Privacy policy

Last updated: October 2023

About our Privacy Policy

Background

We are Emma Kate Blomkamp also trading as CoDesignCo ABN 16 870 845 218 (CoDesignCo, Emma Blomkamp, we, or us), and this is our Privacy Policy.

We think it is important to show you what info we collect, what we will and won’t do with your personal info, as well as how we collect, store, and handle personal info.

You accept this Privacy Policy when you access our Sites. You accept this Privacy Policy by:

  • accessing our Sites (which includes our websites www.emmablomkamp.com and www.codesignco.space and our presence on third-party applications like LinkedIn and CoDesignCo spaces on Notion and Slack).

  • sending us information (such as an email or enquiry form message),

  • buying products and services from us, or

  • as set out in our Site Terms.

Once accepted, the terms in this Privacy Policy apply to your personal information that we hold or collect in future.

For questions or notices, please contact us: hello@emmablomkamp.com 

Collecting and using your information

  • When we collect personal info, we do so in line with this Privacy Policy. You don’t have to give us your personal info, but if you don’t, we might not be able to provide you our various services or you might not be able to access certain Site features.

    Examples: We can’t contact you if we don’t have your contact details. We can’t deliver products to you if we don’t know what address you want the product delivered to.

    Depending on how we interact with you, we might collect some or all the following information:

    • Contact: Name, email address, date of birth, address, phone number, information to verify your ID ;

    • Social: Pronouns, social media platform details, associated accounts like Google and info you give us through them; images of you; your preferences and opinions;

    • Device: Device type, IP address, browser type, operating system, location, device, and network information

    • Actions: How you interact with our Site, browser session and geo-location data, search queries and browsing behaviour and search history, details of enquiries you make about our products or services

    • Financial: Purchase history, payment method (through our third-party payment processor), products purchased

    • Content: Contents of communications, stored documents and media, sensitive information (see below)

    • Location: Billing address, suburb and state of residence, electronic signature geo-tag location, publicly available check in location data on social media

    Collecting information from third parties

    If we get personal information about you from a third party, we manage and protect that information as set out in this policy.

    • If you are a third party giving personal info to us about somebody else, you warrant to us you have that person’s consent to give us their personal info.

  • How do we manage your sensitive information?

    Sensitive information receives a higher level of protection under the Australian Privacy Principles.

    Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information.

    We do not intentionally collect sensitive information.

  • Depending on how we interact with you, we might use some of your information for the following purposes:

    • To communicate with you, to market products and services to you, to tell you important service updates,

    • To verify identity or address and delivery information,

    • To provide Site functionality,

    • To take payment and to give refunds,

    • For internal record keeping, invoicing, and billing,

    • For analytics, market research and business development, including to operate and improve our Site

    • For marketing, to send you promotional info about us and our products and services and information about third parties we think you might be interested in,

    • To share your profile (information you have chosen to share) with other members via our newsletter or the public via our member directory,

    • To comply with our legal obligations or to resolve disputes,

    • To consider your application to join our team or community or capability building program.

  • You can opt out of marketing communications at any time by clicking on the link in our communications to unsubscribe.

Storing Information

  • To help prevent unauthorised access or disclosure, we have general physical, electronic and management processes to securely store personal info and protect it from misuse, loss, unauthorised access, modification and disclosure.

    • Whilst we take measures to safeguard against unauthorised disclosures, we can’t assure you the personal info we collect won’t be disclosed in a way that is inconsistent with this Privacy Policy.

    • We do not guarantee the security of any info transmitted to or by us over the Internet.

Sharing Information

  • Depending on how we interact with you, we might share some of your information with the following people:

    • our service providers, such as contractors, delivery partners, design and marketing partners, IT service providers, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers, various advisors and payment systems operators

    • third parties, including agents or sub-contractors, who help us in providing information, products, services, or direct marketing to you. This may include parties located, or that store data, outside of Australia

    • credit reporting agencies, courts, or authorities if you do not pay for our goods or services

    • authorised law enforcement agencies who follow the legally required processes, or in connection with any actual or prospective legal proceedings, or to establish, exercise or defend our legal rights

    • third parties to collect and process data, such as Google Analytics or other relevant businesses, including those that store data outside Australia.

  • Some suppliers we use to provide you services are located outside Australia. We may disclose your personal information outside Australia.

    • Overseas third parties might not be governed by the Privacy Act and so might not comply with the Australian Privacy Principles. If those parties breach the APPs, you aren’t protected by the Privacy Act.

    • By giving us your personal information, you consent to us disclosing it outside Australia.

    • You acknowledge we aren’t required to ensure overseas recipients manage your personal information in line with AU Privacy Law.

    Information storage and processing

    Offshore locations may include:

    Our organisation’s offices: Australia

    Our employees: Australia

    Hosting facilities for our Site:
    Australia, European Union, New Zealand, United Kingdom, Asia, United States and Other Australia, European Union, New Zealand, United Kingdom, Asia, United States and Other

    Our suppliers, and contractors:
    Australia, European Union, New Zealand, United Kingdom, Asia, United States and Other Australia, European Union, New Zealand, United Kingdom, Asia, United States and Other

    Information may be stored, processed in or transferred: Australia, European Union, New Zealand, United Kingdom, Asia, United States and Other Australia, European Union, New Zealand, United Kingdom, Asia, United States and Other

    Servers used by:
    Stripe, Notion, Trello, Google Workspace, Slack and Squarespace at various locations.

Extra data protection information

    • To the extent it applies to our services and business, we meet the requirements of the General Data Protection Regulation (GDPR) for UK and EU citizens and believe in the principles of fair, transparent, and lawful data collection and use.

    • Some additional important data issues are set out below for relevant clients and Site visitors.

    Processing your data

    • We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.

    • We must have a lawful basis for processing your personal information. For our operations, our legal basis for collecting personal information depends on the data we collect and how we use it and may include collecting and using your information:

      • As necessary for our legitimate business interests, or

      • To fulfil a contractual or legal obligation, or

      • If needed to protect your life or in a medical situation, or

      • to carry out a public function or a task of public interest, or

      • if the function has a clear basis in law.

    We get your consent

    • We only collect personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose.

    • We will keep your data reasonably safe and secure.

    Sensitive information

    We do not collect or process any personal information from you that is considered "Sensitive Personal Information" under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.

    We do not knowingly collect or process children’s personal information

    You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you.

  • Individuals residing in the EU

    Individuals residing in the EU, you have certain rights as to how your personal information is obtained and used. We aim to comply with your rights under the GDPR, which include the following:

    • Being informed how your personal information is being used

    • Access your personal information (we will provide you with a free copy of it)

    • Correcting your personal information if it is inaccurate or incomplete

    • Deleting your personal information (a.k.a the right to be forgotten)

    • Restrict processing of your personal information

    • Keep and reuse your personal information for your own purposes

    • Object to your personal information being used, and automated decision making and profiling.

    Contact us if you have GDPR questions

    • Please contact us at any time to exercise your rights under the GDPR.

    • We may ask you to verify your identity before acting on any of your requests.

    Hosting and International Data Transfers

    We aim to protect transfers to any offshore locations with appropriate safeguards which may include standard data protection clauses approved by the European Commission which you can find at the European Commission Website.

Other details

  • Yes, we may use cookies on our Site from time to time.

    Cookies are small text files placed in your computer's browser to store your preferences.

    • On their own, cookies do not tell us personal info however, they let others like Google and Facebook, push our adverts to appear on your social media and online media as part of our marketing.

    • If you give us personal info, we may link this to the data stored in the cookie.

  • Yes, we may use web beacons on our Site from time to time.

    • Web beacons are small pieces of code placed in a web page or email to monitor behaviour of site visitors and email recipients.

    • We may also use Google Analytics to collect and process data. For more details on how Google uses data when you use third party websites or apps, please search Google’s site.

  • Our Sites have links to other websites and applications that we don’t control. We cannot and do not protect personal info you share with those other websites. Check those other websites for details of their privacy policies.

  • We will change this Policy if we change the way we manage your personal info changes or privacy laws change. When we do, we put the updated policy on our Sites and, if possible, we also notify you via email.

    • You can ask us for the details of the personal information we hold about you.

    • We can charge you a reasonable fee for preparing and providing you that information.

    • If the information we hold about you is incomplete or incorrect, please let us know so we can fix it.

    • If you would like us to delete information about you that we do not need to deliver services to you, please let us know and we will delete it within a reasonable timeframe.

  • Let us know if you have questions or concerns about how we use your personal info or the way we try to explain how we manage your info.

    • You are responsible for the accuracy of information you decide to give us.

    • If the info we hold about you is incomplete, irrelevant, or otherwise incorrect, please let us know so we can fix it. We know we won’t always get things perfect, so we appreciate your feedback to improve.

    For more info on Australian privacy law, visit oaic.gov.au or contact OAIC via enquiries@oaic.gov.au.