Privacy and Security

Introduction

At SkincareDirect.com.au, we are committed to protecting the privacy of everyone who shops or interacts with us.

This privacy policy applies to SkincareDirect and its related companies, and covers all personal information we collect about customers and other individuals outside the SkincareDirect.com.au group. When we talk about "personal information", we use the definition provided by the Federal Privacy Act -

"Personal information" means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can be reasonably ascertained, from the information or opinion.

We require all of our employees, contractors, suppliers, business partners and service providers to comply with privacy laws and continually look for ways to meet and exceed our customers' expectations.

Collecting Information

We only collect information that is necessary for one or more of our functions or activities, and we only keep it for as long as we may require it for a legitimate business purpose.

When we collect personal information from an individual, we ensure that we do so in a fair manner. We also let the individual know:

- which SkincareDirect is collecting the information, and how to contact that company
- the purposes for which the information is being collected
- the organisations, or types of organisations, to whom we may disclose the information
- the main consequences (if any) for the individual if all or part of the information is not provided, except to the extent that this is obvious
- the fact that the individual can access the information that we hold
- any law that requires us to collect the information.
Privacy notices enable our businesses to communicate these matters clearly and consistently wherever we collect personal information.

We will collect personal information directly from the individual concerned whenever practical. However, if we do collect an individual's personal information from a third party, we take reasonable steps to ensure that the individual has been advised of the matters listed above as they apply to both the third party and our own handling of the information.

We treat certain kinds of sensitive information, such as health information, with higher standards of security and confidentiality. We will only use this sensitive information with the individual's consent unless the law specifies otherwise.

Disclosing Information

We will only disclose personal information:

- for the purposes for which we have advised that we are collecting it, and for related purposes that could reasonably be expected in the circumstances,
- with the individual's consent,
- as part of the asset sale of a business or division,
- as specified by law.

In the course of our business activities, we may need to disclose personal information to our agents, service providers, business partners, government authorities and others, but will always do so in accordance with the above principles. Except where data is transferred as part of the sale of a business or a business division, we will not sell personal information under any circumstances or share it with anyone for marketing purposes unless we have advised of this on collection or otherwise obtained the individual's consent.

Unauthorised Disclosure or Use

Unauthorised disclosure or use of personal information by our employees, contractors or agents is a serious breach of this policy. Merely accessing information without proper authority is a form of unauthorised use and will not be tolerated. In the event of a breach, we will take appropriate action, which may include disciplinary or legal action.

Opt-Out

We will ensure that each direct marketing offer is checked against our opt-out register and provides a clear opt-out opportunity. We will always provide a nil-cost way of contacting us to opt out of receiving further marketing offers.

Access to Personal Information

Individuals will be able to access their personal information upon request. However, we may occasionally need to deny access to information where the law expressly allows it (for example, when someone is under investigation for fraud).

We will not provide access to spouses, family members or other third parties unless we are required or permitted by law to do so or have the clear, written authority of the individual concerned.

Security

Our priority is to protect the personal information that we collect. Personal information will be managed confidentially and securely, and will be destroyed when no longer required.

We secure personal information in the same way as we safeguard our own sensitive information. We also strive to constantly improve our business processes and the technology we use to protect data.

Data Quality

We will take all reasonable steps to ensure that personal data we hold is accurate, complete and up to date, and has been obtained directly from the individual or a reputable third party.