Privacy and data Statement
We appreciate your business, and value your privacy and security.
Juice Plus+® Australia Pty ltd (JPCA) needs to gather and use information about individuals. These can include Customers, Suppliers, Employees, Juice Plus+® Independent Virtual Franchisees (Franchisees) and other people we have a relationship with or may need to contact.
This policy describes how personal data must be collected, handled and stored and ensures:
· Compliance with the Australian Privacy Act 1988 (Privacy Act).
· Protection of the rights of Staff, Customers and Franchisees.
· JPCA is open about how we store and processes individual’s data.
· Protection from the risk of data a breach.
· Protection from possible reputational damage.
The Privacy Act is under underpinned by seven important principles. The principles cover:
· The open and transparent management of personal information including having a privacy statement.
· An individual having the option of transacting anonymously or using a pseudonym where practicable.
· The collection of solicited personal information and receipt of unsolicited personal information including giving notice about collection.
· How personal information can be used and disclosed (including overseas).
· Maintaining the quality of information.
· Keeping personal information secure.
· The right for individuals to access and correct their personal information.
This policy applies to:
· The Juice Plus+ Company (Australia) Pty Ltd (JPCA).
· All Australian Juice Plus+ Independent Virtual Franchisees.
· All Employees of JPCA.
· All contractors, suppliers and other people working on behalf of JPCA
Everyone who works for or with JPCA has some responsibility for ensuring data is collected, stored and handled appropriately.
Each team including Franchisees must ensure that data is handled and processed in line with this policy and data protection principles.
The following people have key areas of responsibility:
· The Board of Directors is ultimately responsible for ensuring that the organisation meets its legal obligations.
The Financial Controller is responsible for:
· Keeping the Board updated about data protection responsibilities, risks and issues.
· Reviewing all data protection procedures and related policies, in line with an agreed schedule.
· Arranging data protection training and advice for the people covered by this policy.
· Handling data protection questions from Staff.
· Ensuring the Customer Service and Accounts Receivable teams can answer questions from Customers.
· Dealing with requests from individuals to see the data that we hold about them.
· Checking and approving any contracts or agreements with third parties that may handle our sensitive data.
The IT Manager is responsible for:
· Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
· Performing regular checks to ensure security hardware and software is functioning properly.
· Evaluating any third-party services, the organisation is considering using to store or process data. For instance, cloud computing services.
The Sales and Marketing Director is responsible for:
· Ensuring Franchisees understand their responsibilities when handling data.
· Ensuring the Franchise team can answer data handling questions from Franchisees.
· Where necessary, working with other Staff to ensure marketing initiatives abide by data protection principles.
The general guidelines for all Staff, Contractors and Franchisees are:
· The only people able to access data covered by this policy should be those who need it for their work.
· Data should not be shared informally.
· JPCA will provide training to all Employees, Contractors and Franchisees.
· Employees, Contractors and Franchisees should keep all data secure, by taking sensible precautions and follow the guidelines below:
· Strong passwords must be used, and they should never be shared.
· Personal data should be not disclosed to unauthorised people, either within the organisation or externally.
· Data should be regularly reviewed and updated if found to be out of date. If no longer required it should be deleted, destroyed or archived.
· Employees, Contractors and Franchisees should request help from an appropriate manager within the organisation if unsure about any aspect of data protection.
Data Storage and Use
All personal data relating to the purchase of products by Customers and Franchisee’s business activities is stored on the Juice Plus+® worldwide secure computer system server located at the Juice Plus+® headquarters in Collierville, Tennessee, a suburb of Memphis. All other personal data is held on the Australian secure server located at JPCA office in Newcastle NSW.
These rules describe how and where data should be safely stored and used. When data is stored on paper, it should be:
· Kept in a secure place where unauthorized people cannot see it, such as in a locked draw or filing cabinet.
· Not left on desks or printers.
· Should be shredded and disposed of securely when no longer required.
When data is stored and used electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts by:
· Protecting data with strong passwords that are changed regularly and never shared.
· Storing of removable media in a locked location, when not being used.
· Storing data only on designated drives and servers.
· Backing up data frequently onto a secure site. Those backups should be tested regularly.
· Protecting all servers and computers containing data with security software and firewall.
· Ensuring that when working with personal data, their computer screens are locked when left unattended.
· Ensuring that users do not save copies of personal data to their own computers.
· Encrypting financial data before being transferred to authorised external service providers.
It’s the responsibility of Employees, Contractors and Franchisees to take reasonable steps to ensure data is kept accurate and up to date by:
· Keeping data in as few places as necessary.
· Taking every opportunity to ensure data is updated when dealing with Customers and Franchisees.
· Updating data as inaccuracies are discovered. For instance, if a Customer can no longer be reached on their stored telephone number it should be removed from the database.
Requests to Access Personal Data
All individuals who are the subject of data held by the organisation are entitled to:
· Ask what information is held about them and why.
· Ask how to gain access to it.
· Be informed on how to keep it up to date.
· Be informed on how the organisation is meeting its data protection obligations. Requests for individuals to access their personal data stored by the organisation is to be made in
writing. We aim to provide the relevant information within 14 days. Before providing information the organisation will verify the identity of the person making a request.
Data Breaches Involving Personal Information
As a requirement of the Privacy Act we will notify individuals if there has been a breach of their personal data that is likely to result in serious harm to the individual affected. We will also advise them the steps we are taking and what they can do to reduce the impacts to their privacy.
European Union Requirements
JPCA does not operate in the European Union, however Australian Franchisees are entitled to trade worldwide including the EU. We believe that these guidelines are harmonised with EU requirements. Copyright© 2018, The Juice Plus+ Company. All rights reserved.