Skinlabs Direct Pty Ltd, ACN 610172 962, (“Skinlabs”) acknowledges the importance of safeguarding your information. This Privacy Statement therefore sets out how we use your information and the steps we take to ensure your privacy remains protected. Skinlabs offers Australian-made, skincare products sold online via skinlabsdirect.com. This Privacy Statement applies to personal information from individuals in the European Union (under GDPR regulation) and all other global customers collected, processed, disclosed and stored (collectively “used”) by Skinlabs. If you have any queries or requests regarding this Statement or our use of your personal information, please contact us at firstname.lastname@example.org.
How do we collect your information?
Your name, postal address, email address, order details, financial or payment information.
Internet Protocol (IP) address, Country Geolocation using IP address, Browsing data from Google Analytics.
What do we do with your information?
We will use the information we collect from you in a number of ways. For example, we will use it to fulfill your orders, to analyse and improve how our business and website works and where we have your consent, to provide you marketing updates. We will never sell your information to any third party and we only use your information when we have a lawful basis for doing so.
To fulfill our obligations to you:
We will collect your personal details, contact information and address so we can process and fulfill your order.
Where we have your consent:
We will send you emails to the address you provide so that you can stay up to date with our store and products. If you want to withdraw this consent you can do so at any time.
Where we have a legal obligation to do so:
We are required to keep certain financial records for reporting and accounting purposes.
Where we have a legitimate interest in using your information and this information is not overridden by your own rights as an individual:
We will use the information automatically collected about you through technical means such as Cookies to analyse how visitors use our website so that we can understand how visitors engage with Skinlabs and improve how our website works. We also keep a record of transactions and correspondence so that we can bring claims or defend ourselves in the event of a legal claim or complaint.
How will your information be shared?
We will share the information we collect about you with our service providers to the extent necessary for purposes outlined above. We may disclose your personal information if required to do so by law or if you violate our Terms of Service.
Sharing your information with Shopify:
Shopify provides us with the online e-commerce platform that allows us to sell our products and services to you, and therefore hosts the data we collect about you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application, on a secure server behind a firewall. Your data will be stored in Shopify’s servers in the USA.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS).
Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard and American Express. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Sharing your information with other third parties:
Where we use third party service providers, we may disclose to them your personal information - but they will only our information to the extent necessary to allow them to perform the services on our behalf.
Skinlabs will share your information with the following categories of service providers:
Third parties providing payment gateways
Third parties who process payments or transactions on our behalf
MaxMind provides IP intelligence through the GeoIP brand. Over 5,000 companies use GeoIP data to locate their Internet visitors and show them relevant content and ads, perform analytics, enforce digital rights, and efficiently route Internet traffic.
Google AdWords is an online advertising service developed by Google, where advertisers pay to display brief advertising copy, product listings, and video content within the Google ad network to web users. Google AdWords’ system is based partly on cookies and partly on keywords determined by advertisers. Google uses these characteristics to place advertising copy on pages where they think it might be relevant. Advertisers pay when users divert their browsing to click on the advertising copy. Partner websites receive a portion of the generated income.
Google Analytics is a freemium web analytics service offered by Google that tracks and reports website traffic. Google launched the service in November 2005 after acquiring Urchin. Google Analytics is now the most widely used web analytics service on the Internet.
Facebook is an American online social media and social networking service company based in Menlo Park, California. Its website was launched on February 4, 2004, by Mark Zuckerberg, along with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dustin Moskovitz, and Chris Hughes.
Yotpo: Using Yotpo’s complete platform, we use this to collect customer reviews and visual marketing posts to display on site to show product benefits. Yotpo is based in the United States.
Other circumstances in which we may share your information:
From time to time we may need to disclose your information to law enforcement agencies or regulators.
In addition, we may need to disclose your information if you violate our Terms of Service.
If our store is acquired or merged with another company, your information may be shared with the new owners so that we may continue to sell products to you.
Skinlabs takes steps to ensure that the third parties we engage to provide services to us on our behalf use your data in accordance with this Privacy Statement.
Such third parties may be located outside the European Economic Area (“EEA”) and to the extent that this is the case, the following Section 5 will apply.
Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Statement or our website’s Terms of Service. When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
Skinlabs may transfer your information outside the EEA, to locations in which data protection standards are less strict. When doing this, we will take all reasonable steps to ensure that your information remains protected.
The internet is a global environment and in practice it is not at all unusual for information to be transferred internationally – for example if the servers used to host your information are located abroad. If we transfer personal information outside the EEA (for example to our parent company in Australia) we will adhere to certain safeguards approved under data protection laws. If you wish to find out more or to obtain a copy of the safeguards put in place to protect your privacy, please contact us using the details set out below.
To protect your personal information, we put in place appropriate technological and organizational measures and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Our site is not directed at those under the age of 16 and customers must have credit or debit cards to make purchases.
Automated decision making
We do not undertake an automated decision making.
Skinlabs will keep your information only for as long as is reasonably necessary for the purposes set out in this Privacy Statement and to fulfill our legal obligations. Where you are a customer this is usually at least for as long as you remain a customer, to be able to meet our legal and contractual obligations to you and if necessary to resolve any disputes.
We only retain your information for as long as is necessary for us to use your information as described above or to comply with our legal obligations. However, please be advised that we may retain some of your information after you cease to use our services, for instance if this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes.
When determining the relevant retention periods, we will take into account factors including:
Our contractual obligations and rights in relation to the information involved;
legal obligation(s) under applicable law to retain data for a certain period of time;
statute of limitations under applicable law(s);
(potential) disputes; and
guidelines issued by relevant data protection authorities.
Otherwise, we securely erase your information once it is no longer needed.
Subject to certain conditions, you will, by law, be able to exercise certain rights in respect of your information. Further information about your rights can be obtained from your national data protection authority. In almost all circumstances these rights will be free to exercise, although if requests are made on a repeated or manifestly unfounded basis we may charge a reasonable administrative fee.
The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Statement.
The right of access. You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Statement).
The right to rectification. You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by getting in contact with us.
The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information that we hold.
The right to object to processing. You have the right to object to certain types of processing, and you can exercise this right by contacting us using the details set out below.
The right to restrict processing. You have right to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but will not use it further.
The right to data portability. You have rights to obtain and reuse your information for your own purposes across different services. If this right is applicable, we will provide you with an accessible copy of your information so that you can use a similar service elsewhere.
The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your information with your national data protection regulator.
The right to withdraw consent. If we rely on your consent as our lawful basis for processing your information, you may withdraw your consent at any time. However, doing so will not make unlawful the actions we have taken with your personal data while we had your active consent. You can withdraw your consent to the processing of your information at any time by contacting us using the contact details set out below.
If you would like to exercise Your Rights, register a complaint, or simply want more information about this Privacy Statement or how we use your data, please get in touch with us using the details below.
You can email us at email@example.com.