"We”, "us” and "our" means Such Skincare Pty Ltd ABN 96 633 014 365 of Unit 9, 628-630 Newcastle Street, Leederville, Western Australia 6007, Australia.
What is personal information?
Personal information is any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true.
Our services are not directed to persons under 18 years of age and we do not knowingly collect personal information from anyone under 18. If we become aware that a child under 18 years of age has provided us with personal information, we will delete that information as quickly as possible. If you are the parent or guardian of a child and you believe they have provided us with personal information without your consent, then please contact us.
What personal information do we collect and hold?
We collect information about you and your interactions with us, for example, when you purchase our products, email us or visit our website. The information we collect from you may include your name, address and email address, telephone number, billing address, date of birth, billing information such as your credit card number and bank account details, survey responses, support queries, blog comments, reviews you post about our products, social media handles, your history of purchases and use of our products, details of enquiries or complaints you make and any other information which we consider is reasonably necessary to perform our business functions or activities.
We automatically collect information about how you access, use and interact with our website (Device Information). This information includes: (a) the time zone and location from which you have come to the website and some of the cookies that are installed on your device; (b) technical data, which including IP address, the types of devices you are using to access the website, device attributes, browser type, language and operating system; and (c) as you browse our website, the individual pages or products that you view, what websites or search terms referred you to the website and information about how you interact with the website.
We collect Device Information using the following technologies:
Log files track actions occurring on the website, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
Web beacons, tags, and pixels are electronic files used to record information about how you browse the website.
Our online store is powered by Shopify. As a Shopify merchant, Shopify places cookies for visitors to our website that are necessary for the proper functioning of our website and that are for reporting and analytics. You can read about the cookies Shopify places for visitors to our website here.
Why do we collect, hold and use your personal information?
We collect, hold and use your personal information so that we can: (a) provide you with products and services and manage our relationship with you; (b) contact you, for example, to respond to your queries or complaints, or if we need to tell you something important; (c) provide you with a personalised and optimised website experience; (d) screen the orders we receive for potential risk or fraud; (e) comply with our legal obligations and assist government and law enforcement agencies or regulators; and/or (f) identify and tell you about other products or services that we think may be of interest to you.
We may also use your personal information to provide you with information about other services offered by third parties which we think you may find interesting. If you would prefer not to receive this information, please contact us by email at email@example.com. We will not disclose your personal information to any third parties without your consent, unless we are required to by law or to the extent we use third parties to capture or manage your personal information on our behalf.
If you do not provide us with your personal information we may not be able to provide you with our products, communicate with you or respond to your enquiries.
We also use the information we collect in aggregated and anonymised forms to improve our services, including: administering our website, producing reports and analytics, advertising our products and services, identifying user demands and assisting in meeting customer needs generally.
Any information you choose to make publicly available, such as blog comments, reviews and testimonials on our website or social media, will be available for others to see. If you subsequently remove this information, copies may remain viewable in cached and archived pages on other websites or if others have copied or saved the information.
How do we collect your personal information?
We will collect your personal information directly from you whenever you interact with us.
We may collect information from third parties such as Facebook and Google.
How do we store and hold personal information?
We store most information about you in computer systems and databases operated by either us or our external service providers.
We implement and maintain processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure. These processes and systems include monitoring and regularly reviewing our practice against our own policies and against industry best practice.
We will also take reasonable steps to destroy or de-identify personal information once we no longer require it for the purposes for which it was collected or for any secondary purpose permitted under the Australian Privacy Principles.
In the event there is a breach of our security and your personal information is compromised, we will promptly notify you in compliance with the applicable law.
Who do we disclose your personal information to, and why?
We may disclose personal information to external service providers so that they may perform services for us or on our behalf. For example, we use Shopify to power our online store. We also use Shopify applications on our online store. You can read more about how Shopify uses your personal information here. We use Google Analytics to help us understand how our customers use our website. You can read more about how Google uses your personal information here. You can also opt-out of Google Analytics here. We also use CM Commerce as our marketing platform. You can read more about how CM Commerce uses your personal information here.
We also use a number of applications on our website and these applications have access to personal information including customer names, email addresses, phone numbers, physical addresses, geolocations, IP addresses and browser user agents. You can read more about how the providers of these applications use your personal information here:
- XeroBridge (we use this app to integrate with Xero, our accounting software)
- Campaign Monitor | Commerce (we use this app to integrate our online store with CM Commerce, our marketing platform)
We may also use your personal information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by using the links below:
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s Opt-out portal.
We may also disclose your personal information to others outside of our company where:
(a) we are required or authorised by law to do so;
(b) you may have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances; or
(c) we are otherwise permitted to disclose the information under the Privacy Act 1988 (Cth) .
Also, we may use your personal information to protect the rights, property or safety of us, our customers or third parties.
If the ownership or control of all or part of our business changes, we may transfer your personal information to the new owner.
Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
Do we disclose personal information to overseas recipients?
We may disclose your personal information to recipients who are located outside Australia. Those recipients are likely to be located in the United States of America, the United Kingdom and the European Union.
Do we use your personal information for marketing?
We will use your personal information to offer you products and services we believe may interest you, but we will not do so if you tell us not to. These products and services may be offered by us, our related companies, our other business partners or our service providers.
Where you receive electronic marketing communications from us incuding by SMS, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication.
Access to and correction of your personal information
You may access or request correction of the personal information that we hold about you by contacting us. Our contact details are set out below. There are some circumstances in which we are not required to give you access to your personal information.
There is no charge for requesting access to your personal information but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).
We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate, up to date and complete.
Our responsibilities under general data protection regulation (GDPR)
If you are a resident of the European Union (EU) or United Kingdom (UK) you have certain rights and protections under the GDPR regarding the processing of your personal information.
We collect, use and store your personal to enable us to provide you with our goods or services and information about them. We rely on the following lawful means of processing your personal information:
- Where it is necessary to fulfil a contract with you. This includes where we collect your personal information to enable us to send you our goods or provide you with our services.
- Where you have given us valid consent to use your personal information. We will rely on that consent and only use the personal information for the specific purpose for which you have given consent. This includes where we email marketing or other information to you or send mobile phone notifications.
- We may also process your personal information where it is to further our legitimate interests which could include usage statistics, analytics and internal analysis so we can improve our services to you.
Your rights as an EU or UK resident
If you are a resident of the EU or UK you have various rights including the:
- Right to be informed;
- Right of access;
- Right to rectification;
- Right to object;
- Right to restriction of processing;
- Right to erasure or to be forgotten;
- Right to data portability; and
- Right not to be subject to automated processing.
If you want to access your personal information or ask for the information to be corrected, please contact us. In some circumstances, you also have a right to object to or ask that we restrict certain processing activities or delete your personal information. If you would like to limit or request deletion of your personal information or exercise any other rights you can do so by contacting us.
You can withdraw your consent to our collection or processing of your personal information. You can do so by contacting us or by opting out of email communications by following the instructions in those emails or by clicking unsubscribe. If you withdraw your consent to the use of your personal information, you may not have access to our services and we might not be able to provide you with our services. In some circumstances, where we have a legal basis to do so, we may continue to process your information after you have withdrawn consent. For example, if it is necessary to comply with an independent legal obligation or if it is necessary to do so to protect our legitimate interest in keeping our services secure.
We comply with the GDPR protection directives set out by the EU and UK regarding the collection, use and retention of personal information from EU member countries and the UK. All personal information stored on our platform is treated as confidential. It is stored securely and is only accessed by authorised personnel. Our collection is limited in relation to what is necessary, for the purpose for which the personal information is processed, and kept only for so long as is necessary for the purpose for which the personal information was collected. We implement and maintain appropriate technical, security and organisational measures to protect personal information against unauthorized or unlawful processing or use, and against accidental loss, destruction, damage, theft or disclosure. We ensure the encryption and pseudonymisation of personal information and we have adequate cyber security measures in place.
Your acknowledgement as an EU or UK resident
By providing us with your personal information, you consent to us disclosing it to third parties who reside outside the EU or UK, including to Canada and the United States of America.
If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should contact us. Our contact details are set out below.
We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.
If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (www.oaic.gov.au) for guidance on alternative courses of action which may be available.
If you have any questions, comments, or concerns, please contact us by email at firstname.lastname@example.org
Changes to this policy