Privacy Policy
1. ABOUT THIS POLICY
Frostbland Pty Ltd (ABN 72 000 082 217) trading as SKELP! (collectively referred to as “SKELP!”, “SKELP”, “SKELP! Haircare”, “we”, “us” or “our”) is committed to protecting the privacy of personal information we hold in accordance with the Privacy Act and the Australian Privacy Principles.
This Privacy Policy, which is subject to the Privacy Act and Australian Privacy Principles, regulates how we collect, use, and disclose personal information.
We may change, vary, or modify all or part of this Privacy Policy at any time in our sole discretion. It is your responsibility to check this Privacy Policy periodically for changes. If we adopt a new Privacy Policy:
- we will post the new Privacy Policy on the applicable platforms; and
- it will then apply through your acceptance of it by subsequent or continued use of the Platforms and/or our Products and Services.
2. PURPOSE
Primary and Secondary Purposes. We collect personal information from you and you consent to us using your personal information (other than sensitive information) for the following Primary and Secondary Purposes:
- to process and deliver Products and Services to you including but not limited to:
- preparing and delivering documents
- managing payments, fees, and charges
- collecting and recovering money owed to us
- to provide our goods and services to customers and in other dealings with those customers and prospective customers
- to facilitate the management of our business relationships with customers, distributors, service providers, contractors, and suppliers
- to provide you with information about the Products and Services you requested or inquired about;
- to personalise and customise your experiences with us;
- to help us meet our warranty obligations;
- to help us review, manage and enhance our Products and Services and develop insights used in reports or other content developed by us;
- to run competitions and/or offer additional benefits to clients;
- to communicate with you, including by email, mobile and in-application notifications;
- to process payments and administer your account, including to send you account related reminders;
- to investigate any complaints about or made by you, or if we have reason to suspect you have breached any relevant terms; or
- to do anything else as required or permitted by any law.
3. WHAT WE COLLECT
Personal Information. Personal information we collect about you may include identification information such as your name, address, email address, phone number(s), financial and payment information, and such other information necessary or convenient for delivering our Products and Services. We also may collect additional information as part of our collection of Identity, Contact, Financial, Transaction, Technical, Marketing and Communications, Client and Profile information used for the Primary and Secondary Purposes.
Other information. We may collect, and you consent to us collecting, information relating to you that is not personal information, such as data relating to your activity on our Platforms, including:
- the Internet Protocol address or MAC address and a component of the domain name used (e.g., .com or .net);
- the type of browser and operating system you used;
- the date and time you visited our Platforms;
- the web pages you accessed at our Website;
- the time spent on individual pages and our Website overall;
- which files you downloaded;
- information about your computer and Internet connections using cookies;
- when using social media, any information that you allow the social media site to share; and
- information regarding your dealings with us, including feedback and insights; and
Sensitive information. We will only collect, hold, use or disclose any sensitive information about you with your consent or if you volunteer such sensitive information to us. If we collect or hold your sensitive information in accordance with this clause, we may disclose such sensitive information to our Related Bodies Corporate. However, neither we nor our Related Bodies Corporate may use or disclose your sensitive information to any Third Party except as required or permitted by law.
4. HOW WE COLLECT
Your personal information may be collected: (Read Collection Statement)
- when you complete an application, consent, purchase, account sign-up or similar form via our Platforms or otherwise;
- when you contact us to submit a query or request;
- when you post information or otherwise interact with the Platforms;
- when you participate in one of our surveys;
- from those who request our Products and Services on your behalf;
- from publicly available sources of information;
- from government regulators, law enforcement agencies and other government entities;
- from business contacts, external service providers and suppliers; or
- by other means reasonably necessary.
Third party collection. If we collect any personal information about you from someone other than you, to the extent not already set out in this Privacy Policy, we will inform you of the fact that we will collect, or have collected, such information and the circumstances of that collection before, at or as soon as reasonably practicable after we collect such personal information.
Authority. If you provide us with the personal information of another individual, without limiting any other provision of this Privacy Policy, you acknowledge and agree that the other individual:
- has authorised you to provide their personal information to us; and
- consents to us using their personal information in order for us to provide our Products and Services.
Unsolicited information. If we receive unsolicited personal information about you that we could not have collected in accordance with this Privacy Policy and the Privacy Act, we will, within a reasonable period, destroy or de-identify such information received.
Anonymity. If you would like to access any of our Products and Services on an anonymous or pseudonymous basis we will take reasonable steps to comply with your request, however:
- you may be precluded from taking advantage of some or all of our Products and Services; and
- we will require you to identify yourself if: - we are required by law to deal with individuals who have identified themselves; or
- it is impracticable for us to deal with you if you do not identify yourself.
Destruction. We will destroy or de-identify your personal information if:
- the purpose for which we collected the personal information from you no longer exists or applies; or
- you request us to destroy your personal information,
and we are not required by law to retain your personal information.
Cookies. We may use ‘cookie’ technology to assist us to determine in the aggregate the total number of visitors to the Platforms on an ongoing basis and the types of internet browsers and operating systems used by users of the Platforms. This information is used to enhance the usability and functionality of our Platforms and for marketing, advertising, and analytic purposes.
Social Media Tools. We use Facebook, Instagram and LinkedIn and may from time to time use other social media tools.
5. USE
Primary use. We will only use and disclose your personal information:
- for purposes which are related to the Primary and Secondary Purposes; or
- if we otherwise get your consent to do so, in accordance with this Privacy Policy and the Privacy Act.
Reasonable uses. We will not use your personal information for any purpose for which you would not reasonably expect us to use your personal information.
Third parties. We will not sell, trade, rent or licence your personal information to third parties.
Direct marketing. We will offer you a choice as to whether you want to receive direct marketing communications about our Products and Services. If you choose not to receive these communications, we will not use your personal information for this purpose.
- We will otherwise only use or disclose your personal information for the purposes of direct marketing if:
- we collected the information from you;
- it is reasonable in the circumstances to expect that we would use or disclose the information for direct marketing purposes;
- we provide you with a simple means to ‘opt-out’ of direct marketing communications from us; and
- you have not elected to ‘opt-out’ from receiving such direct marketing communications from us.
Opt-out. You may opt out of receiving such communications by contacting us via our contact details set out under the Contact section of this policy.
6. DISCLOSURE
How we disclose.
We may disclose personal information and you consent to us disclosing such personal information to:
- Third Party Service Providers who perform functions or provide Products and Services on our behalf;
- relevant regulatory bodies in the industry in which we or you operate;
- our professional advisors, including our accountants, auditors and lawyers;
- our Related Bodies Corporate;
- persons authorised by you to receive information held by us;
- a government authority, law enforcement agency, pursuant to a court order or as otherwise required by law; or
- a party to a transaction involving the sale of our business or its assets.
Overseas disclosure. We may in some circumstances send your personal information to overseas recipients (including New Zealand) to enable us to provide our Products and Services to you (including for warranty claims).
Overseas recipients. Overseas recipients that may handle or process your data include (but are not limited to) the server hosts of our email services, cloud storage services and the Platforms.
Reasonable protections. If we send your personal information to overseas recipients, we will take such steps as are reasonable in the circumstances to ensure there are arrangements in place to protect your personal information as required by the APPs.
7. ACCESS + CORRECTION
Access. If you require access to your personal information, please contact us via our contact details set out in the Contact section of this policy. You may be required to put your request in writing and provide proof of identity.
Exceptions. We are not obliged to allow access to your personal information if:
- it would pose a serious threat to the life, health or safety of any individual or to the public;
- it would have an unreasonable impact on the privacy of other individuals;
- the request for access is frivolous or vexatious;
- it relates to existing or anticipated legal proceedings between you and us and would not ordinarily be accessible by the discovery process in such proceedings;
- it would reveal our intentions in relation to negotiations with you in a way that would prejudice those negotiations;
- it would be unlawful;
- denying access is required or authorised by or under an Australian law or a court/tribunal order;
- we have reason to suspect that unlawful activity, or misconduct of a serious nature relating to our functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
- it would likely prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body;
- it would reveal commercially sensitive information; or
- a relevant law provides that we are not obliged to allow access to your personal information.
Response to access request. If you make a request for access to personal information, we will:
- respond to your request within a reasonable period after the request is made; and
- if reasonable and practicable, give access to the personal information as requested.
Refusal of access. If we refuse to give access to the personal information, we will give you a written notice that sets out at a minimum:
- our reasons for the refusal (to the extent it is reasonable to do so); and
- the mechanisms available to complain about the refusal.
Correction. We request that you keep your personal information as current as possible. If you feel that information about you is not accurate or your details have or are about to change, you can contact us via our contact details set out under the Contact section of this policy.
and we will correct or update your personal information.
Response to correction request. If you otherwise make a request for us to correct your personal information, we will:
- respond to your request within a reasonable period after the request is made; and
- if reasonable and practicable, correct the information as requested.
- Refusal to correct. If we refuse a request to correct personal information, we will:
- give you a written notice setting out the reasons for the refusal and how you may make a complaint; and
- take reasonable steps to include a note with your personal information of the fact that we refused to correct it.
8. SECURITY + PROTECTION
Reasonable protections. In relation to all personal information, we will take all reasonable steps to:
- ensure that the personal information we collect is accurate, up to date and complete;
- ensure that the personal information we hold, use or disclose is, with regard to the relevant purpose, accurate, up to date, complete and relevant; and
- protect personal information from misuse, loss or unauthorised access and disclosure.
Security. We store your personal information on a secure server behind a firewall and use security software to protect your personal information from unauthorized access, destruction, use, modification, or disclosure. Only Authorised Personnel may access your personal information for the purposes of disclosure set out in Disclosure clause above.
Obligation to notify. Please contact us immediately if you become aware of or suspect any misuse or loss of your personal information.
9. DATA BREACHES
Compliance. We are required to comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act.
Investigation and assessment. If we become aware that a Data Breach in respect of personal information held by us may have occurred, we will:
- investigate the circumstances surrounding the potential Data Breach to determine whether a Data Breach has occurred; and
- if a Data Breach has occurred, carry out a reasonable and expeditious assessment of whether there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach.
Undertaking. If we become aware that there has been an eligible data breach in respect of personal information held by us, and the personal information relates to you or you are at risk from the eligible data breach, we will ensure that either we, or a relevant APP entity that is the subject of the same eligible data breach:
- prepare a statement that complies with subsection 26WK (3) of the Privacy Act;
- provide a copy of the statement to the Office of the Australian Information Commissioner (OAIC); and
- if it is practicable, notify you of the contents of the statement, or otherwise publish a copy of the statement on the Website and take reasonable steps to publicise the contents of the statement, as soon as practicable after the completion of the preparation of the statement.
10. COMPLAINTS
Complaint. If you have a complaint about how we collect, use, disclose, manage or protect your personal information, or consider that we have breached the Privacy Act or APPs, please contact us using our contact details below. We will respond to your complaint within 14 days of receiving the complaint.
Response and resolution. Once the complaint has been received, we may resolve the matter in a number of ways:
- Request for further information: We may request further information from you. Please provide us with as much information as possible, including details of any relevant dates and documentation. This will enable us to investigate the complaint and determine an appropriate solution.
- Discuss options: We will discuss options for resolution with you and if you have suggestions about how the matter might be resolved you should raise these with our Privacy Officer.
- Investigation: Where necessary, the complaint will be investigated. We will try to do so within a reasonable time frame. It may be necessary to contact others in order to proceed with the investigation. This may be necessary in order to progress your complaint.
- Conduct of our employees: If your complaint involves the conduct of our employees, we will raise the matter with the employees concerned and seek their comment and input in the resolution of the complaint.
Notice of decision. After investigating the complaint, we will give you a written notice about our decision.
OAIC. You are free to lodge a complaint directly with the OAIC online, by mail, fax or email. For more information, please visit the OAIC website at oaic.gov.au
11. CONTACT
Please forward all correspondence in respect of this Privacy Policy to:
Privacy Officer
SKELP!
Leppington Industrial Park
Unit 1B & 1C, 198-224 Ingleburn Road
Leppington NSW 2179 Australia
Email: info@skelp.com.au
12. INTERPRETATION + DEFINITIONS
Personal pronouns: Except where the context otherwise provides or requires:
- the terms we, us or our refers to Frostbland trading as SKELP! or SKELP! Haircare; and
- the terms you or your refers to a user of the Platforms and/or a customer to whom we provide the Products and Services or any other person from whom we collect personal information or data directly or indirectly.
Terms italicised and defined in the Privacy Act have the meaning given to them in the Privacy Act.
Defined terms: In this Privacy Policy unless otherwise provided, the following terms shall have their meaning as specified:
APPs means any of the Australian Privacy Principles set out in Schedule 1 of the Privacy Act.
Authorised Personnel means any Frostbland employee or any Third Party Service Provider who has been duly authorised by us to access your personal information.
Client information includes information about how you use our Website, as well as personal information which can include Identity, Contact, Financial, Transaction and Profile information of you and/or your family members, beneficiaries, employees or employers, or other third persons about whom we need to collect personal information by law, or under the terms of a contract we have with you.
Contact information includes billing address, postal address, email address and telephone numbers (these details may relate to your work or to you personally, depending on the nature of our relationship with you or the company that you work for).
Data Breach means unauthorised access, modification, use, disclosure, loss, or other misuse of personal information held by us.
Financial information includes bank account and other payment method details. Frostbland means Frostbland Pty Ltd Pty (ABN 72 000 082 217) trading as SKELP! (collectively referred to as “SKELP!”, “SKELP”, “SKELP! Haircare”) of Leppington Industrial Park - Unit 1B & 1C, 198-224 Ingleburn Road, Leppington NSW 2179 Australia .
Identity information includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, your job function, your employer or department.
Marketing and Communications information includes your preferences in receiving marketing from us and your communication preferences. This may include information about events to which you or your colleagues are invited, and your personal information and preferences to the extent that this information is relevant to organising and managing those events (for example, your dietary requirements).
Platforms means all or any of the relevant platforms, electronic interfaces and websites that are owned, provided and/or operated from time to time by us (including but not limited to the Website), regardless of how those websites are accessed by users (including via the internet, mobile phone, mobile applications or any other device or other means).
Privacy Act means the Privacy Act 1988 (Cth) as amended from time to time.
Privacy Policy means this privacy policy as amended from time to time.
Products means natural cosmetics, beauty supply & personal care products, and any other goods advertised on our Website from time to time.
Profile information includes your username and password, your interests, preferences, feedback, survey responses and all other information you provide through your use of the Products and Services, or otherwise through your contact or correspondence with us.
Related Bodies Corporate has the meaning given to that term in section 50 of the Corporations Act 2001 (Cth).
Services includes marketing and distribution services, and other services advertised on our Website from time to time.
Technical information includes (as relevant):
(a) The Internet protocol (IP) address or MAC address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
(b) Information about your visit to our Website, such as the full Uniform Resource Locators (URL), clickstream to, through and from our Website (including date and time), services viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from a page, any phone number used to call our central switchboard number, and direct dials or social media handles used to connect with our fee earners or other employees; and
(c) Location data which we may collect through our website and which provides your real-time location in order to provide location services (where requested or agreed to by you) to deliver content or other services that are dependent on knowing where you are. This information may also be collected in combination with an identifier associated with your device to enable us to recognise your mobile browser or device when you return to the website/App. Delivery of location services will involve reference to one or more of the following:
- the coordinates (latitude/longitude) of your location;
- look-up of your country of location by reference to your IP address against public sources; and/or
- your Identifier for Advertisers (IFA) code for your Apple device, or the Android ID for your Android device, or a similar device identifier. See our cookie policy for more information on the use of cookies and device identifiers on the website/Apps.
Third Party means any party other than Frostbland and its Related Bodies Corporate.
Third Party Service Provider means any third-party service provider engaged by us to perform functions or provide Products and Services on our behalf.
Transaction information includes details about payments to and from you and other associated information.
Website means www.skelp.com.au and any other websites established and used by us from time to time.
PERSONAL INFORMATION COLLECTION STATEMENT
1. OUTLINE
This Personal Information Collection Statement, which is subject to the Privacy Act and our Privacy Policy, is intended to notify you about the collection of your personal information by us for the purpose of carrying on one or more of our functions as set out at clause 2. This Personal Information Collection Statement covers all matters required to be covered under APP 5 in relation to the notification of the collection of your personal information.
2. PURPOSE
2.1 Primary and Secondary Purposes. We collect your personal information to lawfully carry out our functions and activities including to:
a) process and deliver Products and Services to you;
b) provide you with information about the Products and Services you requested or inquired about;
c) personalise and customise your experiences with us;
d) help us meet our warranty obligations;
e) help us review, manage and enhance our Products and Services and develop insights used in reports or other content developed by us;
f) communicate with you, including by email, mobile and in-application notifications;
g) to process payments and administer your account, including to send you account related reminders;
h) investigate any complaints about or made by you, or if we have reason to suspect you have breached any relevant terms; or
i) as required or permitted by any law.
2.2 Further information about our purposes for collecting your personal information can be found in our Privacy Policy.
3. WHAT WE COLLECT
Personal information we collect about you may include identification information such as your name, address, email address, phone number(s), financial and payment information, and such other information necessary or convenient for delivering our Products and Services. We also may collect additional information as part of our collection of Identity, Contact, Financial, Transaction, Technical, Marketing and Communications, Client and Profile information used for the Primary and Secondary Purposes.
We typically only collect personal information about you from you. However, if we collect personal information about you from someone other than you, and it would not be reasonable for you to expect us to have collected that personal information, we will take reasonable steps to ensure that you are made aware that we have collected the relevant personal information.
We will only collect, store, use or disclose your sensitive information with your consent.
4. FAILURE TO COLLECT INFORMATION
Consequences. If you do not provide us with the personal information we request, or if that information is incomplete or inaccurate, we may not be able to provide our Products and Services to you.
5. DISCLOSURE
How we disclose. We may disclose personal information and you consent to us disclosing such personal information to:
a) third parties engaged by us to perform functions or provide Products and Services on our behalf;
b) relevant regulatory bodies in the industry in which we or you operate;
c) our professional advisors, including our accountants, auditors and lawyers;
d) our Related Bodies Corporate;
e) persons authorised by you to receive information held by us, including to those individuals that you authorise us to provide information to via the Platforms;
f) a government authority, law enforcement agency, pursuant to a court order or as otherwise required by law; or
g) a party to a transaction involving the sale of our business or its assets.
6. OVERSEAS DISCLOSURE
We may disclose personal information to external service providers located overseas so that they can provide us with services in connection with the operation of our business, such business support services (including the facilitation of correspondence), and data storage as well as to our authorised distributors located overseas to enable us to provide our Products and Services to you.
7. PRIVACY POLICY
Our Privacy Policy contains further details concerning:
a) information that we collect and the reasons for its collection;
b) overseas disclosure of your personal information;
c) how you may access and correct the personal information we hold about you; and
d) how you may lodge a complaint about a breach of the APPs, and how we will deal with such a complaint.
8. CONTACT
Please forward all correspondence in respect of this Personal Information Collection Statement to:
Privacy Officer
SKELP!
Leppington Industrial Park
Unit 1B & 1C, 198-224 Ingleburn Road
Leppington NSW 2179 Australia
E: info@skelp.com.au
9. INTERPRETATION + DEFINITIONS
Personal pronouns: Except where the context otherwise provides or requires:
a) the terms we, us or our refers to Frostbland trading as SKELP!, SKELP, or SKELP! Haircare; and
b) the terms you or your refers to a user of the Platforms and/or a customer to whom we provide the Products and Services.
Terms italicised and defined in the Privacy Act have the meaning given to them in the Privacy Act.
Defined terms: In this Personal Information Collection Statement unless otherwise provided, the following terms shall have their meaning as specified:
APPs means any of the Australian Privacy Principles set out in Schedule 1 of the Privacy Act.
Client information has the meaning given to that term in our Privacy Policy.
Contact information has the meaning given to that term in our Privacy Policy.
Financial information has the meaning given to that term in our Privacy Policy.
Identity information has the meaning given to that term in our Privacy Policy.
Marketing and Communications information has the meaning given to that term in our Privacy Policy.
Platforms means all or any of the relevant platforms, electronic interfaces and websites that are owned, provided and/or operated from time to time by us (including but not limited to the Website), regardless of how those websites are accessed by users (including via the internet, mobile phone, mobile applications or any other device or other means).
Personal Information Collection Statement means this personal information collection statement.
Primary and Secondary Purposes means any of the primary and secondary purposes listed at clause 2.1.
Privacy Act means the Privacy Act 1988 (Cth) as amended from time to time.
Privacy Policy means our privacy policy as amended from time to time.
Products include natural cosmetics, beauty supply & personal care products, and any other goods advertised on our Website from time to time.
Profile information has the meaning given to that term in our Privacy Policy.
Related Bodies Corporate has the meaning given to that term in section 50 of the Corporations Act 2001 (Cth).
Services includes means marketing and distribution services, and other services advertised on our Website from time to time.
Technical has the meaning given to that term in our Privacy Policy.
Transaction information has the meaning given to that term in our Privacy Policy.
Website means https://skelp.com.au and any other websites established and used by us from time to time.