Privacy Policy

This privacy policy was last updated on May 21, 2018 to include GDPR compliance. This privacy policy is GDPR compliant.

Velonomad.com, “Velonomad” (“us”, “we”, or “our”) operates http://velonomad.com (the “Site”). This page informs you of our policies regarding the collection, use and disclosure of Personal Information we receive from users of the Site.

We use your Personal Information only for providing and improving the Site. By using the Site, you agree to the collection and use of information in accordance with this policy.

Please remember, Velonomad is a small, online business run by two people from our home. We always act in good faith, with good intent. We do not currently use remarketing (the creepy ads that follow you around), we rarely use Google Ads and we currently don't use Facebook Ads. I'm more interested in writing good content, making useful videos and so on than spending time looking at Google Analytics etc to find out more about you.

We encourage you to use Ad Blockers on our site or a browser (we recommend and use Brave) that blocks tracking etc. We do use Ad Blocker detectors to encourage you to turn your blocker off, but ads aren't necessary for your use of the site and we don't block your use if you use an Ad Blocker.

Definitions

Personal Data

Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).

Usage Data

Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit). Think: Google Analytics – your location, time on page, some demographics, browser, etc.

What do we do with your information?

Velonomad collects personal information, provided by you (email, name etc) or third party providers (Google, etc), for the sole purpose of running this site and conducting our business and related marketing.

We don't on-sell your information.

Like many site operators, we collect information that your browser sends whenever you visit our Site (“Log Data”). This Log Data may include information such as your computer's Internet Protocol (“IP”) address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics such as the country you're browsing from.

When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address. We do not collect your credit card details but use payment processors Stripe and Paypal who might.

Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates. You can opt out any time.

Introduction

  1. We are committed to safeguarding the privacy of our website visitors and service users.
  2. This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data.
  3. We use cookies on our website. Insofar as those cookies are not strictly necessary for the provision of our website and services, we will ask you to consent to our use of cookies when you first visit our website. More information on cookies is here.
  4. In this policy, “we”, “us” and “our” refer to Velonomad.com as Data Controller. For more information about us, see Section 13.

Credit

This document was created using a template from SEQ Legal (https://seqlegal.com).

Types of data we collect and why

While using our Site, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. We also may ask for personally identifiable information in order to ship your products. This can include but is not limited to your:

Name
Address
Email
Mobile Phone Numbe
Credit card information (which we do not store but pass to payment processors)

We also collect on your usage of our website usage statistics via Google Analytics and ActiveCampaign, our mailing list service. This information can include your location, browser, IP address and more. You should visit the pages of those services to determine exactly what information they collect on our behalf.

Section 2: Consent

How do you get my consent?

When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.

If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.

How do I withdraw my consent?

If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us here.

Every single marketing email has an unsubscribe link.

Section 3: Providing your personal data to others (disclosure to others)

We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

  1. We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
  2. We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
  3. We may disclose your personal or usage information to our suppliers (for example Google Analytics) insofar as reasonably necessary for us to run our business.
  4. Financial transactions relating to our website and services are handled by our payment and fulfilment services providers GetDPD, Gumroad, Stripe, Paypal. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at GetDPD, Selz, Gumroad, Paypal and Stripe.
  5. In addition to the specific disclosures of personal data set out in this Section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

Section 4: International transfers of your personal data

  1. In this Section, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
  2. We have offices in Australia with data hosted in Australia but sent via the US to Cloudflare via https – all our web traffic is encrypted.Therefore when you browse to our website, it is outside the EEA. When you submit an order for a SIM card, you send data outside the EEA (e.g. to Australia). That data comprises your name, email, mobile phone number and address. We do not share this data with other providers except to the extent necessary to fulfil your order.
  3. We use services inside and outside the EU, primarily in the USA. The European Commission has made an “adequacy decision” with respect to the data protection laws of each of the countries of the services we use. Transfers to the USA and within the EEA will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission and via standard industry data protection methods like web traffic encryption.
  4. The hosting facilities for our website are situated in Australia. The European Commission has not yet determined that data sent to Australia has adequate protection according to the relevant laws. By using our website you acknowledge this.
  5. You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

Section 5: Retaining and deleting data

This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

  1. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  2. We will retain your personal data as follows:
    • For purchases via our website, your personal data will be retained for a minimum period of 12 months following the purchase data, and for a maximum period of 5 years.
    • Our Google Analytics data is set to expire every 26 months after you first visit our site. If you revisit our site, the timer resets.
    • Your mailing list information, and pages you visit as a mailing list member (which we use Cookies to track) are not deleted as long as you remain on the mailing list.
    • We routinely delete unsubscribed mailing list members and those who have not double-opted in to our mailing list.
  3. In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:
    • What we need the information for;
    • How likely it is we will need it in the future;
    • A reasonable period to minimise any risk or fulfil any legal obligations;
    • Corporate Records Act and Tax Act of Australia which determines we need to maintain records for a period of 7 years.
  4. Notwithstanding the other provisions of this Section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
  5. You can request we delete all your data at any time by contacting us here. We will delete it from our website including your comments on articles and any purchase information. The information will not be retrievable. We will also remove you from all mailing lists we manage. We will not be able to stop Google Analytics and other third parties tracking you. You can use Cookie blockers for that.

Section 6: Third parties we use

Our store is hosted on third party web servers, hosted in Australia. They provide us with the web hosting space.

Our ebooks are variously sold on Gumroad, Selz, DPD Cart and from our own site directly. These online e-commerce platforms allow us to sell our products and services to you.

We use Paypal and Stripe for credit card charging as do our fulfilment services DPD, Selz and Gumroad.

Your data is stored through these parties' data storage, databases and their general applications. They store your data on a secure server behind a firewall.

We do not store your credit card details.

Paypal and Stripe can store this information. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

Section 7: Links

When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

Section 6: Security

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

Section 7: Cookies

Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive. Like many sites, we use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.

We use cookies by Facebook, Google and DoubleClick (a Google entity) amongst others. Learn more about Google's cookies here and Facebook's here.

You can choose if you want to opt-out of cookies or not.

We use these cookies to undertake Google and Facebook advertising. Don't hate us, we run this site for profit and to pay out mortgage!

We also use cookies to store things like your display preference for example, and to remember if you've closed a popup, so that we don't bug you with annoying popups endlessly. Don't you just hate sites like that?

Read more about our cookies here.

Section: Your Rights

  1. In this Section, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
  2. Your principal rights under data protection law are:
    • the right to access;
    • the right to rectification;
    • the right to erasure;
    • the right to restrict processing;
    • the right to object to processing;
    • the right to data portability;
    • the right to complain to a supervisory authority; and
    • the right to withdraw consent.
  3. You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
  4. You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
  5. In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
  6. In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
  7. You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
  8. You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
  9. You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
  10. To the extent that the legal basis for our processing of your personal data is:
    • consent; or
    • that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,
    • and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
  11. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
  12. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
  13. You may exercise any of your rights in relation to your personal data by written notice to us.

Section 8: Age of Consent

By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.

Section 9: Changes to this Privacy Policy

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.

Section 10: Our details

  1. This website is owned and operated by Velonomad.com.
  2. We are registered in Australia under registration number ABN 57 465 281 502, and our registered office is redacted for privacy.
  3. Our principal place of business is at redacted for privacy.
  4. You can contact us contact us here.

Data protection officer

Our data protection officer's contact details are Tim Marsh, contact him here.

Questions and Contact Information

If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact us here.

Leave a Comment