Taking Shape – Global Privacy Policy

TS 14 Plus Australia Pty Ltd ACN 101 752 998, TS 14+ New Zealand Pty Ltd ACN 105 007 814, and their respective subsidiaries and affiliates (collectively referred to as Taking Shape, us, we, or our) own and operate the ‘Taking Shape’ brand and business.

Taking Shape services clients around the world, including in Australia, the United Kingdom, Europe, New Zealand Canada, Georgia, Israel, Switzerland, Turkey, and the United States of America. We take your privacy seriously and we are committed to managing personal information in accordance with relevant local privacy and data protection laws which apply to us, such as:

  • in Australia, the Australian Privacy Principles (APPs) under the Australian Privacy Act 1988 (Cth) (Privacy Act);
  • in New Zealand, the New Zealand Information Privacy Principles (NZ IPPs) under the New Zealand Privacy Act 2020 (NZ) (NZ Privacy Act);
  • in the European Union or European Economic Area, the General Data Protection Regulation 2016/679, or in the UK, the General Data Protection Regulation (EU) 2016/679) and the Data Protection Act 2018 (DPA 2018), (as applicable, the GDPR); and
  • other local applicable privacy laws,

(together, the Privacy Laws).

This document tells you how we manage your personal information (also referred in this Privacy Policy and some Privacy Laws as “personal data”) and is referred to as our Privacy Policy.

In this Privacy Policy, “you” or “your” refers to any individual we collect personal information about.
This Privacy Policy applies to all personal information collected by us, or submitted to us, whether offline or online, including personal information collected or submitted through our websites, through our official social media channel pages which we control (such as our LinkedIn and Instagram pages), provided in store or when we otherwise interact with you. This Privacy Policy is designed to help keep you informed of:


  • what personal data we collect and how we use and share this information;
  • how we store your personal information and keep this information safe; and
  • your rights in relation to how we manage your personal information.

If you have any questions about how we protect privacy please email us at info@takingshape.com.au

We may collect your information in a number of ways, including:

  1. Directly from you, including but not limited to
    • through activity on our website;
    • through transactions made by you (including details about payments made between us, and products and services purchased from us);
    • email or other written communications;
    • telephone calls;
    • in person;
    • through ‘contact us’ forms on our website; and
    • employment application forms.
  2. From third parties, including but not limited to
    • through third party payment providers;
    • fulfilment partners (such as shipping and warehouse management providers);
    • media partners; and
    • direct marketing database providers.

The information we collect and hold will depend on the type of service we provide you (whether it is when making a debit or credit card sale, processing your Loyalty Rewards or when you visit our website). Where data we collect and hold is likely to constitute personal information, the table below shows the type of personal information that we may collect and hold and how we use this.

If the GDPR applies: We collect and process personal information about you only where we have a legal basis for doing so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal information for more than one lawful basis depending on the specific purpose for which we are using your data. Please reach out to us if you need further details about the specific legal basis we are relying on to process your personal information where more than one ground has been set out in the table below.

Personal Information Purpose
We process this personal information to:
Legal Basis for processing under the GDPR
Your name, billing and/or postal addresses, telephone numbers, email address
  • deliver your purchases to you;
  • send you service messages to you about your purchases; and
  • to prevent and protect against fraud.
  • Performance of a contract with you.
  • Legitimate interests: to develop our Services and grow our business
  • To comply with a legal obligation.
  • Public interest
  • Legitimate interests: ensuring we do not deal with proceeds of criminal activities or assist in any other unlawful or fraudulent activities for example terrorism

 

Telephone number and email address  keep you up to date about products you may like based on your communication preferences (which you may opt-out of at any time)
  • Consent
Your birthday/ date of birth 
  • provide a personalised experience to you; and
  • (Rewards Program members) give you a little thank you on your birthday.
  • If you are a Rewards Program member, the performance of a contract with you.
  • Legitimate interests: to develop our Services and grow our business.
Your payment information
  • collect payment and issue refunds; and
  • and prevent fraud.
Unless you choose to store this information at checkout, we don’t keep any of this information. If you wish the site to remember your card details, your details will be fully encrypted and stored in compliance with Payment Card Industry (PCI) security standards.
  • Performance of a contract with you.
  • To comply with a legal obligation to prevent fraud and data breaches.
  • Public interest.
  • Legitimate interests: ensuring we do not deal with proceeds of criminal activities or assist in any other unlawful or fraudulent activities for example terrorism.
  • Consent.
Your purchase history
  • allow you to shop online and add products to your basket, save wish lists,
  • provide customer service support to you and process returns;
  • (Rewards Program members) issue rewards to you; and
  • better understand what you like, and to improve or develop our products and services.
  • Performance of a contract with you.
  • To comply with a legal obligation including tax obligations.
  • Legitimate interests: to develop our Services and grow our business.
Browsing activity (including phone and laptop device information)  better understand what you like and help us to improve your shopping experience.
  • Consent
  • Legitimate interests: to develop our Services and grow our business.
IP Addresses, including geographic information better understand where you are located and help us to improve your shopping experience.
  • Consent
  • Legitimate interests: to develop our Services and grow our business.
Your password (fully encrypted and inaccessible by Taking Shape)  enable you to login to TakingShape.com, your password will be saved by our website.
  • Performance of a contract with you.
Communication preferences & contact history 
  • keep you up to date about products you may like.
  • You can opt out of marketing communication at any time by;

    1. Changing your email preferences via your My Account when logged in;
    2. Clicking the unsubscribe link in emails;
    3. Replying STOP to the relevant text message communication; or
    4. Contacting our support team.
  • (Rewards Program members) issue rewards to you.
  • Respond to requests by data subjects to exercise their rights
    • Consent.
    • Legitimate interests: to develop our Services and grow our business.
    • Performance of a contract with you.
    • Performance of a contract with you.
    • To comply with a legal obligation.
    Preferences, feedback and survey responses Improve our products and service to you.
    • Consent.
    • Legitimate interests: to develop our Services and grow our business.
    Professional information: where you are a worker of ours or applying for a role with us, your professional history such as your previous positions and professional experience. If you have applied for employment with us; to consider your employment application.
    • Legitimate interests: to consider your employment application.
    All To comply with our legal obligations or if otherwise required or authorised by law.
    • To comply with a legal obligation.

    If the GDPR applies: If our legal basis for processing your personal information is consent, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your personal information because we have a legitimate interest to do so, you have the right to object to that use. In some cases, this may mean you are no longer able to use our services in full. Further information about your rights is available below.

    Sensitive information is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information.Sensitive Information is known as ‘special categories of data’ under the GDPR.


    We do not actively request sensitive information about you. If at any time we need to collect sensitive information about you, unless otherwise permitted by law, we will first obtain your consent and we will only use it as required or authorised by law, and only to the minimum extent necessary to achieve our purpose which we will disclose to you when obtaining your consent.


    We do not carry out solely automated decision-making or profiling that has a legal or similarly significant effect on individuals

    With your consent (if required) and in accordance with your contact preferences, local direct marketing laws and the Privacy Laws, we will send you marketing communications from time to time to keep you up to date on our latest arrivals and offers, provide loyalty rewards, share style advice or invite you to upcoming store events. We may also use your personal information to personalise your advertising experience via social media and ad retargeting.


    You can opt out of marketing communication at any time by:

    1. changing your email preferences via your My Account when logged in;
    2. clicking the unsubscribe link in emails; or
    3. replying STOP to the relevant text message communication; or
    4. contacting our support team.

    Opting out of marketing communication will not stop service messages such as order confirmations and updates which are required for us to provide our services to you.

    We take the privacy and security of your personal information seriously and use a number of procedures and processes to ensure, the security and integrity of your personal information, including (but not limited to):

    • encryption of data;
    • pseudonymisation, anonymisation, aggregation and de-identification of personal information (so that it does not identify you);
    • restriction of access to personal information;
    • multi-factor authentication on all systems; and
    • maintenance of technology products to prevent unauthorised computer access.

    Unless you choose to store payment information at checkout, we do not keep details of your credit card information, including the security code (or CCV number) that you need to input in order to complete an order using your credit card. If you wish the site to remember your card details, we will process this information with your consent, and your details will be fully encrypted and stored in compliance with Payment Card Industry (PCI) security standards. Taking Shape has no access to this data.
    All credit card payments are processed by CyberSource who have been providing online card processing for over 20 years. As a certified Payment Service Provider (PSP), all transactions processed are done so in a PCI DSS compliant fashion. For more information on CyberSource, please visit https://www.cybersource.com. At the time you place your order, your credit card is pre-approved. Actual payment is processed through a secure process once you have placed your order.

    We recommend taking the following security measures to enhance your online security, both in relation to the use of our websites, and more generally:

    • If using a public computer, we recommend that you always log out of your Taking Shape account and close the browser when you finish.
    • Create a strong and unique password for your account; we recommend using a combination of numbers and letters.
    • Avoid using the same password for multiple accounts.
    • Change passwords regularly. To change your Taking Shape password, sign in and visit  My Account and check "Change My Password".We will send you an email notification to your registered email address to confirm your account updates.

    We do not and will not sell any of your personal information to any third parties.
    Where required to provide you with our services, we share your personal information with third parties, which may include the following recipients or categories of recipients:

    • related or affiliated companies of Taking Shape, located in Australia, New Zealand, and the United Kingdom;
    • third party service providers or contractors used for logistical services, data processing, payment processing, data analysis, customer satisfaction surveys, information technology services and support, website maintenance/development, printing, archiving, mail-outs, and market research, including but not limited to Salesforce, Global E, CyberSource, PayPal, Optty, Australia Post and Shippit.
    • any revenue service, tax, or regulatory authority, if we are obliged to disclose your personal information under any applicable legal or regulatory requirements;
    • our professional advisers, such as our lawyers and accountants;
    • any person or organisation to whom we may transfer our rights or obligations; or
    • any person or organisation after a restructure, sale, or acquisition of any Taking Shape entity, as long as that person uses your personal information for the same purposes as it was originally given to us or used by us (or both).

    We disclose your personal information to these recipients or categories of recipients in order to:

    • to provide you with our products and services;
    • to communicate with you based on your communication preferences;
    • to conduct market research and marketing strategy analysis;
    • for customer service management purposes;
    • to run training and events;
    • for the purpose of facilitating or implementing a transfer or sale of all or part of our assets or business or if we undergo any other kind of corporate restructure, acquisition, or sale. In this context, your personal information may be transferred to another entity (or if such a sale, transfer, acquisition, or corporate restructure is being contemplated by us);
    • courts, tribunals, and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
    • courts, tribunals, regulatory authorities, and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; and
    • any other third parties as required or permitted by law, such as where we receive a subpoena.

    Our international partner for facilitating and executing some international sales is Global-e Online Ltd ("Global-E"),.If you purchase products from TakingShape.com, your personal information will be collected and used by Global-E for the fulfilment of your order and the delivery of products to you. This Privacy Policy only applies to the use of your data by us. Please see Global E's privacy policy for more information about how your personal information is used by them.

    Taking Shape’s website is operated from Australia. When using our website and our services, personal information you provide to use is being provided to us in Australia.


    In addition, as we are based overseas and operate globally, it is likely that we will disclose your personal information outside of the jurisdiction you are located in to overseas recipients and service providers who are located in places such as Australia, New Zealand, United States of America, the United Kingdom and other countries depending on the nature of the services those recipients provide to us (for example cloud-based storage solutions and where the recipient server locations are based overseas). Please note that the use of overseas service providers to store or process personal information will not always involve the service provider being able to access your personal information.


    We only ever disclose your personal information outside the jurisdiction it was collected where we are permitted to do so under applicable Privacy Laws. Generally, this means we will take reasonable steps to ensure your personal information is treated securely and in accordance with applicable Privacy Laws.
    For residents of the UK or the European Economic Area (EEA), we will transfer data that we collect from you to locations outside of the UK or the EEA for processing and storing. Personal information will be processed by staff operating outside the UK or the EEA who work for us or for one of our suppliers. For example, such staff maybe engaged in the processing and concluding of your order, the processing of your payment details and the provision of support services. Where we transfer your personal information outside of the UK or the EEA, we will ensure safeguards are in place to ensure it remains secure and adequately protected. This includes:

    • only transferring your personal information to countries that have been deemed by applicable data protection laws to provide an adequate level of protection for personal information; and
    • where recipients are not located in countries with an adequacy decision in place, ensure that appropriate safeguards are taken, including entering into EU standard contractual clauses (or equivalent measures) with parties outside the European Economic Area. The EU standard contractual clauses are available here (and the UK addendum to these standard contractual clauses are here).
      There are other circumstances where we may disclose your personal information to an overseas recipient, for example, where you have provided your express consent, or we are otherwise permitted to do so under the applicable Privacy Laws.

    A "cookie" is a text file stored by your web browsers, which allows a website to recognise the user and their preferences. Taking Shape uses cookies to enhance customer experience as follows:

    • Session/Site functionality cookies – these cookies are required for our site to work, allowing you to add to cart, search for products and protect our site from malicious traffic
    • Site analytics cookies – these cookies allow us to measure and analyse how our customers use our site so that we can improve.
    • Customer preference & Advertising cookies these cookies allow us and third parties to deliver relevant marketing and advertising to you. You can delete or manage cookies by accessing the “Help” section of your internet browser or visiting the below sites. Please note this may impact your browsing experience.

    You can delete or manage cookies by accessing the “Help” section of your internet browser or visiting the below sites. Please note this may impact your browsing experience.

    Third party cookies are cookies that are set by a domain other than the one being visited by you. If you visit one of our Websites and a separate company sets a cookie through that Website this would be a third party cookie.
    To try and bring you offers and advertisements that are of interest to you, we have relationships with third party companies including, Google, Criteo, Facebook and other providers (Third Party Providers) that allow them to place cookies on our Websites.


    These Third Party Providers may:

    • use Third Party Cookies, web beacons, and other storage technologies to collect or receive information from our Websites and elsewhere on the internet;
    • compare de-identified information from us with information collected elsewhere on the internet; and
    • use that information to provide measurement services and target ads to you.

    Please refer to our Cookie Policy for more information about how we use cookies. If you are in the UK or Australia, you can also learn more by visiting the following sites:
    http://www.aboutcookies.org.uk/managing-cookies
    https://www.choice.com.au/electronics-and-technology/internet/internet-privacy-and-safety/articles/how-browser-cookies-work

    We will only keep the personal information we collect about you for as long as is necessary for the purposes set out in this Privacy Policy or as required to comply with any legal obligations to which we are subject. The retention periods we apply take account of:

    • legal and regulatory requirements and guidance;
    • limitation periods that apply in respect of taking legal action;
    • our ability to defend ourselves against legal claims and complaints;
    • good practice; and
    • the operational requirements of our business.

    You are entitled to access your personal information held by Taking Shape on request. To request access to your personal information please contact the relevant Data Protection Officer using the contact details set out below.


    We will take reasonable steps to ensure that the personal information we collect, use, or disclose is accurate, complete and up to date. You can help us to do this by letting us know if you notice errors or discrepancies in information, we hold about you and letting us know if your personal details change.


    However, if you consider any personal information, we hold about you is inaccurate, out-of-date, incomplete, irrelevant, or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.


    We may decline your request to access or correct your personal information in certain circumstances in accordance with the applicable Privacy Laws. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.


    You may contact Taking Shape at any time if you have any questions or concerns about this Privacy Policy or about the way in which your personal information has been handled.
    If you wish to make a complaint to Taking Shape, you should first contact the Privacy Officer or Representative in your jurisdiction in writing (contact details for the Privacy Officer or Representative in your jurisdiction are set out below).
    Your complaint will be dealt with in accordance with Taking Shape’s complaints procedure and the Privacy Officer or Representative will provide you with a response within a reasonable period (generally 30 days), or such shorter period of time as is specified in the applicable Privacy Laws. If you are unhappy with Taking Shape’s response to your complaint, you may refer your complaint to:


    • if you are in Australia, the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted by telephone on 1300 363 992 or by using the contact details on the website  www.oaic.gov.au;
    • if you are in New Zealand, the Office of the Privacy Commissioner (OPC). The OPC can be contacted by telephone on 0800 803 909 or by using the contact details on the website  privacy.org.nz;
    • if you are in the United Kingdom, the Information Commissioner’s Office (ICO). The ICO can be contacted by telephone on 0303 123 1113 or by using the contact details on the website ico.org.uk; or
    • if you are anywhere else, your local data protection authority.

    Under the GDPR, individuals located in the EU and the UK have extra rights which apply to their personal information. Personal information under the GDPR is often referred to as as “personal data” and is defined as information relating to an identified or identifiable natural person (an individual). If the GDPR applies to you, you have the following additional and specific rights in relation to your personal information (where applicable and subject to the legal basis we have relied on to process your personal information):


    • Right to access: you have the right to access, or request a copy of, the personal information we hold about you. Any request for access to or a copy of your personal information must be in writing, and we will endeavour to respond within a reasonable period and in any event within one month (in compliance with the GDPR).
    • Right to be informed: you have the right to be informed about how your personal information is being used (which is what this Privacy Policy seeks to do).
    • Right to rectification: you have the right to ask us to update any inaccurate personal information we hold about you (this can also be done through My Account).
    • Right to erasure: : you have the right (in certain circumstances) to request the personal information we hold about you to be erased from our records. An exception to this right applies if we are not obliged to delete your personal information because we need to retain it in order to comply with a legal obligation or to establish, exercise or defend legal claims.
    • Right to restrict processing: in some circumstances, you have a right to ask us to restrict the processing of your personal information if you consider that we do not have the right to hold it.
    • Right to data portability: you have the right to ask us to transfer a copy of your personal information to you or to another service provider or third party where technically feasible.
    • Right to objection: you also have the right to object to your personal information being processed for a particular purpose (such as direct marketing, automated processing, or profiling) or to request that we stop using your information.
    • Right to complain: if you are unhappy with the treatment of your personal information, you have the right to lodge a complaint with the local data protection authority where you or we are located. We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority, so please contact us in the first instance.

    If you have consented to our processing of your personal information, you have the right to withdraw, at any time, any consent that you have previously given to us for use of your personal information. In certain circumstances even if you withdraw your consent, we may still be able to process your personal information if required or permitted by law or for the purpose of exercising or defending our legal rights or meeting our legal and regulatory obligations.

    If you want to exercise your rights, have a complaint, or just have questions relating to your personal information or anything in this Privacy Policy, please contact our Privacy Officer.
    Privacy Officer
    TS 14+ Australia Pty Ltd 
    Address: PO Box 36  Abbotsford VIC 3067 Australia
    Telephone: +61 3 9916 0777 
    Facsimile: +61 3 9916 0799 
    Email: privacyofficer@takingshape.com

    We welcome your feedback and will deal with your request or inquiry as soon as is reasonably possible, and within the timeframes required by Privacy Laws.

    This Privacy Policy was updated on 30 June 2023.

    Taking Shape may amend this Privacy Policy from time to time, with or without notice to you. We recommend that you visit our website regularly to keep up to date with any changes. We will notify you in advance about material changes to our Privacy Policy (for example by putting a notice up on our website).
    Further information regarding the Privacy Laws which relate to you generally can be obtained from the relevant privacy regulator such as:

    • the OAIC if you are in Australia;
    • the OPC if you are in New Zealand; or
    • the ICO if you are in the United Kingdom,

    by using the contact details set out above under the heading "What you should do if you have a complaint about the handling of your personal information".