We are bound by the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs). This policy explains how and why we collect, use, hold and disclose the personal information of customers visiting or making a purchase from the following online stores operated by us:
- The UTMB Australia Online Store located at http://store.ultratrailaustralia.com;
- The IRONMAN Australia Online Store located at http://au.ironmanstore.com; and
- The City2Surf Online Store located at https://city2surf.com.au/merchandise,
- The Sydney Half Marathon Online Store located at https://smhhalfmarathon.com.au/
- The Epic Series MTB Online Store located at https://epic-series-store.myshopify.com/
- The Runaway Marathon Series Online Store located at https://runaway-series.myshopify.com/
- The Multisport Series Online Store located at https://multisport-store.myshopify.com/
each a “Site” for the purposes of this policy.
"We", "us" and "our" means USM Events Pty Ltd trading as IRONMAN Australia ABN 67 052 342 239 of Level 6, 222 Kings Way, South Melbourne, Victoria, 3205, Australia.
By visiting the Site, you consent to us collecting, holding, using and disclosing your personal information in accordance with this policy.
What is personal information?
Personal information is any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true.
What personal information do we collect and hold?
When we talk about “personal information” in this policy, we are talking about “device information” and “order information”.
Device Information: When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically collected information as “device information”. We collect device information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.
Order Information: Additionally when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information including credit card numbers, email address, and phone number. We refer to this information as “order information”.
Why and how do we collect, hold and use your personal information?
We collect, hold and use your personal information so that we can provide you with products and services, and manage our relationship with you. If you do not provide us with your personal information we may not be able to provide you with our services, communicate with you or respond to your enquiries.
We use the order information that we collect generally to fulfill any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this order information to:
- communicate with you;
- screen our orders for potential risk or fraud; and
- when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the device information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimise our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
How do we store and hold personal information?
We store most information about you in computer systems and databases operated by either us or our external service providers.
We implement and maintain processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure.
These processes and systems include:
- the use of identity and access management technologies to control access to systems on which information is processed and stored;
- requiring all employees to comply with internal information security policies and keep information secure;
- requiring all employees to complete training about information security; and
- monitoring and regularly reviewing our practise against our own policies and against industry best practice.
When you place an order through the Site, we will maintain your order information for our records unless and until you ask us to delete this information. However, we will also take reasonable steps to destroy or de-identify personal information once we no longer require it for the purposes for which it was collected or for any secondary purpose permitted under the APPs.
Who do we disclose your personal information to, and why?
We may transfer or disclose your personal information to our related companies, including (without limitation): IRONMAN New Zealand Limited of Level 1, 347 Parnell Road, Parnell, Auckland, 1052, New Zealand; and World Triathlon Corporation located at 3407 W. Dr. Martin Luther King Jr. Blvd., Suite 100, Tampa, Florida, 33607, United States.
We may disclose personal information to external service providers so that they may perform services for us or on our behalf. For example, we use Shopify to power our online stores A, B, E, F & G --you can read more about how Shopify uses your personal information here: https://www.shopify.com/legal/privacy .
We also use Google Analytics to help us understand how our customers use the Site -- you can read more about how Google uses your personal information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
We may also disclose your personal information to others outside our group of companies where:
- we are required or authorised by law to do so;
- you may have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances; or
- we are otherwise permitted to disclose the information under the Privacy Act.
If the ownership or control of all or part of our business changes, we may transfer your personal information to the new owner.
Do we disclose personal information to overseas recipients?
We may disclose your personal information to recipients which are located outside Australia.
Those recipients are likely to be located in New Zealand and/or the United States.
Do we use your personal information for marketing?
We will use your personal information to offer you products and services we believe may interest you, but we will not do so if you tell us not to. These products and services may be offered by us, our related companies, our other business partners or our service providers. Where you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication.
Further, we may also use your personal information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work. You can opt out of targeted advertising by using the links below:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
- Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
Access to and correction of your personal information
You may access or request correction of the personal information that we hold about you by contacting us. Our contact details are set out below. Any such request may require identity verification to ensure the security of your personal information. There are some circumstances in which we are not required to give you access to your personal information.
There is no charge for requesting access to your personal information but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).
We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate, up to date and complete.
Your rights under the EU GDPR if you are located in the European Union
Under the European Union (EU) General Data Protection Regulation (GDPR), as a data subject you have the right to:
- access your data;
- have your data deleted or corrected where it is inaccurate;
- object to your data being processed and to restrict processing;
- withdraw consent to having your data processed;
- have your data provided in a standard format so that it can be transferred elsewhere; and
- not be subject to a decision based solely on automated processing.
Data Subject Rights
We have processes in place to deal with Data Subject Rights requests. Our actions and responsibilities will depend on whether we are the controller or processer of the personal data at issue. Depending on our role as either a controller or processor, the process for enabling Data Subject Rights may differ, and are always subject to applicable law. Please refer to the Contact Details section of this policy if you would like to make a Data Subject Rights request or have a specific need for assistance with a Data Subject Rights request.
If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should contact us. Our contact details are set out below. We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.
If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (www.oaic.gov.au) for guidance on alternative courses of action which may be available.
If you have any questions, comments, requests or concerns in relation to this policy, please contact us by email at email@example.com or by mail to USM Events Pty Ltd, Attn: Privacy Officer, Level 6, 222 Kings Way, South Melbourne, Victoria, 3205, Australia.
Changes to this policy
From time to time, we may change our policy on how we handle personal information or the types of personal information which we hold. Any changes to our policy will be published on our website. You may obtain a copy of our current policy from our website or by contacting us at the contact details above.