Taking Shape – Global Privacy Policy

TS 14 Plus Australia Pty Ltd ACN 101 752 998, TS 14+ New Zealand Pty Ltd ACN 105 007 814, TS UK Group Limited 12368180 and their respective subsidiaries and affiliates (collectively referred to as Taking Shape, us, we, or our) own and operate the ‘Taking Shape’ brand and business.

Taking Shape services clients around the world, including in Australia, the United Kingdom, Europe and New Zealand. We take your privacy seriously and we are committed to managing personal information in accordance with relevant local privacy and data protection laws which apply to us such as:

  • the Australian Privacy Principles (APPs) under the Australian Privacy Act 1988 (Cth) (Privacy Act);
  • the New Zealand Information Privacy Principles (NZ IPPs) under the New Zealand Privacy Act 2020 (NZ) (NZ Privacy Act);
  • the General Data Protection Regulation (EU) 2016/679 (GDPR); and
  • other local applicable privacy laws,

(together, the Privacy Laws).

This document tells you how we generally manage your personal information (also referred in this Privacy Policy and some Privacy Laws as “personal data”) and is referred to as our Privacy Policy.

In this Privacy Policy, “we“, “us“, and “our” refers to Taking Shape and “you” refers to any individual we collect personal information about.

This Privacy Policy applies to all personal information collected by us, or submitted to us, whether offline or online, including personal information collected or submitted through our websites, through our official social media channel pages which we control (such as our LinkedIn and Instagram pages). This Privacy Policy is designed to help keep you informed of:

  • what personal data we collect and how we use and share this information;
  • how we store your personal information and keep this information safe; and
  • your rights.

If you have any questions about how we protect privacy please email us at info@takingshape.com.au (if you’re based in Australia or New Zealand) or info@takingshape.com (if you’re based in the United Kingdom or in the European Economic Area).

We may collect your information in a number of ways, including:

  1. Directly from you, including but not limited to
    • through activity on our website;
    • through transactions;
    • email or other written communications;
    • telephone calls;
    • in person;
    • through application forms
  2. From third parties, including but not limited to
    • through payment providers;
    • media partners (such as AdRoll); and
    • Direct marketing database providers.

The information we collect and hold will depend on the type of service we provide you (whether it is when making a debit or credit card sale, processing your Loyalty Rewards or when you visit our website). The table below shows the type of personal information that we may collect and hold and how we use this.

Information How we use this
Your name and contact details: billing and/or postal addresses, telephone numbers email address

We collect this information in order to:

  • deliver your purchases to you;
  • send you service messages to you about your purchases or keep you up to date about products you may like based on your communication preferences; and
  • to prevent & protect against fraud.
Your birthday/ date of birth  We collect this information to provide a personalised experience to you. If you are a member of the Rewards Program we collect this to give you a little thank you on your birthday.
Your payment information Used to collect payment, issue refunds and prevent fraud. Unless you choose to store this information at checkout, we don’t keep any of this information. If you wish the site to remember your card details, your details will be fully encrypted and stored in compliance with Payment Card Industry (PCI) security standards.
Your purchase history

We keep this so you can shop online and add products to your basket, save wish lists, provide customer service support to you, process returns, to better understand what you like, and to improve or develop our products and services. We also use this information to comply with applicable laws and regulations, including our tax obligations.

If you are a member of Rewards Program we also use this to issue rewards to you.

Browsing activity  To better understand what you like and help us to improve your shopping experience, we store information about your phone or laptop, and how you use our websites.
IP Addresses To better understand where you are located and help us to improve your shopping experience, we store information about your geographic location.
Your password  To enable you to login to TakingShape.com your password will be saved by our website, this is full encrypted by and cannot be accessed by Taking Shape and Profile.
Communication preferences & contact history 

We use this (with your permission) to keep you up to date about products you may like. If you are a member of Rewards Program we also use this to issue rewards to you.

You can opt out of marketing communication at any time by;

  1. Changing your email preferences via your My Account when logged in;
  2. Clicking the unsubscribe link in emails; or
  3. Contacting our support team.
We keep contact history to help us to improve your experience – and to meet our legal obligation should you wish to see this.
Preferences, feedback and survey responses We collect this information to improve our products and service to you.

We are permitted to process your personal information in the ways described above, either because:

  • you have explicitly agreed that we may process your information for these specific reasons;
  • the processing is necessary to supply products to you or provide you with our services;
  • the processing is necessary for us to comply with our legal obligations; or
  • the processing is necessary for our legitimate interests, including to protect our business interests; to ensure that complaints are investigated; to evaluate, develop or improve our products; and to keep our customers informed of relevant products and services, unless you indicate that you do not wish us to do so.

We do not carry out solely automated decision-making or profiling that has a legal or similarly significant effect on individuals

With your consent (if required) and in accordance with your contact preferences, local direct marketing laws and the Privacy Laws, we will send you marketing communications from time to time to keep you up to date on our latest arrivals and offers, provide loyalty rewards, share style advice or to invite you to upcoming store events. We may also use your personal information to personalise your advertising experience via social media and ad retargeting.

You can opt out of marketing communication at any time by:

  1. changing your email preferences via your My Account when logged in;
  2. clicking the unsubscribe link in emails; or
  3. contacting our support team.

Opting out of marketing communication will not stop service messages such as order confirmations and updates.

We take the privacy and security of your personal information seriously and use a number of procedures and processes to ensure, where possible, the security and integrity of your personal information, including (but not limited to):

  • encryption of data;
  • anonymise and aggregate personal information (so that it does not identify you);
  • restricting access to Personal Information; and
  • maintaining technology products to prevent unauthorised computer access.

Unless you choose to store this information at checkout, we do not keep details of your credit card information, including the security code (or CCV number) that you need to input in order to complete an order using your credit card. If you wish the site to remember your card details, your details will be fully encrypted and stored in compliance with Payment Card Industry (PCI) security standards. Taking Shape has no access to this data.

All credit card payments are processed by CyberSource who have been providing online card processing for over 20 years. As a certified Payment Service Provider (PSP), all transactions processed are done so in a PCI DSS compliant fashion. For more information on CyberSource, please visit https://www.cybersource.com. At the time you place your order, your credit card is pre-approved. Actual payment is processed through a secure process once you have placed your order.

We recommend taking the following security measures to enhance your online security, both in relation to the use of our websites, and more generally;

  • If using a public computer, we recommend that you always log out of your Taking Shape account and close the browser when you finish.
  • Create a strong and unique password for your account; we recommend using a combination of numbers and letters.
  • Avoid using the same password for multiple accounts.
  • Change passwords regularly. To change your Taking Shape password, sign in and visit My Account and check "Change My Password". We will send you an email notification to your registered email address to confirm your account updates.

We do not and will not sell any of your personal information to any third parties.

Where required, we share your personal information with third parties, which may include the following recipients or categories of recipients:

  • related or affiliated companies of Taking Shape, located in Australia, New Zealand and the United Kingdom;
  • third party service providers or contractors used for logistical services, data processing, payment processing, data analysis, customer satisfaction surveys, information technology services and support, website maintenance/development, printing, archiving, mail-outs, and market research;
  • any revenue service, tax or regulatory authority, if we are obliged to disclose your personal information under any applicable legal or regulatory requirements;
  • our professional advisers, such as our lawyers and accountants;
  • any person or organisation to whom we may transfer our rights or obligations; or
  • any person or organisation after a restructure, sale or acquisition of any Taking Shape entity, as long as that person uses your personal information for the same purposes as it was originally given to us or used by us (or both).

We disclose your personal information to these recipients or categories of recipients in order to:

  • to provide you with our products and services;
  • to communicate with you based on your communication preferences;
  • to conduct market research and marketing strategy analysis;
  • for customer service management purposes;
  • to run training and events; and
  • for the purpose of facilitating or implementing a transfer or sale of all or part of our assets or business or if we undergo any other kind of corporate restructure, acquisition or sale. In this context, your personal information may be transferred to another entity (or if such a sale, transfer, acquisition or corporate restructure is being contemplated by us).

Third parties to whom we have disclosed your personal information may contact you directly to let you know they have collected your personal information and to give you information about their privacy policies.

It is likely that we will disclose your personal information outside of the jurisdiction you are located in to overseas recipients and service providers who are located in places such as Australia, New Zealand, United States of America, the United Kingdom and other countries dependant on the nature of the services those recipients provide to us (for example cloud-based storage solutions and where the recipient server locations are based overseas). Please note that the use of overseas service providers to store personal information will not always involve a disclosure of personal information to that overseas provider.

We only ever disclose your personal information outside the jurisdiction it was collected where we are permitted to do so under applicable Privacy Laws. Generally, this means we will take reasonable steps to ensure your personal information is treated securely and in accordance with applicable Privacy Laws, including, where relevant, by entering into EU standard contractual clauses (or equivalent measures) with the party outside the European Economic Area. The EU standard contractual clauses are available here.

For residents of the European Economic Area (EEA), we will transfer data that we collect from you to locations outside of the EEA for processing and storing. Also, it will be processed by staff operating outside the EEA who work for us or for one of our suppliers. For example, such staff maybe engaged in the processing and concluding of your order, the processing of your payment details and the provision of support services. Where we transfer your information outside of the EEA we will ensure safeguards are in place to ensure it remains secure and adequately protected.

There are other circumstances where we may disclose your personal information to an overseas recipient, for example, where you have provided your consent, or we are otherwise permitted to do so under the applicable Privacy Laws.

A "cookie" is a text file stored by your web browsers, which allows a website to recognise the user and their preferences. Taking Shape uses cookies to enhance customer experience as follows:

  • Session/Site functionality cookies – these cookies are required for our site to work, allowing you to add to cart, search for products and protect our site from malicious traffic
  • Site analytics cookies – these cookies allow us to measure and analyse how our customers use our site so that we can improve.
  • Customer preference & Advertising cookies – these cookies allow us and third parties to deliver relevant marketing and advertising to you.

By using our site you agree to Taking Shape saving and reading cookie data in future. You can delete or manage cookies by accessing the “Help” section of your internet browser or visiting the below sites. Please note this may impact your browsing experience.

Third party cookies are cookies that are set by a domain other than the one being visited by you. If you visit one of our Websites and a separate company sets a cookie through that Website this would be a third party cookie.

To try and bring you offers and advertisements that are of interest to you, we have relationships with third party companies including, Google, Criteo, Facebook and other providers (Third Party Providers) that allow them to place cookies on our Websites.

These Third Party Providers may:

  • use Third Party Cookies, web beacons, and other storage technologies to collect or receive information from our Websites and elsewhere on the internet;
  • compare de-identified information from us with information collected elsewhere on the internet; and
  • use that information to provide measurement services and target ads to you.

Please refer to our Cookie Policy for more information about how we use cookies. If you are in Australia, you can also learn more by visiting the following sites:

http://www.aboutcookies.org.uk/managing-cookies
https://www.choice.com.au/electronics-and-technology/internet/internet-privacy-and-safety/articles/how-browser-cookies-work

We will only keep the personal information we collect about you for as long as is necessary for the purposes set out in this Privacy Policy or as required to comply with any legal obligations to which we are subject. The retention periods we apply take account of:

  • legal and regulatory requirements and guidance;
  • limitation periods that apply in respect of taking legal action;
  • our ability to defend ourselves against legal claims and complaints;
  • good practice; and
  • the operational requirements of our business.

You are entitled to access your personal information held by Taking Shape on request. To request access to your personal information please contact the relevant Data Protection Officer using the contact details set out below.

We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information, we hold about you and letting us know if your personal details change.

However, if you consider any personal information, we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.

We may decline your request to access or correct your personal information in certain circumstances in accordance with the Australian Privacy Principles. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.

You may contact Taking Shape at any time if you have any questions or concerns about this Privacy Policy or about the way in which your personal information has been handled.

If you wish to make a complaint to Taking Shape, you should first contact the Data Protection Officer in writing (contact details for the Data Protection Officer in your jurisdiction are set out below).

Your complaint will be dealt with in accordance with Taking Shape’s complaints procedure and the Data Protection Officer will provide you with a response within a reasonable period (generally 30 days). If you are unhappy with Taking Shape’s response to your complaint, you may refer your complaint to:

  • if you are in Australia, the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted by telephone on 1300 363 992 or by using the contact details on the website www.oaic.gov.au;
  • if you are in New Zealand, the Office of the Privacy Commissioner (OPC). The OPC can be contacted by telephone on 0800 803 909 or by using the contact details on the website privacy.org.nz;
  • if you are in the United Kingdom, the Information Commissioner’s Office (ICO). The ICO can be contacted by telephone on 0303 123 1113 or by using the contact details on the website ico.org.uk; or
  • if you are anywhere else, your local data protection authority.

If the GDPR applies to you, you have the following additional and specific rights in relation to your personal information (where applicable):

  • Right to access: you have the right to access, or request a copy of, the personal information we hold about you. Any request for access to or a copy of your personal information must be in writing, and we will endeavour to respond within a reasonable period and in any event within one month (in compliance with the GDPR).
  • Right to be informed: you have the right to be informed about how your personal information is being used (which is what this Privacy Policy seeks to do).
  • Right to rectification: you have the right to ask us to update any inaccurate personal information we hold about you (this can also be done through My Account).
  • Right to erasure: you have the right (in certain circumstances) to request the personal information we hold about you to be erased from our records. An exception to this right applies if we are not obliged to delete your personal information because we need to retain it in order to comply with a legal obligation or to establish, exercise or defend legal claims.
  • Right to restrict processing: in some circumstances, you have a right to ask us to restrict the processing of your personal information if you consider that we do not have the right to hold it.
  • Right to data portability: you have the right to ask us to transfer a copy of your personal information to you or to another service provider or third party where technically feasible.
  • Right to objection: you also have the right to object to your personal information being processed for a particular purpose (such as direct marketing, automated processing or profiling) or to request that we stop using your information.
  • Right to complain: if you are unhappy with the treatment of your personal information, and you have contacted us as set out in this Privacy Policy, you have the right to lodge a complaint with the local data protection authority.

If you have consented to our processing of your personal information, you have the right to withdraw, at any time, any consent that you have previously given to us for use of your personal information. In certain circumstances even if you withdraw your consent, we may still be able to process your personal information if required or permitted by law or for the purpose of exercising or defending our legal rights or meeting our legal and regulatory obligations.

If you want to exercise your rights, have a complaint, or just have questions relating to your personal information or anything in this Privacy Policy, please contact our Data Protection Officer using one of the contact methods set out below.

Australia and New Zealand

TS 14+ Australia Pty Ltd 
Address: PO Box 36  Abbotsford VIC 3067 Australia
Telephone: +61 3 9916 0777 
Facsimile: +61 3 9916 0799 
Email: info@takingshape.com.au

United Kingdom

TS UK Group Limited
Address: 2c Chartwell Point, Chartwell Drive Wigston Leicester LE18 2FT England
Telephone: +44 (0)1164826161
Email: info@takingshape.com

We welcome your feedback and will deal with your request or inquiry as soon as is reasonably possible.

This Privacy Policy was updated on 09/03/2021

Taking Shape may amend this Privacy Policy from time to time, with or without notice to you. We recommend that you visit our website regularly to keep up to date with any changes. We also try to let you know about major changes to our Privacy Policy (for example by putting a notice up on our website).

Further information regarding the Privacy Laws which relate to you generally can be obtained from the relevant privacy regulator such as:

  • the OAIC if you are in Australia;
  • the OPC if you are in New Zealand; or
  • the ICO if you are in the United Kingdom,

by using the contact details set out above under the heading "What you should do if you have a complaint about the handling of your personal information".