Visitors to the Site can access much of the Site, including viewing events, checking show dates, browsing information about Lorna Jane policies, and accessing help content. Lorna Jane’s products available to members and visitors are collectively referred to as "Services".
The following capitalized terms shall have the meanings herein as set forth below.
3.1 Mobile Application
When you download one of our mobile applications onto your device and use our Services, if applicable, we automatically collect information on the type of device you use (device identifier) and operating system version.
We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. We do not link the information we store within the analytics software to any Personal Information you submit within the mobile application.
3.2 Your IP Address
We use your IP address to help diagnose problems with our servers and to administer the Site. Your IP address is used to help identify you. and to gather broad demographic information about our members. Under the GDPR, your IP address constitutes Personal Information under the GDPR, and where you can reasonably be identified also constitutes Personal Information under the Australian Privacy Law. Your IP address is recorded when visiting the Site, joining our mailing list and making purchases. This enables us to detect and prevent fraudulent activity.
3.3 Cookies and Tracking Technologies
Technologies such as cookies or similar technologies are used by Lorna Jane and our partners, , or analytics or service providers (e.g. advertising, analytics, and monitoring partners). These technologies are essentially small data files placed on your computer, tablet, mobile phone or other device (collectively, "devices") and are used in analyzing trends, administering the Site, tracking users' movements around the Site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies on an individual as well as aggregated basis (such information constituting Personal Information under the GDPR, due to a natural person being associated with such online identifier).
3.4 Log Files
As is true of most websites, we gather certain information automatically and store it in log files. This information may include IP addresses, browser type, internet service provider ("ISP"), referring/exit pages, operating system, date/time stamp, clickstream data, and/or similar data.
We may combine this automatically collected log information with other information we collect about you. We do this to improve Services we offer you, and to improve marketing, analytics, or site functionality.
Please note, Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
3.5 Behavioral Targeting/Re-Targeting
3.6 Social Media Widgets
3.7 Single Sign-On
You can log in to our Site using sign-in services. These services will authenticate your identity and provide you the option to share certain Personal Information with us such as your name and email address to pre-populate our sign-up form. Additionally, any Personal Information we collect from you to register for our loyalty program (if available).
3.8 Information We Request Directly From You
The Site's signup forms, purchase forms, contact us forms, surveys and contests may require you to give us certain information including but not limited to contact information (such as your name and email address), unique identifiers (such as a username and password), and demographic information (such as your post/ZIP code or age). Purchase forms require financial information (such as your account or credit card numbers and billing address) as well. You may be asked to provide a shipping address if the products you purchase will be delivered by mail. We also have CCTV installed in some of our stores and head office premises, as indicated by signage at the premises, and this will capture your images. Should you injure yourself in our store, our sales staff or customer services departments may collect also your Personal Information.
3.9 User Data Supplementation
We may receive information about you from other sources, including publicly available databases or Third Parties from whom we have lawfully purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new users, and provide products and services that may be of interest to you. If you provide us with Personal Information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
Examples of the types of Personal Information that may be obtained from public sources or purchased from Third Parties and combined with information we already have about you, may include:
3.10 Human Resources Data
Lorna Jane collects Personal Information from current, prospective, and former Employees, including their contact points in case of a medical emergency, and beneficiaries under any insurance policy ("Human Resources Data"). We collect this Human Resources Data in three primary ways:
The Human Resources Data we collect may include title, name, address, phone number, email address, date of birth, passport number, driver's license number, Social Security number or other government-issued identification number, financial information related to credit checks, bank details for payroll, taxation and superannuation details, information that may be recorded on a CV or application form, language abilities, contact information of third parties in case of an emergency and beneficiaries under any insurance policy. We may also collect Human Resources Data that is Personal Information of a sensitive nature ("Sensitive Personal Information") such as details of health and disability including mental health, medical leave, and maternity leave, next of kin; information about national origin or immigration status; biometric information (from time and attendance scanning in selected stores); and optional demographic information such as ethnicity, which helps us achieve our diversity goals.
3.11 Unsolicited Personal Information
In the event we collect Personal Information from you, or a Third Party, in circumstances where we have not requested or solicited that information (known as unsolicited information), and it is determined by Lorna Jane (in its absolute discretion) that the Personal Information is not required, we will destroy the information to ensure that the information is de-identified. However, where such unsolicited information is collected in connection to your future potential employment with Lorna Jane, we may keep this Personal Information.
4.1 Contact Information
Your contact information is used to contact you when necessary in connection with transactions entered into by you on the Site. Your credit or debit card information, details utilised for buy-now-pay-later schemes (offered through a third party provider) and/or demographic information will not be disclosed. Your billing address will also not be disclosed unless it is also the shipping address. For some purchases, we may require additional permission from you to disclose other Personal Information such as your email address. A notice of what Personal Information and how it will be used will appear during the checkout process.
We also use customer contact information we collect in order to send you information and offers from Lorna Jane. We carefully select the information we send in an effort to provide you information that offers real value to you, such as discounts or exclusive offers. You may opt-out of notifications by editing your email subscription.
4.2 Feedback and Ratings
If you buy a product on the Site, we may solicit you by email for your feedback on the experience. Feedback may include ratings, reviews, names, taglines and/or photos. If you choose to give us feedback and you make your feedback public, it will be displayed on the Site in association with the specific product. In the event that you discontinue your membership, all feedback and your member profile will be considered not public and will not be published on the Site. To request removal of your Personal Information from these posted feedbacks, please contact us. For further information, please see section 9.4 below.
We strongly discourage you from disclosing any Personal Information, such as email addresses, phone numbers or credit card information, in your feedback, especially if you've chosen to make it public. If you disclose any Personal Information in your feedback that you have chosen to make public, anyone will be able to see this information on our Site.
From time to time, Lorna Jane may want to reprint or reuse feedback as a testimonial or quote outside of the Site. When such occasions arise, we will contact you to obtain your consent.
4.3 Demographic Information
We use demographic information to tailor the Site to the interests of our users.
We may use your Personal Information to contact you and provide you with marketing materials via social and direct messages, email, SMS, messaging applications and telephone. If you no longer wish to receive marketing materials from us, you may:
If you opt out of receiving marketing materials, you may continue to receive transaction-related emails regarding your purchases, information through other platforms and other non-marketing communications.
Without limitation to section 4.5, under the Australian Privacy Law, if you have provided inferred or implied consent (e.g. not opting out where an opt-out opportunity has been provided to you) or if it is within your reasonable expectation that we send you direct marketing communication given the transaction or communication you have had with us, then we may also use your Personal Information for the purpose of sending you such direct marketing communications.
4.5 Processing Required by Law
We may access, preserve, process, and disclose your Personal Information, other account information, and content if we believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) respond to your requests; (iii) protect yours', ours' or others' rights, property, or safety; (iv) to enforce Lorna Jane policies or contracts; (v) to collect amounts owed to Lorna Jane; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) if we, in good faith, believe that disclosure is otherwise necessary or advisable.
4.6 Human Resources Data
4.7 Other Uses
In addition to direct marketing and individual or market research, we may use your Personal Information for other purposes in which we have a legitimate interest, such as:
When you join Lorna Jane, the profile you create on our Site will be publicly accessible unless otherwise indicated. You may change the privacy settings of your profile through your account portal.
Due to the nature of the goods and services we provide, it is only practicable or reasonable for Lorna Jane to transact and correspond with you on a named basis.
The Site may contain links to other websites. Lorna Jane is not responsible for the privacy practices or the content of such websites or for the privacy policies and practices of other third parties.
Where appropriate and in accordance with local laws and requirements, we may share certain of your Personal Information, in various ways and for various reasons, with the following categories recipients:
7.1 Service Providers
We may disclose your Personal Information to Third Party service providers who require access to such information for the purpose of providing specific services to us. These Third Parties will generally only be able to access your Personal Information in order to provide us with their services and will not be able to use it for their own purposes. Such Third Party service providers may include IT services providers, payment services providers, and customer services providers.
Lorna Jane has executed appropriate contracts with the service providers that permit use or sharing of Personal Information necessary to perform the contracted services on our behalf or to comply with applicable legal requirements.
7.2 Related Entities and Business Partners
Lorna Jane may share Personal Information with our business partners and affiliates for our and our affiliates' internal business purposes or to provide you with a product or service that you have requested.
Lorna Jane may also provide Personal Information to business partners with whom we may jointly offer products or services, or whose products or services we believe may be of interest to you. In such cases, our business partner's name will appear, along with Lorna Jane.
7.3 Third Party Marketing
Lorna Jane may allow Third-Party advertising partners to set tracking tools (e.g., cookies) to collect information regarding your activities (e.g., your IP address, page(s) visited, time of day) as described in section 3.3. We may also share such anonymized information as well as selected Personal Information (such as demographic information and past purchase history) we have collected with Third-Party advertising partners. These advertising partners may use this information (and similar information collected from other websites) for purposes of delivering targeted advertisements to you when you visit non- Lorna Jane related websites within their networks as discussed in Section 3.16. This practice is commonly referred to as "interest-based advertising" or "online behavioral advertising." We may allow access to other data collected by the Site to facilitate transmittal of information that may be useful, relevant, valuable or otherwise of interest to you.
If you prefer that we do not share your Personal Information with Third-Party advertising partners, you may opt out of such sharing at no cost by following the instructions in section 8.
7.4 Regulatory Bodies
We may disclose your Personal Information:
7.5 Replacement Providers
In the event that we sell or buy any business assets, we may disclose your Personal Information to the prospective seller or buyer of such business or assets.
If Lorna Jane or substantially all of its assets are acquired by a Third Party, Personal Information held by us about our clients will be one of the transferred assets. If we are involved in a financing due diligence, reorganization, bankruptcy, receivership, or transition of service to another provider, then your Personal Information may be one of the transferred assets.
7.6 Professional advisors and auditors
We may disclose your Personal Information to professional advisors (such as legal advisors and accountants) or auditors for the purpose of providing professional services to us.
Our headquarters are in the Brisbane Australia, but our customers are based all over the world. The Personal Information that we collect from you may be transferred to, and stored at, destinations both within and outside the United States. In particular, it may be stored in or transferred to Australia and the European Union.
By submitting your Personal Information to Lorna Jane, you expressly agree and consent to the disclosure, transfer, storing or Processing of your Personal Information in such locations (which may be outside Australia). In providing this consent, you understand and acknowledge that counties outside Australia do not always have the same privacy protection obligations as Australia in relation to Personal Information.
In compliance with data protection laws (including the Australian Privacy Law and GDPR), we will take steps that are reasonable in the circumstances to ensure that your Personal Information is stored and transferred in a way which is secure and does not breach the privacy principles in the Australian Privacy Law and GDPR. Specifically, under the Australian Privacy Law, by providing your consent to such transfers, we are not required to take such steps as may be reasonable in the circumstances.
In accordance with data protection laws, you may have various rights in relation to the information which we hold about you. For California residents, please see Section 15 California Consumer Privacy Act of 2018. We have described these below.
To get in touch with us about any of these rights, please contact us at email@example.com.
We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
For those individuals in the European Union who engage with us, under the GDPR you have the following rights in section 9.1-9.8 relation to your Personal Information.
9.1 Right to object
This right enables you to object to us Processing your Personal Information where we do so for one of the following reasons:
9.2 Right to withdraw consent
Where we have obtained your consent to Process your Personal Information for certain activities, you may withdraw this consent at any time and we will cease to use your information for that purpose unless we consider that there is an alternative legal basis to justify our continued Processing of your information for this purpose, in which case we will inform you of this condition.
9.3 Data Subject Access Requests
You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
9.4 Right to erasure
You have the right to request that we "erase" your Personal Information in certain circumstances. Normally, this right exists where:
We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so.
When complying with a valid request for the erasure of Personal Information we will take all reasonably practicable steps to delete the relevant information.
9.5 Right to restrict Processing
You have the right to request that we restrict our Processing of your Personal Information in certain circumstances, for example if you dispute the accuracy of the Personal Information that we hold about you or you object to our Processing of your Personal Information for our legitimate interests. If we have shared your Personal Information with Third Parties, we will notify them about the restricted Processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on Processing your Personal Information.
9.6 Right to rectification
You have the right to request that we rectify any inaccurate or incomplete Personal Information that we hold about you. If we have shared this Personal Information with Third Parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the Third Parties that we have disclosed the inaccurate or incomplete Personal Information to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
Please note, the Site also gives you the opportunity to modify the account information you have provided to us through our edit account page. If you have created a public profile on our Site, you can modify the profile information you have provided to us by editing feedback in your profile. Modifying your account information or profile information in this way will not modify information which we have collected as part of a purchase in our transactions database.
9.7 Right of information portability
In certain circumstances, you may have the right to transfer your Personal Information between service providers. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your information in a commonly used machine-readable format so that you can transfer the information. Alternatively, we may directly transfer the information for you.
9.8 Right to complain
You have the right to lodge a complaint with your local data protection authority.
Information on how to contact each of the European data protection authorities can be found on the European Commission website here.
We will not keep your Personal Information for longer than is necessary for the purposes for which we have collected it, unless we believe that the law or other regulation requires us to keep it (for example, because of a request by a tax authority or in connection with any anticipated litigation) or if we require it to enforce our agreements.
In general, we will retain your Personal Information for as long as your account is active, and for as long as is required under legislation after you delete your account and, following that period, we will only retain your Personal Information for as long as is reasonably necessary in the circumstances.
When it is no longer necessary to retain your Personal Information, we will delete the Personal Information that we hold about you from our systems. While we will endeavor to permanently erase your Personal Information once it reaches the end of its retention period, some of your Personal Information may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our Employees will not have any access to it or use it again.
We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once it is received. The Personal Information that you provide to us is stored on servers, which are located in secured facilities with restricted access, and protected by protocols and procedures designed to maintain the security of your Personal Information when you complete a transaction or access your Personal Information. We will take reasonable steps to protect your Personal Information from misuse, loss, unauthorised access, modification or disclosure through such security measures; and destroy or permanently de-identify information where it is no longer required (refer to section 10).
However, no server, computer or communications network or system, or data transmission over the Internet can be guaranteed to be 100% secure. Therefore, we cannot guarantee its absolute security. You send information over the internet entirely at your own risk. Although we will do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted over the internet and we do not warrant the security of any information, including Personal Information, which you transmit to us over the internet.
By using the Site or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Site. If we learn of a security system’s breach, we may endeavor to attempt to notify you electronically by posting a notice on the Site or sending an e-mail to you. You may have a legal right to receive this notice in writing.
If you have any questions about security on our Web site, you can contact us at firstname.lastname@example.org.
For our customers located in the EU, the GDPR requires us to provide you with certain information regarding our legal bases for processing your Personal Information. We have set these out below.
12.1 Where using your information is in our legitimate interest
We are allowed to use your Personal Information where it is in our interests to do so, and those interests aren't outweighed by any potential prejudice to you.
We believe that our use of your Personal Information is within a number of our legitimate interests, including but not limited to:
12.2 Where you give us consent to use your Personal Information
We are allowed to use your Personal Information where you have specifically consented. In order for your consent to be valid:
As part of our relationship with you, we may ask you for specific consents to allow us to use your information in certain ways. If we require your consent, we will provide you with sufficient information so that you can decide whether or not you wish to consent.
12.3 Where using your Personal Information is necessary for us to carry out our obligations under our contract with you
We are allowed to use your Personal Information when it is necessary to do so for the performance of our contract with you. For example, we need to collect your payment details in order to be able to process payments for our products and services.
12.4 Where Processing your Personal Information is necessary for us to carry out our legal obligations
As well as our obligations to you under any contract, we also have other legal obligations that we need to comply with and we are allowed to use your Personal Information when we need to in order to comply with those other legal obligations
12.5 Where processing your Sensitive Personal Information is necessary for us to exercise our rights or carry out our employment and social security law obligations
If you are an Employee, sometimes it will be necessary for us to process your Sensitive Personal Information during the course of any employment relationship with you.
If you are an Employee, we may process your Sensitive Personal Information for the purpose of ensuring our compliance with our equal opportunities obligations where this is in accordance with local law, but we may also process other elements of your Sensitive Personal Information during the course of your employment for other reasons.
If you are an Employee, where appropriate and in accordance with any local laws and requirements, we may also process your medical data to enable us to provide you with adequate support if you suffer from a health condition or disability, for example by sharing medical information about you with an occupational health specialist, in order to determine prognosis and return to work arrangements, and to assess your working capacity more generally.
12.6 Where processing your Sensitive Personal Information is necessary for us to assess your work capacity
If you are an Employee, where we wish to engage an occupational health specialist in order to determine prognosis and return to work arrangements and to assess your working capacity more generally, applicable data protection law may provide this advisor with a legal basis for processing this Sensitive Personal Information. This can only be used by health professionals who have an obligation of professional secrecy.
12.7 Where processing your Personal Information is necessary for us to establish, exercise or defend legal claims
If you are an Employee, sometimes it may be necessary for us to process Personal Information and Sensitive Personal Information in connection with exercising or defending legal claims. Applicable data protection law may allow us to do this where the processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
Users must be 18 years of age or older to purchase products through the Site. The Services are not directed to children under 16 years of age, and Lorna Jane does not knowingly collect Personal Information from children under 16 years of age. If you learn that your child has provided us with Personal Information without your consent, you may alert us at email@example.com. If we learn that we have collected any Personal Information from children under 16 years old, we will promptly take steps to delete such information and terminate the child's account.
The categories of Personal Information we have collected about consumers and disclosed about consumers for a business purpose in the preceding 12 months are:
Identifiers such as a real name, alias, postal address, email address, unique personal or online identifier, Internet Protocol address, account name;
We do not sell Personal Information and have not sold Personal Information about consumers in the preceding 12 months.
Personal Information subject rights under the CCPA may apply to certain individuals and households. These rights include the right to: (i) know what Personal Information is being collected about them, (ii) know whether their Personal Information is sold or disclosed and to whom, (iii) say no to the sale of Personal information, (iv) access their Personal Information, and (v) equal service and price, even if privacy rights are exercised.
Information on how to contact each of the European data protection authorities can be found on the European Commission website here.