Privacy Policy
This Privacy Policy describes the policies and procedures of Foil Drive Pty. Ltd. and Foil Drive Europe B.V. (“we”, “our” or “us”) on the collection, use and disclosure of personally identifiable information (“Personal Data”) that we collect from the following categories of data subjects:
-
Users: users of our website foildrive.com (“Website”) and our services, features, content, applications, and products (collectively (together with the Website), the “Services”);
-
Recipients: recipients of our newsletter.
-
Customers: consumers that buy our products;
-
Dealers: (representatives of) entities that are part of our network of dealers or that enquire to become part of our network of dealers;
-
Business Relations: (representatives of) our suppliers, partners, prospects and other business relations (including Dealers); and
-
Applicants: job applicants and potential future employees.
Users, Customers, Dealers, Business Relations and Applicants are hereinafter collectively referred to as “Data Subjects”.
Joint Data Controllership
Foil Drive Pty. Ltd. and Foil Drive Europe B.V. are joint controllers for the processing of Personal Data relating to Data Subjects. Between Foil Drive Pty. Ltd. and Foil Drive Europe B.V., a Joint Controller Agreement is in place, specifying the respective responsibilities of Foil Drive Pty. Ltd. and Foil Drive Europe B.V. The Joint Controller Agreement provides that, amongst others, Foil Drive Europe B.V. shall act as local representative for Foil Drive Pty. Ltd. if and tot the extent required, notwithstanding the right of Data Subjects to directly address Foil Drive Pty. Ltd.
We attach great importance to the protection of Personal Data and handle it with care. We follow the applicable legal rules for the protection of Personal Data, such as the General Data Protection Regulation (“GDPR”), as well as our own policy as reflected in this Privacy Policy.
Data Collection
We collect Personal Data as described below.
-
When Users are using or accessing the Services, Personal Data may be actively provided by the User, or automatically collected through our Services.
-
When Recipients subscribe to our newsletter, Recipients actively provide their Personal Data to us.
-
When Customers place an order, contact us or are contacted by us, Customers actively provide their Personal Data to us.
-
When Dealers enquire to become a part of our network of dealers and when our Dealers contact us or vice versa, Dealers actively provide us with their Personal Data.
-
When Business Relations contact us or are contacted by us in the context of our business activities, Business Relations actively provide us with their Personal Data.
-
When Applicants contact us or are contacted by us in the context of their application process with us, Applicants actively provide us with their Personal Data.
Failure to provide certain Personal Data may make it impossible for us to provide our Services, complete orders, conduct business activities and/or conduct your application process.
We mainly process the following categories of personal data for the purposes listed below:
Data subjects |
Personal Data |
Processing Purpose(s) |
Legal Basis |
Retention period |
Users |
Information that Users provide through our contact form on the Website, being name, e-mail and other Personal Data provided to us in messages to us.
Account data, being e-mail, phone, default address, and order history.
IP address, browser type and Internet behaviour, such as the time of your visit to our Website, other visit and click behaviour and username, whether or not through the use of cookies. More information on the use of cookies is provided in this Privacy Policy in the paragraphs below. |
Maintaining contact with Users.
Providing user-accounts to Users.
To provide, maintain and improve the Website and monitor the performance and use of the Website and improve the browsing experience. |
Legitimate interest.
Consent. |
|
Recipients |
E-mail. |
Sending our newsletter to Recipients. |
Consent. |
|
Customers |
Information that Customers provide to place an order, being name, e-mail, company (optional), address, phone and payment information (credit card/bank account details).
Further information provided by Customers in contact with us.
|
Maintaining contact with Customers, entering into agreements with Customers and performing delivery of our products (incl. invoicing). |
Performance of an agreement.
Legitimate interest.
Legal obligation. |
|
Business Relations |
Information provided when enquiring to become part of our network of dealers, being name, company name, business e-mail, business phone and further information provided in the enquiry.
Information provided when contacting us (or vice versa), such as name, company name, business e-mail, business phone, function title and other information provided in your contact with us.
|
Engaging with Business Relations, concluding agreements with Business Relations, maintaining contact with Business Relations and performing our agreements with Business Relations.
Providing dealer-accounts to Dealers. |
Performance of an agreement.
Legitimate interest.
Legal obligation. |
|
Applicants |
Information provided to us during the application process, being name contact details (phone and e-mail), cover letter and CV, diplomas and certificates and other Personal Data you provide to us |
Conducting application process. |
Legitimate interest.
Consent. |
|
We do not retain your Personal Data for longer than necessary for the purposes for which we process your Personal Data and in accordance with the retention periods above, unless we are required to retain your Personal Data for a longer period under a statutory provision or on the basis of our overriding legitimate interests, such as an ongoing dispute.
Further information regarding the Processing of Personal Data through our Website
Cookies are used on our Website. Cookies are simple text files stored by your browser on your computer, tablet or smartphone that contain information about general visiting data, such as pages visited, your browser type, date and time of your visit etc. When you visit the Website, it is necessary to collect certain information in order for the connection to function properly. Among other things, this requires your IP address. This is a string of numbers that is automatically assigned to your computer by your internet service provider every time you log on to the internet so that you can be identified.
We have set the default setting not to store your IP address. We therefore cannot see your IP address, even if you have enabled this option in your browser. As a result, we cannot identify you as a person merely by visiting our Website. We will not compare the non-identifiable data with other data available to us to establish your identity.
Cookies are also used to make it easier for you to use the Website and to optimize the design of the Website and the offer on it for you. When you visit our Website for the first time, we will ask you to allow cookies. If you do not wish to do so, you can refuse (certain) cookies or block the use of cookies via your web browser. Most parts of our Website will then remain readable.
We deploy the following categories of cookies:
-
Functional cookies:
Functional cookies are necessary for our Website to function properly. These cookies are used to make the Website more user-friendly by tracking visitor (click) behaviour and storing certain preferences. Your permission is not required for these cookies.
-
Analytical cookies:
Analytical cookies are used to keep statistics on the use of the Website.
-
Other cookies:
These are cookies used for purposes other than functional or analytical ones. These cookies include, for example, cookies that have tracking or marketing purposes. Your consent is requested for the placing of tracking and marketing cookies. Only after your consent, the cookies will be placed.
The Website uses the following specific cookies:
Cookie |
Purpose |
Expiration |
secure_customer_sig |
Used to identify a user after they sign into a shop as a customer so they do not need to log in again. |
1 year |
localization |
Used to localize the cart to the correct country. |
2 weeks |
cart_currency |
Used after a checkout is completed to initialize a new empty cart with the same currency as the one just used. |
2 weeks |
_tracking_consent |
Used to store a user's preferences if a merchant has set up privacy rules in the visitor's region. |
1 year |
keep_alive |
Used when international domain redirection is enabled to determine if a request is the first one of a session. |
Session |
YSC |
Used by YouTube to remember user input and associate a user's actions. |
Session |
__Secure-ROLLOUT_TOKEN |
Used by YouTube to manage the phased rollout of new features and updates. |
180 days |
VISITOR_INFO1_LIVE |
Used to track the information of the embedded YouTube videos on a website. |
180 days |
VISITOR_PRIVACY_METADATA |
Used to track and enrich the users privacy settings on the Youtube platform |
180 days |
shopify_pay_redirect |
Used to accelerate the checkout process when the buyer has a Shop Pay account. |
1 year |
_gcl_au |
Used to measure the success of ad campaigns. |
4 months |
locale_bar_accepted |
Preserves if the modal from the geolocation app was accepted. |
Session |
_pay_session_pay_session |
The Rails session cookie for Shopify Pay |
Session |
Content from External Platforms
On the Website we can display or link to content hosted on external platforms directly from the pages of our Website and interact with them. If a service of this kind is installed, it may still collect web traffic data for the pages where the service is installed, even when users of the Services do not use it. For such cases the privacy policy of the platform that is displayed or to which is linked, applies.
Access to your Personal Data and Disclosure to Third Parties
Our employees only have access to Personal Data when necessary to perform their duties. In this way, we aim to ensure that Personal Data are only accessible to persons who, because of their position, are authorized. We agree that the Personal Data may only be used for the purposes specified herein and consider how we can respect Data Subjects’ right to privacy as much as possible. Our employees are bound by confidentiality.
When we do share Personal Data with others, e.g. our data processors. A list of data processors engaged by us is attached to this Privacy Policy. We make written agreements with data processors engaged by us to ensure the careful processing of the Personal Data. In addition we limit the transfer of Personal Data to what is strictly necessary. Furthermore, we take appropriate security measures to prevent Personal Data from becoming known to the other parties. These security measures include password controlled access, limited access, the implementation of firewalls, the performance of Data Protection Impact Assessments (if necessary), the limitation of physical access to Personal Data through physical security measures and clear instructions for our employees regarding the processing of Personal Data. In some cases, a legal obligation requires us to provide data to third parties, such as authorities. We always consider how we can respect Data Subjects’ right to privacy as much as possible.
If we transfer Personal Data to countries outside the EEA, we will only do so under the conditions required by privacy legislation.
Security of your Personal Data
We endeavour to implement appropriate organisational and technical security measures to protect Personal Data against unlawful access or alteration, disclosure or destruction. For example, we work with secure data networks protected by firewall and password protection and virus scanners. Moreover, all laptops used by us are protected by means of encryption and other security measures.
If despite our security measures, there is a data breach that is likely to have adverse effects on the privacy of Data Subjects, we will inform the involved Data Subjects about the incident as soon as possible. We will then also inform the involved Data Subjects of the measures we have taken to mitigate the consequences and to prevent recurrence in the future.
In the unlikely event that you discover a security breach or suspect that the security of Personal Data is not properly guaranteed, please contact us immediately (see the contact information at the end of this Privacy Policy). We have procedures in place to handle these reports adequately and carefully in accordance with the applicable legislation.
The Rights of data subjects
Data Subjects have the following rights concerning the processing of your Personal Data:
-
The right to request information about and access to the Personal Data that we process about the Data Subject. This means that Data Subjects can ask what Personal Data has been recorded about them and for what purposes that Personal Data is used and with which third parties it is shared.
-
The right to object to the processing of Personal Data, for example if Data Subjects believe that the use of their Personal Data is not necessary for the execution of our activities or to comply with a legal obligation.
-
The right to request us to have their Personal Data amended and corrected, and to restrict the processing of their Personal Data.
-
The right to ask us to delete their Personal Data from our systems.
-
The right to ask us to arrange for their Personal Data to be transferred to another party.
-
The right to withdraw consent for the processing of their Personal Data as given by them at any time. Please note that withdrawal of consent for Personal Data previously processed on the basis of consent is not possible.
Requests and other communications regarding the exercise of the aforementioned rights can be made in writing using the contact details below. If we deem it necessary, we may ask additional questions to verify the identity of the Data Subject.
We will generally provide a response within one month of receiving a request. We will comply with the request unless we have a compelling legitimate interest not to comply with the request that outweighs the concerned privacy interest. Also, for technical reasons, we cannot always immediately delete all copies of Personal Data from our systems and backup systems. We may also refuse to comply with the aforementioned requests if they are made unreasonably frequently, require unreasonable technical effort or have an unreasonable technical impact on our systems or jeopardise the privacy of others.
If we have complied with a request to correct, supplement or delete Personal Data, or if previously given consent to process Personal Data is withdrawn, we will also inform third parties to whom these Personal Data has been provided of the changes made.
If a Data Subject is not satisfied with the way we have dealt with a request or objection or otherwise with the processing of Personal Data by us, Data Subjects can also lodge a complaint about the use of their personal data with the Data Protection Authority of their country.
Changes to this Privacy Policy
We reserve the right to make changes to this Privacy Policy at any time. We give notice to the Data Subjects of changes that are of significant importance on this page and when appropriate by other communication channels, such as e-mail. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a Data Subject objects to any of the changes to this Privacy Policy, the Data Subject must cease using our Services and can request the erasure of the Personal Data. Unless stated otherwise, the then-current privacy policy applies to the Personal Data the Data Controller has about Data Subjects as described in this Privacy Policy.
Information not Contained In This Privacy Policy
More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. Please see the contact information at the end of this Privacy Policy.
Contact Information
The Data Controller is responsible for this Privacy Policy.
Foil Drive Pty Ltd
14 Denis St
St Marys, SA 5042, Australia
support@foildrive.com
Foil Drive Europe B.V.
Haarlemmerstraat 5
2182 HA Hillegom, Netherlands
support@foildrive.com
Updated on 16/01/25
List of engaged data processors
-
Shopify, maintaining contact with Users, to provide, maintain and improve the Website and monitor the performance and use of the Website and improve the browsing experience, maintaining contact with Customers, entering into agreements with Customers, performing delivery of our products (incl. invoicing), engaging with Business Relations, concluding agreements with Business Relations, maintaining contact with Business Relations, performing our agreements with Business Relations and providing dealer-accounts to Dealers.
-
Subscription Plus, performing delivery of our products (incl. invoicing) to Customers and performing our agreements with Business Relations.
-
Mirasvit Ecommerce Solutions, to provide, maintain and improve the Website and monitor the performance and use of the Website and improve the browsing experience.
-
PT2, performing delivery of our products (incl. invoicing) to Customers and performing our agreements with Business Relations.
-
FORSBERG+two ApS, performing delivery of our products (incl. invoicing) to Customers and performing our agreements with Business Relations.
-
Okendo, maintaining contact with Customers and Business Relations in the form of enabling Customers and Business Relations to write reviews.
-
Klaviyo, sending our newsletter and further commercial messages to Recipients.
-
Gorgias, maintaining contact with Customers and Business Relations.
Updated January 2025