1. Open and Transparent Management of Personal Information (Australian Privacy Principle 1)
the kinds of personal information that we collect and hold;
how we collect and hold personal information;
the purposes for which we collect, hold, use and disclose personal information;
how you may access personal information that is held by us and seek the correction of such information;
how you may complain about a breach of the Australian Privacy Principles and how we will deal with that complaint;
whether we are likely to disclose personal information to overseas recipients; and
if we are likely to disclose personal information to overseas recipients, as far as we are reasonably able to specify in this policy, the countries in which such recipients are likely to be located.
2. Anonymity (Australian Privacy Principle 2)
You may elect to deal with us anonymously or via the use of a pseudonym. We will do our best to action any request or complaint that you supply to us in this manner. However, without providing your identity, we may be limited in the action that we can take in relation to your enquiry. We may also be prevented from providing goods or services to you if you elect to deal with us anonymously or via the use of a pseudonym.
3. Collection of Solicited Personal Information (Australian Privacy Principle 3)
The types of personal information that we may collect includes your name, contact information (including postal and residential address, telephone number and email address) and relevant financial information. The collection of this personal information is reasonably necessary for the function and activities of our business and the provision of services and products to you.
Personal information about you is collected directly from you, such as when you meet with us, provide your information by document, telephone or by forwarding us an email, or when you submit information via an online form.
In some cases, personal information may be provided by an entity/person authorised by you to do so, such as your employees or a corporate or business entity with which you are involved either as a principal, member or beneficiary, for the purpose of providing services to or on your behalf. Your personal information may also be provided by a trade reference or credit reporting agency, for the purpose of us determining whether or not to grant you credit. We may also collect your personal information from other publicly available means (such as by obtaining governmental or semi-governmental searches) or through websites (such as Google or social media sites) who disclose to their users that the user’s personal information is provided to businesses such as ours. We may also collect personal information from you via related or associated entities or via unrelated entities to which you have provided your personal information. This includes but is not limited to unrelated third party entities which are licensed by us to sell or distribute our goods or services on our behalf or to engage with you and other individuals about our goods and services. The collection of information in this manner is necessary given the structure and operation of our business and therefore it is unreasonable or impracticable for us to collect your personal information directly from you in these instances. For example, a licensee of our business or products may collect your personal information and provide it to us so that we can supply to you the services or products requested by you.
Information that is gathered from visitors: In common with other websites, log files are stored on the web server saving details such as the visitor's IP address, browser type, referring page and time of visit. Cookies may be used to remember visitor preferences when interacting with the website. Where registration is required, the visitor’s email and a username will be stored along with other data submitted by the visitor.
How the Information is used: The information is used to enhance the visitor’s experience when using the website to display personalised content and possibly advertising. Email addresses will not be sold, rented or leased to third parties. Emails may be sent to inform you of news of our services or offers made by us or our affiliates. Our web servers gather your IP address to assist with the diagnosis of problems or support issues with our services. Information is gathered in aggregate only and cannot be traced to an individual user.
Visitor Options: If you have subscribed to one of our services, you may unsubscribe by following the instructions which are included in email that you receive. You may be able to block cookies via your browser settings but this may prevent you from accessing certain features of the website.
viii.As part of registering with us (either online or in person in store), we collect personal information about you in order for you to take full advantage of our services. To do this it may be necessary for you to provide additional information to us as detailed in this paragraph. Registration is completely optional. Registration may include submitting your name, email address, address and telephone numbers, and may require you to select whether you wish to receive updates and promotional material and other information. You may access this information by sending a request to the Privacy Officer (details at the end of this policy).
4. Dealing with Unsolicited Personal Information (Australian Privacy Principle 4)
If we receive your personal information; and
we did not solicit the personal information,
we will, within a reasonable period of time after receiving the information, determine whether or not we could have collected the information under Australian Privacy Principle 3 if we had solicited the information.
If we determine we could not have collected your personal information in accordance with Australian Privacy Principle 3, we will destroy the information or ensure that the information is de‑identified as soon as practicable, but only if it is lawful and reasonable to do so.
If we determine that we could have collected your personal information, Australian Privacy Principles 5 to 13 will apply in relation to the information as if we had collected the information under Australian Privacy Principle 3.
5. Notification of Collection of Personal Information (Australian Privacy Principle 5)
When we collect personal information about you, we will take reasonable steps either to notify you of or ensure you are aware of the matters contained at in the Australian Privacy Principle 5.2 (which can be accessed at the following link contained herein: https://www.legislation.gov.au/Details/C2022C00361 - if this link does not work, please contact our Privacy Officer).
6. Use and Disclosure of Personal Information (Australian Privacy Principle 6)
We collect your personal information in order to conduct our business, to provide and market our goods and services to you, including purposes necessary or incidental to the provision of those goods and services to you, or any purposes that you may reasonably expect, for any other purpose authorised by law or required to comply with our legal obligations, or for any other purposes disclosed to or authorised by you. We may provide your personal information to our related or associated entities or to unrelated entities which we deem are necessary for us to provide you with goods or services. This includes but is not limited to unrelated third party entities which are licensed by us to sell or distribute our goods or services on our behalf or to engage with you and other individuals about our goods and services.
We will hold your personal information for as long as is required to fulfill the purposes for which it was collected or as required by law. We will take reasonable steps to destroy or de-identify any personal information about you once the information is no longer required for the purposes for which it was collected or as authorised or required by law.
Except to the extent that this Policy details disclosure of your personal information and apart from where you have consented or disclosure is necessary to achieve the purpose for which it was submitted, personal information may be disclosed in special situations where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities. Also, we may disclose personal information when we believe in good faith that the law requires disclosure.
Your personal information may be shared with third parties for the provision of financial services if, and to the extent that, you choose to use such services.
We may engage third parties to provide, deliver or install goods or services on our behalf. In that circumstance, we may disclose your personal information to those third parties in order to meet your request for goods or services.
7. Direct Marketing (Australian Privacy Principle 7)
We may use your personal information to provide direct marketing to you.
8. Transborder Data Flows (Australian Privacy Principle 8)
There may be occasions when personal information is transferred outside of Australia within our network, or where we engage a third party to provide goods or services or an element of the goods or services to you. Generally, this will occur in the provision of goods or services to you and the transfer of this information outside of Australia will have been disclosed to, and authorised by, you as part of our trading terms. When transferring personal information outside Australia within our network, we will comply with the requirements of the Act that relate to transborder data flows. Where the international transfer of personal information is to countries whose privacy laws may be considered not to provide the same level of protection as Australia, our commitment to safeguard your privacy will not change and remains subject to existing obligations and this Policy.
Our global head office is located in New Zealand and is managed by Spa World New Zealand. All your personal information collected by us will be transferred to this entity in New Zealand.
9. Government Related Identifiers (Australian Privacy Principle 9)
We will not adopt a government related identifier of yours and will not use or disclose a government related identifier unless permitted to do so under the Act.
10. Quality of Personal Information (Australian Privacy Principle 10)
We will take steps (if any) as are reasonable in the circumstances to ensure that your personal information we collect is accurate, up‑to‑date and complete.
Security (Australian Privacy Principle 11)
We strive to ensure the security, integrity and privacy of personal information collected by us, and we review and update our security measures in light of current technologies.
We will take all reasonable steps to protect the personal information that we hold from unauthorised access, modification or disclosure.
Unfortunately, no data transmission over the Internet is totally secure. We cannot guarantee the security of any information sent to us via electronic means nor can we guarantee that our data storage measures are absolutely secure. Our liability for data security of your personal information will be limited to the maximum extent permitted by law.
12. Notifiable Data Breaches
We take the security of your personal and sensitive information very seriously. However, sometimes a data breach can occur. An “Eligible Data Breach” means a privacy breach where it is reasonable to believe serious harm to an affected individual or individuals or is likely to be so caused, where that breach involves an organisation governed by the Act, and that organisation has not been able to prevent the likely risk of serious harm . If we have reasonable grounds to believe that an Eligible Data Breach has occurred, we will notify you and the Office of the Australian Information Commissioner and take all steps practicable to address the breach.
13. Access to Information and Correction of Information (Australian Privacy Principle 12) and 13)
We will endeavour to take all reasonable steps to keep secure any information which we hold about you, and to keep this information accurate and up to date. If, at any time, you discover that information held about you is incorrect, you may contact our Privacy Officer to have the information corrected via email on firstname.lastname@example.org.
You may request access to your personal information by contacting the Privacy Officer. Except where some legal restrictions might apply you will be provided access to any personal information we have collected or hold about you. If we refuse to allow you access to your personal information held by us, we will explain why. We will deal with all requests to access to personal information as quickly as possible but may charge you a fee where access is provided.
Should you have any complaints about the collection, use, storage or disclosure of your personal information please direct such complaint by email to our Privacy Officer on: email@example.com. We will treat any complaint about a breach of privacy legislation or any relevant registered code seriously, and will investigate any breach of which we become aware – including how it occurred and how best to prevent such a breach occurring again.
15. Problems or questions
For more information about privacy issues in Australia and protecting your privacy, visit the Office of the Australian Information Commissioner's website; https://www.oaic.gov.au/.
Spa World Australia Pty Ltd
PO BOX 2040
Gateshead, NSW 2290
ABN: 94 141 609 663