this is default text

Taking Shape – Global Privacy Policy

TS 14 Plus Australia Pty Ltd ACN 101 752 998, TS 14+ New Zealand Pty Ltd ACN 105 007 814, TS UK Group Limited 12368180 and their respective subsidiaries and affiliates (collectively referred to as Taking Shape, us, we, or our) own and operate the ‘Taking Shape’ brand and business.

Taking Shape services clients around the world, including in Australia, the United Kingdom, Europe, New Zealand Canada, Georgia, Israel, Switzerland, Turkey and the United States of America. We take your privacy seriously and we are committed to managing personal information in accordance with relevant local privacy and data protection laws which apply to us, such as:

  • in Australia, the Australian Privacy Principles (APPs) under the Australian Privacy Act 1988 (Cth) (Privacy Act);
  • in New Zealand, the New Zealand Information Privacy Principles (NZ IPPs) under the New Zealand Privacy Act 2020 (NZ) (NZ Privacy Act);
  • in the European Union or European Economic Area, the General Data Protection Regulation 2016/679, or in the UK, the General Data Protection Regulation (EU) 2016/679) and the Data Protection Act 2018 (DPA 2018), (as applicable, the GDPR); and
  • other local applicable privacy laws,

(together, the Privacy Laws).

This document tells you how we manage your personal information (also referred in this Privacy Policy and some Privacy Laws as “personal data”) and is referred to as our Privacy Policy.
In this Privacy Policy, “you” or “your” refers to any individual we collect personal information about.
This Privacy Policy applies to all personal information collected by us, or submitted to us, whether offline or online, including personal information collected or submitted through our websites, through our official social media channel pages which we control (such as our LinkedIn and Instagram pages), provided in store or when we otherwise interact with you. This Privacy Policy is designed to help keep you informed of:

  • what personal data we collect and how we use and share this information;
  • how we store your personal information and keep this information safe; and
  • your rights.

If you have any questions about how we protect privacy please email us at info@takingshape.com.au (if you’re based in Australia or New Zealand) or info@takingshape.com (if you’re based in the United Kingdom, the European Economic Area, Canada, Georgia, Israel, Switzerland, Turkey or the United States of America).

We may collect your information in a number of ways, including:

  1. Directly from you, including but not limited to
    • through activity on our website;
    • through transactions (including details about payments to you from us and from you to us and other details of products and services you have purchased from us or we have purchased from you);
    • email or other written communications;
    • telephone calls;
    • in person;
    • through ‘contact us’ forms on our website; and
    • employment application forms.
  2. From third parties, including but not limited to
    • through third party payment providers;
    • fulfilment partners (such as Global-E);
    • media partners (such as AdRoll); and
    • direct marketing database providers.

The information we collect and hold will depend on the type of service we provide you (whether it is when making a debit or credit card sale, processing your Loyalty Rewards or when you visit our website). The table below shows the type of personal information that we may collect and hold and how we use this.

If the GDPR applies: We collect and process personal information about you only where we have legal bases for doing so under applicable laws. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please reach out to us if you need further details about the specific legal ground, we are relying on to process your personal information where more than one ground has been set out in the table below.

Information Purpose of Use / Disclosure Legal Basis for processing under the GDPR
Your name and contact details: billing and/or postal addresses, telephone numbers email address

We collect this information in order to:

  • deliver your purchases to you;
  • send you service messages to you about your purchases or keep you up to date about products you may like based on your communication preferences; and
to prevent and protect against fraud.
  • Performance of a contract with you.
  • Legitimate interests: to develop our Services and grow our business.
  • To comply with a legal obligation.
  • Public interest.
  • Legitimate interests: ensuring we do not deal with proceeds of criminal activities or assist in any other unlawful or fraudulent activities for example terrorism.

 

Your birthday/ date of birth  We collect this information to provide a personalised experience to you. If you are a member of the Rewards Program we collect this to give you a little thank you on your birthday.
  • Performance of a contract with you.
  • Legitimate interests: to develop our Services and grow our business.
Your payment information
  • collect payment and issue refunds; and
  • and prevent fraud.
Unless you choose to store this information at checkout, we don’t keep any of this information. If you wish the site to remember your card details, your details will be fully encrypted and stored in compliance with Payment Card Industry (PCI) security standards.
  • Performance of a contract with you.
  • To comply with a legal obligation.
  • Public interest.
  • Legitimate interests: ensuring we do not deal with proceeds of criminal activities or assist in any other unlawful or fraudulent activities for example terrorism.
Performance of a contract with you.
Your purchase history

We keep this so you can shop online and add products to your basket, save wish lists, provide customer service support to you, process returns, to better understand what you like, and to improve or develop our products and services. We also use this information to comply with applicable laws and regulations, including our tax obligations.

If you are a member of Rewards Program we also use this to issue rewards to you.
  • Performance of a contract with you.
  • To comply with a legal obligation.
  • Legitimate interests: to develop our Services and grow our business.
Browsing activity  To better understand what you like and help us to improve your shopping experience, we store information about your phone or laptop, and how you use our websites.
  • Legitimate interests: to develop our Services and grow our business.
IP Addresses To better understand where you are located and help us to improve your shopping experience, we store information about your geographic location.
  • Legitimate interests: to develop our Services and grow our business.
Your password  To enable you to login to TakingShape.com your password will be saved by our website, this is full encrypted by and cannot be accessed by Taking Shape and Profile.
  • Performance of a contract with you.
Communication preferences & contact history 

We use this (with your permission) to keep you up to date about products you may like.
You can opt out of marketing communication at any time by;

  1. Changing your email preferences via your My Account when logged in;
  2. Clicking the unsubscribe link in emails; or
  3. Contacting our support team.

If you are a member of Rewards Program we also use this to issue rewards to you.

We keep contact history to help us to improve your experience – and to meet our legal obligation should you wish to see this.
  • To comply with a legal obligation.
  • Legitimate interests: to develop our Services and grow our business.
  • Performance of a contract with you.
  • Performance of a contract with you.
  • To comply with a legal obligation.
Preferences, feedback and survey responses We collect this information to improve our products and service to you.
  • Performance of a contract with you.
  • Legitimate interests: to develop our Services and grow our business.
Professional information: where you are a worker of ours or applying for a role with us, your professional history such as your previous positions and professional experience. If you have applied for employment with us; to consider your employment application.
  • Legitimate interests: to consider your employment application.
All To comply with our legal obligations or if otherwise required or authorised by law.
  • To comply with a legal obligation.

If the GDPR applies: If you have consented to our use of data about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your data because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using our services. Further information about your rights is available below.

 

 

We are permitted to process your personal information in the ways described above, either because:

  • you have explicitly agreed that we may process your information for these specific reasons;
  • the processing is necessary to supply products to you or provide you with our services;
  • the processing is necessary for us to comply with our legal obligations; or
  • the processing is necessary for our legitimate interests, including to protect our business interests; to ensure that complaints are investigated; to evaluate, develop or improve our products; and to keep our customers informed of relevant products and services, unless you indicate that you do not wish us to do so.

Sensitive information is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information. Sensitive Information is known as ‘special categories of data’ under the GDPR.
We do not actively request sensitive information about you. If at any time we need to collect sensitive information about you, unless otherwise permitted by law, we will first obtain your consent and we will only use it as required or authorised by law.
We are permitted to process your personal information in the ways described above, either because:

  • you have explicitly agreed that we may process your information for these specific reasons;
  • the processing is necessary to supply products to you or provide you with our services;
  • the processing is necessary for us to comply with our legal obligations; or
  • the processing is necessary for our legitimate interests, including to protect our business interests; to ensure that complaints are investigated; to evaluate, develop or improve our products; and to keep our customers informed of relevant products and services, unless you indicate that you do not wish us to do so.

Our international partner for facilitating and executing the sale is Globale UK Limited ("Global-E"), a company registered in England and Wales (registration number 08632376) , whose registered office is at 2nd Floor, 167-169 Great Portland Street, London, W1W 5PF.

If you purchase products from TakingShape.com/UK/, your personal information will be collected and used by Global-E for the fulfilment of your order and the delivery of products to you. This Privacy Policy only applies to the use of your data by us. Please see Global E's privacy policy for more information about how your personal information is used by them.

We do not carry out solely automated decision-making or profiling that has a legal or similarly significant effect on individuals

With your consent (if required) and in accordance with your contact preferences, local direct marketing laws and the Privacy Laws, we will send you marketing communications from time to time to keep you up to date on our latest arrivals and offers, provide loyalty rewards, share style advice or to invite you to upcoming store events. We may also use your personal information to personalise your advertising experience via social media and ad retargeting.
You can opt out of marketing communication at any time by:

  1. changing your email preferences via your My Account when logged in;
  2. clicking the unsubscribe link in emails; or
  3. contacting our support team.

Opting out of marketing communication will not stop service messages such as order confirmations and updates.

We take the privacy and security of your personal information seriously and use a number of procedures and processes to ensure, where possible, the security and integrity of your personal information, including (but not limited to):

  • encryption of data;
  • anonymise and aggregate personal information (so that it does not identify you);
  • restricting access to Personal Information; and
  • maintaining technology products to prevent unauthorised computer access.

Unless you choose to store this information at checkout, we do not keep details of your credit card information, including the security code (or CCV number) that you need to input in order to complete an order using your credit card. If you wish the site to remember your card details, your details will be fully encrypted and stored in compliance with Payment Card Industry (PCI) security standards. Taking Shape has no access to this data.
All credit card payments are processed by CyberSource who have been providing online card processing for over 20 years. As a certified Payment Service Provider (PSP), all transactions processed are done so in a PCI DSS compliant fashion. For more information on CyberSource, please visit https://www.cybersource.com. At the time you place your order, your credit card is pre-approved. Actual payment is processed through a secure process once you have placed your order.

We recommend taking the following security measures to enhance your online security, both in relation to the use of our websites, and more generally;

  • If using a public computer, we recommend that you always log out of your Taking Shape account and close the browser when you finish.
  • Create a strong and unique password for your account; we recommend using a combination of numbers and letters.
  • Avoid using the same password for multiple accounts.
  • Change passwords regularly. To change your Taking Shape password, sign in and visit My Account and check "Change My Password". We will send you an email notification to your registered email address to confirm your account updates.

We do not and will not sell any of your personal information to any third parties.
Where required, we share your personal information with third parties, which may include the following recipients or categories of recipients:

  • related or affiliated companies of Taking Shape, located in Australia, New Zealand and the United Kingdom;
  • third party service providers or contractors used for logistical services, data processing, payment processing, data analysis, customer satisfaction surveys, information technology services and support, website maintenance/development, printing, archiving, mail-outs, and market research, including but not limited to Salesforce, Global E, Cybersource, Paypal, Optty, Aus Post and Shippit.
  • any revenue service, tax or regulatory authority, if we are obliged to disclose your personal information under any applicable legal or regulatory requirements;
  • our professional advisers, such as our lawyers and accountants;
  • any person or organisation to whom we may transfer our rights or obligations; or
  • any person or organisation after a restructure, sale or acquisition of any Taking Shape entity, as long as that person uses your personal information for the same purposes as it was originally given to us or used by us (or both).

We disclose your personal information to these recipients or categories of recipients in order to:

  • to provide you with our products and services;
  • to communicate with you based on your communication preferences;
  • to conduct market research and marketing strategy analysis;
  • for customer service management purposes;
  • to run training and events;
  • for the purpose of facilitating or implementing a transfer or sale of all or part of our assets or business or if we undergo any other kind of corporate restructure, acquisition or sale. In this context, your personal information may be transferred to another entity (or if such a sale, transfer, acquisition or corporate restructure is being contemplated by us);
  • courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; and
  • any other third parties as required or permitted by law, such as where we receive a subpoena.

Third parties to whom we have disclosed your personal information may contact you directly to let you know they have collected your personal information and to give you information about their privacy policies.

It is likely that we will disclose your personal information outside of the jurisdiction you are located in to overseas recipients and service providers who are located in places such as Australia, New Zealand, United States of America, the United Kingdom and other countries dependant on the nature of the services those recipients provide to us (for example cloud-based storage solutions and where the recipient server locations are based overseas). Please note that the use of overseas service providers to store personal information will not always involve a disclosure of personal information to that overseas provider.
We only ever disclose your personal information outside the jurisdiction it was collected where we are permitted to do so under applicable Privacy Laws. Generally, this means we will take reasonable steps to ensure your personal information is treated securely and in accordance with applicable Privacy Laws.
For residents of the UK or the European Economic Area (EEA), we will transfer data that we collect from you to locations outside of the UK or the EEA for processing and storing. Also, it will be processed by staff operating outside the UK or the EEA who work for us or for one of our suppliers. For example, such staff maybe engaged in the processing and concluding of your order, the processing of your payment details and the provision of support services. Where we transfer your information outside of the UK or the EEA we will ensure safeguards are in place to ensure it remains secure and adequately protected. This includes:

  • only transferring your personal information to countries that have been deemed by applicable data protection laws to provide an adequate level of protection for personal information; or

including standard contractual clauses in our agreements with third parties that are overseas, including, where relevant, by entering into EU standard contractual clauses (or equivalent measures) with the party outside the European Economic Area. The EU standard contractual clauses are available here (and the UK addendum to these standard contractual clauses are here).
There are other circumstances where we may disclose your personal information to an overseas recipient, for example, where you have provided your consent, or we are otherwise permitted to do so under the applicable Privacy Laws.

A "cookie" is a text file stored by your web browsers, which allows a website to recognise the user and their preferences. Taking Shape uses cookies to enhance customer experience as follows:

  • Session/Site functionality cookies – these cookies are required for our site to work, allowing you to add to cart, search for products and protect our site from malicious traffic
  • Site analytics cookies – these cookies allow us to measure and analyse how our customers use our site so that we can improve.
  • Customer preference & Advertising cookies – these cookies allow us and third parties to deliver relevant marketing and advertising to you.

You can delete or manage cookies by accessing the “Help” section of your internet browser or visiting the below sites. Please note this may impact your browsing experience.

Third party cookies are cookies that are set by a domain other than the one being visited by you. If you visit one of our Websites and a separate company sets a cookie through that Website this would be a third party cookie.
To try and bring you offers and advertisements that are of interest to you, we have relationships with third party companies including, Google, Criteo, Facebook and other providers (Third Party Providers) that allow them to place cookies on our Websites.
These Third Party Providers may:

  • use Third Party Cookies, web beacons, and other storage technologies to collect or receive information from our Websites and elsewhere on the internet;
  • compare de-identified information from us with information collected elsewhere on the internet; and
  • use that information to provide measurement services and target ads to you.

Please refer to our Cookie Policy for more information about how we use cookies. If you are in the UK or Australia, you can also learn more by visiting the following sites:
http://www.aboutcookies.org.uk/managing-cookies
https://www.choice.com.au/electronics-and-technology/internet/internet-privacy-and-safety/articles/how-browser-cookies-work

We will only keep the personal information we collect about you for as long as is necessary for the purposes set out in this Privacy Policy or as required to comply with any legal obligations to which we are subject. The retention periods we apply take account of:

  • legal and regulatory requirements and guidance;
  • limitation periods that apply in respect of taking legal action;
  • our ability to defend ourselves against legal claims and complaints;
  • good practice; and
  • the operational requirements of our business.

You are entitled to access your personal information held by Taking Shape on request. To request access to your personal information please contact the relevant Data Protection Officer using the contact details set out below.

We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information, we hold about you and letting us know if your personal details change.

However, if you consider any personal information, we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.

We may decline your request to access or correct your personal information in certain circumstances in accordance with the applicable Privacy Laws. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.

You may contact Taking Shape at any time if you have any questions or concerns about this Privacy Policy or about the way in which your personal information has been handled.
If you wish to make a complaint to Taking Shape, you should first contact the Data Protection Officer in writing (contact details for the Data Protection Officer in your jurisdiction are set out below).
Your complaint will be dealt with in accordance with Taking Shape’s complaints procedure and the Data Protection Officer will provide you with a response within a reasonable period (generally 30 days), or such shorter period of time as is specified in the applicable Privacy Laws. If you are unhappy with Taking Shape’s response to your complaint, you may refer your complaint to:

  • if you are in Australia, the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted by telephone on 1300 363 992 or by using the contact details on the website www.oaic.gov.au;
  • if you are in New Zealand, the Office of the Privacy Commissioner (OPC). The OPC can be contacted by telephone on 0800 803 909 or by using the contact details on the website privacy.org.nz;
  • if you are in the United Kingdom, the Information Commissioner’s Office (ICO). The ICO can be contacted by telephone on 0303 123 1113 or by using the contact details on the website ico.org.uk; or
  • if you are anywhere else, your local data protection authority.

Under the GDPR, individuals located in the EU and the UK have extra rights which apply to their personal information. Personal information under the GDPR is often referred to as “personal data” and is defined as information relating to an identified or identifiable natural person (an individual). If the GDPR applies to you, you have the following additional and specific rights in relation to your personal information (where applicable):

  • Right to access: you have the right to access, or request a copy of, the personal information we hold about you. Any request for access to or a copy of your personal information must be in writing, and we will endeavour to respond within a reasonable period and in any event within one month (in compliance with the GDPR).
  • Right to be informed: you have the right to be informed about how your personal information is being used (which is what this Privacy Policy seeks to do).
  • Right to rectification: you have the right to ask us to update any inaccurate personal information we hold about you (this can also be done through My Account).
  • Right to erasure: you have the right (in certain circumstances) to request the personal information we hold about you to be erased from our records. An exception to this right applies if we are not obliged to delete your personal information because we need to retain it in order to comply with a legal obligation or to establish, exercise or defend legal claims.
  • Right to restrict processing: in some circumstances, you have a right to ask us to restrict the processing of your personal information if you consider that we do not have the right to hold it.
  • Right to data portability: you have the right to ask us to transfer a copy of your personal information to you or to another service provider or third party where technically feasible.
  • Right to objection: you also have the right to object to your personal information being processed for a particular purpose (such as direct marketing, automated processing or profiling) or to request that we stop using your information.
  • Right to complain: if you are unhappy with the treatment of your personal information, and you have contacted us as set out in this Privacy Policy, you have the right to lodge a complaint with the local data protection authority. We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority, so please contact us in the first instance.

If you have consented to our processing of your personal information, you have the right to withdraw, at any time, any consent that you have previously given to us for use of your personal information. In certain circumstances even if you withdraw your consent, we may still be able to process your personal information if required or permitted by law or for the purpose of exercising or defending our legal rights or meeting our legal and regulatory obligations.

If you want to exercise your rights, have a complaint, or just have questions relating to your personal information or anything in this Privacy Policy, please contact our Data Protection Officer using one of the contact methods set out below.
Australia and New Zealand
Privacy Officer
TS 14+ Australia Pty Ltd 
Address: PO Box 36  Abbotsford VIC 3067 Australia
Telephone: +61 3 9916 0777 
Facsimile: +61 3 9916 0799 
Email: privacyofficerau@takingshape.com

United Kingdom and all other non-EU international locations.
Privacy Officer
TS UK Group Limited
Address: 2c Chartwell Point, Chartwell Drive Wigston Leicester LE18 2FT England
Telephone: +44 (0)1164826161
Email: privacyofficeruk@takingshape.com
We welcome your feedback and will deal with your request or inquiry as soon as is reasonably possible.

This Privacy Policy was updated on 10/08/2022

Taking Shape may amend this Privacy Policy from time to time, with or without notice to you. We recommend that you visit our website regularly to keep up to date with any changes. We also try to let you know about major changes to our Privacy Policy (for example by putting a notice up on our website).
Further information regarding the Privacy Laws which relate to you generally can be obtained from the relevant privacy regulator such as:

  • the OAIC if you are in Australia;
  • the OPC if you are in New Zealand; or
  • the ICO if you are in the United Kingdom,

by using the contact details set out above under the heading "What you should do if you have a complaint about the handling of your personal information".