Privacy Policy AU

The Privacy Policy

This Privacy Policy is maintained by Spa World Australia Pty Ltd, ABN 94 141 609 663 ("we", "our" and "us"). By using our website or a system or database maintained by us or otherwise transacting with us, you agree to and acknowledge the contents of this Privacy Policy.

1. Open and Transparent Management of Personal Information (Australian Privacy Principle 1)

The Privacy Policy relates to (among other things): the kinds of personal information that we collect and hold; how we collect and hold personal information; the purposes for which we collect, hold, use and disclose personal information; how you may access personal information that is held by us and seek the correction of such information; how you may complain about a breach of the Australian Privacy Principles and how we will deal with that complaint; whether we are likely to disclose personal information to overseas recipients; and if we are likely to disclose personal information to overseas recipients, as far as we are reasonably able to specify in this policy, the countries in which such recipients are likely to be located.

It is a requirement of the Privacy Act 1988 (Cth) (Act) that we keep this Privacy Policy up to date regarding the management of personal information. Accordingly, we reserve the right, at our discretion, to vary, modify or remove portions of this Privacy Policy at any time. This Privacy Policy is in addition to any other terms and conditions applicable to provision of goods or services by us or the access to and use of any web site maintained by us.

We recognise the importance of protecting the privacy of information collected by us, in particular, information that is capable of identifying an individual ("personal information"). This Privacy Policy should be reviewed periodically so that you are updated on any changes. We welcome your comments and feedback – contact information is provided at the bottom of this policy.

2. Anonymity (Australian Privacy Principle 2)

You may elect to deal with us anonymously or via the use of a pseudonym. We will do our best to action any request or complaint that you supply to us in this manner. However, without providing your identity, we may be limited in the action that we can take in relation to your enquiry. We may also be prevented from providing goods or services to you if you elect to deal with us anonymously or via the use of a pseudonym.

3. Collection of Solicited Personal Information (Australian Privacy Principle 3)

The types of personal information that we may collect includes your name, contact information (including postal and residential address, telephone number and email address) and relevant financial information. The collection of this personal information is reasonably necessary for the function and activities of our business and the provision of services and products to you.

Personal information about you is collected directly from you, such as when you meet with us, provide your information by document, telephone or by forwarding us an email, or when you submit information via an online form.

In some cases, personal information may be provided by an entity/person authorised by you to do so, such as your employees or a corporate or business entity with which you are involved either as a principal, member or beneficiary, for the purpose of providing services to or on your behalf. Your personal information may also be provided by a trade reference or credit reporting agency, for the purpose of us determining whether or not to grant you credit. We may also collect your personal information from other publicly available means (such as by obtaining governmental or semi-governmental searches) or through websites (such as Google or social media sites) who disclose to their users that the user’s personal information is provided to businesses such as ours. We may also collect personal information from you via related or associated entities or via unrelated entities to which you have provided your personal information. This includes but is not limited to unrelated third party entities which are licensed by us to sell or distribute our goods or services on our behalf or to engage with you and other individuals about our goods and services. The collection of information in this manner is necessary given the structure and operation of our business and therefore it is unreasonable or impracticable for us to collect your personal information directly from you in these instances. For example, a licensee of our business or products may collect your personal information and provide it to us so that we can supply to you the services or products requested by you.

Information may also be collected when you visit our website. Our web servers gather your IP address to assist with the diagnosis of problems or support issues with our services. Information is gathered in aggregate only and cannot be traced to an individual user. To the extent that information relates to personal information, this Privacy Policy will apply. The collection and use of that information is detailed below:

Information that is gathered from visitors: In common with other websites, log files are stored on the web server saving details such as the visitor's IP address, browser type, referring page and time of visit. Cookies may be used to remember visitor preferences when interacting with the website. Where registration is required, the visitor’s email and a username will be stored along with other data submitted by the visitor.

How the Information is used: The information is used to enhance the visitor’s experience when using the website to display personalised content and possibly advertising. Email addresses will not be sold, rented or leased to third parties. Emails may be sent to inform you of news of our services or offers made by us or our affiliates. Our web servers gather your IP address to assist with the diagnosis of problems or support issues with our services. Information is gathered in aggregate only and cannot be traced to an individual user.

Visitor Options: If you have subscribed to one of our services, you may unsubscribe by following the instructions which are included in email that you receive. You may be able to block cookies via your browser settings but this may prevent you from accessing certain features of the website.

Cookies: Cookies are small digital signature files that are stored by your web browser that allow your preferences to be recorded when visiting the website. They may also be used to track your return visits to the website. Third party advertising companies may also use cookies for tracking purposes. We use cookies to provide you with a better experience. These cookies allow us to increase your security by storing your session ID and are a way of monitoring single user access. This aggregate, non-personal information is collated and provided to us to assist in analysing the usage of the site and for marketing purposes.

OneTrust: https://www.onetrust.com/about-us/

Google Ads: Google, as a third party vendor, uses cookies to serve ads. Google’s use of the DART cookie enables it to serve ads to visitors based on sites they visit on the internet. Website visitors may opt out of the use of the DART cookie by visiting the Google Ad and content network privacy policy.

Links to Other Websites: We may provide links to websites outside of our control or third party websites. These linked sites are not under our control and we cannot accept responsibility for the conduct of any third party linked to our website. Before disclosing your personal information on any other website, you should examine the terms and conditions of using that website and relevant privacy policy adopted by the operator of the website, if any.

viii.As part of registering with us (either online or in person in store), we collect personal information about you in order for you to take full advantage of our services. To do this it may be necessary for you to provide additional information to us as detailed in this paragraph. Registration is completely optional. Registration may include submitting your name, email address, address and telephone numbers, and may require you to select whether you wish to receive updates and promotional material and other information. You may access this information by sending a request to the Privacy Officer (details at the end of this policy).

4. Dealing with Unsolicited Personal Information (Australian Privacy Principle 4)

If we receive your personal information; and we did not solicit the personal information, we will, within a reasonable period of time after receiving the information, determine whether or not we could have collected the information under Australian Privacy Principle 3 if we had solicited the information. If we determine we could not have collected your personal information in accordance with Australian Privacy Principle 3, we will destroy the information or ensure that the information is de‑identified as soon as practicable, but only if it is lawful and reasonable to do so. If we determine that we could have collected your personal information, Australian Privacy Principles 5 to 13 will apply in relation to the information as if we had collected the information under Australian Privacy Principle 3.

5. Notification of Collection of Personal Information (Australian Privacy Principle 5)

When we collect personal information about you, we will take reasonable steps either to notify you of or ensure you are aware of the matters contained at in the Australian Privacy Principle 5.2 (which can be accessed at the following link contained herein: https://www.legislation.gov.au/Details/C2022C00361 - if this link does not work, please contact our Privacy Officer).

You should only provide us with the personal information of another person if you have that person’s express authority and consent to do so. You should also take reasonable steps to inform them of the existence of and the matters set out in this Privacy Policy. If you provide us with the personal information of another person you promise that you have obtained the authority of that person and notified that person of this Privacy Policy and we have and will rely on that promise.

6. Use and Disclosure of Personal Information (Australian Privacy Principle 6)

Personal information that you provide to us or that is otherwise collected by us is used only for the purpose for which it is collected or for such other secondary purposes that are related to the primary purpose, unless we disclose other uses in this Privacy Policy or at the time of collection. Copies of correspondence sent from the web site or via other means, that may contain personal information, are stored as archives for record-keeping and back-up purposes only.

We collect your personal information in order to conduct our business, to provide and market our goods and services to you, including purposes necessary or incidental to the provision of those goods and services to you, or any purposes that you may reasonably expect, for any other purpose authorised by law or required to comply with our legal obligations, or for any other purposes disclosed to or authorised by you. We may provide your personal information to our related or associated entities or to unrelated entities which we deem are necessary for us to provide you with goods or services. This includes but is not limited to unrelated third party entities which are licensed by us to sell or distribute our goods or services on our behalf or to engage with you and other individuals about our goods and services.

We will hold your personal information for as long as is required to fulfill the purposes for which it was collected or as required by law. We will take reasonable steps to destroy or de-identify any personal information about you once the information is no longer required for the purposes for which it was collected or as authorised or required by law.

Except to the extent that this Policy details disclosure of your personal information and apart from where you have consented or disclosure is necessary to achieve the purpose for which it was submitted, personal information may be disclosed in special situations where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities. Also, we may disclose personal information when we believe in good faith that the law requires disclosure.

Your personal information may be shared with third parties for the provision of financial services if, and to the extent that, you choose to use such services. We may engage third parties to provide, deliver or install goods or services on our behalf. In that circumstance, we may disclose your personal information to those third parties in order to meet your request for goods or services.

7. Direct Marketing (Australian Privacy Principle 7)

We may use your personal information to provide direct marketing to you.

8. Transborder Data Flows (Australian Privacy Principle 8)

There may be occasions when personal information is transferred outside of Australia within our network, or where we engage a third party to provide goods or services or an element of the goods or services to you. Generally, this will occur in the provision of goods or services to you and the transfer of this information outside of Australia will have been disclosed to, and authorised by, you as part of our trading terms. When transferring personal information outside Australia within our network, we will comply with the requirements of the Act that relate to transborder data flows. Where the international transfer of personal information is to countries whose privacy laws may be considered not to provide the same level of protection as Australia, our commitment to safeguard your privacy will not change and remains subject to existing obligations and this Policy. Our global head office is located in New Zealand and is managed by Spa World New Zealand. All your personal information collected by us will be transferred to this entity in New Zealand.

9. Government Related Identifiers (Australian Privacy Principle 9)

We will not adopt a government related identifier of yours and will not use or disclose a government related identifier unless permitted to do so under the Act.

10. Quality of Personal Information (Australian Privacy Principle 10)

We will take steps (if any) as are reasonable in the circumstances to ensure that your personal information we collect is accurate, up‑to‑date and complete. Security (Australian Privacy Principle 11) We strive to ensure the security, integrity and privacy of personal information collected by us, and we review and update our security measures in light of current technologies.

We will take all reasonable steps to protect the personal information that we hold from unauthorised access, modification or disclosure.

In addition, our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information held by us and comply with this Privacy Policy. We currently use contractors based in the Philippines who have access to your information in order to assist us in performing services for you. The ways in which these contractors assist us (and so may have access to your information) include accessing your order information and contact details in order to provide customer service.

Unfortunately, no data transmission over the Internet is totally secure. We cannot guarantee the security of any information sent to us via electronic means nor can we guarantee that our data storage measures are absolutely secure. Our liability for data security of your personal information will be limited to the maximum extent permitted by law.

12. Notifiable Data Breaches

We take the security of your personal and sensitive information very seriously. However, sometimes a data breach can occur. An “Eligible Data Breach” means a privacy breach where it is reasonable to believe serious harm to an affected individual or individuals or is likely to be so caused, where that breach involves an organisation governed by the Act, and that organisation has not been able to prevent the likely risk of serious harm . If we have reasonable grounds to believe that an Eligible Data Breach has occurred, we will notify you and the Office of the Australian Information Commissioner and take all steps practicable to address the breach.

13. Access to Information and Correction of Information (Australian Privacy Principle 12) and 13)

We will endeavour to take all reasonable steps to keep secure any information which we hold about you, and to keep this information accurate and up to date. If, at any time, you discover that information held about you is incorrect, you may contact our Privacy Officer to have the information corrected via email on privacy@spaworld.com.au.

You may request access to your personal information by contacting the Privacy Officer. Except where some legal restrictions might apply you will be provided access to any personal information we have collected or hold about you. If we refuse to allow you access to your personal information held by us, we will explain why. We will deal with all requests to access to personal information as quickly as possible but may charge you a fee where access is provided.

14. Complaints

Should you have any complaints about the collection, use, storage or disclosure of your personal information please direct such complaint by email to our Privacy Officer on: privacy@spaworld.com.au. We will treat any complaint about a breach of privacy legislation or any relevant registered code seriously, and will investigate any breach of which we become aware – including how it occurred and how best to prevent such a breach occurring again.

15. Problems or questions

If we become aware of any ongoing concerns or problems with our websites, we will take these issues seriously and work to address these concerns. If you have any further queries relating to our Privacy Policy, or you have a problem or complaint, please contact us.

For more information about privacy issues in Australia and protecting your privacy, visit the Office of the Australian Information Commissioner's website; https://www.oaic.gov.au/.

If you have any questions about our privacy policy please contacts us:

Privacy Officer Spa World Australia Pty Ltd PO BOX 2040 Gateshead, NSW 2290 Australia ABN: 94 141 609 663 E: privacy@spaworld.com.au

Five Star Trust Pilot Rating

We are proud that Spa World customers have given us a Five Star Trustpilot rating.