Privacy Policy

Shy Skin's Commitment to Maintaining Your Privacy

August 2021

Introduction

This Policy applies to all businesses operated by Shy Skin Pty Ltd ABN 89 618 137 901 (our, us, we or Shy Skin) including the In Shy Skin business. This Policy applies to all the information we collect from you including via our website currently located at www.shyskin.com, any replacement site or additional sites we operate (Site

We are committed to respecting the privacy of our customers and persons with whom we interact, including visitors to the Site.

Terms used in this Policy that are defined in the Privacy Act, have the same meaning in this Policy as given to the term in the Privacy Act.

The date of this Policy is set out above.

By continuing to use the Site, or otherwise continuing to deal with us, you accept this Policy as it applies from time to time including the collection, use and disclosure of your personal information as specified in this Policy. You are entitled to opt out of emails and personalised marketing and advertising at any time. Please refer to sections 7 and 8 of this Policy.

You also agree that by accessing the Site, we can communicate with you electronically regarding security, privacy and administrative issues relating to your account information and usage.

Individuals located in the European Union (EU) may also have rights under EU based rules known as the General Data Protection Regulation (GDPR). The GDPR has harmonised the data privacy laws of each individual EU country, giving more rights to individuals located in the EU and more obligations to organisations holding their personal information. Please refer to section 11 of this Policy.

 

Please note that if you do not wish to submit personal information, you may not be able to access or use any sections of the Site,mobile app and services that require your personal information. For example, you will not be able to register for an account with us, participate in certain contests or promotions, or access and/or use certain features or online services. In addition, your refusal to submit personal information may limit our ability to respond to your customer support inquiry in a timely fashion.

1. The personal information we collect

We collect information about you when you use the Site, when you use our products or services and when you deal with us in other ways. We may also collect information about you from other people and organisations.

Information we collect from you

We generally will only collect Personal Information about you if you voluntarily submit it to us.

We collect personal information about you when you contact us, visit the Site use our products or services, or deal with us in some other way.  The personal information we collect may be identifiable or non-identifiable.

The personal information we collect from you includes:

  • If you register to access the Site or a particular feature on the Site or complete user profiles – account log-in credentials (such as your name, physical address, email address, telephone number, date of birth or username and password when you sign up for an account with us).

  • If you register to receive a newsletter or subscription – your name and email address.

  • If you enter a competition or other promotion we are conducting– your name and email address and other personal information depending on the entry requirements.

  • If you contact us as described in the Contact Us section (see section 14), send us an email or otherwise communicate or interact with us – your name and email address and other personal information you provide in the course of the interaction depending on the nature of the communication. We may track activity relating to your interaction with our email communications and with links contained within our email communications and the Site.

  • If you respond to a job advertisement or otherwise contact us about working with us – your name, date and place of birth, contact details, occupation and education/work history, current and previous employers, passport details, information relating to your dealings with us or our customers and suppliers and other information which would assist us in considering your application;

  • If you purchase goods or services from us – your name, physical address, email address, telephone number, the amount of the transaction and other personal information required to complete the transaction. We do not collect financial information such as credit card details as payments are handled by a third party payment gateway (which, at the date of this Privacy Policy is PayPal and Afterpay). Third party payment providers will have their own privacy policies which apply to the collection of information by them to process payment of your purchase.

  • If you make a customer service requests (eg, if you require assistance with your use of the Site or our mobile app) – troubleshooting and support data (which is data you provide or we otherwise collect in connection with support queries we receive from you. This may include contact or authentication data, the content of your chats and other communications with us, and the product or service you are using related to your help inquiry).

  • If you download software or mobile apps – your name and contact details and other information for the purposes of accessing, signing up and using the software or app.

  • When you visit the Site or use our mobile app – your location information, IP address, mobile device network information, any third-party sites you access before or after you visit the Site, the duration of your visit to the Site, how frequently you visit the Site, and any other information collected via third party analytics providers. We use cookies (or files sent directly to your computer or device) and other similar technology. The information we collect in this way will be non-identifiable unless we inform you that it is identifiable prior to its collection. You can change your browser’s privacy settings to delete or control cookies or other similar technology as you wish.  Updating these settings may prevent you from using various functionality features, products or services of our Site. Please review our Cookie policy.

  • If you are contacting us in your capacity as a representative of a business – your business contact information (such as your name, job title, organisation, location, phone number, email address, and country). If you are purchasing goods and services in your capacity as a representative of a business, we may also collect information required to process a payment which may include a personal credit card number and related information.

  • If you participate in a survey we are conducting (which we would generally conduct to facilitate improvement or expansion of the types and qualities of goods and services we offer) – your name and email address, although we anticipate that users will be able to participate in the majority of the surveys we conduct on an anonymous basis.

 

From time to time, we may ask you to supply additional personal information for specific purposes. In such cases, we will clearly explain why we request that information and unless we are required or authorised by law to request that information from you, providing such information to us is optional.

If we engage a third party email service, survey provider or other service provider whose Site you may be required to visit, you may be required to accept that service provider’s privacy policy. We are not responsible for the privacy policies of third party service providers or their compliance with their privacy policies.

Information we collect from others

From time to time, we may obtain information about you from third-party sources such as employers (where you are dealing with us in a business capacity), public databases, social media platforms, service providers and third-party data providers. If we solicit third parties to collect non-personally identifiable and personally identifiable information on our behalf, we instruct those third parties to comply with this Policy and require confirmation of their compliance with applicable privacy laws and regulations.

Sensitive Information

The Privacy Act protects your sensitive information (such as information about your race, religion, ethnicity, sexual orientation, health, political opinions, trade association or trade union membership, and criminal records). If we need this type of information, we will explain why we need this information and ask for your permission except if we are required by law to collect this information without seeking your permission.

Anonymity

You have the option to interact anonymously or using a pseudonym with the Site. However, if you choose to remain anonymous or use a pseudonym, your experience with the Site may be diminished and we may not be able to offer you our full range of goods and services.

Unsolicited Personal Information

Where we receive unsolicited personal information about you, we will check whether that information is reasonably necessary for our functions or activities. If it is, we will handle this information the same way we do with other information we seek from you. If not, we will destroy or de-identify it.

Personal Information Provided via Interactive Features on Site

Any personal information that you submit, display, or publish on a forum, blog, channel, bulletin board, chat room, user commenting feature or other interactive sharing or social feature offered through the Site, mobile app or our services is considered publicly available and can be read, collected, used, and disclosed by other users of those features, by us and other third parties without restriction, except to the extent limited access features are available.

Children and minor’s privacy

Although we will comply with this Policy in respect of information provided to us by persons under the age of 18 years, those persons must obtain the consent of a parent or guardian prior to using the Site and the parent or guardian will be responsible for appropriately supervising the person’s use of the Site.

We also ensure that the Site and marketing is not aimed at and does not target children under 13 years of age and will not intentionally collect data from them. If you believe that we might have any information from or about a child under 13, please contact us as provided in the Contact Us section (see section 14).

2. How we use your personal information

We use and disclose your personal information for the purposes for which it is collected which include:

  • to manage our relationship with you;

  • to allow you to access and use the Site and mobile app;

  • to provide goods and services to you;

  • to improve the Site, mobile app, our goods and services including expanding our goods and services offering;

  • to provide you with news and information about the Site, the mobile app, our goods and services, our partners and our licensees including by sending you newsletters and update, seeking your opinions and feedback about the Site, the mobile app and our goods and services;

  • to ensure the proper functioning of our Site and mobile app including customising and improving your online experience with us;

  • to personalise your experience with the Site, mobile app and our goods and services including dealing with support requests and technical queries;

  • to ensure the proper functioning of our businesses including administrative, operational and financial purposes;

  • to assist us with our marketing, planning, product development and research requirements;

  • to send you marketing and promotional material that we believe you may be interested in and otherwise communicating with you about our products and services including information about special offers and changes to the Site, mobile app or our goods and services;

  • purposes necessary or incidental to the provision of the Site, mobile app and our goods and services;

  • any purposes permitted or required under applicable laws; and

  • any other use to which you have expressly or impliedly consented.

We will also use your personal information for a secondary purpose that is related to a purpose for which we collected it, where you would reasonably expect us to use or disclose your personal information for that secondary purpose.

3. To whom we disclose your personal information

We may disclose your personal information where you have expressly or impliedly consented to the disclosure. We may also disclose your personal information as follows:

  • Related entities and networks – We may disclose personal information to our related bodies corporate and between our multiple online networks to ensure that the networks function as we require or intend. Our related bodies corporate and online networks will comply with this Policy.

  • Service providers – We may make your information available to certain third party service providers who assist us, or act on our behalf, to provide, develop, deliver, administer, manage, improve, promote, market and protect the Site, mobile app, our IT systems and other business functions subject to confidentiality obligations and restrictions on use we consider appropriate (such as requiring service providers to comply with this Policy). This might include (without limitation) providers of cloud services, data storage providers, website hosting services, channels, direct marketing services, market or consumer research services, data connectivity platforms, interactive or online advertisers, customer support contractors, human resources, IT consultants and independent contractors who provide us with services or who assist us with our corporate or business functions.

  • Third party data analytics and data marching companies (such as Google) – We use third party analytics companies to collect data from the Site about traffic on the Site via cookies and identifiers subject to confidentiality obligations and restrictions on use we consider appropriate (such as requiring service providers to comply with this Policy). These companies analyse and report about the data they have collected, e.g., a report may summarise how many people have viewed a certain webpage within a certain age bracket. These companies may combine the data they collect from the Site with data obtained from other companies to produce reports relevant to our businesses. These companies may also share the data they collect with other data analytics companies.

  • Legal requirements and proceedings – We may disclose information to law enforcement authorities, national security agencies, statutory dispute resolution bodies, other government and regulatory authorities and other organisations as required or authorised by law, or in accordance with any industry code or standards registered under an applicable law. We may also disclose information if we believe disclosure is necessary or appropriate in connection with an investigation of suspected or actual fraudulent or illegal activity.

  • Business partners – We may share your information with our third party business partners. These may include (without limitation) our licensees; partners who offer competitions, special offers or promotions with us; partners who collect money on our behalf; partners who jointly provide goods or services with us; or partners who provide a service or product that operates in conjunction with (or interacts with) the Site, mobile app or our goods and services. The third party’s use of your information will be governed by their own privacy policy. You should consult each of their privacy policies to determine your rights with respect to their use and treatment of your information. Where you have consented, we may also share your information with our business partners so they can send you marketing communications.

  • Professional advisers –We may also share your information for certain purposes with our professional advisors and representatives (eg, lawyers, accountants, auditors, corporate consultants or business analysts) to assist us with our corporate or business functions and to develop our business strategies.

  • Protection of the Site, mobile app, goods and services – We may disclose information to protect and defend the rights, interests and safety of the Site, mobile app and our goods and services, our employees, contractors and agents; to protect the security and safety of our users of the Services, including when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss.

  • Connect sharing – We may disclose information to allow you connect and share content with third parties. By using any third party service to share links to our content, you permit us to access, use and disclose information relating to your account on each such third party service (such as your user name and profile information) if available to us through the third party service.

  • Business transfers – We may disclose information in the event of a proposed or completed sale or transfer of all or a portion of our business or assets (including in the event of a reorganisation, dissolution or liquidation). We will make reasonable efforts to notify you by posting a notice on the Site and, sending you an email if we have your email address.

 

We may share non-personal, de-identified or aggregated de-identified information with third parties at our discretion.

4. Security and Integrity

We take measures, including the implementation and maintenance of physical, electronic, and managerial procedures, in an effort to assure the security, integrity, and accuracy of all personal information that we collect. These reasonable steps include password access, firewalls, and secure servers.

We have also trained, and will continue to train, our staff to handle personal information in accordance with the Privacy Act, Australian Privacy Principles, other applicable privacy laws and this Policy.

We will destroy or de-identify your information if we no longer require the information to provide you with access to the Site, mobile app or our goods and services and if the information is not required to be saved under Australian law or for other purposes (eg, complying with the order of a court or government authority).

If we learn of a notifiable data breach, we will notify you of the breach as required by the Privacy Act or other applicable laws and comply with those laws to remedy the breach.

5. Storage

We store your information on networks in Australia, the USA, Israel, Europe and other jurisdictions in which our service providers are located and process data on our behalf.

We will take reasonable steps to ensure that such disclosures are subject to reasonable confidentiality terms, that the overseas third party is subject to a law or binding scheme that protects your information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy Principles protect your information or that the overseas third party takes steps to prevent a breach of the Australian Privacy Principles in relation to your information.

6. Destroying or de-identification of personal information when no longer required

We aim to keep personal information only for the period for which we require it (subject to compliance with laws or court or administrative proceedings). When we no longer require the information, we take reasonable steps to destroy or de-identify personal information.

7. Unsubscribing

You can opt out of receiving communications from us at any time by clicking the unsubscribe link in communications you receive from us.

By opting out of one particular electronic communication received from us, you will be removed from the subscriber list in connection with that particular communication category or newsletter. However, you will continue to receive communications in relation to other newsletters to which you subscribed and have not opted out.

 

Please note that if you unsubscribe from our communications, we may still send you relevant administrative or security notices from time to time.

8. Marketing & Advertising

If you do not wish to have your browsing activity tracked or your information used for the purpose of delivering you targeted advertisements, you may opt-out of the services currently used by contacting us as specified in the Contact Us section (see section 14). Please note, you will still continue to receive generic advertisements.

9. Third Party Services and Links

Occasionally we will include links to third party websites on the Site (including third party payment gateways) or communications with you. Whenever you choose to follow such links to any other websites you should be aware that our privacy policy no longer applies and that each third party website’s privacy policy will govern their collection, storage and use of any of your Personal Information from the moment you leave our Site.

10. Accessing, updating, correcting and deleting personal information

The accuracy of the personal information we have requested from you is important to us. We will take all such steps as are reasonable in the circumstances to ensure that all information requested from you is kept accurate, up to date and complete. However, we cannot undertake to ensure that such data, even where it includes Personal Information, is kept accurate, up to date and complete.

 

Accessing personal information

You may request access to any personal information we hold about you by contacting us as specified in the Contact Us section (see section 14). Whenever you are entitled to access such information, we will provide such information to you via email or post without charging you for such access. We will try to respond to your request within 30 days of your request (or such longer period as is reasonable in the circumstances given the volume of the personal information to which access has been requested and whether the personal information is currently in use or archived).

We may charge you a fee to recover the reasonable costs incurred by us in retrieving your information, but in no case will we charge you a fee for your application for access.

There will be instances where we cannot grant you access (e.g., where access would interfere with the privacy of others). If we refuse your request, we will provide reasons for our decision unless doing so would be unreasonable in the circumstances. If you are not satisfied with our response, you can make a complaint in accordance with the procedure outlined below (see section 12).

Updating, correcting and deleting personal information

You may, at any time, request that the personal information we hold about you is updated or corrected or deleted by contacting as specified in the Contact Us section (see section 14). We will try to deal with your request within 30 days of your request (or such longer period as is reasonable in the circumstances given the volume of the personal information to which access has been requested and whether the personal information is currently in use or archived).

If we refuse your request, we will provide reasons for our decision. If you are not satisfied with our response, you can make a complaint in accordance with the procedure outlined below (see section 12).

If we delete your personal information as requested, your experience with the Site may be diminished and we may not be able to offer you our full range of goods and services.

11. European Union

This section is relevant to users that are based in or that access the Sites and Services from the EU (EU Users).

In accordance with the GDPR, we do not direct personalised advertising and marketing to users in the European Union. This includes tracking EU Users’ activity or targeting EU Users with advertising that uses personal information.

We may use cookies and other tags (in accordance with our Cookie Policy) to display advertisements to EU Users based on non-personally indefinable information, anonymous data, or aggregated data that we have collected in connection with an EU Users’ interaction with the Site, the mobile app and our goods and services.
 

We will not track your activity or target you using your personal information without your express, informed consent. When requesting your consent, we will provide clear information about the ways that we use your personal information. Consent may include requesting that you opt into particular activities or that you expressly provide your preferences in relation to particular activities.

12. Complaints

Please feel free to direct any questions concerns or complaints regarding our Policy or our treatment of your personal information by contacting our privacy officer as set out below.

We will contact you promptly to let you know the next steps in resolving your complaint and to obtain any further information we need to consider your complaint. We will endeavour to respond to your complaint within 30 days of receipt of the complaint by our privacy officer.

If you consider that your complaint has not been adequately dealt with by us, you can make a further complaint to the Office of the Australian Information Commissioner ( www.privacy.gov.au), which has complaint handling responsibilities under the Privacy Act. We will cooperate with the appropriate regulatory authorities, to resolve any complaints regarding Personal Information that cannot be resolved internally.

EU Users have the right to lodge a complaint with the relevant supervisory authority in their member state. We encourage you to contact us first so that we can respond to your concerns. We will do our best to resolve them promptly in accordance with relevant laws and policies.

13. Changes and Updates to This Policy

We regularly review this Policy. This Policy was last updated in August 2021 and may be updated by us, from time to time, in our sole discretion. We will notify you of any such changes by providing the current version of the Policy on the Site.

We encourage you to review this Policy periodically to stay informed about our collection, use and disclosure of Personal Information. Your continued use of our Sites and/or Services or any other content, products or services covered by this Policy constitutes your agreement to this Policy and any updates.

14. Contact Us

You may contact us at hello@shyskin.com or by writing to us at:

Privacy Group

c/o Shy Skin Pty Ltd

PO Box 3166

Merewether NSW 2291

Australia.