Introduction
Dreamatic knows that you care how your personal data is used and we recognise the importance of protecting your privacy. As such, we developed our privacy policy in accordance with the EU General Data Protection Regulation 2016/679 (GDPR).
This Privacy Statement explains how Dreamatic collects and manages your personal data. It contains information on what data we collect, how we use it, why we need it and how it can benefit you.
Contact us at dpo@dreamatic.digital if you have any queries and comments, or if you want to make a request regarding any of your data subject rights.
This privacy statement was last updated on September 14, 2019.
Basic principles and our privacy commitment
At Dreamatic we are committed to protecting your right to privacy. We aim to protect any personal data we hold, to manage your personal data in a responsible way and to be transparent in our practices. Your trust is important to us. We have therefore committed ourselves to the following basic principles:
- You have no obligation to provide any personal data requested by us. However, if you choose not to, we may not be able to provide you with some services or products;
- We only collect and process your data for the purposes set out in this Privacy Statement or for specific purposes that we share with you and/or that you have consented to;
- We aim to collect, process and use as little personal data as possible;
- When we do collect your personal data, we aim to keep it as accurate and up to date as possible.
- If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it.
- Your personal data will not be shared, sold, rented or disclosed other than as described in this Privacy Statement.
What personal data do we collect?
The personal data we collect varies depending upon the purpose of the collection and the product or service we are providing you.
Generally, we may collect the following types of personal data from you directly:
- Personal contact data, such as your name, email address, physical address and telephone numbers;
- Account login details, such as your user ID, e-mail username and password. This is necessary to create a personal user account on our website;
- Communications with us, which may include details of our conversations via online chat;
- Demographic information, such as your age and gender and lifestyle preferences. Lifestyle preferences may include your preference for some of the products we offer, and your interests related to those products;
- Browser history, such as pages accessed, date of access, location when accessed, and IP address;
- Payment information for purchases made on one of our online shops. Payment information generally relates to your billing name, billing address and payment data, such as your credit card details or bank account number.
- Social media profiles;
We may also collect personal data about you indirectly when:
- you share content on social media pages, websites or applications related to our products or in response to our promotional material on social media; or
- we read or collect personal data about you by reading information collected by other websites (for instance, we may place an ad on a third party website, and when you click on that ad, we may receive information about you and other website visitors in order to measure the reach and success of that ad).
Why do we collect and use your personal data?
We collect your personal data so we can provide you with the best online experience and to provide you with a high quality of customer service. In particular we may collect, hold, use and disclose your personal data for the following purposes:
- To process your payments, if you purchase our products, to provide you with your order status, deal with your enquiries and requests, and assess and handle any complaints;
- To process and answer your inquiries or to contact you in order to answer your questions and/or requests;
- To develop and improve our products, services, communication methods and the functionality of our websites;
- To communicate information to you and to manage your registration and/or subscription to our newsletter or other communications;
- To manage our everyday business needs in connection with your participation in our competitions, promotional activities or requests;
- For internal training and quality assurance purposes;
- To understand and assess the interests, wants, and changing needs of customers, in order to improving our website, our current products and services, and/or developing new products and services;
- To provide personalised products and communications as well as product recommendations to you and customers;
We may also need your personal data to comply with legal obligations or in the context of a contractual relationship that we have with you.
When we collect and use your personal data for purposes mentioned above or for other purposes, we will inform you before or at the time of collection.
Where appropriate, we will ask for your consent to process the personal data. Where you have given consent for processing activities, you have the right to withdraw your consent at any time.
Your rights
Where we process your personal data, you are entitled to a number of rights and can exercise these rights at any point. We have provided an overview of these rights below together with what this entails for you. You can exercise your rights by contacting us at dpo@dreamatic.digital.
The right to access your personal data and correction You have the right to access, correct or update your personal data at any time. We understand the importance of this and should you want to exercise your rights, please contact at dpo@dreamatic.digital.
The right to data portability
Your personal data is portable. This means it can be moved, copied or transmitted electronically. However, this right only applies where:
- The processing is based on your consent;
- The processing takes place for the performance of a contract;
- The processing takes place by automated means;
If you wish to exercise your right to data portability, please contact us at dpo@dreamatic.digital
The right to deletion of your personal data
You have right to request that we delete your data if:
- your personal data is no longer necessary in relation to the purposes for which we collected it; or
- you withdraw the consent that you had previously given us to process your personal data, and there is no other legal ground to process that personal data; or
- you object to us processing your personal data for direct marketing purposes; or
- you object to us processing your personal data for Dreamatic’s legitimate interests (such as improving overall user experience on websites);
- the personal data is not being processed lawfully; or
- your personal data needs to be deleted to comply with the law.
If you wish to delete the personal data we hold about you, please let us know at dpo@dreamatic.digital and we will take reasonable steps to respond to your request in accordance with legal requirements.
If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it.
The right to restriction of processing
You have the right to restrict the processing of your personal data if:
- you do not believe the personal data we have about you is accurate; or
- the personal data is not being processed lawfully, but instead of deleting the personal data, you would prefer us to restrict processing instead; or
- we no longer need your personal data for the purposes we collected it, but you require the data in order to establish, exercise or defend legal claims; or
- you have objected to the processing of your personal data and are awaiting verification on whether your interests related to that objection outweigh the legitimate grounds for processing your data.
If you wish to restrict our processing of your personal data, please let us know at dpo@dreamatic.digital and we will take reasonable steps to respond to your request in accordance with legal requirements.
The right to object
You have the right to object to the processing of your personal data at any time. Please contact us via our contact page dpo@dreamatic.digital.
The right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint directly with supervisory authority about how we process personal data.
How we protect your personal data
We understand that the security of your personal data is important. We make our best efforts to protect your personal data from misuse, interference, loss, unauthorised access, modification or disclosure. We have implemented a number of security measures to help protect your personal data. For example, we implement access controls, use firewalls and secure servers, and we encrypt personal data.
Sharing of your personal data
When we share your personal data with affiliates and other organisations, we make sure we only do so with organisations that safeguard and protect your personal data and comply with applicable privacy laws in the same or similar way that we do.
Your personal data will not be shared, sold, rented or disclosed other than as described in this Privacy Statement. We may, however, share your data when required by law and/or government authorities.
Presently, no personal data is being shared with third-parties.
Sharing data internationally
Personal data may be processed outside the European Economic Area (EEA). When processed outside the EEA, Dreamatic will make sure that this cross-border data processing is protected by adequate safeguards.
The safeguards that we use to protect cross-border data processing include:
- Model Contractual Clauses approved by European Commission. These standardised contractual clauses provide sufficient safeguards to meet the adequacy and security requirements of the European General Data Protection Regulation; or
- certifications which demonstrate that third parties outside of the EEA process personal data in a way that is consistent with the European General Data Protection Regulation. These certifications are approved either by the European Commission, a competent supervisory authority or a competent national accreditation body in terms of General Data Protection Regulation.
Since Dreamatic is based in Australia, your personal data is being shared outside of the EAA. However, Dreamatic employs the same privacy standards outlined by GDPR.
Automated decision-making and profiling
For some services and products we may process your personal data using automated means. Essentially this means that decisions are taken automatically without human intervention.
We may also process your personal data for profiling purposes to predict your behaviour on our website or products that may be of interest to you.
If we intend to make use of such methods, we will of course inform you and we will give you an opportunity to object to these processes in advance. You are also free to contact us at dpo@dreamatic.digital for further information on such processing.
Cookies and other technologies
We may also collect personal data about you through the use of cookies and other technologies. This may occur when you visit our sites or third-party sites, view our online promotions, or use our/third-party mobile applications and may include the following information:
- Information about your device browser and operating system;
- The IP address of the device you are using;
- Web pages of ours that you view;
- Links that you click while interactive with our services.
Please see our cookie statement for more information.
How to contact us
If you have any questions, comments or complaints regarding this Privacy Statement or the processing of your personal data, please contact us at dpo@dreamatic.digital.