Crestech Group Pty Ltd ACN 644 894 397 (referred to as “Crestech Group”) recognises that your personal information is important to you and that you are concerned with its collection, use and disclosure. Crestech Group, like other companies operating in Australia, is bound by the Australian Privacy Principles as set out in the Privacy Act 1988 (Cth) which set clear standards regarding these activities.

Purpose

The purpose of this privacy policy (this “Privacy Policy”) is to inform users of our websites http://www.crestech.au, http://www.d2x.au, http://www.techwave.com.au or any other Crestech Group websites (the “Websites”) of the following:

• the purposes for which Crestech Group collects, holds, uses and discloses personal information;
• the types of personal information that Crestech Group collects;
• how Crestech Group collects and holds personal information;
• how you may access the personal information that Crestech Group holds about you, and how you may seek correction of that personal information; and
• how you may complain about a breach of the Australian Privacy Principles by Crestech Group and how Crestech Group will deal with such a complaint.

This Privacy Policy applies in addition to the terms and conditions of our Site.

Why We Collect, Hold, Use and Disclose Personal Information?

Crestech Group collects, holds, uses, and discloses personal information for several purposes connected with our business operations, which include:

• providing you with products and/or services you have ordered/purchased;
• dealing with requests, enquiries, complaints, consumer guarantee or warranty claims, and other customer care related activities;
• marketing our products and services and providing advice on our products;
• making recommendations or suggestions to you in relation to our products and services;
• developing and improving our products and services (for example, through customer reviews and surveys);
• in connection with our loyalty or reward programmes and competitions;
• the operation and administration of accounts, subscriptions or memberships (e.g. CresPerks) that you have with us;
• payment processing;
• processing a refund or exchange of a product;
• carrying out certain checks (for example, for our fraud or theft prevention processes, if you wish to open an account with us, obtain credit from us, collect goods from a Crestech Group warehouse or storeroom, or pick-up goods in-store that have been ordered online);
• interacting with companies or organisations with whom Crestech Group has a business relationship (where you work for, or otherwise represent, such an organisation);
• reconciling payments due to Crestech Group from suppliers in relation to goods or services provided to you by those suppliers;
• purposes relating to any third party acquisition or potential acquisition of an interest in Crestech Group or its assets;
• complying with our obligations under agreements with third parties (for example, under our authorised dealer arrangements with Telstra and our arrangements with consumer finance providers);
• carrying out day to day surveillance of our stores for operational and security purposes; and
• carrying out any activity in connection with a legal, governmental, or regulatory requirement that we have to comply with, or in connection with legal proceedings, crime or fraud prevention, detection or prosecution. We may also use and disclose your personal information for other purposes related to those described above which would be reasonably expected by you.

Documents (including hard copy documents and electronic documents such as emails) which coincidentally contain personal information will also be retained in accordance with Crestech Group’s normal document retention practices for accounting, legal and business purposes.

Generally, you have no obligation to provide any personal information requested by us. However, if you choose not to do so where we require this information, we may not be able to provide you with the goods and services that you want or deal with a request, enquiry or complaint that you have.

What Personal Information Do We Collect?

The kinds of personal information we collect or which we may hold about you may include:

• your name;
• your address;
• your date of birth;
• your telephone number(s);
• your e-mail address;
• payment information;
• financial information such as your bank account details;
• transaction information;
• password of your account with us;
• details about your earnings (if you are buying products using a finance plan);
• information contained on identification documents (such as driving licences) and, in some specific cases, copies of such identification documents, where we require these to verify your identity;
• information on how you use our products and services;
• your Internet Protocol (“IP”) address, server address, domain name and information on your browsing activity when visiting one of our websites;
• your user name for social networking sites that you use, to refer to, or in conjunction with, our goods and services;
• personal preferences or views regarding products and services;
• video and audio surveillance and recording of you when you visit one of our stores or pick up goods from a collection area; and
• photographic images taken of products (which may also include an image of you) when they are delivered to or installed in your home by Crestech Group or one of its contractors.

How We Collect & Hold Your Personal Information?

We collect personal information in several ways including:

• when you order goods or services from us (either online, in-store or over the telephone);
• when you collect goods that you have ordered from us, including from a Crestech Group warehouse or storeroom;
• when you set up an account with us;
• when you join a membership program (e.g. CresPerks);
• when you purchase certain products or extended warranties from us;
• when you buy goods on lay-by or “duty-free” goods;
• when you pay for goods by cheque;
• when you request for a refund or exchange of a product;
• when you subscribe to our catalogues or mailing lists or those of certain partners of;
• when you subscribe to a Crestech Group subscription service;
• when you sell second-hand goods to us or buy second-hand goods from us;
• when you enter competitions or promotions that we run;
• when you provide us your details for customer care purposes;
• when you browse one of our websites (further information is set out later in this Privacy Policy);
• when you submit an enquiry using one of our websites;
• when you complete surveys or provide online feedback or product reviews;
• when you publicly comment about us on social media sites (for example so that we can answer questions about our products); and
• through the video and audio surveillance and recording located in our stores, outside our stores (e.g. in the front entry area of a store) or collection areas (e.g. loading docks), when you visit one of our stores or pick up goods from a collection area; and
• through photographic images taken of products (which may also include an image of you) when they are delivered to or installed in your home by Crestech Group or one of its contractors.

Generally, Crestech Group will collect your personal information directly from you. However, Crestech Group also holds information, collected incidentally, concerning individuals who work for companies or organisations that have a business relationship with Crestech Group. Additionally, if you apply for a job with Crestech Group, we may collect personal information about you from any third parties that you nominate as your referees in your application.

Crestech Group holds personal information in several ways, including:

• as part of customer records and other electronic documents on which personal information is contained which are stored on our information technology systems and servers operated by third parties who provide services to us in connection with our business; and
• by securely storing hard copy documents on which personal information is contained, at our various premises and using third-party document management and archiving services.

Marketing

We may use your personal information that we have collected to promote and market products and services to you, including through methods such as email and SMS. We will not use your personal information for marketing purposes where you have opted out of receiving such communications.
Please note that when you create an account with us you agree to subscribe to our marketing communications and your details will be added to our marketing database to receive information relating to Crestech Group and our products and services. You may also choose to subscribe to our marketing communications by signing up on our website.

How to Unsubscribe

You can unsubscribe from our marketing communications at any time in one of the following ways:

• Emails: Select the “unsubscribe” option in one of the emails that you’ve received from us to unsubscribe, this option can usually be found at the top right or bottom of the email. Please note that if you have an account with Crestech Group, we may still need to send you information about your account or purchase.
• SMS: Unsubscribe by texting the stated response word e.g. “UNSUBSCRIBE” to the mobile number provided in the SMS we sent you.

Alternatively, you may opt-out of receiving marketing communications by submitting a privacy enquiry.

If you subscribe to our marketing communications, we may disclose your personal information in an anonymised form to third party platforms such as Facebook, Instagram and Google for the purposes of marketing products and services to you based on your personal information and preferences. For example, we may actively target banners and ads to you when you are on other websites, apps and third-party platforms.

Sharing Your Personal Information

Crestech Group may disclose or receive personal information or documents about you, including to/from:

• organisations that provide services to us in connection with our business, including customer support, customer experience/engagement, extended warranties, payment processing, administration, archival, data storage, data analytics, hosting, research, mail and delivery, installation, distribution, logistics, marketing, auditing, share registry, consulting, financial and legal advisory, banking, debt collection, fraud/theft prevention and/or identification, security or technical services and the operation and administration of membership programs (e.g. CresPerks) and the Websites. In some cases, these service providers may collect your personal information on our behalf;
• third party platforms like Facebook, Instagram and Google, in an anonymised form for the purposes of displaying banners, advertising or content based on your personal information or preferences;
• third parties like Google to enable us to manage information collected from the Websites and perform Website Activities;
• manufacturers and distributors of goods;
• if you return goods to Crestech Group to be repaired, third parties including our repairs system administrator, the manufacturer of the goods and authorised repairers;
• law enforcement agencies to assist in the prevention, investigation and prosecution of criminal activities;
• parties involved in any third party acquisition or potential acquisition of an interest in Crestech Group or its assets;
• our insurers and insurance brokers;
• if goods you purchase from Crestech Group are subject to a product recall, the manufacturer or distributor of those goods; and
• other third parties where you have specifically consented to the disclosure of information to these third parties.

Additionally, if you return goods to us on which personal information is stored for repair (for example, on a mobile phone or computer) and do not delete that personal information, Crestech Group will send the goods to the repairer. By returning such goods to Crestech Group for repair, you consent to Crestech Group disclosing any personal information contained on the goods to the repairer, by way of Crestech Group sending the goods to the repairer.

Disclosure of Personal Information to Overseas Recipients

Crestech Group is likely to disclose the personal information that it collects and holds about you to third parties who are not in Australia (such as third parties who are located in the United States of America, United Kingdom and New Zealand) for one or more the purposes set out in this policy e.g. to provide you the goods/services you have purchased. Some of the jurisdictions in which these third parties are located may have less protective privacy and data protections laws than Australia.

Personal Information Collected on Behalf of Other Parties

Crestech Group may collect information about you on behalf of third parties. In these cases the documentation that you sign will set out how the personal information that you provide will be used by these third parties and the privacy policies of the third parties will apply. Crestech Group may also receive personal information or documents about you from these third parties where necessary in connection with the provision of goods or services by Crestech Group.

How We Deal With Your Personal Information If You Apply For a Job With Us

If you apply for a job with us, you may be required to provide us with certain personal information, including your name, employment and educational background, and other personal information which we may require you to provide, or which you choose to provide us, in relation to your job application.
We will hold, use, and disclose that information solely for the purpose of considering your application. In particular, in considering your application, it may be necessary for us to disclose some of that information to third parties to verify the accuracy of that information. In such circumstances, we will disclose only such information as is necessary in the circumstances.
In considering your application, we may also collect personal information about you from any third parties that you nominate as your referees in your application.

Security of Your Personal Information

We will take reasonable steps to ensure that the personal information that we hold is stored in a secure environment protected from misuse, interference and loss and any unauthorised access, modification, or disclosure.

How to Access, Correct and Update Your Personal Information

Upon your request, Crestech Group will provide access to your personal information that we hold (except in certain circumstances set out in the Privacy Act 1988 (Cth)). Crestech Group reserves the right to charge you an administration fee of AU$30 for providing access to your personal information and will, of course, require some proof of your identity before providing information to you.
You may also request us to correct the personal information that Crestech Group holds about you. If you do so and we are satisfied that, having regard to a purpose for which the information is held, the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, Crestech Group will take such steps as are reasonable in the circumstances to correct your personal information to ensure that, having regarding to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.
To request access to the personal information that Crestech Group holds about you, or to update or correct that personal information, please submit a privacy enquiry.

In addition:
• if you are a subscriber to our marketing database you can also update your details via the “unsubscribe” option in one of the emails that you receive from us;
• if you subscribe to one of our services you can also update your details via that service.

How to Make a Complaint

If you are concerned that the way Crestech Group collects, holds, uses, or discloses your personal information may be in breach of the Australian Privacy Principles, please send the details of your complaint to The Data Privacy Officer by submitting a request.

How Crestech Group Will Handle Complaints

After receiving a complaint, we will consider whether we need any further information from you to properly consider and investigate the complaint and may request such information from you. We will then:

• conduct internal discussions with the relevant business units involved in the collection, holding, use or disclosure of your personal information, which is the subject of your complaint, and evaluate whether we believe that such collection, holding, use or disclosure of your personal information was in breach of the Australian Privacy Principles; and
• notify you of the results of our investigation of your complaint.

If the conclusion of our investigation is that our collection, holding, use or disclosure of your personal information was in breach of the Australian Privacy Principles, we will take steps to remedy the breach as soon as reasonably practicable.
We will endeavour to notify you of the results of our investigation of your complaint within 30 days of receiving your complaint. However, if your complaint involves complex matters or requires extensive investigation and consultation, it may not be possible to respond within this timeframe.
If you are not satisfied with our response to your complaint you are entitled under the Privacy Act 1988 (Cth) to make a complaint to the Office of the Australian Information Commissioner. Information about how to make a complaint is available from the Office of the Australian Information Commissioner’s website (www.oaic.gov.au).

Additional Information for EU Customers

If you are an individual located in the European Union (“EU customer”), you have additional rights under the General Data Protection Regulation (“GDPR”), including those set out below.

• you may withdraw your consent for us to process your personal information at any time;
• you may request for us to “erase” any personal information we hold about you;
• where we have processed your personal information by automated means, you may request to receive your personal information in a structured, commonly used and machine-readable format. You may also request that, where possible, we transmit such data to another third-party controller;
• if you have any concerns about how we are handling your personal information under the GDPR, you may lodge a complaint with your relevant EU supervisory authority.

You consent to the transfer of your personal information from the EU to Australia, and from Australia to other third countries, in accordance with this policy. You may request further information in relation to the safeguards in place for any international transfers of your personal information.

Additional Information for Users of Our Websites

If you visit our Websites to read, browse, download information or transact, our system may record information such as the date and time of your visit to the Website, your postcode/suburb, device type, browser type and operating system, the pages accessed and any information downloaded, (collectively, the “Website Information”). The Website Information is used for activities including: (i) statistical and reporting purposes; (ii) website administration, security and maintenance purposes; (iii) to direct you to/display material on our Websites that we believe will be of interest to you; (iv) displaying product availability and delivery options to you; (v) to measure traffic and visitor behaviour; (vi) to understand the impact of online advertising, use remarketing and audience targeting; and (vii) to market products and services to you, (collectively, the “Website Activities”).

We use third parties such as Google to enable us to perform the Website Activities.
Like many websites, the Websites use “cookies”. Cookies are small text files that we transfer to your computer’s hard drive through your web browser to enable our systems to recognise your browser and your log-in status. Cookies are used to record Website Information for the Website Activities. The default settings of browsers like Internet Explorer usually allow cookies, but users can easily erase cookies from their hard-drive, block all cookies, or receive a warning before a cookie is stored. Please note that some parts of the Websites may not function fully for users that disallow cookies.

The Websites also use tags, which are tiny bits of website code that allow us to transmit Website Information for the Website Activities.
While we take great care to protect your personal information on the Websites and use state-of-the-art data transmission encryption, unfortunately no data transmission over the internet can be guaranteed to be 100% secure. Accordingly, we cannot ensure or warrant the security of any information that you send to us or receive from us online. This is particularly true for information you send to us via email. We have no way of protecting that information until it reaches us. Once we receive your transmission, we use our best efforts to ensure its security in our possession.

The Websites may contain links/ plug-ins to other sites. We are not responsible for content of, or the privacy practices or policies of, those sites.

Web Push Notifications

The Websites may send you an initial pop-up message when you’re on the Websites asking if you want to allow or block pop-up notifications from Crestech Group within your web browser when you have your browser open on any website (Notifications). When you select Allow, you are agreeing to receive Notifications from Crestech Group. You will only start to receive Notifications after you select Allow and you can change this setting at any time.

If you have selected to allow Notifications, Crestech Group may send you Notifications about products, services, our latest offers, price and in stock alerts and other information we think might be of interest to you. Note that Notifications may be sent to you when you are on another website if your web browser is open.

You can opt in or opt out of Notifications at any time via your browser settings. If you want to opt out of Notifications at any time, follow the steps listed under the Web Push Notifications section here.

Exemptions

Crestech Group sometimes handles personal information relying on exemptions under the Privacy Act 1988 (Cth), for example in relation to (i) employee records; (ii) related bodies corporate; (iii) provision of services to State or Territory authorities; and (iv) operations outside Australia relating to personal information of non-Australians.

Any permitted handling of personal information under such exemptions will take priority over this Privacy Policy to the extent of any inconsistency.

Privacy Queries

If you have any queries or concerns, further information can be obtained by contacting our Privacy Officer by submitting a privacy enquiry or by post to:

The Data Privacy Officer
Crestech Group Pty Ltd
Level 9, 123 Epping Rd
Macquarie Park NSW 2113.

Crestech Group Pty Ltd | ACN 644 894 397 | ABN 13 644 894 397
Updated 18th of Sep 2023