Just Comfort Shoes is a comfort footwear retailer and a Department of Veterans' Affairs Medical Grade Footwear ready-made footwear supplier, operating at 155 Brisbane Rd, Mooloolaba, QLD 4557, by phone and online at justcomfortshoes.com.au (“Website”).
The term "Personal Information" in this policy means information or an opinion about an identified or reasonably identifiable individual.
Types of Personal Information We Collect
If you buy from us online or contact us, online or otherwise, we may collect details you provide, including your full name, phone number, email address, home address, postal address, billing address, shipping address, credit card details, payment and order details, details of your interests in our products and services, and details you write in forms and online customer chat windows, including those used to provide footwear at pop-up shops or through private visits, or to recommend and/or supply shoes on a remote basis ("remote fitting"). This information may, especially for pop-up shops, private visits and remote fitting, include physical and digital data and files containing details of your available times for appointments, foot tracings, foot measurements, foot and shoe photographs, shoe sizes, orthotic use, and foot features and conditions. We may also collect publicly available non-sensitive personal information and associate it with your customer record.
If you visit our Website or online shop at justcomfortshoes.com.au or contact us through a web form or third-party app associated with the website, we and third-party providers of online services we use on our Website may record your IP address and details of your use of our Website.
Your provision of Personal Information implies your consent for Just Comfort Shoes to use it for your express purpose or any reasonably inferred related purpose involving serving you with information, products or services relating to footwear, footwear accessories, or Department of Veterans' Affairs Medical Grade Footwear services, as well as conducting related transactions or referring you to relevant health services.
We may also collect and store information that podiatrists or other health practitioners send us or tell us about you as their clients in relation to your footwear needs.
For Department of Veterans' Affairs ("DVA") clients seeking Medical Grade Footwear (“MGF”), we may also gather information that the Department of Veterans’ Affairs (“DVA”) requires us, as a Medical Grade Footwear Supplier, to collect, including DVA file number, DVA card type, foot tracings (or scans or photographs), clinical information relating to MGF requests, assessing health provider details, sporting body membership details relating to DVA recreational footwear issue, history of DVA footwear issued, and case details relating to fitting and issuing of shoes. We are unable to erase required DVA records at your request.
Collection and Use of Personal Information
Purposes for collection and use of your Personal Information may include: communicating with you; scheduling shoe fitting, delivery or collection appointments; recommending and providing shoes; processing and shipping orders; processing returns, refunds, exchanges and repairs; providing information to you in the future about your purchases; including you on a distribution list (only with your explicit approval) to receive physical mail, email or SMS messages; advising you of products and services that may interest you in relation to footwear, footwear accessories and foot health; entering you into a competition or prize draw; providing relevant and/or targeted advertising and communications about our products and services; providing your information (only with your consent if you are a private customer, or as necessary to meet government requirements to serve you if you are a DVA MGF client) to bootmakers, shoe repairers, pedorthists, podiatrists and other health professionals about your needs; improving our services; and other purposes that you may specify.
For DVA clients, purposes for collection and use of your Personal Information may additionally include advising you of processes or progress relating to DVA MGF footwear prescriptions, keeping records as required by DVA, and liaising with DVA and podiatrists or other assessing health providers about your case.
Use of your personal information includes storing it in software systems that we use to provide you with products and services (see Third Party Services, Websites and Apps, below).
Disclosure of Personal Information
We disclose Personal Information to other third parties only in limited circumstances. We will disclose it where required by law, or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement, or as necessary to report unlawful activity, or if reasonably necessary to avert a serious threat to health and safety. We will also disclose it to a health practitioner, pedorthist, orthotist, cobbler, bootmaker, shoe repairer or other similar service provider (and, if you are a DVA MGF client, to DVA and your assessing health provider) as necessary to fulfil a service to you or to any further extent we deem beneficial if you instruct or allow us to do so.
Collection and Disclosure of Sensitive Personal Information
You may be asked to sign a Sensitive Personal Information Usage Consent if information provided is considered sensitive. Signing involves consenting to the collection, storage and use of personal information about the shape, condition and health of your feet, other aspects of your health as they affect your footwear needs, and any aspect of your footwear use that may reveal information about your health. In doing so, you acknowledge that this may include details of spoken or written statements in person or by phone or email, as well as foot measurements, tracings, photographs, digital scans, and the details of footwear referrals, prescriptions or comments of health practitioners provided to Just Comfort Shoes to meet your current and future footwear needs. It also involves allowing Just Comfort Shoes to share this information with any relative, friend, health practitioner, carer, care organisation, funding body or government body involved in the selection, approval, modification or funding of their shoes. You may revoke this consent at any time except where records must be kept to comply with government requirements, but must accept that doing so may affect the quality of service you receive.
How We Protect Your Personal Information
In order to protect your Personal Information, we use physical building security and staff training as well as software measures including regular software updates, the use of antivirus and anti-malware software, strong passwords, SSL (Secure Sockets Layer) encryption for our web store and email marketing, TLS (Transport Layer Security) on our general email software, and careful choice of reputable payment gateways and other online services.
Email, Postal, SMS, MMS and Phone Marketing
We may use your Personal Information to contact you with postal, email, SMS or MMS newsletters, marketing or promotional materials and other information that may be of interest to you. We do this on an opt-in-only basis. You may opt out of receiving physical mail by contacting us and expressing your wish. You may opt out of email, SMS, or MMS marketing communications by following the Unsubscribe link or instructions provided in the footer of one of our marketing emails or following the unsubscribe instructions in an SMS or MMS message, as applicable. We may sometimes phone customers to update them on news of our business.
For the protection of email subscribers, MailChimp account passwords are hashed, all MailChimp login pages (from the MailChimp website and mobile website) pass data via SSL, and the entire MailChimp application is encrypted with SSL.
General Email and Physical Mail Communications
Just Comfort Shoes’ general email communications use an HTTPS connection and TLS (Transport Layer Security) to encrypt email messages. However, because email communication involves two parties, involving the use of systems outside those of our email provider, email is less secure than many of our other internet-based storage systems. Customers are asked not to provide credit card details, passwords or any other sensitive information by email.
You may not opt out of any service-related notices required by law (for example, if any apply in relation to DVA MGF prescriptions).
Third-Party Services, Websites and Apps
Just Comfort Shoes uses various third-party services in the course of providing you with products and services. These third-party providers will collect, use and disclose your information in accordance with the Australian Privacy Principles, and generally only to the extent necessary to allow them to perform the services they provide to us.
Our Website may contain links to other websites. We are not responsible for the privacy practices of such sites. Your interactions with our information on such sites are governed by their Privacy Policies, which we recommend reading. Links from justcomfortshoes.com.au do not imply that Just Comfort Shoes endorses or has reviewed such linked third-party websites.
Use of Credit Card Details
Credit card details we process on an EFTPOS machine are not stored by Just Comfort Shoes after use. Credit card details taken in person, over the phone or through a card imprinter for orders, refunds or reimbursements are destroyed immediately after use. Customers are asked not to provide credit card details, passwords or any other sensitive information by email.
Credit card numbers and CVV codes used in transactions on Just Comfort Shoes' Weebly-hosted online store are not viewable by Weebly or Just Comfort Shoes at any time. These details are handled by the credit card processor that you choose during your purchase – Stripe, Apple Pay or Google Pay (formerly Android Pay). See further information on credit card details in the next section.
Weebly Website and Online Store Privacy and Security
Weebly collects IP addresses of website visitors but does not make them available to website owners except when a visitor uses an online contact form. Just Comfort Shoes records visitor IP addresses through Google Analytics.
The Just Comfort Shoes online shop is hosted by Weebly Inc, which provides an online e-commerce platform integrated with its website content management system. Weebly stores your data on secure servers behind a firewall. Customer names, billing and shipping addresses, telephone numbers and email addresses recorded during online orders are not used by Weebly in any way, but by Just Comfort Shoes as the online store owner.
Our online shop uses the industry best practice SSL (Secure Sockets Layer) protocol with an SSL Certificate, creating a secure connection for transmission of data including credit card numbers. Online payment occurs using the customer's choice of reputable online payment processors Stripe, Google Pay (formerly Android Pay) or Apple Pay for payment by credit card.
Credit card data is encrypted using the Payment Card Industry Data Security Standard (PCI-DSS). The payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands such as Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Just Comfort Shoes does not store credit card details, but some of the payment processors available through our web shop store card details, including for purposes such as refunds. The practices of Apple Pay and Google Pay (formerly Android Pay) are governed by the agreement pertaining to your account with them. Card numbers submitted to Stripe are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and does not share any credentials with Stripe’s primary services (API, website, etc.).
For more information, you may also want to read the Privacy Policies of third-party providers listed below under “Key Third-Party Privacy Policies”.
Online Services and Cross-Border Data Transfer
Just Comfort Shoes uses online services that involve the transmission or storage of customer information electronically on computer servers outside Australia, where data protection laws may differ. These services include Asana, Aramex/Fastway, Australia Post, Weebly, Stripe, Google Pay (formerly Android Pay), Apple Pay, MailChimp, G Suite (including Gmail, Google Drive, Google Docs, Google Sheets, Google Contacts, Google Calendar), Google Chrome, Google Backup and Sync, Google Analytics, Microsoft Office 365 Business and PureChat. See the links to Key Third-Party Privacy Policies below for information about the countries these services use for data storage and processing. Just Comfort Shoes takes measures to ensure that it chooses online services whose cross-border processing and disclosure of Personal Information meet Australian requirements.
The Australian Government's Office of the Australian Information Commissioner provides information on rules for cross-border disclosure of personal information as follows: https://www.oaic.gov.au/agencies-and-organisations/app-guidelines/chapter-8-app-8-cross-border-disclosure-of-personal-information.
Just Comfort Shoes also uses MYOB AccountRight online, which stores data exclusively in Australia using the world-class security features of Microsoft Azure in secure data centres in Sydney and Melbourne, and leaves MYOB in effective control of all business data.
Our Website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.
Cookies and Targeted Advertising
Our Website uses “cookies”. A cookie is a small text file that our Website may place on your computer for various purposes, including recording website usage patterns or remembering your preferences. Our usage includes the following, many of which are implemented automatically through use of Weebly, Weebly-based G Suite accounts or Google Analytics: cookies from Google Analytics that calculate new and returning visitor statistics, limit the collection of data on high traffic sites, track visitor behaviour, measure site performance and identify the source of traffic to the site; cookies from Google that profile the interests of web users and sell advertising space to organisations based on interest profiles, aligning advertisements to the content on the pages where its customers' advertisements appear, and in combination with HSID, verify a Google user account and most recent login time; a cookie from New Relic that monitors the performance of web and mobile applications; a language cookie to store language preferences; cookies from Vimeo to monitor the use of embedded videos; and a cookie from Quantcast, which provides information on website rankings, audience segmentation and targeted advertising.
MailChimp, Social Media, Facebook Advertising, Google Ads
Key Third-Party Privacy Policies
For more information about the privacy policies of relevant third-party service providers, please refer to the following:
Aramex/Fastway - https://www.fastway.com.au/terms-and-conditions/privacy-policy/
Apple Pay - https://support.apple.com/en-kw/HT203027
Australia Post - https://auspost.com.au/privacy
Gmail, Google Contacts, Google Chrome, G Suite, Google Backup and Sync, Google Analytics, Google Pay (formerly Android Pay) - http://www.google.com/intl/en/policies/privacy/
MailChimp - https://mailchimp.com/legal/privacy/
Microsoft - https://privacy.microsoft.com/en-ca/privacystatement
MYOB - https://www.myob.com/au/privacy-policy
PureChat - https://purechat.com/privacy and https://purechat.com/dpa
Stripe - https://stripe.com/gb/privacy, https://stripe.com/docs/security/stripe
Weebly - https://www.weebly.com/au/privacy
While we use industry-standard means of protecting your Personal Information, we cannot guarantee its absolute security in either a physical or electronic environment. No physical security, method of data transmission over the internet or method of electronic storage is 100% secure. Just Comfort Shoes shall not be held responsible for the consequences of any third-party hacking attempts that may result in User information being compromised.
How We Deal with Requests and Complaints
You may request access to Personal Information that we hold about you in certain circumstances set out in the Privacy Act 1988 (Commonwealth). You may ask us to correct your Personal Information if you find that it is not accurate, up to date or complete. You may also make a complaint about our handling of your Personal Information. Proof of identity may be required, and no charge applies for making a request. However, a fee may apply for labour time, materials or postage where required to meet your request.
You can contact us using the web form on this Website or send your request or complaint to the postal address below. We undertake to respond within a reasonable timeframe.
Acquisitions, Mergers and Asset Sales
If Just Comfort Shoes is involved in a merger, acquisition or asset sale, your Personal Information may be transferred to another entity.
Just Comfort Shoes
155 Brisbane Rd
Mooloolaba QLD 4557
Changes to this Policy
This policy may change at any time without notice, and was last updated at 7.39pm on Sunday, September 27, 2020.