Please read this privacy policy ("Privacy Policy") which is part of CAMILLA's (and the Website’s) terms and conditions ("Terms and Conditions") carefully. Unless expressly stated to the contrary, any terms defined in the Terms and Conditions shall have the same meaning in this Privacy Policy. This Privacy Policy pertains to your access and use of the Website. The Website is used as part of CAMILLA’s eBoutique which supplies and markets direct to consumer leading high-end fashion and design pieces.

As CAMILLA is headquartered in Sydney, Australia, this Privacy Policy is intended to be compliant with the Privacy Act 1988 (Cth) (“Privacy Act”) which incorporates the Australian Privacy Principles (“APP”). In addition to the Privacy Act and the APP, this Privacy Policy considers and incorporates appropriate or relevant provisions as may be applicable in other jurisdictions in which our products are offered, including the USA, UK and countries within the EEA.

Attention: please read our Privacy Policy carefully before using the Website. Using the Website indicates that you accept and agree to be bound by this Privacy Policy in full. If you do not accept this Privacy Policy, do not use the Website. You acknowledge that (a) you have read and understood this Privacy Policy; and (b) this Privacy Policy shall have the same force and effect as a signed agreement.

You acknowledge that CAMILLA is a data controller of the personal information (which has the same meaning as ‘personal data’) you provide to us. This means that CAMILLA determines what data and information is collected and how it will be used.

Unless explicitly stated otherwise, any new features that augment or enhance the current Website shall be subject to this Privacy Policy.

Please review this Privacy Policy each time you use the Website. By using the Website, you agree to be bound by the most recent version of the Privacy Policy. If we change or update this Privacy Policy, we will let you know by showing it to you again when you access the Website or you can consult the version references located in the ultimate section of this Privacy Policy to consider whether this Privacy Policy has been updated since your last visit.

INFORMATION WE COLLECT

We collect information from you when you register for or use the Website, purchase and pay for goods or services, contact or interact with us, sign up for our newsletter or other mailing list, fill out a form, apply for a job online, and voluntarily provide us with your comments and other content in connection with using the Website.

When you register for an account on the Website, we may collect: your name, your email address, and your password.

When you place an order via the Website, we may collect: your name, address, company or business name or identifier, email address, password, telephone number, credit card number, card expiration date, cvv, and other information sufficient for our payment processors to process the transaction and provide fraud screening, information security, and compliance, other account information, and any other information that you provide while registering or placing an order.

When you submit information on our "contact us" form, we may collect: your name, email address, telephone number, and any additional information you choose to provide to us as part of your submission.

When you submit a wholesale enquiry, we may collect: your name, email address, store name, store number, website and other information about your business.

When you apply for a job through the Website, we may collect: your name, email address, telephone number, and any information you provide through your cover letter, resume or otherwise through the careers section of the Website. If you choose to apply online for a posted job on the Website, please do not include or provide any sensitive or unique identifying details known only to you (such as your GovID identifier, social security number, credit card or bank account numbers, and non-work related personal information such as eye color, marital status, etc.)

When you book a styling appointment, we may collect: your name, email address, telephone number, postal code, and any other information you provide in your request.

When you access and use the Website, we automatically collect information regarding you and your device, including your device’s internet protocol address, the domain name of your internet service provider, your location, the URL through which you reached the Website, the Website features you use and the time of your use, your mobile device information (e.g. device model and operating system version), and aggregated information that cannot be used to specifically identify you. Additional information collected is described in the analytics and cookies sections below.

We may collect information about you from third party sources. If you apply for a job through the Website, we may collect personal information in connection with a background check or employment references. The Website provides connections with Facebook, Instagram, twitter, YouTube, Pinterest and other similar platforms. Through Facebook contests, we collect your name, country and email address.

While it is not ordinary practice for CAMILLA to collect special categories of personal information (also known as sensitive information), if we do collect or process these categories of personal information we will do so for the following reasons:

• Compliance with applicable law - where the processing is required or permitted by applicable law;
• Detection and prevention of crime - where the processing is necessary for the detection or prevention of crime (including the prevention of fraud);
• Establishment, exercise or defence of legal rights - where the processing is necessary for the establishment, exercise or defence of legal rights; or
• Consent - where we have, in accordance with applicable law, obtained your express consent prior to processing your special categories of data or where this has been provided by you during the course of correspondence with us to inform us of any special delivery/assistance requirements or as part of a complaint or grievance procedure or in relation to an accident or incident which has occurred on our premises.

We may combine all of the information we collect from or about you and use it in the manner described in this Privacy Policy.

HOW WE PROCESS PERSONAL INFORMATION AND DATA

What We Use Your Personal Data For	Camilla’s Lawful Basis for processing	Camilla’s Legitimate Interests
Creating an account	Performance of a contract	n/a
Perform website personalisation	Legitimate Interests	Improving customer experience and interaction with Camilla’s sites
Perform Web Analytics	Legitimate Interests	To improve our understanding how customers use our website, where we should place different products and what to market to you
Processing your order(s)	Performance of a Contract	n/a
To undertake customer surveys, questionnaires and product reviews or market research	Legitimate Interest	To develop products and services to attract and retain customers
Communicating the status of your order(s)	Legitimate Interest	To review and improve our efficiency in the processing of purchases. To identify improvements to our service To allow us to notify you about the status of your order
Marketing communications to provide you with information relating to special offers, promotions or sales.	Consent / Legitimate Interest (depending upon the nature of the communication)	To improve customer interaction with Camilla’s sites and attract and retain customers   To promote our products to you and keep you up to date with exciting news from Camilla.

 

Changes to our services such as improvements to our website or new services that may be of interest	Legitimate Interest	To improve customer interaction with Camilla’s sites and attract and retain customers To improve our processes and services
Targeted advertisements (including online)	Consent / Legitimate Interest (depending upon the nature of the communication)	To promote our products to you To improve your experience on our site, allow you to transact with our website, and/or to allow targeted advertisements of products and services that may be of interest to you.
Subscriptions (such as to our newsletter)	Consent	n/a
Analytics, Management Information, research, demand planning and forecasting	Legitimate Interest	To help us understand shopping habits and to plan and develop our product ranges To help us plan our product supply chains and fulfilment of orders To identify new audiences and campaigns for our products, product development or services
Providing general customer service (e.g. Dealing with your general enquiries such as product or account or orders, availability of products, returns, replacements, refunds, complaints)	Performance of Contract / Legitimate Interest (depending upon the nature of the communication)	To help us manage your account To help us improve our customer service processes, products, personal shopping service and to deal with your enquiry To keep our records up to date
To fulfil any Data Subject Right Requests (e.g. to correct your data)	Legal compliance	n/a

HOW WE USE YOUR INFORMATION

We use the information that we collect for several purposes, including:

• The purposes for which you provided it;
• To provide information and services to you;
• To process and deliver your orders;
• To provide user verification services;
• To create or add to your registered account;
• To connect with your social media accounts;
• To process and respond to your enquiries and comments;
• To manage our recruiting and hiring process and employment if you are hired by CAMILLA;
• To send you information about your relationship or transactions with us;
• To improve the Website or develop new products and services;
• To personalise and enhance your experience using the Website;
• To send periodic emails. The email address you provide may be used to send you occasional company news, updates, related product or service information, marketing communications etc. Note: if at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email;
• To generate and review reports and data about our user base and Website usage patterns;
• To analyse the accuracy, effectiveness, usability or popularity of the Website;
• To compile aggregate data for internal and external business purposes;
• To facilitate payment transactions (your information will be used to submit your payment information to our payment processor);
• To display relevant advertising;
• To prevent fraud and abuse of the Website and to otherwise protect users and visitors and our business;
• To assist law enforcement and respond to subpoenas;
• To administer, operate and improve the Website and for internal business purposes; and
• To perform other business activities as needed, or as described elsewhere in this Privacy Policy.

As explained elsewhere in this Privacy Policy, personal information we collect may be processed by our partners in providing related services to the Website (such as administration services, technical services relating to the maintenance, servicing, and upgrading of software, hosting services, customer service, credit card processing services, data migration services and analytical services, among others).

HOW YOUR INFORMATION IS DISCLOSED

The information we collect may be disclosed to third parties in accordance with this Privacy Policy. Please note that you may choose not to share certain information as described in your choices regarding your information below.

Third party service providers and business partners

We may use third party service providers and business partners to perform functions in connection with the Website, such as credit card and other payment processing, email marketing, logistics, site analytics and functions related to analysing and improving the Website’s usefulness, reliability, user experience, operation, advertising, remarketing, storing data, providing users with products and services, accepting and evaluating employment applications, and as otherwise described in this Privacy Policy. We also may share your personal information for their direct marketing and promotional purposes and so they can provide services to you. Any credit card information you provide through the Website may be shared with and may be stored by our credit card processors, Shopify and Stripe, and is subject to their privacy policies, including in the case of data breach (see https://www.shopify.com/au/legal/privacy, and https://stripe.com/au/privacy for details) and our bank (National Australia Bank) and is subject to its privacy policy, including in the case of data breach (see http://www.nab.com.au/common/privacy-policy).

Some customers may pay through PayPal, Zip Pay, Klarna and Afterpay and their information will be shared with these service providers accordingly. We use remarketing pixels from Facebook and share some of your personal information with it for use in advertising.

Some other examples of third-party service providers who we currently use and who may provide services to CAMILLA and, thus, may require us to share your personal information to include (but are not limited to):

• Shopify (eCommerce platform, see https://www.shopify.com/au/legal/privacy for full privacy policy);
• IT service providers (who support our website and business systems);
• NetSuite (an ERP system where all customer data, stock ordering, inventory and sales reporting are stored, see https://www.oracle.com/legal/privacy for full privacy policies);
• Australia Post and DHL (postal delivery service providers see https://auspost.com.au/privacy for full privacy policies);
• Emarsys (marketing and communication platforms for surveys or electronic marketing messages from us as well as customer relationship management platform to collect, store and manage customer relationship data, see https://emarsys.com/privacy-policy/ for full privacy policy);
• Google Analytics (tracks website traffic, user behaviour, and engagement to provide insights for improving Website performance, see https://policies.google.com/privacy?hl=en for full privacy policy);
• Hyperspace (provides digital design and development services, see https://hyperspacehq.com/privacy-policy for full privacy policy);
• Starshipit (shipping and order fulfilment platform, see https://starshipit.com/privacy-policy for full privacy policy);
• Lightspeed (POS and payments platform, see https://www.lightspeedhq.com.au/legal/privacy-policy/ for full privacy policy);
• AWS Data Lake (a data storage and analytics service, see https://aws.amazon.com/privacy/?nc1=f_pr for full privacy policy); and
• PowerBI (a business analytics tool, see https://privacy.microsoft.com/en-gb/privacystatement for full privacy policy).

Business changes

If we become involved in a merger, acquisition, sale of assets, joint venture, securities offering, bankruptcy, reorganisation, liquidation, dissolution, or other transaction or if the ownership of all or substantially all of our business otherwise changes, we may transfer your information to a third party or parties in connection therewith.

Affiliates and Affiliate Marketing

We may also share your information with our affiliates for purposes consistent with this Privacy Policy. Our affiliates will be required to maintain that information in accordance with this Privacy Policy.

We partner with Partnerize who may collect personal information when you interact with our digital property, including IP addresses, digital identifiers, information about your web browsing and how you interact with our properties and ads for a variety of purposes, such as personalisation of offers or advertisements, analytics about how you engage with websites or ads and other commercial purposes. For more information about the collection, use, and sale of your personal data and your rights, please see https://partnerize.com/legal/privacy-statement

Investigations and law

We may disclose information about you to third parties if we believe that such disclosure is necessary to:

• Comply with the law or guidance and cooperate with government or law enforcement officials or private parties;
• Investigate, prevent or take action regarding suspected illegal activities, suspected fraud, the rights, reputation, safety, and property of us, users or others, or violations of our Terms and Conditions, our policies, or other agreements with us;
• Respond to claims and legal process (for example, subpoenas); and/or
• Protect against legal liability.

Aggregated information

We may share aggregated information relating to users of the Website with affiliated or unaffiliated third parties. This aggregated information is de-identified and does not contain personal information about any user.

Analytics

We use third-party analytics tools to better understand who is using the Website and how people are using it. These tools may use cookies and other technologies to collect information about your use of the Website and your preferences and activities. These tools collect information sent by your device or the Website and other information that assists us in improving the Website. This information may be used to, among other things, analyse and track data, determine the popularity of certain content, and better understand your online activity. We use Google analytics to better understand who is using the Website and how people are using it. Google analytics uses cookies to collect and store information such as Website pages visited, places where users click, time spent on each Website page, internet protocol address, type of operating system used, location-based data, device id, search history, and phone number. We use this information to improve the Website and as otherwise described in this Privacy Policy. Please see http://www.google.com/policies/privacy/partners/ for information about how Google analytics uses this information, and visit https://tools.google.com/dlpage/gaoptout for information about the google analytics opt-out browser add-on. Google may track your activity over time and across websites through remarketing and related services.

Cookies and other tracking technologies

We, along with third parties, use cookies, other storage, web beacons and other technologies. These technologies are used for tracking, analytics, remarketing, and personalisation and optimisation of the Website. Cookies are small files that are transferred to and stored on your computer through your web browser (if you allow it) that enable the Website’s or service provider’s system to recognise your browser and capture and remember certain information. You can instruct your browser to stop accepting cookies. But if you do not accept cookies, you may not be able to use all portions of all functionalities of the Website. By accepting cookies, you acknowledge that:

• Persistent cookies remain on your computer even after the browser has been closed;
• Session cookies exist only during your online session and disappear from your computer when you close the browser software;
• We may deliver advertisements to you. We may work with third-party advertising companies that help deliver these advertisements to you. To learn more about third-party online advertising and to opt out of certain types of advertising, please see http://www.networkadvertising.org/managing/opt_out.asp Note that clearing cookies from your browser will remove the above opt-outs because they are stored in cookies;
• Flash cookies (also known as local stored objects) are data files that can be created on your computer by the websites you visit and are a way for websites to store information for later use. Flash cookies are stored in different parts of your computer from ordinary browser cookies. You can disable the storage of flash cookies. For additional information about managing and disabling flash cookies, please visit http://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html;
• Web beacons are small strings of code that provide a method for delivering a graphic image on a web page or in an email message for the purpose of transferring data. You can disable the ability of web beacons to capture information by blocking cookies;
• We use cookies and other tracking technologies on the Website to help us understand and save your preferences and interests so we can personalise your future visits and compile aggregate data about Website traffic and Website interaction so that we can offer a better Website experience and tools in the future; and
• Some of our business partners, such as our analytics providers, remarketing providers, advertising networks, and social media connections, also use cookies, web beacons, and other tracking technologies on the Website, some of which may track users across websites and over time.

SECURITY

We implement a variety of security measures to protect the safety of your personal information when you enter, submit, or access your personal information. Please keep your account password secure to help ensure the safety of your personal information. Credit card information you provide through the Website is transmitted to our credit card processor, Braintree and tokenised so we do not retain your complete credit card number.

While we take reasonable measures to protect the information you submit via the Website against loss, theft and unauthorised use, disclosure, or modification, we cannot guarantee its absolute security. Email or other messages sent through the Website may not be secure. You should use caution whenever submitting information through the Website and take special care in deciding with which information you provide us.

We cannot guarantee that transmissions of your credit or debit card or personal information will be fully secure and that third parties will never be able to defeat our security measures or the security measures of our payment processors. We assume no liability for disclosure of your information due to transmission errors, third-party access or causes beyond our control.

Any information collected through the Website is stored and processed in Australia and the United States of America. If you use our Website outside of Australia and/or the United States of America, you consent to have your data transferred to the United States and/or Australia (as may be applicable).

DATA RETENTION POLICY, MANAGING YOUR INFORMATION

If we collect your personal information, the length of time we keep it depends on a number of factors including the purpose for which we use that personal information and our legal obligations.

As a minimum, we will store your information for as long as is reasonably necessary to provide you with the goods and services that you have requested from us, but in most cases we will retain your personal data for seven years after the date it is no longer needed by us for any of the purposes detailed in this Privacy Policy because we may need your personal information to establish, bring or defend legal claims. The exceptions to this are where:

• The law requires us to hold your personal information for a longer period, or delete it sooner;
• You exercise your right to have your personal information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
• We bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
• In limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.

At the end of the retention period, your information will either be deleted or de-identified/anonymised, (so that it can no longer identify you) for example by aggregation with other information or data so that it can be used in a non- identifiable way for research or statistical purposes and business planning, in which case we may use this information indefinitely without further notice to you as it will not be personal data.

LINKS TO OTHER WEBSITES OR APPLICATIONS

This Privacy Policy applies only to the Website. The Website may contain links to other websites or apps or may forward users to other websites or apps that we may not own or operate and to which this Privacy Policy does not apply. The links from the Website do not imply that we endorse or have reviewed these websites or apps. The policies and procedures we describe here do not apply to these websites or apps. We neither can control nor are responsible for the privacy practices or content of these websites or apps. We suggest contacting these websites or app providers directly for information on their privacy policies. Nonetheless, we seek to protect the integrity of the Website, and welcome any feedback about these linked websites and mobile applications.

YOUR CHOICES REGARDING YOUR INFORMATION

You have choices regarding the use of information by the Website.

Changing your information

To change your information, you may login to your account’s control panel and go to the dashboard page. If you are unable to log into your account, please contact us at online@camilla.com.au.

Closing your account

You may close your account by contacting us at online@camilla.com.au. If the email account associated with your email address is not active, we may close your account without notice.

Information collected from other websites and mobile applications and do not track policy

Your browser or device may offer you a "do not track" option, which allows you to signal to operators of websites, web applications, mobile applications and services (including behavioural advertising services) that you do not wish such operators to track certain aspects of your online activities over time and/or across different websites or applications. Unless otherwise state, our Website does not support do not track requests at this time, which means that we or our analytics providers or other third parties with which we are working may collect information about your online activity both during and after your use of the Website. However, you may elect not to accept cookies by changing the designated settings on your web browser or, where available, by referring to the relevant section of the Website. If you do not accept cookies, you may not be able to use certain function and feature of the Website.

CHILDREN

The Website is not intended for use by children (being, individuals who are under the age of 13).

We do not knowingly collect personal information from an individual under age 13. If you are under the age of 13, please do not submit any personal information through the Website. If you have reason to believe that we may have accidentally received personal information from an individual under age 13, please contact us immediately at online@camilla.com.au.

TERMS & CONDITIONS

Please also visit the CAMILLA Website Terms & Conditions which state the terms, disclaimers, and limitations of liability governing your use of the Website.

USA MAINLAND USERS

Section 1798.83 of the California Civil Code permits California residents to request from a business, with whom the California resident has an established business relationship, certain information about the types of personal information the business has shared with third parties for those third parties’ direct marketing purposes and the names and addresses of the third parties with whom the business has shared such information during the immediately preceding calendar year. You may make one request each year by emailing us at online@camilla.com.au or writing to us at CAMILLA, 13 Bowden Street, Alexandria, NSW 2015 Australia.

Separately, under the California Consumer Privacy Act (CCPA), if you reside in California, you have a right of knowledge, access and deletion of your personal information. You also have a right to opt-out of the sale of your personal information and (along with residents of Nevada) a right not to be discriminated against for exercising your privacy rights.

If you would like to opt-out of the sale of your personal information, please follow the prompts on the Website under the “Do Not Sell or Share My Personal Information” section.

Further, under the California Privacy Rights Act (CPRA), if you reside in California, you have a right to limit the use of your sensitive personal information.

If you would like to limit the use of your sensitive personal information, please follow the prompts on the Website under the “Limit the use of my Sensitive Personal Information” section. In addition to the above, residents of California have the following rights: (a) the right to opt-out of sharing your personal information with third parties; (b) the right to non-retaliation for exercising your rights under the CPRA; (c) the right to obtain and reuse your personal information collected by us; and (d) the right to request correction of inaccurate personal information held by us. If you wish to exercise any of your rights as listed above or otherwise provided for in the CCPA or CPRA, please notify us in writing at online@camilla.com.au or at CAMILLA, 13 Bowden Street, Alexandria, NSW 2015 Australia.

UK & EUROPEAN MAINLAND USERS

If you are:

• A resident of the UK or the European Economic Area (EEA) accessing the Website in Australia; or
• Accessing the Website from within the UK or the EEA,

then in addition to our obligations set out in the balance of this Privacy Policy, CAMILLA is required to comply with the applicable provisions of the UK Privacy and Electronic Communications Regulations (PECR), the UK Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR) (as each of those may apply to you).

Pursuant to the PECR, we are permitted to promote our products using electronic marketing messages (e.g. email) to our existing customers and/or those in negotiations with CAMILLA for a sale or service, unless you have asked us not to. If you are not an existing customer, you may consent to us sending you marketing communications by email. You can do this by opting-in or by ‘joining our tribe’ and providing appropriate consent to receive marketing communications.

You will be permitted to opt-out at any time or otherwise ask us not to send you these emails when we first collect your contact details. Note, however, that opting-out or asking us not to send marketing communications will not stop our service communications, such as order updates.

You may withdraw your consent, unsubscribe or object (depending on the lawful basis of processing) to stop receiving these emails at any time.

Note, that any reference to ‘personal information’ in this Privacy Policy is also a reference to ‘Personal Data’, as that term is defined in the GDPR.

Further, you may withdraw your consent to our collection, storage and use of cookies on the Website at any time. The use of cookies on the Website is outlined above in this Privacy Policy for your information. To withdraw your consent to our collection and use of cookies in connection with your use of the Website, please follow the prompts on the Website under the “Do Not Allow Cookies” section.

CHANGES TO THIS POLICY

We reserve the right to make changes to this Privacy Policy from time to time. Any changes to the Privacy Policy will be published on our Website. We encourage you to periodically review the Privacy Policy for the latest information on our privacy practices. This Privacy Policy was last amended in July 2023.