About the Top Shelf Group Privacy Policy
The Privacy Act 1988 requires entities bound by the Australian Privacy Principles to have a privacy policy. This privacy policy outlines the personal information handling practices of Top Shelf International Holdings Ltd (ABN 22 164 175 535) and its related bodies corporate (Top Shelf Group).
This policy is written in simple language. It describes how Top Shelf Group collects, holds uses and discloses information about an identified individual or an individual who is reasonably identifiable. The specific legal obligations of Top Shelf Group when collecting and handling your personal information are outlined in the Privacy Act 1988 and in particular in the Australian Privacy Principles found in that Act.
We will update this privacy policy when our information handling practices change. Updates will be publicised on our website and through our email lists.
We will update this privacy policy when our information handling practices change. Updates will be publicised on our website and through our email lists.
Overview
We collect, hold, use and disclose personal information that is reasonably necessary for our business functions and activities. These activities include:
• development, manufacture, sale and distribution of our products;
• manufacture of products for third parties;
• developing, marketing plans and activating those plans;
• event sponsorship and management;
• carrying out our legitimate business purposes;
• employment and entering into contracts with individuals;
• communicating with the public; and
• compliance with Commonwealth, State and Territory regulatory requirements.
Collection of your personal information
At all times we try to only collect the information we need for the particular business function or activity we are carrying out. The main way we collect information about you is when you give it to us. Examples of the ways we collect personal information include:
• when you provide information by phone, email, or online;
• through orders for products, creation of an account or an application for shares or a position with
us;
• when you communicate with us on-line;
• when you are accessing one of our sites;
• when you participate in promotions, competitions, events; surveys or focus groups;
• when you become a member of clubs or loyalty programs promoted by us;
• from third parties such as your and our representatives, our related bodies corporate, our service
providers and those that undertake promotional activities on our behalf;
• from public sources;
• from records of interactions and activity relating to us, e.g. online activity information as described below, CCTV footage, call recordings and logs relating to our IT facilities; and
• from building on information we already hold, e.g. through analysis and review.
We may also collect information about you when we investigate or review a complaint or if you participate in a committee, product development group or in meetings and consultations with us. We may also collect personal information about you by accessing data from other sources and then analysing that data. This may include cross referencing that data with the information we already hold about you in order to learn more about your likely preferences and interests.
Kinds of personal information we collect
The kinds of personal information we collect and hold include:
• your personal details such as your name, addresses, telephone numbers, date of birth, ageand gender;
• what, how and when you buy from us or have expressed an interest in buying from us;
• your stated or likely preferences, for example whether you may be interested in particular
products or promotions;
• information about gift recipients in order to allow us to fulfil the gift purchase, which information
about gift recipients is not used for marketing purposes;
• whether you have taken up some of our offerings, such as membership of our clubs and loyalty
programs, and our mobile applications;
• your customer reference number or loyalty card number;
• any rewards and redemption details applicable to your membership of our loyalty programs; and
• whether you have a connection with others whose personal information we may collect or hold,for
example family members who may be linked to your loyalty program membership;
• any bank account details and payments, e.g. when orders are placed or paid for online;
• human resources information, e.g. job applications, background checks, performance, conduct,
training, drug/alcohol checks and use of IT; and
• for investors, information relating to your application or shareholding, e.g. information about the
number of shares you hold or seek, any power of attorney, proxy or corporate representative appointed by you, your shareholder reference number or holder identification number and your tax file number if you choose to provide it.
Sometimes we may collect sensitive information. For example, this information may be collected for the purposes of determining any public or product liability issues involving you, when you make a complaint about us or when you are accessing one of our manufacturing facilities. This information might include information about your health, racial or ethnic origin, political opinions, association memberships, religious beliefs, sexual orientation, criminal history, genetic or biometric information. such as information about your health and medical history.
Collecting through our websites
We operate websites for Top Shelf Group companies and brands including https://nedwhisky.com.au/, https://grainshaker.com.au and https://www.topshelfgroup.com.au/. There are a number of ways in which we collect information through our websites.
Web analytics
We use WordPress, Webflow and Google Analytics to collect data about your interaction with our website. The sole purpose of collecting your data in this way is to improve your experience when using our site. The types of data we collect with these tools include:
• your device’s IP address (collected and stored in an anonymized format)
• device screen size
• device type, operating system and browser information
• geographic location (city)
• referring domain and out link if applicable
• search terms and pages visited on our website
• date and time when pages were accessed on our website
If your web browser has Do Not Track enabled, our programs will not track your visit.
Our analytics are hosted by Google. For more about how Google collects and processes data, please see Google’s privacy policy and their information at www.google.com/policies/privacy/partners/.
Cookies
Cookies are small data files transferred onto computers or devices by websites for record-keeping purposes and to enhance functionality on the website.
Most browsers allow you to choose whether to accept cookies or not. If you do not wish to have cookies placed on your computer, please set your browser preferences to reject all cookies before accessing our website.
The cookies from our website are created by WordPress, Stripe, Google or any third party plugin that enables us to serve you better. This is subject to change in accordance with the needs of business.
Embedded videos on our website
Embedded videos on our website use YouTube’s Privacy Enhanced Mode. When you play an embedded video from our website, the video and associated assets will load from the domain www.youtube-nocookie.com, and other domains associated with Google’s YouTube player. If the domain www.youtube-nocookie.com is blocked, a local version of the video will be played instead, if available. The only data we collect about this is whether you received the YouTube version or the local version. You can access the privacy policy for YouTube on its website.
Email lists, registrations and feedback
We will collect information that you provide to us when signing up to mailing lists; participating in competitions and registering for our events, or when submitting feedback on your experience with our website.
We use Mailchimp to manage our mailing lists and event registrations. You can access Mailchimp’s privacy policy here. When subscribing to one of our mailing lists, you will be asked to give your express consent that Mailchimp may use your data for analytics purposes. Analytics are performed when you click on links in the email, or when you download the images in the email. They include which emails you open, which links you click, your mail client (eg ‘Outlook 2016’ or ‘iPhone’), if your action occurred on ‘mobile’ or ‘desktop’, and the country geolocation of your IP address (the IP address itself is not stored).
We use Webflow and Wordpress to manage our website and customer accounts. When you create an online customer account personal information is also stored in WordPress. You can access WordPress’ privacy policy here. To open your account and process payments, data such as your email address, phone number, billing address, shipping address and other payment information are collected.
Social networking services
We use social networking services Facebook and Instagram to communicate with the public about our business activities and products. When you communicate with us using these services we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies. You can access the privacy policies for Facebook and Instagram on their websites.
Why we collect and disclose personal information
When we collect, hold, use and disclose your personal information, we do so primarily to sell and promote goods and services to you, to improve on the range of our offerings and to manage our business operations. For example:
• to learn of your likely preferences so that we may promote goods and services to you in a way which may be of most interest to you. This includes the products and services of our suppliers and other trusted business participants who offer products and services that may be of interest to you;
• to assist in investigating your complaints and enquiries;
• to verify your identity and personal information, and to conduct background checks where
appropriate to manage risks;
• to manage our relationships with customers, suppliers, investors, staff and other stakeholders;
• to maintain and update our records;
• for human resources purposes, including recruitment, training and workforce management and
administration;
• to protect the health, safety and security of our customers, staff, sites and assets;
• to comply with our legal obligations and exercise our legal rights, e.g. we sometimes collect
personal information pursuant to laws including the Fair Work Act, Superannuation Guarantee (Administration) Act, the Income Tax Assessment Act and other tax laws, Corporations Act, occupational health and safety acts and workers compensation acts;
• for corporate transactions such as business mergers and acquisitions, e.g. to assess or facilitate those transactions and manage the transition of the business; and
• in relation to investors, assessing applications, managing your investment and providing investor services.
Disclosure
Common situations in which we disclose information are detailed below.
Marketing of our products and services
We disclose personal information we collect for purposes which are incidental to the sale and promotion of our goods and services to you. For example, we may disclose your personal information within Top Shelf Group, to service providers who assist us in our day-to-day business operations and as part of promoting the buying or selling of businesses and brands. You may opt out of our direct marketing to you. Our direct marketing materials will tell you how to do this.
Disclosure to service providers
Top Shelf Group uses a number of service providers to whom we disclose personal information. These include providers of services relating to websites, IT, data storage, human resources, share registry, payments, investigation, insurance, information broking and research as well as professional advisers like lawyers, accountants and auditors.
We use a range of measures to help protect the personal information we disclose, e.g.:
• contracts and memoranda of understanding which require a service provider to only use or disclose information for the purposes of the contract or memorandum of understanding;
• special privacy requirements in the contract or memorandum of understanding, where necessary;
• limits on the information disclosed;
• ensuring the service provider is subject to comparable privacy laws; and/or
• ensuring the service provider has confidentiality obligations to protect the information.
Other disclosure
We may disclose your sensitive information as required by law or for other purposes which are within reasonable expectations or where permitted by law.
We may anonymise and aggregate your personal information. We may do this for use and disclosure of the anonymous data to determine preferences and shopping patterns. We share this anonymised data with our trusted partners to assist them in marketing products and services to you that are likely to be relevant to your interests and preferences.
We generally only provide the media with personal information relating to a complaint if you have agreed.
Disclosure of personal information overseas
We do not generally disclose personal information overseas.
Web traffic information is disclosed to capture Google Analytics when you visit our websites. Google stores information across multiple countries.
When you communicate with us through a social network services such as Facebook, Twitter or Instagram, the social network provider and its partners may collect and hold your personal information overseas.
Storage and security of personal information
We take steps to protect the security of the personal information we hold (in physical and electronic form) from both internal and external threats, e.g. by:
• regularly assessing the risk of misuse, interference, loss, and unauthorised access,modification or disclosure of that information
• taking measures to address those risks, for example, we keep a record (audit trail) of when someone has added, changed or deleted personal information held in our electronic databases and regularly check that staff only access those records when they need to
• conducting regular internal and external audits to assess whether we have adequatelycomplied with or implemented these measures.
We destroy personal information in a secure manner when we no longer need it.
Accessing and correcting your personal information
Under the Privacy Act (Australian Privacy Principles 12 and 13) you have the right to ask for access to personal information that we hold about you, and ask that we correct that personal information. You can ask for access or correction by contacting us and we will generally respond within 30 days. If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.
We may ask you to verify your identity before we give you access to your information or correct it, and we will try to make the process as simple as possible. If we refuse to give you access to, or correct, your personal information, we must notify you in writing setting out the reasons.
If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to.
If we refuse to correct your personal information, you can ask us to associate with it (for example, attach or link) a statement that you believe the information is incorrect and why.
You can contact us by writing to:
The Privacy Officer
Top Shelf International Group
16-18 National Boulevard Campbellfield
Victoria 3061
Via our website: [email protected]
Or
By telephone: 03 8317 9990
How to make a complaint
If you wish to complain to us about how we have handled your personal information you should complain in writing. If you need help lodging a complaint, you can contact us.
We may ask you to put your complaint in writing and to provide details about it. We may discuss your complaint with our personnel and our service providers and others as appropriate.
Our Privacy Officer or our nominee will investigate the matter and attempt to resolve it in a timelyway. We will inform you in writing about the outcome of the investigation. If your complaint is not resolved to your satisfaction and no other complaint resolution procedures are agreed or required by law, your complaint may be referred to the Privacy Commissioner for further investigation.
Last updated: October 2020
