Section One – What is personal information?
Some types of personal information are designated as 'sensitive information', and are subject to additional protection under the Privacy Act. For example, these can include information about your health.
Section Two – What types of personal information do we collect?
The types of personal information we collect about you will depend on the purpose for which the information is collected. This can include:
- in the case of customers purchasing our products through our online store –
- your name, billing or shipping address, email address, telephone number(s), payment information (including credit card information or alternative payment method account information) and order details; and
- where Vida Glow suspects that a transaction may be fraudulent or that a purchase may be for the purpose of resale, your driver's licence and any other form of identification that Vida Glow considers reasonably necessary to verify your identity;
- if you have requested to receive news and exclusive offers, promotions, or invitations to events – your name, mailing or street address, email address and telephone number(s);
- If you have contacted our customer support team to make a complaint, provide feedback, submit an enquiry, request a call-back or request a product replacement – your name, email address and any files attached to your request;
- in the case of our brand ambassadors, representatives or supporters your name, mailing or street address, email address, date of birth, occupation and social media information;
- in the case of prospective employees or contractors – information contained in your application or résumé, recorded during any interview, or obtained through any pre-employment checks, and government-issued identifiers such as tax file numbers; and
- in the case of our suppliers and distributors – your name, mailing or street address, email address and telephone number(s).
Generally, Vida Glow will not collect sensitive information about you. However, in certain circumstances, we may need to collect limited sensitive information. For example, if you disclose details of a medical condition or other specific dietary or allergy requirements to us in the course of requesting further information from us about any of our products. When you browse our website, we also automatically receive details of your device's Internet protocol (IP) address, your web browser type used to access our website and your operating system.
Section Three – How do we collect personal information?
We collect personal information directly from you, including when you:
- access our website;
- place an order or arrange a subscription;
- arrange for a delivery or return a purchase;
- sign up to receive news and exclusive offers;
- enter surveys, competitions, promotions or request information or material from us;
- communicate by us by email, by telephone or via our website;
- apply to work with us or are engaged by us as a contractor; or
- provide goods or services to us.
In some circumstances, we may collect personal information about you:
- from publicly available sources (such as the internet); or
- from third parties, for example:
- from your referees during the recruitment process if you apply for a job with us; or
- from our service providers who we engage to assist us with our activities.
Section Four – Direct marketing communications
We will only send you emails about our store, new products and other direct marketing communications (for example through mail, SMS or email), where you have consented to us doing so or we are otherwise permitted by law to do so. You can unsubscribe from direct marketing communications at any time by contacting us at email@example.com.
Section Five – Can you choose not to disclose your personal information?
If you contact us to make a general enquiry about Vida Glow or our products, you do not have to identify yourself or provide any personal information. Alternatively, you can also notify us that you wish to deal with us using a pseudonym.
However, if we are not able to collect personal information about you, we may not be able to provide you with the information or assistance you require. For example, we will not be able to send you information you have requested if you have not provided us with a valid email address or telephone number.
Section Six – How do we use your personal information?
In general, we use your personal information for our business operations. Some specific purposes for which we use your personal information are as follows:
- to process your purchase and provide you with products that you have ordered, as part of the buying and selling process;
- to verify your identity (for example, if you request access to personal information we hold about you or if we require further information to process your purchase);
- to consider you for a job at Vida Glow (whether as an employee or contractor) or other relationships with us;
- to communicate with you and to address any issues or complaints that we or you may have regarding our relationship; and
- to contact you regarding the above, including via electronic messaging such as SMS and email, by mail, by phone or in any other lawful manner.
We may also use or disclose your personal information for other purposes to which you have consented, or as otherwise permitted or required by law.
Technical information and general analytics information is used for the purpose of gauging website visitor traffic and trends and delivering personalised content to you while you are on our website, and to improve our website and our products and services.
Section Seven – To whom do we disclose personal information?
We may disclose your personal information to third parties in connection with the purposes described above (see Section Six). We may disclose your personal information to the following types of third parties:
- any potential third party acquirer of our business or assets, and advisors to that third party;
- our professional advisers (such as lawyers, accountants or auditors) and insurers;
- our employees, contractors and third party service providers who assist us in performing our functions and activities e.g. payment systems operators and financial institutions, cloud service providers, data storage providers, freight companies, telecommunications providers and IT support services providers;
- organisations authorised by us to conduct promotional, research or marketing activities;
- third parties with whom we have arrangements for the purpose of promoting our business, for example marketing agencies and companies who may use your personal information to tailor electronic advertising to you (e.g. on a webpage or social media platform) in relation to our products and services;
- third parties to whom you have authorised us to disclose your information (e.g. referees if you are applying for a job with us); and
- any other person as required or permitted by law.
If we disclose your personal information to third parties, Vida Glow will use reasonable commercial efforts to ensure that such third parties only use your personal information to the extent reasonably necessary to allow the third party to comply with their obligations to us in a manner consistent with applicable laws. For example, where commercially practical, we will include suitable privacy and confidentiality clauses in our agreement with a third party service provider to which we disclose your personal information.
Section Eight – Where is your data stored and transferred?
Our online store is hosted by Shopify Inc. Your data is stored in databases located in Australia and the United States of America. We store your data on a server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then our server stores your credit card data only until the payment transaction is completed and then the information is deleted. Your credit card data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Section Nine – Security
To protect your personal information, we take reasonable precautions and follow industry good practices with the aim of ensuring it is not lost, misused or inappropriately accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow PCI-DSS requirements and implement additional generally accepted industry standards.
Please notify us immediately if you become aware of any breach of security.
Section Ten – Third Party Services
When you click on links on our website, you may be directed away from our website. We are not responsible for the privacy practices of other websites and businesses, and we encourage you to read their respective privacy policies.
If you use any third-party service providers in the course of your use of our website, such as payment gateways and other payment transaction processors, these third-party providers have their own privacy policies in respect of the personal information we are required to disclose to them for your purchase-related transactions. We recommend that you read their privacy policies so you understand how these third-party service providers will handle your personal information.
Section Eleven – How can you access and correct your personal information?
You may request access to any personal information we hold about you at any time by contacting us. We will provide access to that information in accordance with the Privacy Act, subject to any exemptions that may apply. We will need to verify your identity before we can comply with your request. We may also charge an administration fee in limited circumstances, for example if we are required to procure additional resources to comply with your request.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it by contacting us.
Section Twelve – What is the process for complaining about a privacy breach?
If you have any questions, concerns or complaints about our collection, use, disclosure or management of your personal information, please contact us in writing using the contact details below.
We will make inquiries and your complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner.
If you are unsatisfied with the outcome, we will advise you about further options including, if appropriate, review by the Privacy Commissioner within the Office of the Australian Information Commissioner.
Section Thirteen – Exemptions
Where applicable, we will rely on the employee records exemption in the Privacy Act and any other applicable exemptions in the Privacy Act or other legislation.
Section Fourteen – Questions and Contact information
If you would like to register a complaint or simply want more information about how we handle personal information, please contact our Privacy Compliance Officer at firstname.lastname@example.org.