This Privacy and Cookie Policy sets out what information we collect about you when you access our websites at thepitviper.shop, and other Thepitviper sites and related apps or internet locations (Website), what we use it for and who we share it with. It also explains your rights and what to do if you have any concerns about your personal data.

We may sometimes need to update this notice, to reflect any changes to the way the goods on the Website (Goods) are provided or to comply with new business practices or legal requirements. You should check this Privacy and Cookie Policy to see whether any changes have occurred. Your continued use of our Website or interactions with us will constitute your acceptance of the updated policy. If you disagree with any changes to this Privacy Policy, you must not access or use our Website or interact with any other aspect of our business.

For all visitors to our Website and for users who purchase our Goods, we are the controller of your information (which means we decide what information we collect and how it is used).

Please read this Privacy Policy carefully. By providing personal information or personal data to us, you consent to us collecting, holding, processing using and disclosing your personal information in accordance with this Privacy Policy.

If you are under 16 years of age, you must have and have, and warrant to the extent permitted by law to us that you have, your parent or legal guardian’s permission to access and use the Website and they (your parents or guardian) have consented to you providing us with your personal information. You do not have to provide personal information to us, however, if you do not, it may affect your use of this Website or the products and/or services offered on or through it.

Information we collect from you

Personal data means any information which does, or could be used to, identify a person. We have grouped together the types of personal data that we collect from you when you access the Website, send us an email, create an account with us (Account), purchase our Goods, enter a competition, join our loyalty scheme or make any other use of the Website:

  • Profile data – your first and last name, title, email address, telephone numbers, address, password, username, birthday.
  • Login details.
  • Any other information you provide when using the Website or interacting with us – for example, when you create an Account, submit an application to our student ambassador program, join our loyalty club, answer a survey, request or consent to marketing materials, enter a competition, when you shop or browse online, send us an email, use our chat service or provide feedback.
  • Information about your purchases, including purchases made as a guest before you created an Account with us, your payment or card data, information on your purchases, orders, returns, etc).
  • Marketing and Communication Data – this includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Technical data – internet protocol (IP) address, advertising identifiers or other tracking technologies, browser type and version, time zone setting and generic location, browser plug-in types and versions, operating system and platform on the devices you use to access our systems.
  • Usage data – information about how and when you use our Website, which pages you access and information about your tastes and preferences.

Information from third parties

If we receive personal information about you from a third party, for example by sending you a gift card or shipping an order to your address, we will protect it as set out in this Privacy Policy. In these cases, we only process your data where relevant to this feature or service, as stated in this Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Data we collect from third party sources and platforms includes data from data validation services, authentication service providers, social networking sites, online marketing and segmentation providers and ad targeting companies) to supplement the information we collect directly from you. We also collect and link past purchase data from Shopify when you choose to check out as an account holder, having previously checked out only as a guest with the same email address or identifying information.

We do not collect any information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, sex life or sexual orientation, which you may choose to provide to us.

Lawful basis for, and purpose of, processing

The information below sets out:

  • how we use your personal data;
  • the purpose for using it in each case; and
  • for individuals in the European Economic Area (EEA) and UK, the ‘lawful basis’ we rely on when we use your personal data. We collect and process information about you only where we have legal basis for doing so under applicable EU laws. There are six legal justifications which organisations can rely on. The most relevant of these to us are where we use your personal data to:
  • Fulfill our contract with you.
  • Comply with legal obligations that we have.
  • Pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (e.g. your right to privacy).
  • Do something for which you have given your consent.

If we intend to use your personal data for a new reason that is not listed in the table, we will update our privacy notice.  

Lawful Bias

Purpose for using your personal data.

Contract

  • To administer or perform our contract with you.
  • To process your payment information in connection with any contract we have with you.
  • To deliver your Goods.
  • To process returns or contact you about returns.
  • To send you updates about Goods you have bought (e.g. confirmation of order, arrival time).
  • To enable you to take part in competitions or promotions.

Legal Obligation

  • Recording your preferences (e.g. marketing) to ensure that we comply with applicable data protection laws.
  • Sending you information to comply with legal obligations (e.g. where we send you information about your legal rights).
  • Retaining information to enable us to bring or defend legal claims.

Legitimate Interests

Where using your information is necessary to pursue our legitimate business interests to:

  • ensure the proper functioning of, improve and optimise our Website, for example to ensure that checkout is smooth and that there are no errors while you are browsing our Website;
  • provide customer support and train our staff members to ensure that you receive the best possible customer service;
  • protect our business, our users and the public and to protect our/their rights and property;
  • register and maintain your user account and to verify your identity or age;
  • defend ourselves against legal claims;
  • detect, prevent, or otherwise address fraud or security issues and promote brand safety;
  • to optimise future marketing campaigns and future marketing strategy;
  • monitor and enforce compliance with our Terms and Conditions, including dispute resolution; and
  • comply with internal risk controls, the terms of our access to payment processing, financial or banking services such as credit card disputes, fraud, billing errors, or any applicable law.

Where we use your information for our legitimate interests, we have assessed whether such use is necessary and that such use will not infringe on your other rights and freedoms.

Consent

  • To send you marketing materials, where you have consented to this. This includes making personalised suggestions and recommendations to you about Goods that may be of interest to you based on your personal data. This could be via email, or notifications & messages to your mobile device;
  • To share your data with our advertising and marketing partners, where you have consented to this, who may use your data to, for example, send you targeted and personalised adverts to your interests, attributes, preferences and experiences, and provide us with statistical reporting in connection with our Website and mobile applications;
  • To process your participation in our promotions and giveaways (including contacting you if you win, displaying your details online, publishing your name in relevant newspapers or disclosing details of winners to relevant authorities, if required by law), initiatives or any request for additional Personal Data such as customer surveys; and
  • To ask you to submit a review across our review platforms. 

We may anonymise the personal data we collect (so it can no longer identify you) and then combine it with other anonymous information so it becomes aggregated data. Aggregated data helps us identify trends (e.g. what percentage of users responded to a specific survey). Data protection law does not govern the use of aggregated data and the various rights described below do not apply to it.

Where we need to collect your personal data (for example, in order to fulfil a contract we have with you), failure to provide us with your personal data may mean that we are not able to provide you with the Goods. Where we do not have the information required about you to fulfil an order, we may have to cancel the Goods ordered.

Who we share your information with

We share (or may share) your personal data with:

  • Our group companies: companies within the Thepitviper Group.
  • Our personnel: our employees (or other types of workers) who have contracts containing confidentiality and data protection obligations.
  • Our supply chain partners: such as delivery companies, courier, fulfilment or parcel-pickup services, parcel return partners and payment service providers. We ensure these organisations only have access to the information required to provide the support we use them for and have a contract with them that contains confidentiality and data protection obligations.
  • Financial institutions.
  • Promotional partners: vendors in connection with the processing of any promotion, event or service organised by us.
  • Regulatory authorities: such as tax authorities.
  • Our professional advisers: such as our accountants or legal advisers where we require specialist advice to help us conduct our business.
  • Advertising and marketing partners, and analytics providers (where you have consented to this): these include Meta, TikTok and Rakuten. These advertising and marketing partners have their own privacy policies and we are not responsible for the manner in which they use your data.
  • Cloud services and related providers: agents, contractors or service providers who provide operational services to us, such as online cloud storage and processing, fraud detection and monitoring, marketing optimisation, information technology, telecommunications, security or other relevant services which requires that entity’s collection, use or disclosure of your personal data.
  • Any actual or potential buyer of our business: including in anticipation of a merger, consolidation, investment, change in control, transfer of substantial corporate assets, reorganisation, liquidation, or similar business transaction or corporate event.
  • Any other party whom you authorise us to disclose your Personal Data to.

If we were asked to provide personal data in response to a court order or legal request (e.g. from the police), we would seek legal advice before disclosing any information and carefully consider the impact on your rights when providing a response.

Where your information is located or transferred to and how we keep it safe

We process personal data in multiple countries. By providing us with personal information, you consent to the disclosure of your personal information to third parties who reside outside the country in where you live. If personal data is so transferred, we will comply with applicable laws in doing so. Recipients of your personal data are likely to be located in Australia, the United Kingdom, United States of America and other countries or jurisdictions depending on the nature of the services those recipients provide to us.

Thepitviper has implemented a range of administrative, organisational, technical and physical safeguards to prevent your personal data from being accidentally or illegally lost, used or accessed by those who do not have permission. These measures include:

  • access controls and user authentication (including multi-factor authentication);
  • the use of firewalls;
  • the pseudonymisation and encryption of personal information;
  • ensuring all payments are encrypted as per PCI-DSS requirements;
  • the use of secure databases;
  • regular review of our security measures;
  • requiring all employees to comply with internal information security policies and keep information secure;
  • business continuity and disaster recovery processes; and
  • the restriction of physical access to our offices.

If there is an incident which has affected your personal data, we will notify each applicable regulator and keep you informed (where required under applicable data protection law).

We cannot guarantee the security of any information that is transmitted to or by us over the internet. The transmission and exchange of information are carried out at your own risk. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that the personal information we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy. If you notice any unusual activity on the Website, please contact us at support@thepitviper.shop.

Where the disclosure of your personal information is solely subject to Australian privacy laws (and not subject to the EU GDPR, the UK DPA, or the Californian CCPA), you acknowledge that we are not required to ensure that those third parties comply with Australian privacy laws.