Privacy policy.
Overview
This Privacy Policy describes how CM skincare Pty Ltd ACN (652 816 021) (“CM Skincare, “us”, ”its”, “we”, “our”) and its related entities, collect, hold, use and disclose personal information consistent with the Privacy Act 1988 (Cth) (“Act”) as amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (“Amendment Act”) and the Australian Privacy Principles found in that Act.
This Privacy Policy is also a notification to individuals of the matters required to be notified by the Australian Privacy Principles.
1. Who is CM Skincare
CM Skin is one of Australia’s best skincare products also providing skin care services. To perform its functions and deliver these services, we need to collect, use and disclose your personal information.
CM Skincare is firmly committed to protecting the privacy and confidentiality of personal information and to maintaining various physical, electronic and procedural safeguards to protect personal information in its care.
By providing personal information to us (either directly or allowing another person to do so on your behalf), you agree that this Privacy Policy will apply to how it handles your personal information and you consent to it collecting, using and disclosing your personal information as detailed in this Privacy Policy.
If you do not agree with any part of this Privacy Policy, you must not provide your personal information to us. If you do not provide us with your personal information, or if you withdraw a consent that you have given under this Privacy Policy, this may affect our ability to provide services to you or negatively impact the services it can provide to you.
2. What personal information does CM Skincare collect?
Personal information has the meaning given under the Privacy Act 1988 (Cth), being information or an opinion about an identified individual, or an individual who is reasonably identifiable:
whether the information or opinion is true or not; and
whether the information or opinion is recorded in a material form or not.
The type of personal information CM Skincare collects is the information required to facilitate and management of our business.
Generally, this includes:
name/s;
contact details (e.g. residential & postal address, email address, telephone number(s), facsimile number);
financial information (e.g. credit/debit card number, security number, expiry date or other billing information);
our loyalty program;
other details relevant to the management of our business
We also collect information that is required for use in its business activities and those of its related entities, including video surveillance footage used for security purposes, and other relevant personal information you may elect to provide to it.
In some circumstances, we may collect personal information from you which may be regarded as sensitive information under the Privacy Act 1988 (Cth). Sensitive information includes (without limitation):
racial or ethnic origin;
financial information; and
and health information and genetic information.
We will only collect sensitive information in compliance with the Privacy Act 1988 (Cth), with your consent and where it is reasonably necessary for, or directly related to one or more of its functions or activities unless it is otherwise required or authorised to do so by law.
In providing your sensitive information, you consent to us in using and disclosing your sensitive information for the purpose for which it was collected, unless you subsequently withdraw your consent or consent for it to be used for another purpose.
3. How does CM Skincare collect personal information?
Where practical, we collect personal information directly from you when it deals with you in person, by telephone, letter, facsimile, email or when you visit its website.
However, we may also collect your personal information when you:
purchase or make enquiries about products or services;
enter competitions or register for promotions;
request brochures or other information;
subscribe to receive its marketing materials (e.g.
e-newsletters);apply for a job or work experience.
Unless you choose to do so under a pseudonym or anonymously, we may also collect your personal information (other than sensitive information) when you complete surveys or provide it with feedback.
In some circumstances, it may be necessary for us to collect personal information about you from a third party. This includes where a person makes a booking and or purchase of goods on your behalf. Where this occurs, we will rely on the authority of the person making the booking and or the purchase to act on behalf of the person who the booking and or purchase of the goods is made for.
By providing your personal information to us, either directly or through a family member, friend or other agent or representative in connection with the booking, purchase of goods or related service, you will be deemed to have consented to your personal information being collected, used and disclosed in accordance with this Privacy Policy.
Where you make a booking and or purchase of goods on behalf of another person, you agree you have obtained the consent of the other person for us to collect, use and disclose the other person’s personal information in accordance with this Privacy Policy and that you have otherwise made the other person aware of this Privacy Policy.
You should let us know immediately if you become aware that your personal information has been provided by another person without your consent or if you did not obtain consent before providing another person’s personal information.
4. How does CM Skincare hold and secure personal information?
Personal information collected by us is held, stored and managed on a secure online storage database by a third-party data storage provider.
We do not (and will not allow any third party) to use, view or collect any personal information from the secure online storage database.
We have implemented a range of physical, electronic and managerial security procedures and measures to prevent the misuse, interference, loss, unauthorised access, modification or disclosure of your personal information including:
secure encryption technologies
firewalls and intrusion detection systems;
virus protection back-ups;
restricted access; and
Personal information received by CM Skincare may only be accessed by its authorised employees and contractors who may require access in connection with the purposes described in this Privacy Policy.
We regularly review our security technologies and strives to protect any personal information provided to it.
We will destroy or de-identify personal information once we no longer require it for our business purposes, or as required by law.
We are not responsible for any third party’s actions or their security controls with respect to information that third parties may collect or process via their websites, services or otherwise.
5. How does CM Skincare use and disclose personal information?
Where you contact us in relation to a booking or query, the primary purpose for which we collect your personal information is to provide you with advice and/or to assist you with booking and/or purchase of any related products and services.
If you do not provide us with your personal information, we may not be able to provide you with our products or service.
However, the purpose for collection may differ depending on the particular circumstances as disclosed in this Privacy Policy (e.g. collection of your personal information for the purpose of your participation in a competition, provision of feedback, etc).
By continuing to use our products and services and/or by providing it with personal information (or allowing another person to do so on your behalf), you consent to us in using and disclosing your personal information for the purpose for which it was collected, and, where permitted by your local data protection laws, for any related secondary purpose which it believes you would reasonably expect.
The secondary purposes for which we collect, uses and discloses personal information include:
providing you with services and tools you choose to use (e.g. saving personal information to allow for pre-population of online forms);
identification of fraud or error;
regulatory reporting and compliance;
developing and improving products and services;
servicing relationships with you by, among other things, creating and maintaining a customer profile to enable its brands to service you better or presenting options on its website it thinks may interest you based on your browsing and preferences;
involving you in market research, gauging customer satisfaction and seeking feedback regarding its relationship with you and/or the service it has provided;
to facilitate participation in our loyalty programs;
for research and analysis in relation to our business and services, including but not limited to trends and preferences in products and services and use of its website;
internal accounting and administration;
to comply with legal obligations and any applicable health law; and
other purposes as authorised or required by law \
Promotional/marketing materials
We may also use your personal information to send you targeted marketing activities relating to its products and services (and those of third parties) that we think may interest you, unless you have requested not to receive such information.
These may include but are not limited to mail outs, electronic marketing (including online targeted marketing), notifications and telephone calls. We will only use your personal information to send electronic marketing materials to you (i.e. e-newsletters, email, SMS, MSM and iM) if you have opted-in to receive them.
You can subscribe to receive e-newsletters and other electronic promotional/marketing materials by following the relevant links on the our website or requesting one of its consultants to do so for you.
Should you no longer wish to receive promotional/marketing material from us, participate in market research or receive other types of communication from it, you may contact and advise us by referring to point 9 of this Privacy Policy: ‘Feedback / Complaints / Contact’.
You can unsubscribe from receiving electronic marketing materials by following the unsubscribe prompt in your email, SMS, MSM, iM or other forms of electronic marketing.
6. Is personal information disclosed to third parties?
We may disclose your personal information to third parties including:
· its contractors, suppliers and service providers, including without limitation:
in each of the circumstances set out in point 5: ‘How does CM Skincare use and disclose personal information?’;
suppliers of IT-based solutions that assist in providing products and services to you (e.g. external data hosting providers);
publishers, printers and distributors of marketing material;
event organisers;
marketing, market research, research and analysis and communications agencies;
mailing houses, freight services, courier services; and
external business advisers (such as lawyers, accountants, auditors and recruitment consultants);
its related entities and brands;
a prospective purchaser, in connection with a merger, acquisition, reorganisation or sale of CM Skincare, or any of its related entities, or of assets of CM Skincare or any of its related entities;
a person making your booking and or purchase on your behalf, where you are booking and or purchasing made on your behalf by another person;
a person who can verify to it that they have a relationship with you, where you are not contactable, the person correctly answers its required security questions and the request is, in its opinion, in your interest (e.g. where the person is concerned for your welfare or needs to undertake action on your behalf due to unforeseen circumstances);
as required or authorised by applicable law, and to comply with its legal obligations including applicable privacy/data protection laws;
health law to comply with its legal obligations and any applicable government requirements;
government agencies and public authorities, to comply with a valid and authorised request, including a court order or other valid legal process;
various regulatory bodies and law enforcement officials and agencies, including to protect against fraud and for related security purposes; and
enforcement agencies where it suspects that unlawful activity has been or may be engaged in and the personal information is a necessary part of its investigation or reporting of the matter (e.g. prevention, detection, investigation, prosecution or punishment of criminal offences).
By continuing to use our services and/or by providing it with your personal information (or allowing another person to do so on your behalf), you consent to that personal information being processed, transferred and/or disclosed by it for the purpose for which it was collected and for any related secondary purpose which it believes you would reasonably expect.
Please note that where this Privacy Policy uses the word ‘disclose’, this includes to transfer, share (including verbally and in writing), send, or otherwise make available or accessible your personal information to another person or entity.
Other than the above, we will not disclose your personal information without your consent unless it reasonably believes that disclosure is necessary to lessen or prevent a threat to life, health or safety of an individual or to public health or safety.
Social Media Integrations
Our website and mobile applications may use social media features and widgets such as “Like” and “Share” buttons/widgets) (“SM Features”). These are provided and operated by third-party companies (e.g. Facebook) and either hosted by a third party or hosted directly on our website or mobile application.
SM Features may collect information such as the page you are visiting on our website/mobile application, your IP address, and may set cookies to enable the SM Feature to function properly.
If you are logged into your account with a third-party company, then the third party may be able to link information about your visit to and use of our website or mobile applications to your social media account with them. Similarly, your interactions with the SM Features may be recorded by a third party.
In addition, the third-party company may send our information in line with their policies, such as your name, profile picture, gender, friend lists and any other information you have chosen to make available, and we may share information with the third party company for the purposes of serving targeted marketing to you via the third party social media platform. You can manage the sharing of information and opt-out from targeted marketing via your privacy settings for the third party social media platform.
Your interactions with these SM Features are governed by the privacy policy of the third party company providing them. For more information about the data practices of these third-party companies, and to find out more about what data is collected about you and how the third party uses such data, please refer to their privacy policy directly.
IP addresses
When you access our website, use any of its mobile applications or open electronic correspondence or communications from it, its servers may record data regarding your device and the network you are using to connect with it, including your IP address.
We may use IP addresses for system administration, investigation of security issues and compiling anonymised data regarding usage of its website and/or mobile applications. It may also link IP addresses to other personal information it holds about you and use it for the purposes described above (e.g. to better tailor its marketing and advertising materials, provided you have opted in to receive electronic marketing).
Linked Sites
Our website may contain links to third party websites over which it has no control. It is not responsible for the privacy practices or the content of such websites.
We encourage you to read the privacy policies of any linked third-party websites you visit as their privacy policy and practices may differ from this Privacy Policy.
7. Is personal information transferred overseas?
We may disclose your personal information to certain overseas recipients, as set out below. By providing your personal information to us for the purpose of booking and otherwise purchase of our tickets and related products and services for you, you consent to its disclosure of your personal information to these overseas recipients for that purpose.
Third-party service providers located overseas
We may also disclose your personal information to third parties located overseas for the purpose of performing services for it, including the storage and processing of such information.
Generally, we will only disclose your personal information to these overseas recipients in connection with the facilitation of your booking and or purchase to enable the performance of administrative and technical services by them on its behalf.
We may use key service providers and deal with organisations located worldwide.
This list of countries will change from time to time so unfortunately, it is not possible to set out in this Privacy Policy all of the different countries to which we may send your personal information.
However, if at any time you have any specific questions about where or to whom your personal information will be sent, please contact us by referring to point 10: ‘Feedback / Complaints / Contact’.
8. Access to and correction of personal information
You are entitled to access any personal information we may hold about you in accordance with the Privacy Act 1988 (Cth).
Where personal information held is not accurate, complete or up-to-date or the information is irrelevant or misleading, you may ask us to correct that personal information, and it will respond to your request within a reasonable time.
We reserve the right to confirm the identity of the person seeking access or correction to personal information before complying with such a request.
We also reserve the right to deny you access for any reason permitted under applicable law. If it denies access or correction, it will provide you with written reasons for such denial unless it is unreasonable to do so and will note your request and the denial of same in its records.
If you wish to access or seek correction of any personal information held by us please contact us by referring to point 10:‘Feedback / Complaints / Contact’.
9. Feedback / Complaints / Contact
If you have any enquiries, comments or complaints about this Privacy Policy or our handling of your personal information, please contact our Privacy Officer in writing as follows:
Attention: CM skincare
Post: 8/260 Bunnerong road, Hillsdale 2036
Email: info@cmskincare.com.au
Our Privacy Officer will respond to any enquiries or complaints promptly in an attempt to resolve it in a timely manner.
If the complaint remains unresolved, you have the option of notifying the Office of the Australian Information Commissioner (OAIC). Contact details can be found at OAIC’s website: www.oaic.gov.au
10. Changes to our Policy
We may amend this Privacy Policy from time to time.
If it makes a change to this Privacy Policy, the revised version will be posted on the website as soon as practicable. It is your responsibility, and Our Secret Spot encourages you, to check the website from time to time in order to determine whether there have been any changes.
Last updated: September 6th 2021