1. APP1 – Open and transparent management of personal information
1.1 This document forms part of open and transparent management systems Sirromet Wines Pty Ltd use to manage customers’ personal information. Our privacy statement is available to all customers’ upon written request.
2. APP2 – Anonymity and pseudonymity
2.1 Due to the nature of our business, it is not possible for customers to purchase our products by remaining anonymous.
3. APP3 – Collection of solicited personal information
3.1 We collect the information you give us when you use our web site www.sirromet.com to register to receive additional information, enter competitions or receive products from us. When you register, we ask you for Personal Information about you, such as your name, birth date, postal address and e-mail address.
3.2 We may supplement the information that you provide with information that is received from third parties. For instance, if inaccurate postal or zip codes are received, we may use third party software to fix them.
3.3 We may collect email addresses from prospect lists of other companies, for example, via Partner Co-Marketing efforts. However we ensure that we provide an easy way for you to opt out of future emails from us.
3.4 We may use rented email lists, but only if the list is specifically an opt-in list, that is, lists of people who have explicitly agreed to receive email messages from third parties.
3.5 We may also collect personal details directly from individuals at marketing events such as trade shows and exhibitions, visitors to the Winery, or Day on the Green events held at the Winery.
4. APP4 – Receiving unsolicited information
4.1 Our business does not use or collect unsolicited personal information. Customers providing their details are Direct Marketing responders and have been made aware that their details are provided to us via list rental from specifically selected companies via their Terms and Conditions.
5. APP5 – Notification of the collection of personal information
5.1 Once we receive customers’ details we collect and process Personal Information for specific use and limited purposes. Customers are made aware of this by way of an initial offer. They will only receive further correspondence from us should they respond to this offer.
6. APP6 – Use or disclosure of personal information
6.1 We process your Personal Information only for specific and limited purposes. We ask only for data that is adequate, relevant and not excessive for those purposes. Some of these purposes include the following:
(a) We may contact you occasionally to inform you of new services we will be providing, or special offers, events or articles we think will be of interest to you.
(b) We may send you regular updates by e-mail or by post on Sirromet Wines Pty Ltd organised or related events.
(c) We may send you requested product information and promotional material.
(d) We may use your Personal Information for marketing purposes and market research.
(e) We may use your Personal Information internally to help us improve our products and services and to help resolve any problems.
6.2 We do not share, sell or distribute your Personal Information with unrelated third parties, except under these limited circumstances:
(a) Personal Information may occasionally be transferred to third parties who act for or on behalf of Sirromet Wines Pty Ltd, or in connection with the business of Sirromet Wines Pty Ltd for further processing in accordance with the purposes for which the data was originally collected or for purposes to which you have subsequently consented. For example, sometimes a third party may have access to your Personal Information in order to handle our mailings on our behalf.
(b) We may share or transfer the information in our databases to comply with a legal requirement, for the administration of justice, to protect your vital interests, to protect the security or integrity of our databases or this Web Site, to take precautions against legal liability, or in the event of a corporate sale, merger, reorganisation, dissolution or similar event.
6.3 Where appropriate, before disclosing Personal Information to a third party, we contractually require the third party to take adequate precautions to protect that data.
7. APP7 – Direct Marketing
7.1 Direct Marketing is our core business and as such we have strict guidelines and systems in place to select only appropriate customers for our mailings. Guidelines include the exclusion of customers under the age of 18 from all promotional mailings and careful monitoring for customers over the age of 85. Customers with a high order frequency are followed up with a Customer service call.
7.2 Customers may request the source of the information we have about them including where the source is another organisation simply by providing a written request to any of the address marked on any of our promotions or by writing to The Data Protection Officer – The Data Protection Officer, PO Box 1332, CAPALABA QLD 4157.
7.3 You may “opt out” of any Direct Marketing promotion simply by providing a written request to any of the address marked on any of our promotions or by writing to The Data Protection Officer – The Data Protection Officer, PO Box 1332, CAPALABA QLD 4157.
8. APP8 – Cross-border disclosure
8.1 Sirromet Wines Pty Ltd conducts business globally and has facilities and databases in different countries. We may, from time to time, transfer your Personal Information to one of our databases in another country presently including but not limited to Canada, Belgium, UK, Philippines, Hong Kong and Singapore. If the level of privacy protection in a country does not comply with recognised international standards, we will take all reasonable measures to ensure that data transferred to our databases in that country are adequately protected and that the transfer of data to third parties in such countries is made pursuant to a contract or other measures providing adequate protection.
8.2 Personal Information is subject to any applicable legal and ethical reporting or document retention obligations imposed on Sirromet Wines Pty Ltd.
9. APP9 – Government related identifiers
9.1 Our business does not use any Government related identifiers.
9.2 Identifiers are not used to identify names within the database, with the exception of paying members (Club Sirromet). Club Sirromet members are assigned a personalised account/customer number at the commencement of their membership.
9.3 Enquirers are assigned a temporary number when requested information is first sent to them, if they respond; this number will then convert into a customer number.
10. APP10 – Quality of personal information
10.1 We strive to maintain the reliability, accuracy, completeness and currency of Personal Information in our databases and to protect the privacy and security of our databases.
10.2 New customers are sourced through list rental. All of our list rental data is merge purged and checked for invalid addresses, matches with our customer database and duplicates within the files being processed. We use a variety of in-house custom built routines that are maintained and enhanced by our active in-house IT development team.
10.3 The customer details are pulled from the acquisition list at the time of data entry by a setr (customer unique number). Every selection that we run regardless of the source has the setr so that we can find the source of the name. If by some chance there is a problem and no setr is on the package there are search functions to be able to find this number.
10.4 On a majority of our pieces, contained in the order section is a reminder for customers to ensure their address is correct before replying. If a customer returns a change of address notification only, a CSO (Customer Service Officer) or a Data Entry staff member amends the customer’s file within a 30 day time period. If a customer includes change of address details with a paid order, the address update is completed at the same time the order is entered.
10.5 All returns are flagged in the database. Any customer issues are handled by our CSO’s who have the opportunity to close and refund accounts, flag customers, contact and correspond with customers for further details. Any resultant changes to customer or order attributes are captured and actioned accordingly.
10.6 The system also looks for any inconsistencies and suspends the orders until a CSO addresses the issue. In addition, we have routines that look for possible duplicate customers either automatically merges the customers or presents this candidate duplicate names to data entry staff member for their decision.
11. APP11 – Security of personal Information
11.1 Personal Information is stored in secure premises where unauthorised access is prevented through, automatic locking doors during business hours and electronic and private surveillance outside business hours.
11.2 We strive to maintain the reliability, accuracy, completeness and currency of customer information in our databases and to protect the privacy and security of our databases.
11.3 Our servers and our databases are protected by industry standard security technology, such as industry standard firewalls and password protection. We are currently in the process of building a hardened set of web servers.
11.4 Sometimes we process sensitive data that requires industry standard Secure Socket Layer (SSL) encrypted browsers. We use 128-bit encryption or better to protect transmissions over the Internet.
11.5 We are compliant with the Payment Card Industry (PCI) for all credit card handling. In addition the storage of the columns that store credit card numbers in ADMS are encrypted using ORACLE TDE technology.
11.6 The employees who have access to Personal Information have been trained to handle such data properly and in accordance with our security protocols (including privacy breaches), and strict standards of confidentiality. Although we cannot guarantee against any loss, misuse, unauthorised disclosure, alteration or destruction of data, we take reasonable precautions to prevent such unfortunate occurrences.
12. APP12 – Access to personal Information
12.1 Upon receipt of your written request and enough information to permit us to verify your identity and identify your Personal Information, we will disclose to you the Personal Information we hold about you. We will also correct, amend or delete any Personal Information that is inaccurate.
12.3 If you do not wish to receive information from us and want to be removed from our standard mailing list, please notify us via telephone, in writing, e-mail us at firstname.lastname@example.org, or unsubscribe using the prompts at the bottom of the e-marketing message if applicable..
13. APP13 – Correction of Personal Information
13.1 Upon receipt of your written request and enough information to permit us to verify your identity and identify your Personal Information, we will correct, amend or delete any Personal Information that is inaccurate or out of date. Incomplete details will be amended per your request. We do not collect or hold information about you that may be potentially misleading or irrelevant to our dealings with you.
13.2 Information integrity is maintained through various internal processes. Our Marketing department uses a merging program that automatically outputs customers who might be in the system twice or more so that we can correctly choose the right address and merge the duplicates together. CSO’s also look for duplicate customers when processing queries as part of general housekeeping. Personal information is also verified with customers in routine correspondence.
13.3 If you wish to access or correct your Personal Information, or you suspect a privacy breach, please write to our Privacy Officer at PO Box 5649, GCMC QLD 9726 AUSTRALIA. We do not charge for complying with a correction request, however, for all other requests, we may charge a small fee to cover our costs. Requests to delete Personal Information or investigate a potential breach are subject to any applicable legal and ethical reporting or document retention obligations imposed on us.
13.4 Consistent with our Complaints Handling Policy, we constantly set high standards of customer service and will respond to requests for correction of personal details or privacy breach concerns within 30 days in writing. Should your request to change your personal information be denied, you will be notified of the grounds for the refusal and be given the opportunity to respond. Any privacy breach concerns will be investigated and responded to in writing.
13.5 We will also make provision to update other relevant parties of your corrected Personal Information where applicable.