Privacy Policy

Privacy Policy and the Commonwealth Privacy Act

Privacy Policy - RebeccaLaffarSmith.comThis privacy policy has been compiled to better serve those who are concerned with how their ‘Personally Identifiable Information’ (PII) is being used online. PII, as used in privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read this privacy policy carefully to get a clear understanding of how I collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with my website, mailing list, and services.

To learn more about Privacy and its protection in Australian law check out this short video:
And find out more at:

When do I collect information?

There are several points during your interaction on my website and with my store when I might collect information based on what you tell me.

  • Register on my site
  • Place an order
  • Join the Nagaran
  • Respond to surveys
  • Register for an event
  • Fill out forms on my website
  • Contact me by email

What personal information do I collect from the people that visit my website?

When you interact on my website there are various pieces of information I may ask for at different stages. I only collect the information necessary to provide the service you are requesting. To maximise my efficiency in meeting your needs I will also sometimes connect information you have previously given me to the new information you provide.

The following information is collected on my website and stored in a database by my web hosting provider (SiteGround):

  • Your First and Last Name
  • Your Email Address
  • Your Company Name
  • Your Shipping & Billing Addresses
  • Your Telephone Number
  • Your Country
  • Your Payment Option
  • Your Orders
  • Your IP Address

The following information is collected by my mailing list service provider (MailChimp):

  • Your First and Last Name
  • Your Email Address
  • Your Location Checkin according to Google
  • Your IP Address
  • Your Genre Preferences
  • Your Survey Responses
  • Your Preferred Language
  • Your Preferred Email Client
  • Your Preferred Email Format
  • When we last contacted you
  • When you last interacted with an email
  • Which emails we’ve sent you and when
  • Which emails you’ve opened and when
  • Which links you’ve clicked and when
  • Your associated spend total

The following information is collected by my payment processing provider (Paypal):

  • Your First and Last Name
  • Your Email Address
  • Your Company Name
  • Your Shipping & Billing Addresses
  • Your Telephone Number
  • Your Country
  • Your Payment Option
  • Your Orders
  • Your IP Address
  • The last four digits of your Credit Card

The following information is kept for accounting purposes with my accounting software provider (MYOB):

  • Your First and Last Name
  • Your Email Address
  • Your Company Name
  • Your Shipping & Billing Addresses
  • Your Telephone Number
  • Your Country
  • Your Payment Option
  • Your Orders
  • How do I use your information?

    I may use the information I collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

    • To personalize user’s experience, content, and product offers.
    • To communicate regarding orders, products, and services.
    • To maintain accurate records for accounting and taxation purposes.
    • To better serve you in your customer service requests.
    • To improve my website, services, and communications.
    • To administer contests, promotions, and surveys.
    • To assess the effectiveness of my marketing and promotions.
    • To process your transactions and orders.

    How long do I keep information?

    I may maintain information up to seven years after last customer interaction. Each new order via the website, or open via the mailing list restarts the seven year countdown so that I can continue to serve repeat and ongoing customers. This seven year policy is a legal requirement for Australian Tax Regulations. However, you may still initiate your “right to be forgotten” on any private information not necessary for my compliance with tax law.

    How do I protect visitor information?

    My website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to my site as safe as possible. I use regular Malware Scanning and maintain Spam and Bot securities in the back-end of my website.

    Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

    I implement a variety of security measures when a user places an order, enters, submits, or accesses their information to maintain the safety of your personal information.

    All financial transactions are processed through a gateway provider and are not stored or processed on my servers.

    Do I use ‘cookies’?

    Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. For instance, I use cookies to help remember and process the items in your shopping cart. They are also used to help understand your preferences based on previous or current site activity, which allows me to provide you with improved services. I also use cookies to help compile aggregate data about site traffic and site interaction so that I can offer better site experiences and tools in the future.

    I use cookies to:

  • Help remember and process the items in the shopping cart.
  • Understand and save user’s preferences for future visits.
  • Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. I may also use trusted third-party services (Google Analytics) that track this information on my behalf.
  • You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies.

    If users disable cookies in their browser:
    Some features will be disabled. Some of the features that make your site experience more efficient and some of my site’s services will not function properly. These include: your My Account services, online ordering, your ability to leave comments, and your ability to leave reviews.

    However, you can still place orders by contacting customer service via email to or over the phone with the details below.

    Third-party disclosure

    I do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. I may also release information when it’s release is appropriate to comply with the law, enforce my site policies, or protect my or others’ rights, property, or safety.

    However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

    Third-party links
    Occasionally, with discretion, I may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. I therefore hold no responsibility or liability for the content and activities of these linked sites. Nonetheless, I seek to protect the integrity of my site and welcome any feedback about these third parties.


    Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users.

    I use Google Analytics on my website.

    Google, as a third-party vendor, uses cookies to serve ads and track data on my site. Google’s use of the DART cookie enables it to serve users based on previous visits to my site and other sites on the Internet. Users may opt-out of the use of the DART cookie by visiting the Google Ad and Content Network privacy policy.

    We have implemented the following:

    • Demographics and Interests Reporting

    We along with third-party vendors, such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookies) or other third-party identifiers together to compile data regarding our target market so that we can structure future product development, marketing, and advertising efforts.

    Opting out:
    Users can set preferences for how Google advertises to you using Google Ad Settings. Alternatively, you can opt out by visiting the Network Advertising initiative opt out page or permanently using the Google Analytics Opt Out Browser add on.

    California Online Privacy Protection Act

    CalOPPA is the first state law in the United States of America to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. – See more at:

    According to CalOPPA I agree to the following:
    Users can visit my site anonymously. Once this privacy policy is created, I will add a link to it on my home page or as a minimum on the first significant page after entering my website. My Privacy Policy link includes the word ‘Privacy’ and can be easily found on the page specified above.

    Users will be notified of any privacy policy changes on my Privacy Policy Page.

    Users are able to change their personal information:

    • By emailing me or
    • By logging in to their account.

    How does my site handle do not track signals?
    I honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

    Does my site allow third-party behavioral tracking?
    It’s also important to note that we do not allow third-party behavioral tracking.

    Children’s Online Privacy Protection Act (COPPA) and the Children and Community Services Act 2004 (WA)

    I respect the rights and privacy of children and accept that some of the products and services available on my website may appeal to minors. As such I endeavour to protect their rights and information by complying with both these acts. I expect minors to have the permission of their parents to browse my website or access my products.

    Where a child may give identifying information I maintain the same stringent protections as with regards to the information obtained from adult users. I am the only administrator that has access to this information and I have a current Working With Children qualification which can be sighted upon request. At any time, a parent or guardian or child may request the immediate and complete deletion of all identifying information by contacting me directly via email to

    To find out more about the Children’s Online Privacy Protection Act visit:

    To find out more about the Children and Community Services Act 2014 (WA) visit:

    GDPR: European General Data Protection Regulation (2018)

    I respect the rights and privacy of all my visitors. Because my website has global reach and may be visited by readers in Europe, I endeavour to protect visitors rights and information by complying with the GDPR. Please see above for full disclosure of the information I collect both on the website, when you order, and from subscribers to my mailing list.

    If you would like to access any data stored about your user details or previous orders, please log into your Members Area. You can access your personal preferences regarding my email contacts from the bottom of any email. You can also contact me, as my own Data Privacy Officer, at to request a full record of all data associated with your email address.

    If you would like me to completely remove all of your data, please contact me, as Data Privacy Officer, at

    Fair Information Practices

    The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

    In order to be in line with Fair Information Practices I will take the following responsive action, should a data breach occur:
    I will notify the users via email and in-site notification within 1 business day.

    I also agree to the Individual Redress Principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

    CAN-SPAM Act

    The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

    I collect your email address in order to:

    • Send information, respond to inquiries, and/or other requests or questions.
    • Process orders and to send information and updates pertaining to orders.
    • I may also send you additional information related to your product and/or service.
    • Market to my mailing list or continue to send emails to my clients after the original transaction.

    To be in accordance with CAN-SPAM I agree to the following:

    • NOT use false or misleading subjects or email addresses.
    • Identify the message as an advertisement in some reasonable way.
    • Include the physical address of our business or site headquarters.
    • Monitor third-party email marketing services for compliance, if one is used.
    • Honor opt-out/unsubscribe requests quickly.
    • Allow users to unsubscribe by using the link at the bottom of each email.

    If at any time you would like to unsubscribe from receiving future emails:

    I will promptly remove you from ALL correspondence.

    Contacting Me

    If there are any questions regarding this privacy policy you may contact me using the information below.

    Rebecca Laffar-Smith
    824 South Western Highway
    Byford, Western Australia, 6122

    Last Edited on 2018-05-20