The term "Personal Information" in this policy means information or an opinion about an identified or reasonably identifiable individual.
Types of Personal Information We Collect
If you buy from us online or contact us, online or otherwise, we may collect details you provide, including your full name, phone number, email address, home address, postal address, billing address, shipping address, credit card details, payment and order details, details of your interests in our products and services, and details you write in forms and online customer chat windows, including those used to provide footwear at pop-up shops or through private visits, or to recommend and/or supply shoes on a remote basis. This information may include physical and digital data and files containing details of your available times for appointments, foot tracings, foot measurements, foot and shoe photographs, shoe sizes, orthotic use, and foot features and conditions. We may also collect publicly available non-sensitive personal information and associate it with your customer record.
If you visit our Website or online shop at justcomfortshoes.com.au or contact us through a web form or third-party app associated with the website, we and the third-party providers of online services we use on our Website may record your IP address and details of your use of our Website.
Your provision of Personal Information implies your consent for Just Comfort Shoes to use it for your express purpose or any reasonably inferred related purpose involving serving you with information, products or services relating to footwear, footwear accessories, or Department of Veterans' Affairs Medical Grade Footwear services, as well as conducting related transactions or referring you to relevant health services.
We may also collect and store information that podiatrists or other health practitioners send us or tell us about you as their clients in relation to your footwear needs.
For Department of Veterans' Affairs ("DVA") clients seeking Medical Grade Footwear (“MGF”), we may also gather information that the Department of Veterans’ Affairs (“DVA”) requires us, as a Medical Grade Footwear Supplier, to collect, including DVA file number, DVA card type, foot tracings (or scans or photographs), clinical information relating to MGF requests, assessing health provider details, sporting body membership details relating to DVA recreational footwear issue, history of DVA footwear issued, and case details relating to fitting and issuing of shoes. We are unable to erase required DVA records at your request.
Collection and Use of Personal Information
Purposes for collection and use of your Personal Information may include: communicating with you; scheduling shoe fitting, delivery or collection appointments; recommending and providing shoes; processing and shipping orders; processing returns, refunds, exchanges and repairs; providing information to you in the future about your purchases; including you on a distribution list (only with your explicit approval) to receive physical mail, email or SMS messages; advising you of products and services that may interest you in relation to footwear, footwear accessories and foot health; entering you into a competition or prize draw; providing relevant and/or targeted advertising and communications about our products and services; providing your information (only with your consent if you are a private customer, or as necessary to meet government requirements to serve you if you are a DVA MGF client) to bootmakers, shoe repairers, pedorthists, podiatrists and other health professionals about your needs; improving our services; and other purposes that you may specify.
If you are a DVA clients, purposes for collection and use of your Personal Information may additionally include advising you of processes or progress relating to DVA MGF footwear prescriptions, keeping records as required by DVA, and liaising with DVA and podiatrists or other assessing health providers about your case.
Use of your personal information includes storing it in software systems that we use to provide you with products and services (see Third Party Services, Websites and Apps, below).
Disclosure of Personal Information
We disclose Personal Information to other third parties only in limited circumstances. We will disclose it where required by law, or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement, or as necessary to report unlawful activity, or if reasonably necessary to avert a serious threat to health and safety. We will also disclose it to a health practitioner, pedorthist, orthotist, cobbler, bootmaker, shoe repairer or other similar service provider (and, if you are a DVA MGF client, to DVA and your assessing health provider) as necessary to fulfil a service to you or to any further extent we deem beneficial if you instruct or allow us to do so.
Collection and Disclosure of Sensitive Personal Information
You may be asked to sign a Sensitive Personal Information Usage Consent if information provided is considered sensitive. Signing involves consenting to the collection, storage and use of personal information about the shape, condition and health of your feet, other aspects of your health as they affect your footwear needs, and any aspect of your footwear use that may reveal information about your health. In doing so, you acknowledge that this may include details of spoken or written statements in person or by phone or email, as well as foot measurements, tracings, photographs, digital scans, and the details of footwear referrals, prescriptions or comments of health practitioners provided to Just Comfort Shoes to meet your current and future footwear needs. It also involves allowing Just Comfort Shoes to share this information with any relative, friend, health practitioner, carer, care organisation, funding body or government body involved in the selection, approval, modification or funding of your shoes. You may revoke this consent at any time except where records must be kept to comply with government requirements, but must accept that doing so may affect the quality of service you receive.
How We Protect Your Personal Information
In order to protect your Personal Information, we use physical building security and staff training as well as software measures including regular software updates, the use of antivirus and anti-malware software, strong passwords, SSL (Secure Sockets Layer) encryption for our web store and email marketing, TLS (Transport Layer Security) on our general email software, and careful choice of reputable payment gateways and other online services.
Email, Postal, SMS, MMS and Phone Marketing
We may use your Personal Information to contact you with postal, email, SMS or MMS newsletters, marketing or promotional materials and other information that may be of interest to you. We do this on an opt-in-only basis. You may opt out of receiving physical mail by contacting us and expressing your wish. You may opt out of email, SMS, or MMS marketing communications by following the Unsubscribe link or instructions provided in the footer of one of our marketing emails or following any unsubscribe instructions in an SMS or MMS message, as applicable.
For the protection of email subscribers, MailChimp account passwords are hashed, all MailChimp login pages (from the MailChimp website and mobile website) pass data via SSL, and the entire MailChimp application is encrypted with SSL.
General Email and Physical Mail Communications
Just Comfort Shoes’ general email communications use an HTTPS connection and TLS (Transport Layer Security) to encrypt email messages. However, because email communication involves two parties, including the use of systems outside those of our email provider, email is less secure than many of our other internet-based storage systems. Customers are asked not to provide credit card details, passwords or any other sensitive information by email.
You may not opt out of any service-related notices required by law (for example, if any apply in relation to DVA MGF prescriptions).
Third-Party Services, Websites and Apps
Just Comfort Shoes uses various third-party services in the course of providing you with products and services. These third-party providers will collect, use and disclose your information in accordance with the Australian Privacy Principles, and generally only to the extent necessary to allow them to perform the services they provide to us.
Our Website may contain links to other websites. We are not responsible for the privacy practices of such sites. Your interactions with our information on such sites is governed by their Privacy Policies, which we recommend reading. Links from justcomfortshoes.com.au do not imply that Just Comfort Shoes endorses or has reviewed such linked third-party websites.
Use of Credit Card Details
Credit card details we process on an EFTPOS machine are not stored by Just Comfort Shoes after use. Credit card details taken in person, over the phone or through a card imprinter for orders, refunds or reimbursements are destroyed immediately after use except for records required by bank policy. Customers are asked not to provide credit card details, passwords or any other sensitive information by email.
Payments processed through our Shopify-hosted online store are compliant with the Payment Card Industry Data Security Standard (PCI DSS). This is a security standard for organisations that handle credit and debit card information. The standard was created to increase controls around payment data to reduce fraud. Shopify is certified Level 1 PCI DSS compliant. This compliance extends by default to all stores powered by Shopify.
Shopify Website and Online Store Privacy and Security
Just Comfort Shoes records visitor IP addresses through Google Analytics.
The Just Comfort Shoes online shop is hosted by Shopify, which provides an online e-commerce platform integrated with its website content management system.
Our online shop uses the industry best practice SSL (Secure Sockets Layer) protocol with an SSL Certificate, creating a secure connection for transmission of data including credit card numbers. Online payment occurs using the customer's choice of reputable online payment processors.
Credit card data is encrypted using the Payment Card Industry Data Security Standard (PCI-DSS). The payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands such as Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Just Comfort Shoes does not store credit card details except for records required by our banking provider's merchant policies. Some of our online payment processors store card details, including for purposes such as refunds. The practices of Apple Pay, Google Pay (formerly Android Pay), PayPal, Shop Pay and Afterpay are governed by the agreement pertaining to your account with them. Shop Pay processes payments using the Stripe payment service. Card numbers submitted to Stripe are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and does not share any credentials with Stripe’s primary services (API, website, etc.).
For more information, you may also want to read the Privacy Policies of third-party providers listed below under “Key Third-Party Privacy Policies”.
Online Services and Cross-Border Data Transfer
Just Comfort Shoes uses online services, some of which involve the transmission or storage of customer information electronically on computer servers outside Australia, where data protection laws may differ. Services used by Just Comfort Shoes that process customer data include Asana, Apple Pay, Aramex/Fastway, Australia Post, ClickSend, Cognito Forms, Google Pay (formerly Android Pay), G Suite (including Gmail, Google Drive, Google Docs, Google Sheets, Google Contacts, Google Calendar), Google Chrome, Google Backup and Sync, Google Analytics, Hike Point of Sale, MailChimp, Microsoft Office 365 Business, MYOB, PureChat, Shopify and Stripe. See the links to Key Third-Party Privacy Policies below for information about the countries these services use for data storage and processing. Just Comfort Shoes takes measures to ensure that it chooses online services whose cross-border processing and disclosure of Personal Information meet Australian requirements.
MYOB AccountRight stores data exclusively in Australia using the world-class security features of Microsoft Azure in secure data centres in Sydney and Melbourne, and leaves MYOB in effective control of all business data.
The Australian Government's Office of the Australian Information Commissioner provides information on rules for cross-border disclosure of personal information as follows: https://www.oaic.gov.au/agencies-and-organisations/app-guidelines/chapter-8-app-8-cross-border-disclosure-of-personal-information.
Our Website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.
Cookies and Targeted Advertising
Our Website uses “cookies”. A cookie is a small text file that our Website may place on your computer for various purposes, including recording website usage patterns or remembering your preferences.
Our website uses the following Shopify cookies for analytics purposes: _y, _s, _shopify_y, _shopify_s, _shopify_fs. It uses the _landing_page cookie to track landing page use. The secure_customer_sig Shopify cookie is used in connection with customer login. The cart_currency Shopify cookie assists with the secure checkout process. The _orig_referrer Shopify cookie is used for shopping cart functionality. The _pay_session Shopify cookie assists with secure checkout and payment functionality. Other Shopify cookies are as follows: _tracking_consent, which tracks Shopify user consent; _shopify_tm, _shopify_tw, and _shopify_m, which are all used for tracking customer privacy settings. A cookie called __cf_bm set by Afterpay.com is used by CloudFare to support Cloudfare Bot Management. The __cfduid cookie from Afterpay.com is used by CDN services such as CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
MailChimp, Social Media, Facebook Advertising, Google Ads
Key Third-Party Privacy Policies
For more information about the privacy policies of relevant third-party service providers, please refer to the following:
Afterpay - https://www.afterpay.com/en-AU/privacy-policy
Aramex/Fastway - https://www.fastway.com.au/terms-and-conditions/privacy-policy/
Apple Pay - https://support.apple.com/en-kw/HT203027
Australia Post - https://auspost.com.au/privacy
Clicksend - https://www.clicksend.com/au/legal/privacy-policy/
Gmail, Google Contacts, Google Chrome, G Suite, Google Backup and Sync, Google Analytics, Google Pay (formerly Android Pay) - http://www.google.com/intl/en/policies/privacy/
Hike Point of Sale - https://hikeup.com/au/privacy-policy/
MailChimp - https://mailchimp.com/legal/privacy/
Microsoft - https://privacy.microsoft.com/en-ca/privacystatement
MYOB - https://www.myob.com/au/privacy-policy
PayPal - https://www.paypal.com/au/webapps/mpp/ua/privacy-full
PureChat - https://purechat.com/privacy and https://purechat.com/dpa
Shopify - https://www.shopify.com/legal/privacy
Stripe - https://stripe.com/gb/privacy, https://stripe.com/docs/security/stripe
While we use industry-standard means of protecting your Personal Information, we cannot guarantee its absolute security in either a physical or electronic environment. No physical security, method of data transmission over the internet or method of electronic storage is 100% secure. Just Comfort Shoes shall not be held responsible for the consequences of any third-party hacking attempts that may result in User information being compromised.
How We Deal with Requests and Complaints
You may request access to Personal Information that we hold about you in certain circumstances set out in the Privacy Act 1988 (Commonwealth). You may ask us to correct your Personal Information if you find that it is not accurate, up to date or complete. You may also make a complaint about our handling of your Personal Information. Proof of identity may be required, and no charge applies for making a request. However, a fee may apply for labour time, materials or postage where required to meet your request.
You can contact us using the web form on this Website or send your request or complaint to the postal address below. We undertake to respond within a reasonable timeframe.
Acquisitions, Mergers and Asset Sales
If Just Comfort Shoes is involved in a merger, acquisition or asset sale, your Personal Information may be transferred to another entity.
Just Comfort Shoes
155 Brisbane Rd
Mooloolaba QLD 4557
Changes to this Policy
This policy may change at any time without notice, and was last updated at 10.23pm AEST on Saturday, March 20, 2021.