Privacy Policy

1. Privacy at katejbaker.com

Kathryn Jane Baker (ABN 62 754 014 961), trading as Lumen Naturae, provides photography and other art products and services.

We understand and value the importance of information security and protecting the privacy your personal information. We adhere to privacy principles both by design and by default.

We collect and store personal information in a way that is lawful, fair and not unreasonably intrusive to your privacy. Our Privacy Policy is in line with:
- the Australian Privacy Principles (APPs) listed in the Privacy Act 1988 (Privacy Act)
- EU General Data Protection Regulation (GDPR)
- similar international privacy laws.

2. Risk assessment and continuous improvement

To demonstrate that we comply with the latest regulations, we continually seek improvement through our information security and privacy management system.

We have conducted a risk assessment of how personal data is processed. And we have implemented measures to ensure your data is:
- protected when it is being transmitted and when it is being stored
- never stored longer than needed to perform our services.

If you want to find out what security measure we have in place, you can ask us for Data Protection Agreement. See section 16.

Our commitment to continuous improvement is demonstrated through our risk assessment and treatment process and our incident management procedures. These processes cover our privacy practices and how we manage personally identifiable information (PII).

We take a continuous improvement approach to providing, managing and improving our products and services from a privacy perspective. This includes activities such as developing new products, conducting surveys, seeking your feedback, and responding to requests or queries, which may include verifying your identity.

3. What is personal information?

In this policy, ‘personal information’ has the same meaning as in the Privacy Act. Personal information is any information that can be used to personally identify you, including your name, address, phone number, email address and profession or occupation.

 4. What personal information do we collect?

We collect personal information only to carry out our business, deliver our products and services and improve customer service. The type of personal information we collect depends on how you interact with us. Typically, we collect your:
- name
- mailing/shipping address
- email address
- phone number
- other information you provide to us when you register for subscriptions or events and/or complete our surveys and evaluation forms.

We do not normally collect sensitive information about you such as information about your health, racial background, religious or political beliefs or date of birth. 

We also do not normally collect financial information such as credit card number and billing address as this is managed directly through Shopify checkout with all applicable privacy and security safeguards in place. If we do collect sensitive information, we will obtain your consent first, and will only do so if it is reasonably necessary for our business functions.

If you do not agree to provide us with your personal information, we may not be able to provide services to you or your organisation.

 5. How do we collect personal information?

We may collect personal information from you during normal service delivery, such as when:
- you buy our artworks
- you register for our events or other services
- you access and use our websites
- we respond to your enquiries and requests
- we email you and talk to you on the phone
- we market our services to you.

We collect personal information either directly from you, from someone else at your company or organisation, or from a third party who is authorised to provide your details to us. If we obtain your information from a third party, we will ask them to confirm in writing that they have legally obtained your personal information and that we have the right to acquire it from them and use it.

 6. Why do we collect your information?

We collect, hold, use and disclose personal information to conduct administrative and business functions, including:
- managing and maintaining our business relationships
- providing and improving our services
- sending communications
- responding to enquiries and requests
- informing you about our services and obtaining your feedback about them
- giving you a more personalised experience when you interact with us
- providing access to online portals
-updating our records and keeping contact details up to date
- enabling you to subscribe to our website, newsletters and mailing lists and register for our courses
- assessing and improving the performance of our website
- processing and responding to privacy complaints
- complying with legal requirements.

We will only collect information we need to conduct our business and maintain our relationship with you or your business. We will not share, sell, rent or disclose your personal information other than as described in this policy.

 7. Who do we disclose personal information to?

We may disclose your personal information to our employees and related companies for the purposes set out in section 6. We may combine or share your information with information collected by the other companies.

We may also disclose your personal information to:
- contractors, suppliers, vendors, partners and other third parties we have a commercial relationship with for business, marketing or related purposes
- any organisation for any authorised purpose with your express consent.

Except as set out above, we will only disclose personal information if it is required by law or a court or tribunal order or is otherwise permitted under the Privacy Act.

 8. Which overseas organisations do we disclose personal information to?

We may disclose your personal information to service providers outside Australia, including in the United Kingdom, United States of America, Singapore and the Netherlands for some of the purposes set out in section 6. We will contractually ensure that overseas recipients of your personal information protect your personal information at a level that is equivalent to the APPs.

 9. How do we store and secure personal information?

We store personal information to ensure that we can manage and maintain communications with organisations we do business with. Contact may be verbal, electronic or written.

We will only store your personal information if it is relevant to conducting business with you. We do not normally store information that is sensitive information.

We take all reasonable precautions to ensure that personal information is protected from misuse, interference, loss, unauthorised access, modification or disclosure. To do this, we use a combination of physical, administrative and technical safeguards.

Our staff are contractually bound by confidentiality obligations. And we hold your personal information in either:
- paper-based records in secure access-controlled premises
- electronic form in databases and email files which require logins and passwords.

When we collect PII, it is stored in our backup files for 28 days. We retain these files so that we can restore our systems if we our servers fail.

Our website is linked to the internet, and as the internet is inherently insecure, we cannot provide any assurance about the security of the information you transmit to us online. We also cannot guarantee that the information you supply will not be intercepted as it is being transmitted. Accordingly, if you transmit any personal or other information to us online, you do so at your own risk.

If your personal information is no longer needed, we will take reasonable steps to either delete it from our systems or de-identify it, except where we are required by law or a court or tribunal order to keep the information.

 10. What direct marketing do we do?

We may send you marketing communications to tell you about:
- our products and services
- our surveys or other information
- something we think will interest you.

We may send communications in various forms, including SMS and email, in line with relevant laws, such as the Spam Act 2003. You consent to us sending you communications by those methods. If you tell us you prefer a certain method of communication, we will take reasonable steps to use that method whenever it is practical to do so.

If you do not want to receive communications from us, you can opt out. You can either:
- contact us using the details set out at in section 16
- use the opt-out method provided in our communications.

We will then remove your name from our mailing list.

We do not provide your personal information to other organisations for the purposes of direct marketing.

 11. How can you access and correct your personal information?

We will take all reasonable steps to ensure that the personal information we hold about you is accurate, up to date and complete.

At any time, you can ask to access your personal information. You can also ask us to correct your personal information if it is inaccurate, incomplete or out of date.

We will meet your request where it is reasonable and practicable to do so. However, we may deny access as permitted by the Privacy Act. For example, we may need to refuse access if doing so would interfere with others’ privacy, is unlawful or would result in a breach of confidentiality.

If you wish to access or correct your personal information, write to us using the contact details in section 16 or use the contact form on our website.

We will respond to you within 30 days of your request. If we deny your request, we will provide you with our reasons in writing. We will also tell you how you can complain about our refusal.

 12. How can you complain about a privacy breach?

If you have concerns about how we handle your personal information or you wish to make a complaint about a breach of the APPs, you can write to us, using the contact details set out in section 16.

We will respond to you in writing within 30 days of receiving your complaint. We will either describe what we will do as a result of your complaint or, if there has been no breach, we will explain this to you.

 13. Using our website

When you access our website, we may send cookies to your computer. Cookies are small summary files containing a unique ID number.

Cookies enable us to recognise your computer each time you visit our website so you do not have to register at every visit. We may use cookies to measure traffic patterns and determine which areas of our website have been visited.

If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.

Any activity you do on our website may be monitored. We may log your IP address (the electronic address of computers connected to the internet) to:
- analyse trends
- administer the website
- track users’ movements
- gather broad demographic information.

We do not use cookies to track your internet activity before or after you leave our website.

Our website may contain links to other websites operated by third parties. We make no representations or warranties about their privacy practices, and we are not responsible for their privacy policies or the content of any third party website.

 14. Changes to our privacy policy

We may change this privacy policy from time to time. Any updates to this privacy policy will be posted on our website. Please review it regularly.

This privacy policy was last updated on 30 September 2023.

 15. Withdrawing your consent

You may withdraw your consent at any time by contacting us using the details in section 16. We may ask you to put your request in writing and provide proof of identity, depending on the data you’re withdrawing consent for.

If the GDPR applies to your personal information, read about your rights here

 16. Contacting us

If you have any questions about this privacy policy or wish to ask for a Data Protection Agreement, contact us.

Email: kate@katejbaker.com
Mail: 46 Donna Buang Rd, Warburton VIC 3799 Australia