Just Comfort Shoes is a comfort footwear retailer operating at 155 Brisbane Rd, Mooloolaba, QLD 4557, and online at justcomfortshoes.com.au (“Website”).
The term "Personal Information" in this policy means information or an opinion about an identified or reasonably identifiable individual.
Types of Personal Information Collected
If you buy from us online or contact us, we may collect details you provide, including your full name, phone number, email address, postal address, billing address, shipping address, credit card details, payment and order details, and details of your interests in our products and services.
If you visit our Website or online shop at justcomfortshoes.com.au or contact us through a web form, we and third-party providers of online services we use on our Website may record your IP address and details of your use of our Website.
Just Comfort Shoes may share our Website visitors' information with marketers or advertisers in the aggregate without making reference to or identifying individual users or their Personal Information.
Your provision of Personal Information implies your consent for Just Comfort Shoes to use it for your express purpose or any reasonably inferred related purpose involving serving you with information, products or services relating to footwear, footwear accessories or relevant Department of Veterans' Affairs Medical Grade Footwear services, as well as conducting related transactions or referring you to relevant health services. This does not include subscribing you to an email or postal mailing list without your consent or storing your credit card details after they are used for a transaction.
We may also collect and store information that podiatrists or other health practitioners send us or tell us about you as their clients in relation to your footwear needs, including details collected through our Podiatrist's Referral Form, where we ask practitioners to do so only with their clients' consent.
For Department of Veterans' Affairs clients seeking Medical Grade Footwear (“MGF”), we may also gather information that the Department of Veterans’ Affairs (“DVA”) requires us, as a Medical Grade Footwear Supplier, to collect, including DVA file number, DVA card type, foot tracings (or scans or photographs), clinical information relating to MGF requests, assessing health provider details, sporting body membership details relating to DVA recreational footwear issue, history of DVA footwear issued, and case details relating to fitting and issuing of shoes. We are unable to erase required DVA records at your request.
Collection and Use of Personal Information
Purposes for collection and use of your Personal Information may include: communicating with you; processing your order instore; processing and shipping your order from an online purchase; processing returns, refunds, exchanges and repairs; providing information to you in the future about your purchases; including you on a distribution list (only with your explicit approval) to receive physical and/or electronic mail; advising you of products and services that may interest you in relation to footwear, footwear accessories and foot health; entering you into a competition or prize draw; providing your information (only with your consent, which is deemed to be automatic for DVA MGF requirements) to bootmakers, shoe repairers, podiatrists and health professionals about your needs; improving our services; and other purposes that you may specify.
For DVA clients, purposes for collection and use of your Personal Information may additionally include advising you of processes or progress relating to DVA MGF footwear prescriptions, keeping records as required by DVA, and liaising with DVA and podiatrists and other assessing health providers about your case.
Disclosure of Personal Information
How We Protect Your Personal Information
In order to protect your Personal Information, we use physical building security and staff training as well as software measures including regular software updates, the use of antivirus and anti-malware software, strong passwords, SSL (Secure Sockets Layer) encryption for our web store and email marketing, TLS (Transport Layer Security) on our general email software and email backup software, and careful choice of reputable payment gateways and other online services.
Email and Postal Mail Marketing
We may use your Personal Information to contact you with physical or emailed newsletters, marketing or promotional materials and other information that may be of interest to you. We do this on an opt-in-only basis. You may opt out of receiving physical mail by contacting us and expressing your wish. You may opt out of email marketing communications by following the Unsubscribe link or instructions provided in the footer of any MailChimp email we send.
For the protection of email subscribers, MailChimp account passwords are hashed, all MailChimp login pages (from the MailChimp website and mobile website) pass data via SSL, and the entire MailChimp application is encrypted with SSL.
General Email and Physical Mail Communications
Just Comfort Shoes’ general email communications use an HTTPS connection and TLS (Transport Layer Security) to encrypt email messages. However, because email communication involves two parties, involving the use of systems outside those of our email provider, email is less secure than many of our other internet-based storage systems. Customers are asked not to provide credit card details, passwords or any other sensitive information by email.
You may not opt out of any service-related notices required by law (for example, if any apply in relation to DVA MGF prescriptions).
Third-Party Services, Websites and Apps
Just Comfort Shoes uses various third-party services in the course of providing you with products and services. These third-party providers will generally collect, use and disclose your information only to the extent necessary to allow them to perform the services they provide to us.
However, if you elect to proceed with a transaction that involves the services of a third-party provider, your information may become subject to the laws of the jurisdiction/s in which that service provider or its facilities are located. For example, if you are in Australia and your transaction is processed by a payment gateway in the United States, your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Our Website may contain links to other websites. We are not responsible for the privacy practices of such sites. Your interactions with our information on such sites are governed by their Privacy Policies, which we recommend reading. Links from justcomfortshoes.com.au do not imply that Just Comfort Shoes endorses or has reviewed such linked third-party websites.
Use of Credit Card Details
Credit card details processed on an EFTPOS machine in our physical store at 155 Brisbane Rd, Mooloolaba QLD 4557, or through our mobile shoe service, are not stored by Just Comfort Shoes after use. Credit card details taken in person, over the phone or through a card imprinter for orders, refunds or reimbursements are destroyed immediately after use. Customers are asked not to provide credit card details, passwords or any other sensitive information by email.
Credit card numbers and CVV codes used in transactions on Just Comfort Shoes' Weebly-hosted online store are not viewable by Weebly or Just Comfort Shoes at any time. These details are handled by the credit card processor that you choose during your purchase – Stripe, Apple Pay or Google Pay (formerly Android Pay). See further information on credit card details in the next section.
Weebly Website and Online Store Privacy and Security
Weebly collects IP addresses of website visitors but does not make them available to website owners except when a visitor uses an online contact form. Just Comfort Shoes records visitor IP addresses through Google Analytics.
The Just Comfort Shoes online shop is hosted by Weebly Inc, which provides an online e-commerce platform integrated with its website content management system. Weebly stores your data on secure servers behind a firewall. Customer names, billing and shipping addresses, telephone numbers and email addresses recorded during online orders are not used by Weebly in any way, but by Just Comfort Shoes as the online store owner.
Our online shop uses the industry best practice SSL (Secure Sockets Layer) protocol with an SSL Certificate, creating a secure connection for transmission of data including credit card numbers. Online payment occurs using the customer's choice of reputable online payment processors Stripe, Google Pay (formerly Android Pay) or Apple Pay for payment by credit card.
Credit card data is encrypted using the Payment Card Industry Data Security Standard (PCI-DSS). The payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands such as Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Just Comfort Shoes does not store credit card details, but some of the payment processors available through our web shop store card details, including for purposes such as refunds. The practices of Apple Pay and Google Pay (formerly Android Pay) are governed by the agreement pertaining to your account with them. Card numbers submitted to Stripe are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).
For more information, you may also want to read the Privacy Policies of third-party providers listed below under “Key Third-Party Privacy Policies”.
Online Services and Cross-Border Data Transfer
Just Comfort Shoes uses online services that involve the transmission or storage of customer information electronically on computer servers in jurisdictions outside Australia, where data protection laws may differ. These services include Weebly, Stripe, Google Pay (formerly Android Pay), Apple Pay, MailChimp, Gmail (including Google Contacts), Google Chrome, G Suite, Google Backup and Sync, Google Analytics, the Gmail to MailChimp Chrome extension, Gmelius, Zapier and Zendesk Chat. Just Comfort Shoes takes measures to ensure that it chooses online services whose processes concerning cross-border disclosure of Personal Information meet the Australian requirement of being conducted substantially in accordance with the Australian Privacy Principles.
Gmelius communicates with Google servers only through Gmail's API (OAuth) and never stores any data from Gmail accounts. Zendesk explicitly complies with the Australian Privacy Act 1988 (Commonwealth) and the Australian Privacy Principles.
Just Comfort Shoes may use overseas contractors who deal with Personal Information but not with information relating to DVA MGF cases. Contractors are required to enter an agreement that requires handling of data in accordance with the Australian Privacy Principles and are forbidden to subcontract.
People interacting with Just Comfort shoes agree to allow their files, instructions, communications and other information relating to enquiries, purchases, services and other activities involving Just Comfort Shoes to be sent to contractors by means including , but not limited to, telephone, email and cloud file storage systems in order for contractors to work with that information and those materials.
The Australian Government's Office of the Australian Information Commissioner provides information on rules for cross-border disclosure of personal information as follows: https://www.oaic.gov.au/agencies-and-organisations/app-guidelines/chapter-8-app-8-cross-border-disclosure-of-personal-information.
Just Comfort Shoes also uses MYOB AccountRight online, which stores data exclusively in Australia using the world-class security features of Microsoft Azure in secure data centres in Sydney and Melbourne, and leaves MYOB in effective control of all business data.
Our Website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.
Cookies and Targeted Advertising
Our Website uses “cookies”. A cookie is a small text file that our Website may place on your computer for various purposes, including recording website usage patterns or remembering your preferences. Our usage includes the following, many of which are implemented automatically through use of Weebly, Weebly-based G Suite accounts or Google Analytics: cookies from Google Analytics that calculate new and returning visitor statistics, limit the collection of data on high traffic sites, track visitor behaviour, measure site performance and identify the source of traffic to the site; cookies from Google that profile the interests of web users and sell advertising space to organisations based on interest profiles, aligning advertisements to the content on the pages where its customers' advertisements appear, and in combination with HSID, verify a Google user account and most recent login time; a cookie from New Relic that monitors the performance of web and mobile applications; a language cookie to store language preferences; cookies from Vimeo to monitor the use of embedded videos; and a cookie from Quantcast, which provides information on website rankings, audience segmentation and targeted advertising.
MailChimp, Social Media, Facebook Advertising, Google Adsense, Google Adwords
Key Third-Party Privacy Policies
For more information about the privacy policies of relevant third-party service providers, please refer to the following: Weebly - https://www.weebly.com/au/privacy; Stripe - https://stripe.com/gb/privacy, https://stripe.com/docs/security/stripe; Apple Pay - https://support.apple.com/en-kw/HT203027; MailChimp - https://mailchimp.com/legal/privacy/; Gmail (including Google Contacts), Google Chrome, G Suite, Google Backup and Sync, Google Analytics, Google Pay (formerly Android Pay) - http://www.google.com/intl/en/policies/privacy/; Gmail to MailChimp - http://toolny.com/legal/; Gmelius - https://gmelius.com/privacy; Zapier - zapier.com/privacy/ and https://zapier.com/help/data-privacy/; Zendesk Chat - https://www.zendesk.com/company/customers-partners/privacy-policy; and MYOB - https://www.myob.com/au/privacy-policy.
While we use industry-standard means of protecting your Personal Information, we cannot guarantee its absolute security in either a physical or electronic environment. No physical security, method of data transmission over the internet or method of electronic storage is 100% secure. Just Comfort Shoes shall not be held responsible for the consequences of any third-party hacking attempts that may result in User information being compromised.
How We Deal with Requests and Complaints
You may request access to Personal Information that we hold about you in certain circumstances set out in the Privacy Act 1988 (Commonwealth). You may ask us to correct your Personal Information if you find that it is not accurate, up to date or complete. You may also make a complaint about our handling of your Personal Information. Proof of identity may be required, and no charge applies for making a request. However, a fee may apply for labour time, materials or postage where required to meet your request.
You can contact us using the web form on this Website or send your request or complaint to the postal address below. We undertake to respond within a reasonable timeframe.
Acquisitions, Mergers and Asset Sales
Just Comfort Shoes
155 Brisbane Rd
Mooloolaba QLD 4557
Changes to this Policy
This policy may change at any time without notice, and was last updated at 11.10pm AEST on May 11, 2018.