Just Comfort Shoes is a comfort footwear retailer, a Department of Veterans' Affairs Medical Grade Footwear ready-made footwear supplier, and a Queensland Health Medical Aids Subsidy Scheme prefabricated and customised Medical Grade Footwear retailer, operating at 155 Brisbane Rd, Mooloolaba, QLD 4557, and online at justcomfortshoes.com.au (“Website”).
The term "Personal Information" in this policy means information or an opinion about an identified or reasonably identifiable individual.
Types of Personal Information We Collect
If you buy from us online or contact us, online or otherwise, we may collect details you provide, including your full name, phone number, email address, home address, postal address, billing address, shipping address, credit card details, payment and order details, details of your interests in our products and services, and details you write in forms and online customer chat windows, including those used to provide footwear at pop-up shops or through private visits, or to recommend and/or supply shoes on a remote basis ("remote fitting"). This information may, especially for pop-up shops, private visits and remote fitting, include physical and digital data and files containing details of your available times for appointments, foot tracings, foot measurements, foot and shoe photographs, optical scanner foot and shoe scans, shoe sizes, orthotic use, and foot features and conditions.
If you visit our Website or online shop at justcomfortshoes.com.au or contact us through a web form or third-party app associated with the website, we and third-party providers of online services we use on our Website may record your IP address and details of your use of our Website.
Just Comfort Shoes may share our Website visitors' information with marketers or advertisers in the aggregate without making reference to or identifying individual users or their Personal Information.
Your provision of Personal Information implies your consent for Just Comfort Shoes to use it for your express purpose or any reasonably inferred related purpose involving serving you with information, products or services relating to footwear, footwear accessories, Department of Veterans' Affairs Medical Grade Footwear services, or Queensland Health Medical Aids Subsidy Scheme Medical Grade Footwear, as well as conducting related transactions or referring you to relevant health services. This does not include subscribing you to an email or postal mailing list or storing your credit card details after they are used for a transaction unless you give your consent.
We may also collect and store information that podiatrists or other health practitioners send us or tell us about you as their clients in relation to your footwear needs, including details collected through our Podiatrist's Referral Form, where we ask practitioners to do so only with their clients' consent.
For Department of Veterans' Affairs ("DVA") clients seeking Medical Grade Footwear (“MGF”), we may also gather information that the Department of Veterans’ Affairs (“DVA”) requires us, as a Medical Grade Footwear Supplier, to collect, including DVA file number, DVA card type, foot tracings (or scans or photographs), clinical information relating to MGF requests, assessing health provider details, sporting body membership details relating to DVA recreational footwear issue, history of DVA footwear issued, and case details relating to fitting and issuing of shoes. We are unable to erase required DVA records at your request.
For Medical Aids Subsidy Scheme ("MASS") applicants seeking the supply of Medical Grade Footwear from us, we may also gather information that Queensland Health requires, including the applicant's MASS 60 Medical Grade Footwear Application Form, the applicant's MASS 82 MGF/ORTHO - Consent for Photograph Form, and the applicant's Acquittal Form - MASS 70, as well as photographs we take of the applicant's feet. We may also take foot tracings or digital scans. We are unable to erase required MASS records at your request.
Collection and Use of Personal Information
Purposes for collection and use of your Personal Information may include: communicating with you; scheduling shoe fitting, delivery or collection appointments; recommending and providing shoes in store or on visits to homes, residential and retirement villages and other temporary selling points; processing your order in store or at your home, residential or retirement villages or other temporary selling locations; processing and shipping your order from an online or phone purchase; processing returns, refunds, exchanges and repairs; providing information to you in the future about your purchases; including you on a distribution list (only with your explicit approval) to receive physical mail, email or SMS messages; advising you of products and services that may interest you in relation to footwear, footwear accessories and foot health; entering you into a competition or prize draw; providing relevant and/or targeted advertising and communications about our products and services; providing your information (only with your consent if you are a private customer, or as necessary to meet government requirements to serve you if you are a DVA MGF or MASS Medical Grade Footwear client) to bootmakers, shoe repairers, podiatrists and other health professionals about your needs; improving our services; and other purposes that you may specify.
For DVA and MASS clients, purposes for collection and use of your Personal Information may additionally include advising you of processes or progress relating to DVA MGF or MASS MGF footwear prescriptions, keeping records as required by DVA or MASS, and liaising with DVA or MASS and podiatrists or other assessing health providers or MASS aid prescribers about your case.
Use of your personal information includes storing it in software systems that we use to provide you with products and services (see Third Party Services, Websites and Apps, below).
Disclosure of Personal Information
We disclose Personal Information to other third parties only in limited circumstances. We will disclose it where required to do so by law or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement, or as necessary to report unlawful activity or if reasonably necessary to avert a serious threat to health and safety. We will also disclose it to a health practitioner, pedorthist, orthotist, cobbler, bootmaker, shoe repairer or other similar service provider if you instruct or allow us to do so in order to fulfil a service to you, or, if you are a DVA MGF or MASS MGF client, as necessary to discuss your footwear needs with DVA or MASS, your assessing health practitioner, pedorthist, orthotist, cobbler, bootmaker, shoe repairer or other similar service provider.
Collection and Disclosure of Sensitive Personal Information
Customers may be asked to sign a Sensitive Personal Information Usage Consent Form if information provided is considered sensitive. This involves consenting to the collection, storage and use of personal information about the shape, condition and health of their feet, other aspects of their health as they affect customers' footwear needs, and any aspect of their footwear use that may reveal information about their health. In doing so, customers acknowledge that this may include details of spoken or written statements in person or by phone or email, as well as foot measurements, tracings, photographs, digital scans, and the details of footwear referrals, prescriptions or comments of health practitioners provided to Just Comfort Shoes to meet the customer's current and future footwear needs. It also involves allowing Just Comfort Shoes to share this information with any relative, friend, health practitioner, carer, care organisation, funding body or government body involved in the selection, approval, modification or funding of their shoes. Customers may revoke this consent at any time except where records must be kept to comply with government requirements, but acknowledge that doing so may affect the quality of service they receive.
How We Protect Your Personal Information
In order to protect your Personal Information, we use physical building security and staff training as well as software measures including regular software updates, the use of antivirus and anti-malware software, strong passwords, SSL (Secure Sockets Layer) encryption for our web store and email marketing, TLS (Transport Layer Security) on our general email software and email backup software, and careful choice of reputable payment gateways and other online services.
Email and Postal Mail Marketing
We may use your Personal Information to contact you with postal or email newsletters, marketing or promotional materials and other information that may be of interest to you. We do this on an opt-in-only basis. You may opt out of receiving physical mail by contacting us and expressing your wish. You may opt out of email marketing communications by following the Unsubscribe link or instructions provided in the footer of any MailChimp email we send.
For the protection of email subscribers, MailChimp account passwords are hashed, all MailChimp login pages (from the MailChimp website and mobile website) pass data via SSL, and the entire MailChimp application is encrypted with SSL.
General Email and Physical Mail Communications
Just Comfort Shoes’ general email communications use an HTTPS connection and TLS (Transport Layer Security) to encrypt email messages. However, because email communication involves two parties, involving the use of systems outside those of our email provider, email is less secure than many of our other internet-based storage systems. Customers are asked not to provide credit card details, passwords or any other sensitive information by email.
You may not opt out of any service-related notices required by law (for example, if any apply in relation to DVA MGF or MASS MGF prescriptions ).
Third-Party Services, Websites and Apps
Just Comfort Shoes uses various third-party services in the course of providing you with products and services. These third-party providers will collect, use and disclose your information in accordance with the Australian Privacy Principles, and generally only to the extent necessary to allow them to perform the services they provide to us.
Our Website may contain links to other websites. We are not responsible for the privacy practices of such sites. Your interactions with our information on such sites are governed by their Privacy Policies, which we recommend reading. Links from justcomfortshoes.com.au do not imply that Just Comfort Shoes endorses or has reviewed such linked third-party websites.
Use of Credit Card Details
Credit card details processed on an EFTPOS machine in our physical store at 155 Brisbane Rd, Mooloolaba QLD 4557, or through our mobile shoe service, are not stored by Just Comfort Shoes after use. Credit card details taken in person, over the phone or through a card imprinter for orders, refunds or reimbursements are destroyed immediately after use. Customers are asked not to provide credit card details, passwords or any other sensitive information by email.
Credit card numbers and CVV codes used in transactions on Just Comfort Shoes' Weebly-hosted online store are not viewable by Weebly or Just Comfort Shoes at any time. These details are handled by the credit card processor that you choose during your purchase – Stripe, Apple Pay or Google Pay (formerly Android Pay). See further information on credit card details in the next section.
Weebly Website and Online Store Privacy and Security
Weebly collects IP addresses of website visitors but does not make them available to website owners except when a visitor uses an online contact form. Just Comfort Shoes records visitor IP addresses through Google Analytics.
The Just Comfort Shoes online shop is hosted by Weebly Inc, which provides an online e-commerce platform integrated with its website content management system. Weebly stores your data on secure servers behind a firewall. Customer names, billing and shipping addresses, telephone numbers and email addresses recorded during online orders are not used by Weebly in any way, but by Just Comfort Shoes as the online store owner.
Our online shop uses the industry best practice SSL (Secure Sockets Layer) protocol with an SSL Certificate, creating a secure connection for transmission of data including credit card numbers. Online payment occurs using the customer's choice of reputable online payment processors Stripe, Google Pay (formerly Android Pay) or Apple Pay for payment by credit card.
Credit card data is encrypted using the Payment Card Industry Data Security Standard (PCI-DSS). The payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands such as Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Just Comfort Shoes does not store credit card details, but some of the payment processors available through our web shop store card details, including for purposes such as refunds. The practices of Apple Pay and Google Pay (formerly Android Pay) are governed by the agreement pertaining to your account with them. Card numbers submitted to Stripe are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).
For more information, you may also want to read the Privacy Policies of third-party providers listed below under “Key Third-Party Privacy Policies”.
Online Services and Cross-Border Data Transfer
Just Comfort Shoes uses online services that involve the transmission or storage of customer information electronically on computer servers in jurisdictions outside Australia, where data protection laws may differ. These services include Asana, Aramex/Fastway, Australia Post, Cognito Forms, Weebly, Stripe, Google Pay (formerly Android Pay), Apple Pay, MailChimp, G Suite (including Gmail, Google Drive, Google Docs, Google Sheets, Google Contacts, Google Calendar), Google Chrome, Google Backup and Sync, Google Analytics, Microsoft Office 365 Business, PureChat, Zapier, Sendle, Hike Point of Sale, Xara Designer Pro, Xara Cloud, Xero. and Zotabox. These services are variously located mostly in the United States of America, but also the UK (Xara Designer Pro and Xara Cloud), and Vietnam (Zotabox). Just Comfort Shoes takes measures to ensure that it chooses online services whose processes concerning cross-border disclosure of Personal Information meet the Australian requirement of being conducted substantially in accordance with the Australian Privacy Principles.
The Australian Government's Office of the Australian Information Commissioner provides information on rules for cross-border disclosure of personal information as follows: https://www.oaic.gov.au/agencies-and-organisations/app-guidelines/chapter-8-app-8-cross-border-disclosure-of-personal-information.
Just Comfort Shoes also uses MYOB AccountRight online, which stores data exclusively in Australia using the world-class security features of Microsoft Azure in secure data centres in Sydney and Melbourne, and leaves MYOB in effective control of all business data.
Our Website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.
Cookies and Targeted Advertising
Our Website uses “cookies”. A cookie is a small text file that our Website may place on your computer for various purposes, including recording website usage patterns or remembering your preferences. Our usage includes the following, many of which are implemented automatically through use of Weebly, Weebly-based G Suite accounts or Google Analytics: cookies from Google Analytics that calculate new and returning visitor statistics, limit the collection of data on high traffic sites, track visitor behaviour, measure site performance and identify the source of traffic to the site; cookies from Google that profile the interests of web users and sell advertising space to organisations based on interest profiles, aligning advertisements to the content on the pages where its customers' advertisements appear, and in combination with HSID, verify a Google user account and most recent login time; a cookie from New Relic that monitors the performance of web and mobile applications; a language cookie to store language preferences; cookies from Vimeo to monitor the use of embedded videos; and a cookie from Quantcast, which provides information on website rankings, audience segmentation and targeted advertising.
MailChimp, Social Media, Facebook Advertising, Google Adsense, Google Adwords
Key Third-Party Privacy Policies
For more information about the privacy policies of relevant third-party service providers, please refer to the following:
Aramex/Fastway - https://www.fastway.com.au/terms-and-conditions/privacy-policy/
Apple Pay - https://support.apple.com/en-kw/HT203027
Australia Post - https://auspost.com.au/privacy
Cognito Forms - www.cognitoforms.com/privacy
Gmail, Google Contacts, Google Chrome, G Suite, Google Backup and Sync, Google Analytics, Google Pay (formerly Android Pay) - http://www.google.com/intl/en/policies/privacy/
Hike Point of Sale - https://hikeup.com/privacy-policy/
MailChimp - https://mailchimp.com/legal/privacy/
Microsoft - https://privacy.microsoft.com/en-ca/privacystatement
MYOB - https://www.myob.com/au/privacy-policy
PureChat - https://purechat.com/privacy and https://purechat.com/dpa
Sendle - https://support.sendle.com/hc/en-us/articles/206525557-Privacy-Policy
Stripe - https://stripe.com/gb/privacy, https://stripe.com/docs/security/stripe
Weebly - https://www.weebly.com/au/privacy
Xara - https://www.xara.com/privacy/
Xero - https://www.xero.com/au/about/terms/privacy/ and https://www.xero.com/au/why-xero/benefits/security/
Zapier - zapier.com/privacy/ and https://zapier.com/help/data-privacy/
Zotabox - https://info.zotabox.com/privacy-policy-for-merchants-website-visitors/
While we use industry-standard means of protecting your Personal Information, we cannot guarantee its absolute security in either a physical or electronic environment. No physical security, method of data transmission over the internet or method of electronic storage is 100% secure. Just Comfort Shoes shall not be held responsible for the consequences of any third-party hacking attempts that may result in User information being compromised.
How We Deal with Requests and Complaints
You may request access to Personal Information that we hold about you in certain circumstances set out in the Privacy Act 1988 (Commonwealth). You may ask us to correct your Personal Information if you find that it is not accurate, up to date or complete. You may also make a complaint about our handling of your Personal Information. Proof of identity may be required, and no charge applies for making a request. However, a fee may apply for labour time, materials or postage where required to meet your request.
You can contact us using the web form on this Website or send your request or complaint to the postal address below. We undertake to respond within a reasonable timeframe.
Acquisitions, Mergers and Asset Sales
Just Comfort Shoes
155 Brisbane Rd
Mooloolaba QLD 4557
Changes to this Policy
This policy may change at any time without notice, and was last updated at 10.08am on Friday, April 3, 2020.