour to use that method whenever it is practicable to do so. You can opt-out of receiving marketing communications at any time by lodging a request with our Privacy Officer (details below) or by using opt-out facilities provided in marketing communications. Once we have received your opt-out request, we will remove you from our direct marketing programs as soon as reasonably practicable. We do not trade in, rent, or sell your personal information to other parties under any circumstances.
Access and corrections of personal information
How can you access and correct your personal information?
You may request access to your personal information held by us by sending a written request to our Privacy Officer (details below). Upon receiving an access request, we may request further details from you in order to verify your identity. We reserve the right to refuse access to personal information if we cannot verify your identity to our reasonable satisfaction. This information will generally be provided in an appropriate form within 30 days, except where law allows us to refuse your request, in which case we will provide reasons why we have refused. We may charge a fee for providing access if it requires a significant amount of time to locate your information or to collate or present it in an appropriate form. This fee will be explained to you before it has been incurred. In limited circumstances, and only where it is permitted under the Privacy Act, we may not be able to provide access to information: for example, where it would have an unreasonable impact upon the privacy of others or where we believe your request is frivolous or vexatious.
We will take reasonable steps to ensure personal information we collect, and use is accurate, up-to-date and complete. Where personal information we hold about you is out-of-date, incomplete, or incorrect, please write or email use as soon as possible and we will promptly correct any information accordingly.
Miscellaneous
Dealing with us anonymously or using a pseudonym. But there are really strict liquor licensing requirements for the sale of alcohol and we are serious about that.
You can deal with us anonymously or by using a pseudonym if you choose. However, if you do so we may be unable to provide you with accurate or useful information, and you will most likely not be able to access most (if not all) of our products and services. For example, we may not be able to process your request, sell you alcoholic beverages, provide a definitive response, assess your eligibility for events, offers or promotions, or we may need to ask you further questions and require more time to respond.
This Privacy Policy may change
We may amend this Privacy Policy from time to time in order to ensure that it remains accurate in view of any alterations to our information handling practices or changed business circumstances. Any updated policy will be published on our website. Changes come into effect from the date we post the revised Privacy Policy. Please make sure you review this Privacy Policy each time you visit our website to keep up to date on any changes. In particular, by continuing to use our website after the Privacy Policy has been varied or by otherwise providing your information to us, you agree to be bound by the variation.
Privacy concerns or complaints
If you have any queries or concerns about your personal information or would like to make a privacy or personal information related complaint, please contact Jac for assistance (details below). We will treat your complaint confidentially and take all complaints seriously. We aim to ensure we contact you and that your complaint is resolved within a reasonable period of time, or the time required by the Privacy Act.
If a privacy concern or complaint is not resolved to your satisfaction, you can contact the Office of the Australian Information Commissioner.
Contacting us
Contact Jac via the Contact Page of this website if you have any concerns.
Last updated: – September 2023.