The Policy also details how we may collect and use non-personally identifiable information about your browsing and or use of our website/s and app/s.
This Policy is made available without charge at www.mydiscoveries.com.au but you may request a copy in another form by writing to us:
In relation to the personal information of Australian residents, MyDiscoveries is committed to protecting your privacy and respects and upholds your rights under the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth), applicable related regulations as amended, applicable related codes of practice as amended and successors to any of those (Australian Law). For convenience, ‘(AUS)’ indicates provisions of this Policy applying exclusively to Australian residents.
In relation to the personal information of New Zealand residents, this Policy is issued subject to the Privacy Act 1993 (NZ) as amended, applicable related regulations as amended, applicable related codes of practice as amended and successors to any of those (New Zealand Law). For convenience, ‘(NZ)’ indicates provisions of this Policy applying exclusively to New Zealand residents.
Collection of Personal Information
What kinds of personal information do we collect?
The basic personal information we collect about you is your name, your address, date of birth and your contact information (e.g. email, phone, mobile, fax, etc.).
If you make payment to us or receive payment from us, we may also collect one or more of credit card information, debit card information, EFT information, bank account and similar financial information.
To the extent it would be impracticable to obtain it from directly from you, we also collect other personal information about you from time to time from third party sources where it is relevant to the conduct of our business functions and activities (such as credit scoring information and consumer preference information).
Sometimes, you may voluntarily disclose other information to us in the course of your dealings with us or with our representatives. If this information comprises or contains one or both of unsolicited personal information or sensitive personal information, such information will be further dealt with as set out below.
In addition to personal information (i.e. information that identifies you individually), we may also collect information that relates to you but which has been anonymised or otherwise de-identified; this information is statistical in nature.
Please note that as we expand and extend the apps and other software tools we make available to you, we may collect device-specific information (e.g. information relating to a specific phone or tablet), log information, GPS/WiFi location information and other tracking information; such information may also constitute personal information if it identifies you. Your express consent will be sought prior to disclosing this type of information to any third parties such as Google or other advertising affiliates.
Who do we collect the personal information from?
Generally, we collect your personal information directly either from you (when you provide your contact details to us in letters, emails, faxes, phone calls, social media postings and other online postings) or from third parties as described above. We also collect information about you indirectly through browser tracking cookies, mobile app reporting and webpage pixel tags when you use our website and apps.
Please note that most of the information we collect indirectly is not personal information (since it cannot identify you individually) but some may be (especially when held or used in combination with other information we hold about you).
In addition to storing your letters and faxes in physical files, we use a number of electronic systems to record and store your personal and other information, including call recording systems, customer notes systems, customer database systems and web database systems (including online fora and/or online ordering).
Why do we collect the personal information? The purposes of collection
Within the general purpose of allowing us to carry out our business activities and functions, we collect your personal information to enable us to organise and carry out:
Please note: To the extent (if any) that we engage in direct marketing, both that activity and the corresponding purpose(s) of collection of your personal information are described in the section of this Policy headed ‘Direct Marketing’.
If you do not provide us with some or all of the personal information we require (or the information you supply is materially incorrect or false) then it may not be possible for us to deal with you or continue to deal with you for the purposes listed above. In some cases (e.g. in relation to an account giving website access), supply of incomplete or incorrect information may lead to reduced functionality and/or restricted access to facilities that we provide (or may provide in the future).
Collection of non-personally identifiable information
MyDiscoveries may, at any time, utilise advertising and marketing analytics collection services to collect information about user habits and use of our website/s and app/s. This information does not and will not contain, or be used to identify personal information about any individual who browses or utilises any website/app or function of a website/app maintained by MyDiscoveries.
Information that may be collected and stored in the cookie may include your IP address, Internet Service Provider information and usage statistics. If at any stage MyDiscoveries implements features which would collect precise geographical location (ie through mobile specific websites), MyDiscoveries will seek your individual consent to such services.
MyDiscoveries may utilise remarketing facilities whereby your visit to one of MyDiscoveries websites or apps may result in advertising for MyDiscoveries goods or services may be included in advertising from other online affiliates in the remarketing network. In the cookie saved to your computer by MyDiscoveries website/app, information relating to your usage will be stored and may be accessed by other websites also utilising Google Analytics.
MyDiscoveries is currently part of the Google Display Network. Advertising displayed on MyDiscoveries websites or apps may include advertising from other Google Display Network affiliates if cookies from those other affiliates’ websites are found on the same computer.
Our Catalogue app available in both the iTunes® App Store and Google® Play Store, require access to your SD card in order to store downloaded Catalogues, Internet access to download and view Catalogues, Network Permission and Google Accounts access to receive push notifications about new Catalogue releases.
We are an organisation that engages in direct marketing and so you may reasonably expect us to use your personal information for that purpose.
After we collect your personal information from you, we may continue to use disclose that personal information for the purpose of direct marketing to you for so long as we have not received an ‘opt out’ request from you.
If we collect your personal information from a third party, we may continue to use or disclose that personal information for the purpose of direct marketing to you, subject to your consent to do so unless it is impracticable to obtain such consent, for so for so long we have not received an ‘opt out’ request from you.
You may also request that we (a) not use or disclose your personal information for the purpose of facilitating direct marketing by third parties and (b) identify the source of the personal information we hold about you. If you wish to request:
then advise us of your request:
If we receive a request from you about (a) and (b) above, we will action your request within a reasonable period. If we receive a request from you about (c) above, we will notify you of the source within a reasonable period unless it is impracticable or unreasonable to so.
Use or Disclosure
Limited use or disclosure
Unless we obtain your further recorded consent, we will:
Exceptions to this are:
c. only ever use your email address so that we can:
Non-Personally Identifiable Information that may be collected and stored in cookies may be disclosed or distributed to our advertising and marketing affiliates including Google, however this information will never include personal information collected from you via other means.
We utilise a number of individuals to carry out business functions and activities on our behalf including not only employees but also contractors, sub-contractors, agents and commercial representatives expressly affiliated to us (all collectively being representatives).
Our technical service providers are obliged to respect your privacy and confidentiality.
You consent to our disclosure of your personal information to our representatives other than our employees, and to the use and disclosure of your personal information by such representatives when it becomes necessary to enable them to carry out business functions and activities on our behalf.
Direct Group Pty Ltd
Although we have our own software and platforms (e.g. web, mobile, email, etc.), Direct Group Pty Ltd (DG Group PL), the DG group parent company, provides MyDiscoveries with the ICT hardware (including virtualisation) and network infrastructure that we use to operate our software and platforms.
Except where there are specific technical reasons for it (e.g. testing and maintenance), DG Group PL will not normally have access to your personal information. However, you consent to our disclosure of your personal information to DG Group PL and to the use, disclosure and storage of your personal information by DG Group PL, when necessary to conduct its functions and activities as our parent company and/or to provide ICT infrastructure to us.
DG companies other than Direct Group Pty Ltd
Our software, software platforms and records systems are separate from those of other DG companies and, we will not disclose your personal information to other DG companies other than DG Group PL except where:
Only to the extent of the limited exceptions set out above, you consent to our disclosure of your personal information to DG companies excluding DG Group PL and to their holding, using or disclosing your personal information.
Technical service providers
In addition to the hardware and network support we obtain from DG Group PL, we have other external technical service providers (e.g. Google, SLI Systems) providing us with ICT-related services and products.
Our technical service providers are obliged to respect your privacy and confidentiality.
To the extent that our technical service providers hold, use or disclose your personal information in connection with providing their services to us, you consent to such use and disclosure and our disclosure to them of your personal information.
Other service providers
In addition to our technical service suppliers, we use a number of other service providers in support of our business functions and activities, including couriers and suppliers.
Our other service providers are obliged to respect your privacy and confidentiality.
To the extent that our other service providers hold, use or disclose your personal information in connection with providing their services to us, you consent to such use and disclosure and our disclosure to them of your personal information.
In addition to our representatives and service providers, we have commercial arrangements with a number of industry partners (e.g. Data Bureau and Mail House) and other reputable business affiliates in AUS and NZ.
Our business affiliates are obliged to respect your privacy and confidentiality.
We will not disclose your personal information to our business affiliates except where:
Only to the extent of the limited exceptions set out above, you consent to the disclosure by us of your personal information to our business affiliates and to their holding, using or disclosing your personal information.
Overseas use or disclosure
A number of our service providers and business affiliates are located overseas including the United States, the United Kingdom, New Zealand (in so far as Australian residents are concerned) and Australia (in so far as New Zealand residents are concerned).
To the extent that applicable law requires your consent to our transfer of your personal information to our service providers and business affiliates overseas, you consent to such transfer and to subsequent use and disclosure of your personal information by our overseas service providers and overseas business affiliates when necessary for them to provide their services and honour their commercial arrangements with us respectively.
(NZ) In addition to the business operations of our service providers and business affiliates being overseas, we ourselves are principally located overseas, being based in Australia. New Zealand Database is held on an Australian Server.
To the extent that applicable law requires your consent to overseas transfer of your personal information to us, you consent to such transfer and subsequent use or disclosure by us consistent with this Policy and with applicable law. We may disclose your personal information to other external providers located in Australia, New Zealand and other countries, including our data hosting and Cloud based IT service providers for some of the purposes listed above. We take all reasonable and prudent steps to ensure that these service providers are fully compliant with the Australian Privacy Principles.
Required or authorised collection, use or disclosure
If collection, use or disclosure of your personal information is required or authorised by law or by order of a court or tribunal, we will inform you of that requirement or permission with details (unless the law or order requires otherwise).
Quality and Security of Personal Information
We will take all reasonable measures to make sure that any personal information about you that we collect, hold, use or disclose is accurate, up-to-date and complete. If you are (or become) aware of any personal information that we hold about you that is not is accurate, up-to-date and complete, please let us know as soon as possible:
We will take all reasonable measures (including application of industry standards and industry best practice where possible) to protect your personal information from misuse, interference and loss, unauthorised access, unauthorised modification and unauthorised disclosure. To the extent we disclose your personal information to our representatives, other DG companies, our service providers and our business affiliates, they are subject to obligations in relation to privacy and confidentiality.
Access to your Personal Information
If you request access to your personal information, we will respond within a reasonable period and provide you with the information in the manner you request if it is reasonable and practicable to do so.
Please note that we are not obliged to give you access as requested in some circumstances, including where the request is frivolous or vexatious, the request would have an unreasonable impact on the privacy of others or the request is denied in compliance with applicable law (or under a court or tribunal order).
We will not charge you for making a request for access to your personal information.
If the estimated cost to us to provide you with the information exceeds $10 (AUD for Australian residents, NZD for NZ residents), we reserve the right to charge you on a cost recovery basis for providing access to your personal information.
If we refuse to provide access to your personal information, we will issue a written notice that sets out the reasons for our refusal, the mechanisms to complain about our refusal and any other matters prescribed by applicable law. In relevant circumstances, we will consider providing an alternative means of access to your personal information to the refused means of access.
If you wish to seek access to your personal information, please contact us:
Correction of Personal Information
We will take reasonable steps to correct your personal information to ensure that, having regard to the purpose(s) for which it is held, such information is accurate, up-to-date, complete, relevant and not misleading if we are satisfied that that the information does not meet those thresholds.
We may also correct your personal information upon request from you. If you wish to request a correction of your personal information, please advise us of your request:
If you make such a request, we will respond within a reasonable period.
If we correct your personal information and you request us to notify third parties to whom we have disclosed such information, we will take reasonable steps (if any) to give that notification unless it is impracticable or unlawful to do so.
We may refuse your request to correct your personal information if it is not reasonable in the circumstances (e.g. the correction you request us to make is inaccurate).
If we refuse your request to correct your personal information, we will issue a written notice that sets out the reasons for our refusal, the mechanisms to complain about our refusal and any other matters prescribed by applicable law.
If, we refuse your request to correct your personal information and you request us to associate with your personal information a statement that the information is inaccurate, incomplete, irrelevant or misleading, we will take reasonable steps to associate the statement apparent to users of the information. If you make such a request, we will respond within a reasonable period.
We will not charge you for making a request for correction to your personal information, for correcting your personal information or associating a statement with your personal information that it is inaccurate, irrelevant or misleading.
Removing, Deleting or Destroying Personal Information
We normally seek to remove, delete or destroy personal information from our records as soon it is no longer required. However, there may be circumstances where such removal, deletion or destruction is either delayed or not possible, including, in the case of our electronic record systems, in relation to backup, archival and general record-keeping processes. If, for technical or other reasons, it is not possible to remove, delete or destroy personal information, we will put such information beyond use (e.g. in the case of our electronic record system, by marking an account inactive, by locking a record or by similar technical means) and we will not access it again unless either we are subsequently requested to do so by you or we are required or permitted to access it by applicable law.
Your dealings with us
Because it makes it impracticable for us to carry out many of our core business functions and activities (e.g. order receipt, processing and despatch), you cannot normally deal with us anonymously or under another name (pseudonymously). However, if and where dealing with us anonymously or pseudonymously is practicable in respect of particular matters (e.g. providing online product reviews or posting to our other online forums), we will make that option available.
Unsolicited personal information
If in the course of communications with us or our representatives, you provide unsolicited personal information, we will review that information. If, upon review, that unsolicited information is relevant to our business functions or activities, we may hold, use or disclose that personal information consistently with your reason for disclosing it (for example, resolving a customer complaint).
Sensitive personal information
(AUS) Please note that we do not seek to collect from you health information or other sensitive information as defined by Australian Law. However, if unsolicited personal information provided by you also includes health information or other sensitive information as defined by Australian Law, you consent to us holding, using or disclosing such health information or other sensitive personal information consistently with your reason for disclosing it (for example, resolving a customer complaint).
Generally, the type of personal information we collect about you is the information that is needed to facilitate your travel arrangements and bookings and to arrange travel related services and/or products on your behalf. For example, we may collect details such as your name, residential/mailing address, telephone number, email address, credit/debit card details (including card type, card number, security number and expiry date), date of birth, passport details, loyalty program / frequent flyer details, information about your dietary requirements and health issues (if any), and other details relevant to your travel arrangements or required by the relevant travel service provider(s) (e.g. airlines and accommodation or tour providers).
We will only collect sensitive information in compliance with your local data protection laws, with your consent and/or where it is reasonably necessary for, or directly related to, one or more of our functions or activities (e.g. to make travel arrangements), unless we are otherwise required or authorised to do so by law. To the extent permitted or required under your local data protection laws, you consent to us using and disclosing your sensitive information for the purpose for which it was collected, unless we subsequently receive your consent to use it for another purpose. For example, if you provide health information to us in connection with a travel insurance application you would like to make, you consent to us using and disclosing that health information in connection with arranging that travel insurance on your behalf. A further example is if you disclose your religious beliefs to us because you are interested in, for example, certain holiday packages, in which case you consent to us using and disclosing that information in connection with facilitating your request. We will not use sensitive information for purposes other than those for which it was collected, unless we subsequently receive your consent to use it for another purpose.
Partial identification in commercial communications
Sometimes in the course of our commercial communications (e.g. communication of written testimonials, product conversations, product-related tweets or similar), we may partially identify an individual by reference to part of that individual’s name and an area (e.g. suburb, region or state). To the extent that such information might identify you as an individual, you nevertheless consent to us holding, using or disclosing your personal information in that way.
Making a Complaint
If you wish to make a complaint with regard to a possible breach of this Policy or the Australian Privacy Principles, please contact:
431 Warringah Road
FRENCHS FOREST NSW 2086
For complaints regarding handling of your other requests or enquiries in relation to this policy, please contact:
431 Warringah Road
FRENCHS FOREST NSW 2086
What happens to my complaint?
If we are unable to resolve your complaint, you may contact the Office of the Australian Information Commissioner (OAIC).
Reminder – Helping Us to Help You
While we will do what we can to make sure that your personal information is accurate, up-to-date and complete, we do need your help. If your personal information changes (e.g. because of a change of name, address or credit card provider), please contact us to let us know what those changes are.
Please note that this Policy may change from time to time to take into account new laws and technology, changes to our operations and practices, and the changing business environment.
We will make available the current version of our Policy, with a date and version notice, via our website(s) and, upon request, in other forms.
If you do not accept this Policy as varied, we will no longer be able to accept or process orders from you or otherwise deal with you.
If you place an order with us at or after any variation to this Policy, you acknowledge and understand that you are giving consent in relation to this Policy as changed, regardless of any alteration to the scope and nature of privacy which you enjoyed or may have enjoyed under any previous version of this Policy.
Updated Feb 2018