Privacy Policy

Your privacy is important to us at Yora Skin Science Pty Ltd (ACN 628 659 512) (Yora). This Privacy Policy applies to any personal information we collect about you and sets out how we collect, use, store and disclose such personal information, including sensitive and health information.  We comply with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Privacy Act) and to the extent applicable, relevant State legislation relating to the collection of health information, the European Union General Data Protection Regulation (GDPR) and the laws of the United States, including California Consumer Privacy Act (CCPA).  By using our services and providing personal information to us, you consent to our collection, use, storage and disclosure of your personal information in accordance with this Privacy Policy. 

 

1.   The type of information we collect

    The type of personal information we collect from you depends on your dealings with us.  Where possible, we collect personal information directly from you.  The personal information we collect from you may include:

    1.1.   Personal identifiers, including information about your identity, including your name and contact details (such as your address, email address, telephone number);

    1.2.   your age, gender and date of birth;

    1.3.   your company name (if applicable);

    1.4.   your credit card or other financial details;

    1.5.   health information (such as information about skin concerns, illnesses or conditions);

    1.6.   information about your device, your location, websites visited and your IP address;

    1.7.   information about the products you view on our website for re-marketing purposes;

    1.8.   information about your shopping preferences or purchase history;

    1.9.   commercial information, including details of the products and services you have enquired about or ordered through us;

    1.10.   internet and other similar network activity, including information you provide to us directly through our website or indirectly through your use of our website;

    1.11.   information you provide to us through competitions, surveys or other promotional activities; and/or

    1.12.   other information that you may provide to us from time to time or that we may collect during the course of providing our services to you.

    2.   How we collect information

      We may collect personal information about you in a number of ways. Primarily, we will collect information from you when you use our website, join one of our mailing lists, create an account, place an order with us, communicate with us or any other time you provide personal information to us.

      Sometimes we may collect personal information about you from third parties who provide services to us or on our behalf.

      We may also collect personal information from you through cookies used on our website (discussed further below).

      Pages of our website, and our e-mails, may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) or other tracking technologies that permit us, for example, to count users who have visited those pages or opened an email, for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity) and to track your progress using our website.

      3.   Cookie Policy

        Some information may be automatically collected through our use of ‘cookies’ on the website. Cookies are small files installed in your website browser or on your device used to recognise customers that revisit our website and to help us enhance and customise your experience. 

        How we use cookies

        Cookies provide us with information about customer behaviour such as pages viewed, products purchased and the customer journey around our website.  Information collected from cookies may include personal information.  The types of cookies we use include both essential and non-essential cookies.  These cookies may be session or persistent cookies; first party or third-party cookies. Specifically, the cookies we use include preference cookies, statistic cookies and/or marketing cookies.

        We use cookies for the following purposes:

        3.1.   to enable certain functions on our website and allow our website to operate and function properly or as designed;

        3.2.   to improve your website experience, enhance website functionality via personalised technology and to determine where users may be encountering errors or bugs on the website;

        3.3.   to track and gather data about how our website is used by individuals; and

        3.4.   to record information about an individual’s use of our website for advertising and marketing purposes. 

          Third party cookies

          For some of the functions of our website we use third party suppliers who may place cookies on our website which belong to and are managed by those third parties.  Below is a list of these third parties and a link to their respective cookie policies which includes information about how to disable their use of cookies:

          Facebook: https://www.facebook.com/policy/cookies/

          Google: https://policies.google.com/technologies/cookies?hl=en-GB

          Withdrawing consent to the installation of cookies

          The default setting of most internet browsers enables the acceptance of cookies and if you are an EU customer, you may have expressly consented to our use of cookies.  Through your internet browser you can disable cookies, delete cookies installed in the past, prevent the placement of certain cookies or ask to be notified every time a request is made to place a cookie. Please note however that our website may not work as intended if you disable or prevent the placement of certain cookies.

          4.   Data collection subject to additional legal requirements, including for European Union and California customers

            If you are a customer residing in the EU or are a California resident or otherwise are present in California and subject to the CCPA, we will comply with the principles of data protection set out in the GDPR and CCPA, as applicable, for the purpose of fairness, transparency and lawful data collection and use.  We will process your personal information as a Processor and/or Controller as defined in the GDPR.  In compliance with GDPR and CCPA, as applicable, we:

            4.1.   will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose;

            4.2.   will take reasonable and appropriate steps to keep your data safe and secure and to ensure the information we hold about you is accurate and up to date;

            4.3.   will only process your personal information if it is lawful, such as if you have given your consent, it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation;

            4.4.   do not collect or process any personal information from you that is considered “Sensitive Personal Data” under the GDPR, such as personal information relating to your sexual orientation, religious beliefs, ethnicity or political opinions, unless we have obtained your explicit consent or if it is being collected in accordance with the GDPR; and

            4.5.   only store your information for as long as reasonably necessary.

            We do not accept or knowingly collect or process personal information of customers under the age of 16 without the consent of a parent or someone who has parental authority.

            5.   The reasons we collect, use and disclose personal information

            We generally use and disclose your personal information for the purpose for which it is collected, including:

            5.1.   to fulfil or meet the reason you provided the information, including to provide you with products and services and to allow you to access and use our website;

            5.2.   for marketing and promotional purposes, including to send you information about our and other party’s products and services, competitions, surveys or other promotions and value-add services that we think may be on interest to you;

            5.3.   to send you communications, respond to your enquiries or to provide information requested by you; and

            5.4.   to personalize your website experience and to deliver content and product and service offerings relevant to your interests;

             6.   Sharing your personal information

              Your personal information may be disclosed to our affiliates and related bodies corporate as well as our and their respective employees, officers and directors. 

              We may also disclose your information to third party service providers and contractors with whom we work. This may include our website host providers, payment operators, promotional partners or other third parties who provide services to us or on our behalf.  Where you have expressly authorised a third party to receive certain information held by us, we will disclose such information to that authorised third party.

              If our business or assets are sold or transferred, we may disclose your personal information to the purchaser, potential purchaser (including their advisors) or any successor in title of our business and/or assets, including as part of any bankruptcy proceeding.

              Your personal information may also be disclosed to regulatory or investigative bodies, government or law enforcement agencies or as otherwise required or permitted by law or court order. In such circumstances we are not under an obligation to try and restrict disclosure of your personal information.

              7.   Promotional communications

                From time to time, we may send you promotional communications and information about our products and services or the services of our trusted third party partners.

                If you prefer to not receive promotional communications from us, you may opt-out or withdraw your consent at any time by contacting us or by using the unsubscribe facility we offer in our electronic messages.

                8.   International data hosting and transfers

                  Some of our trusted third party suppliers and contractors are located outside of Australia in the European Union, United States and Canada.

                  You consent to the disclosure of your information to our third party suppliers and contractors including those located in Australia and overseas.  

                  We will take reasonable steps to ensure that any overseas third party suppliers or contractors deal with personal information in a way that is consistent with the Privacy Act however you acknowledge that we cannot prevent the use (or misuse) of personal information by others.

                  If you are a customer located in the EU, your transfer of data to each of these countries will be protected by appropriate safeguards which may include ensuring that these countries offer an adequate level of data protection recognised by the European Commission, are certified as compliant with the EU-US Privacy Shield or use standard data protection clauses adopted or approved by the European Commission.

                  9.   Security of your personal information

                  Security of your personal information is important to us and we take reasonable steps to protect the personal information we hold from misuse, interference and loss, as well as unauthorised access, modification or disclosure, as required by the Privacy Act. For example, we use the Secure Sockets Layer (SSL) protocol to encrypt the information you enter on our website in order to protect its security during transmission to and from our website. The encryption process protects your information by scrambling it before it is sent to us from your computer.  We also maintain a written, regularly audited plan to protect your personal information.

                  We use Shopify to facilitate the sale of our products on our website.  Shopify complies with the Payment Card Industry Data Security Standard which is a security standard for organisations that handle credit and debit card information designed to keep your payment information secure.

                  Where we engage data processes to process the personal information of customers residing in the EU on our behalf, we do so only on the basis that such data processors comply with the requirements under the GDPR and that they have safeguards in place to protect personal information against unauthorised use, loss and theft.

                  While we endeavour to ensure your personal information is protected, we cannot guarantee the security of personal information you disclose to us.

                  10.   Third party websites

                  We may display content or links to websites operated by third parties on our website. Such content or links are not operated by us and are provided for your convenience only.

                  If you click on any content or links of a third party you may leave the Yora website, in which case the collection, use, storage and disclosure of your personal information will be governed by the privacy policies and practices of the relevant third party. We are not responsible for the privacy or security practices of third party websites.

                  11.   Anonymity 

                    You may deal with us using a pseudonym or without providing us with any personal information.  Please note however that if you provide a pseudonym or choose to remain anonymous, we may not be able to provide you with certain services which require us to know your correct identity.

                    12.   Access and correction 

                      You have certain rights to access personal information we hold about you.  To request access to personal information we hold about you, please contact our Privacy Officer.  We will generally provide you with access to your personal information to at least the extent required under applicable law, subject to some exceptions under the Privacy Act.

                      We try to ensure that all information we hold about you is accurate and up to date.  You can keep your information up to date by letting us know of any changes to your personal information.  If you would like to request that we correct or update any personal information we hold about you, you may do so by contacting our Privacy Officer.

                      We may take reasonable steps to verify your identity before granting access to or correcting your personal information.

                      Where we no longer require your personal information, we will take reasonable steps to destroy the information or ensure that it is de-identified unless we are required by law to retain the information.

                      13.   EU customers’ rights under the GDPR

                        If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used, in addition to your rights in the paragraph above.  We comply with your rights under the GDPR as to how your personal information is used and controlled.

                        As an EU customer, you have the following rights regarding your personal information:

                        13.1.   to access your information and to receive information about its use;

                        13.2.   to have your information corrected and/or completed;

                        13.3.   to have your information deleted;

                        13.4.   to restrict the use of your information;

                        13.5.   to receive your information in a portable format;

                        13.6.   to object to the use/processing of your information; and

                        13.7.   to withdraw your consent, whether fully or partially, to the use of your information.

                        If you wish to have your data deleted, we will erase it from our system unless we are obliged to continue storing it. Under such circumstances, we will ensure that your data is prevented from being used for other purposes.  Again, we may take reasonable steps to verify your identity before granting access to, correcting and/or deleting your personal information.

                        14.   California customers’ rights under the CCPA

                        If you are an individual California resident or otherwise are present in California and subject to the CCPA, you have certain rights as to how your personal information is obtained and used, in addition to your rights in the paragraph above.  We comply with your rights under the CCPA as to how your personal information is used and controlled.

                        As a California customer, you have the following rights regarding your personal information:

                        14.1.   to obtain a written disclosure of your information and its use;

                        14.2.   to have your information deleted in certain circumstances;

                        14.3.   to opt-out of the sale of your personal information;

                        14.4.   to receive your information in a portable format; and

                        14.5.   to withdraw your consent, whether fully or partially, to the use of your information.

                        If you wish to exercise any of the foregoing rights under the CCPA, please provide a verifiable consumer request to our Privacy Officer.  Only you or someone legally authorized to act on your behalf may make such a request.  We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We endeavour to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to an additional 45 days), we will inform you of the reason and extension period in writing.  If you wish to have your data deleted, please provide a verifiable consumer request and we will erase it from our system unless we are obliged to continue storing it or, at our option, if we are permitted to deny your request under the CCPA. Under such circumstances, we will ensure that your data is prevented from being used for other purposes.  Again, we may take reasonable steps to verify your identity before granting access to, correcting and/or deleting your personal information.

                        15.   Privacy enquiries or concerns

                          If you have an enquiry or concern about our privacy practices, you can contact us on the details below.  You should include enough information to allow us to identify you and understand your enquiry or concern.  All privacy enquiries and concerns will be reviewed, investigated (if required) and responded to within a reasonable timeframe. 

                          If you are not satisfied with our response, you can contact us directly to discuss your concerns or lodge a complaint with the Office of the Australian Information Commissioner by visiting www.oaic.gov.au or calling 1300 363 992.  

                          16.   Contact information

                            If you would like further information about our privacy practices, would like to lodge a request to access or correct your personal information, or would like to contact us regarding any privacy enquiries or concerns, please contact our Privacy Officer at:

                            Post: Level 2, 17 William Street, Cremorne, VIC, 3121, Australia

                            Email: privacy@yora.com

                            17.   Updates to this Privacy Policy

                              This Privacy Policy is effective from November 1, 2019.  We reserve the right to update this Privacy Policy at any time without advance notice and will publish any updated version of our Privacy Policy on our website.  You should ensure you are aware of our current Privacy Policy by checking our website regularly.