PRIVACY POLICY

This privacy policy relates to the website that is owned and operated by Cristina Toscano Everything Food Pty Ltd ACN 164 156 192, Unit 2/8-10 Lindaway Place Tullamarine, Victoria 3043 (“Chocolati”).

Chocolati cares about our website and customers (User, you, they, their) and any concerns you may have about the safety and use of the Personal Information you provide to Chocolati. 

The following information sets out our privacy policy (“Privacy Policy”).

PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING THE THIS WEBSITE. 

 

1. PRIVACY POLICY

1.1 Access to this website is conditional on Users accepting the terms of this Privacy Policy. The Privacy Policy applies to the collection, storage, use and disclosure by Chocolati of the Personal Information of the individuals using this website in relation to our products and services (“Services”). This Privacy Policy should be read together with our Terms and Conditions of Use.

1.2 This Privacy Policy sets out the Personal Information we collect, how we hold it, use it, and who we might share it with in accordance with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles.

1.3 In addition to the Privacy Act, our Privacy Policy is compliant with the European Union’s (EU) General Data Protection Regulations (GDPR), as revised from time to time, which has been designed to harmonise data privacy law across EU member states.  As the Personal Information you provide to Chocolati may be transferred into and/or out of the EU and to protect the rights of Users who may be located within the EU, Chocolati has amended its Privacy Policy and revised its internal processes to enhance its User’s data privacy and internal data security systems.

1.4 More information regarding the rights of EU residents is provided below at Section 16.

1.5 Please read this Privacy Policy carefully to understand how any Personal Information collected by Chocolati is used.

1.6 We will comply with this Privacy Policy in respect of information provided to us by persons aged 13 years and older.

2. UPDATES TO OUR PRIVACY POLICY

2.1 From time to time we will need to make amendments to our Services Privacy Policy, Terms and Conditions of Use, or other policies in order to comply with any applicable laws or for any other reason at any time.

2.2 We will notify you of any updates or amendments. You will have the opportunity to read these and accept them in order to continue using our Services.

 

3. PERSONAL INFORMATION WE COLLECT FROM YOU

3.1 We request the following information from Users prior to registering to use the Website:

1. your name
2. address
3. phone number
4. email address
5. Username;
6. Password
7. IP Address; and
8. any other information Chocolati deems necessary from time to time.

(“Personal Information”)

2. Chocolati does not collect any sensitive information from you which reveals your: race, ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships or details of health or disability which we consider are unnecessary to our function.

 

3. The User will also be given the option to sign up to receive information from Chocolati, merchants or its partner suppliers, and for other purposes for which you would reasonably expect us to use that information. This includes sending the User information about new features, products, Services via notifications or by post, telephone or any form of electronic communication. 

 

4. By registering with Chocolati, the User authorises Chocolatito use any email address or other contact information he/she has provided at any time for the purposes described in Section 3.3. The User will also be given the opportunity to 'opt-out' of receiving any emailed information or other correspondence, by simply clicking the unsubscribe link at the bottom of any email it receives from us. The User agrees and acknowledges that even if he/she opts out of receiving marketing material, Chocolati may still send the User’s essential information that it is legally required to send the User relating to the Services provided through the Website.

 

4. WHAT WE WILL DO WITH A USER’S PERSONAL INFORMATION

4.1 All Personal Information that Chocolati, its affiliates or related bodies corporate collect is reasonably necessary for the purposes of providing our Services to Users. 

The purposes include:

(a) registering the User to use the website;

(b) enable Chocolati to communicate effectively, e.g. respond to any questions, concerns, or problems raised by the User;

(c) enhance functionality of the Website and Services when a User is logged in including but not limited to personalised recommendations and submission of customer feedback.

4.2 We collect the information to improve your Chocolati experience.  Some of the ways we do this is by:

1. To research, develop, improve the Services and use within Chocolati’s website, and the Services we offer;
2. To send you notifications; 
3. Monitor and analyse trends and usage;
4. Improve security;
5. Review data about how you use the website, fraud prevention and analysis;
6. Personalise content and the service we provide to each User including but not limited to targeted advertisements or useful information based on your search or usage history;
7. Providing you with a history tagged with location data and content which you have allowed us to obtain;
8. Maintaining appropriate business records;
9. Collecting information from Cookies, Metadata, Web Beacons and other forms of information collection available, so we provide a targeted useful User experience to you the User; and
10. We also use this information collected to enforce all of our Terms and Conditions and other policies.

 

 

5. HOW WE SHARE INFORMATION:

 

We may share information about you in the following ways:

1. With our affiliates and other entities within the Chocolati family of companies;
   
2. To a data centre or a data service provider contracted for the operation of the Chocolati website;
   
3. To Google AdMob to analyse advertising data ad show advertisements;
   
4. To third party crash reporting services which is used to help improve the performance and stability of the website;
   
5. Anonymous user tracking to measure type and frequency of use of the website; and

 

6. To provide information to any division, associate entity of Chocolati so that this information helps Chocolati to improve our Services and improve your User experience provide relevant information to you that you may have searched or are searching for.

 

2. We may also disclose your Personal Information to comply with our legal obligations, including to various law enforcement agencies, regulatory authorities and governments around the world and their service providers for security, customs and immigration purposes.

 

6. SECURITY OF YOUR PERSONAL INFORMATION

6.1 Chocolati will keep a User’s Personal Information confidential and not sell or knowingly divulge user information to advertisers or any other third parties, other than our partners and suppliers, without your consent.

6.2 Chocolati will take reasonable steps to ensure that these organisations are bound by privacy obligations in relation to the protection of User's Personal Information. We will not share a User’s Personal Information, unless:

(a) we are required to share your information with a third party in order to comply with the law or to comply with a court order or subpoena;

(b) to enforce our own Terms and Conditions;

(c) if it is necessary to provide it to our third party service providers, if any, such as data storage providers, who will be subject to strict contractual privacy obligations; or

(d) to protect the safety and security of our Users and our Site.

7. USER'S CONSENT TO OUR USE OF PERSONAL INFORMATION

7.1 We ask for Users’ consent to the use of any Personal Information we collect from them in accordance with this Privacy Policy at the time of that User providing that information. If a User does not wish to provide us with their consent, they cannot agree to the website Terms and Conditions and must not use this website.

7.2 Our use of the User’s Personal Information is necessary in order for us to maintain the website and facilitate a User’s use of the website. We do not collect any unnecessary Personal Information from Users (for instance, their race or religious beliefs).

8. HOW LONG WE HOLD A USER’S PERSONAL INFORMATION

8.1 We will retain your information for as long as a CHOCOLATI account is active or as necessary to comply with our legal obligations, resolve issues, address queries and enforce our agreements.

8.2 If you no longer wish to use the website, simply deactivate your account. If you have any further questions on how to do this, please contact us via the methods below.

9. KEEPING A USER’S PERSONAL INFORMATION ACCURATE

9.1 The Personal Information we hold about a User (such as Username and password) is kept so that we may correctly identify that User. 

 

9.2 If a User wishes to update or amend their Personal Information, send a request to THE REQUESTS MANAGER at hello@chocolati.com.au [INSERT link to EMAIL ADDRESS] or write to us at: Unit 2/8-10 Lindaway Place Tullamarine, Victoria 3043 AUSTRALIA

 (Australia). . We follow the process for access and correction under the Freedom of Information Act 1982.

 

9.3 We take all reasonable steps to ensure that Personal Information held by us is accurate, up-to-date, complete, relevant and not misleading. If you believe that any of your Personal Information is not accurate, up-to-date, complete, relevant and not misleading, please contact us (see below) and we will take all reasonable steps to correct it within a reasonable time.

10. KEEPING A USER’S PERSONAL INFORMATION SECURE

10.1 Chocolati is committed to information security. We will use all reasonable endeavours to keep Users’ Personal Information in a secure environment. For instance, each Users’ Personal Information is encrypted whilst being sent to our server at the time of setting up an account. 

10.2 Chocolati’s security measures are designed to assist in ensuring that Users’ Personal Information is not accessed by unauthorised personnel, lost or misused. If you reasonably believe that there has been an unauthorised use or disclosure of your Personal Information, please let us know by contacting our Privacy and Data Protection Officer (contact details below).

11. ANONYMOUS INFORMATION

11.1 Chocolati collects anonymous information about Users and the activities of Users on the Website. Anonymous information is information that is not linked to the name of a User. This information is used to assist us in enhancing the functionality of the Site and the information remains anonymous at all times.

12. COLLECTION OF WEBSITE ACTIVITY INFORMATION (COOKIES)

12.1 From time to time Chocolati may collect information about individual Users and the activities of Users on the website. This information is used to assist us in enhancing the functionality of the website and the Services we provide.

12.2 Collection of website activity information and use of the website may be conducted via the use of ‘cookies’. In simple terms a cookie is a little piece of information handed to a web browser from a web server that contains information that can be retrieved from the server later. When a User visits the Site the server may attach a cookie to their computer’s memory. Chocolati uses cookies to the extent of recognising the User when they visit the Site and pairing that User with an account profile. Personal Information can only be used to identify a User’s website activity when that User is logged in to their Chocolati customer account. Where a User is not logged in, website activity cannot be used to identify Users.

12.3 Unless you are a User of Chocolati who is logged in to a Chocolati account at the time, this information is not linked to any Personal Information that the User may provide and cannot be used to identify Users. A User may configure their computer so that it disables cookies or does not accept them.

13. TRANSFER OF YOUR DATA OUTSIDE OF AUSTRALIA

13.1 Users’ Personal Information is uploaded to, and kept on, servers that we maintain or that are maintained by third parties that comply with strict contractual based privacy obligations. Unless you are located outside Australia, a User’s Personal Information is not otherwise transferred internationally except where a copy is sent to the User at their request. By agreeing to our Terms and Conditions and Privacy Policy, Users consent for its Personal Information to be transferred and stored in this manner is obtained at the time of registration.

14. THIRD PARTY AND LINKED SITES

14.1 When using this website, you may select a link to a third party site. Please be aware that Chocolati is not responsible for the privacy practices of such other sites. We encourage our Users to be aware that when they leave our site to read the privacy statements of each and every web site that collects personally identifiable information. This privacy statement website lies solely to information collected by this Website.

15. HOW CAN USERS ACCESS, AMEND OR DELETE THEIR PERSONALLY IDENTIFIABLE INFORMATION?

15.1 A User has the right to receive a copy of the Personal Information we hold about them. If you wish to receive a copy of this information please address your request to the Privacy and Data Protection Officer (contact details below). We will deal with your request promptly and in any case at least within 30 days of the date of receiving the request. We will give access to the information in the manner you request, where reasonable and practicable. This will be subject to any exemptions allowed under the Privacy Act. We will correct or delete inaccurate or incomplete Personal Information we hold about you at your request.

16. PRIVACY RIGHTS FOR INDIVIDUALS LOCATED IN EUROPEAN UNION

16.1 This section relates to individual Users of the Chocolati website who are located in the European Union (‘EU’). The EU General Data Protection Regulation (‘GDPR’) harmonises the data privacy laws of individuals located in each EU country, by expanding the privacy rights of those individuals and setting out further obligations for organisations which hold or process their Personal Information.  In this section Personal Information means any information relating to an identified or identifiable natural person (in accordance with the definition of ‘personal data’ in the GDPR.  

16.2 The GDPR requires use of Personal Information in a lawful, fair and transparent manner.  The GDPR requires us to provide you with information regarding how we collect, use, share and store your Personal Information and to advise you of your rights as a ‘subject data.’ 

16.3 If you are located in the EU and would like more information relating to your rights under the GDPR and the use of your Personal Information by Chocolati, please contact: hello@chocolati.com.au [INSERT link to EMAIL ADDRESS].

17. WHAT PERSONAL INFORMATION DO WE COLLECT?

17.1 Please refer to Section 2 of this privacy policy for details of the Personal Information we collect. 

18. CONSENT 

18.1 We require your consent to handle and process your Personal Information.  By ticking the ‘I agree’ box during the registration process, or by agreeing to and our amended Terms and Conditions of Use or Privacy Policy, you have consented to the processing of your Personal Information for one or more specific purpose and you agree that your consent was freely given and you have been informed of the purpose of processing your Personal Information as set out below at Section 23. 

19. MANDATORY DATA BREACH NOTIFICATION

19.1 Chocolati will notify the relevant supervisory authority of any data breach within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a high risk to the rights and freedoms of the individual User. 

20. INDIVIDUALS EXPANDED RIGHTS

20.1 The GDPR provides individuals located in the EU with additional rights as follows: 

(a) The right to erasure, which provides you with the right to require us to delete your data (the right to be forgotten), including but not limited to where the information collected is no longer necessary for the original purpose, or where you withdraw your consent to us holding that Personal Information. 

(b) If we are required to erase your Personal Information, we must take reasonable steps to inform controllers which are processing the same Personal Information, of any links to, copies of or replication of that Personal Information. 

(c) You may also object at any time to the processing of your Personal Information (including for profiling) and we will then stop processing said information, for example: for direct marketing purposes.  

(d) You have a right to ‘data portability’ where if requested by you, we will provide you with details of the Personal Information we hold regarding your account and we will provide you with that information in a structured, commonly used, machine readable format. 

(e) In certain circumstances you may have a right to obtain restriction on the processing of your Personal Information by us in circumstances where you believe that the accuracy of your Personal Information may not be correct. 

21. OVERSEAS TRANSFER OF YOUR PERSONAL INFORMATION

21.1 If you are located within the EU then your Personal Information may be transferred outside the EU to our partners located in other countries or within Australia.  Under the GDPR we are required to ensure the adequacy of a third party or a country’s level of data protection. Chocolati is bound to ensure that any agreements with third parties in other countries must contain standard data protection clauses adopted by the EU Commission or a relevant data protection authority. 

21.2 Chocolati will take reasonable steps to ensure that we, or any data processor used by us, will be bound by enforceable commitments to applicable privacy safeguards. 

22. SPECIAL CATEGORIES OF PERSONAL INFORMATION

22.2 In addition to the rights set out above in Section 20, the GDPR provides protection of Personal Information regarding your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data (for example: your fingerprints) or data concerning your health, life or sexual orientation.  Chocolati will not process this type of Personal Information without your prior and specific consent or where otherwise lawfully permitted. 

23. GROUNDS FOR USE OF PERSONAL INFORMATION

The principle legal grounds for our use of your Personal Information are as follows: 

23.1 Consent – where you have consented to our use of your information (your consent is sought when you agree to our terms and conditions and privacy policy). 

23.2 Providing a service – we are required to collect your Personal Information in order to provide you with the Services available on the Chocolati website. 

23.3 Legal obligation – where we need to use your Personal Information to comply with our legal obligations. 

23.4 Legitimate public interest – where we need to process your Personal Information in order to carry out a task that is in the public interest and our reasons for using it outweigh any prejudice to your data protection rights. 

24. THE PURPOSE OF PROCESSING YOUR PERSONAL INFORMATION AND HOW IT IS USED 

How we use your Personal Information	Purpose of processing your data	Basis of use
To confirm your identity	- To identify Chocolati Users - to meet our legal duty	- Preventing fraud  - Complying with guidance of regulators and managing risk
To provide you with the CHOCOLATI Website Services	Confirm your consent	To allow us to provide Services to you and perform our obligations
To manage our relationship with you	- To keep you informed of new features and any promotions or changes to the Chocolati website - To meet our legal duty	Complying with guidance of regulators and managing risk
To contact you (for example, provide you with important information)	- We have your consent to fulfil the Services of the Chocolati website and to meet our legal duty - To conduct market, consumer and other research	- Advising you of any issues with your account, responses to questions or complaints - Complying with guidance of regulators and managing risk - To ensure that we understand our Chocolati User requirements and ensure the website content is relevant  - Identify any activities of other Users which has a detrimental effect on your experience using the Chocolati website
To improve our service to you and your experience within the CHOCOLATI Website	We have your consent to meet our legal duty to advise you of changes and improvements	- Seeking feedback, preventing fraud or potential criminal activity - Complying with guidance of regulators and managing risk
To comply with laws and assist government or law enforcement agencies	- To fulfil our contractual obligations  - to comply with our legal obligations for safety and security purposes	- Prevent fraud  - ensure network and information processing security - complying with guidance of regulators and managing risk
To manage our business	To fulfil our contracts and identify new opportunities that will deliver more efficient Services To meet our legal duties and improve our product offering to Chocolati website Users	Preventing and investigating potential criminal activity and managing risk
To contact you	For marketing purposes	In order to make you aware of products and Services which may be relevant to you and be located in your area.  You can withdraw your consent to receiving marketing notifications at any time.

 

25. YOUR RIGHTS AND YOUR PERSONAL INFORMATION

Please take the time to note this summary of your rights in relation to your Personal Information when using the Chocolati website.

Be informed how Personal Information is processed	You have the right to be informed how your Personal Information is being collected and used by Chocolati. If we require your consent to process your Personal Information you can withdraw consent at any time. However if you withdraw consent, we may not be able to provide you with all the features and Services on the Chocolati website. You can only withdraw consent when the lawful basis of processing your data is with your consent.
Access to Personal Information	To access your Personal Information held by Chocolati, email us at hello@chocolati.com.au [INSERT link to EMAIL ADDRESS]
Erasure Personal Information	You may ask us to delete your Personal Information if there is no need for us to keep it. You can make the request by emailing us at hello@chocolati.com.au [INSERT link to EMAIL ADDRESS]. If there are any legal or other reasons why we need to keep your Personal Information, we will inform you.
Rectify incorrect information	You may request a copy of your Personal Information and query any information that we hold about you which is inaccurate or incomplete. We will then ensure that we take reasonable steps to check the accuracy of this information and if necessary correct it.
Restrict processing of your data	You may restrict our use of your Personal Information in certain circumstances (eg: data is inaccurate, processing is unlawful data is no longer require or you have lodged an objection). In this situation we would not use or share your Personal Information while its use is restricted by you.
Date Portability	You may have the right to request a copy of the Personal Information you have provided to us in certain circumstances format that can be easily which can be easily reused.
Object to processing your data	You may object to us processing your Personal Information in certain circumstances.
Automated decision making and profiling	We may make automated decisions using our systems (including profiling) using your Personal Information we have collected from you to provide you with marketing information within the Website.
Lodging a complaint with supervisory authority	If you have make a complaint to us and are unhappy with the outcome, you may make a complaint to the European Data Protection Supervisor or the Privacy Regulator in your jurisdiction. See contact details Section 25 and Section 26 below.

 

27. Contact our Privacy and Data Protection Officer:

27.1 If you have any queries about you date privacy see our contact details at Section 27 below.

27.2 EU Privacy Regulator Contact Details

If you are based in the EU, have concerns regarding your privacy while using Chocolati or you have made a complaint to us and you are unhappy with the outcome, you can contact the European Data Protection Supervisor as follows:

Postal address: Rue Wiertz 60, B-1047 Brussels

Office address: Rue Montoyer 30, B-1000 Brussels

Telephone: +32 2 283 19 00

Email: edps@edps.europa.eu

Website:  www.edps.europa.eu

 

27.3 For contact details of the Data Protection Authority in your country, please click HERE. (Hyper-link to the following URL)

http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

28. CONTACTING CHOCOLATI ABOUT THIS PRIVACY POLICY

We are here to help you enjoy your experience using the Chocolati website.

 

Should you have any questions concerning Chocolati, this Privacy Policy, our Terms and Conditions or any other policy, please feel free to contact us at:

 

Privacy and Data Protection Officer - Chocolati

C/- Cristina Toscano Everything Food Pty Ltd ACN 164 156 192 

 

Address:  Unit 2/8-10 Lindaway Place Tullamarine, Victoria 3043 AUSTRALIA

Email: hello@chocolati.com.au [INSERT link to EMAIL ADDRESS]

Phone: +61 [INSERT PHONE NUMBER].

29. Australia Privacy Regulator Contact Details:

Chocolati takes any privacy complaint by our Users seriously and will deal with your complaint fairly and promptly. 

However if you are not satisfied with our response or how your complaint was handled, you may complain to the Office of the Australian Information Commissioner at:

Office of the Australian Information Commissioner (OAIC)
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
TTY: 1800 620 241
email: enquiries@oaic.gov.au