Privacy Policy
Last updated 1 May 2020
Lashia Australia Pty Ltd ABN 32612290249 (Lashia or We/Us) values your privacy. Lashia is committed to protecting your personal data.
The following Privacy Policy (the Policy) will outline the ways in which Lashia may collect, hold, use and disclose personal information and your rights in relation to the personal information that We hold about you.
By using our website, applications, services and purchasing items from Lashia, or otherwise providing Lashia with your information, you consent us to collect, hold, use and disclose your personal information as described in the Policy. Please note that when purchasing a product from our site, you will be directed to lashiamegastore.com.au where a separate Privacy Policy should be referred to.
* I. WHAT PERSONAL DATA DO WE COLLECT?
When you purchase something from the Lashia store, make a booking as a student, model or client, as part of the process, we collect the personal information you give us. The personal data We may collect includes, but is not limited to:
* • contact information, such as:
* o your name;
* o your title;
* o your postal address;
* o email address;
* o phone number(s);
* o social media handles; and
* o other relevant contact information.
* • financial information, such as:
* o payment details;
* o bank account details; and
* o credit/debit card details.
* • technical information, such as information collected from your visits to our website;
* • relevant medical history and data pertaining to eye health and reactions; and
* • personal information provided to us by or on behalf of our customers or generated by us in the course or providing services to them.
We may also collect and hold personal information about our students, clients and models which may be deemed sensitive information under the Privacy Act. However, this information will only be to the extent to which it is relevant to the service we provide or for our general relationship with that individual.
* II. HOW DO WE COLLECT YOUR DATA?
We may collect personal data about you in several methods. These methods include, but not limited to:
* • when you make a purchase from our business;
* • when you browse, make an enquiry or otherwise interact on our website or social media channels;
* • when you make a booking as a student, client or model; or
* • when you offer to provide or provide services to us.
In certain situations, we may collect personal data about you from a third-party source. For example, our website is hosted on wordpress. They provide us with the online platform which allows us to advertise our services to you. Your data is then stored through various third-party data storage, databases and general applications including MailChimp, GetTimely and Acuity Scheduling. They store your data on a secure server behind a firewall.
We also collect device information using “cookies” which are data files that are placed on your device or computer and often include an anonymous unique identifier. “Log files” track actions occurring on our website and collect data including your IP address, browser type, internet service provider, referring/exit pages and date/time stamps. Lastly, “Web Beacons”, “Tags” and “Pixels” are electronic files used to record information about how you browse the Site. For more information about cookies and how to disable them, visit: http://allaboutcookies.org
Please note that your transaction data is stored only as long as it is necessary to complete your purchase transaction. Purchases are made on PayPal, Debit Success or Stripe’s platform where payment details are encrypted and secure through third party gateway. In some instances, purchases can also be made over the phone or in person where transaction information will also never be stored but is encrypted and secure.
* III. HOW DO WE PROTECT PERSONAL INFORMATION?
We will take reasonable steps to protect the security of all personal information. Our team is required to respect the confidentiality of personal information and the privacy of our students, customers, models and clients. We have incorporated reasonable steps to protect personal information held from misuse and loss and from unauthorised access, modification or disclosure. For example, restricting access of electronic records to only appropriate staff members. Should we no longer require your personal information we will take reasonable steps to remove it.
* IV. HOW DO WE HOLD THE PERSONAL INFORMATION?
We take all reasonable precautions in protecting your personal information when entered into our site.
We may store your confidential information or data through software programs (i.e. Dropbox and Microsoft Outlook, etc.) where your data may be stored in data centres that is located locally in Australia as well as other locations around the globe.
We store personal information in electronic records within our own secure network and through third party data storage providers. Personal information within our network is password protected and access is strictly limited. We take reasonable steps to protect personal information from misuse, interference, loss and unauthorised access.
* V. FOR WHICH PURPOSE DO WE COLLECT, HOLD, USE AND DISCLOSE PERSONAL INFORMATION?
We collect, hold, use and disclose your personal information for a number of reasons. These include, but not limited to:
* • managing our relationship with you, including:
* o providing services;
* o completing and shipping orders;
* o responding to enquiries;
* o managing disclosed health concerns relating to our services; and
* o obtaining payment for our services.
* • meeting legal or other regulatory obligations imposed on us;
* • auditing and managing the usage of our website;
* • to keep our customer details updated;
* • to process and respond to any complaints made by customers;
* • to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or other governmental authority; and
* • to otherwise carry out our functions as an Australian business.
We may also use and/or disclose your personal information for other purposes which you consent to or which are required or permitted by law. This may include for a secondary purpose that is related to the original purpose for which we collected it.
Please note that we use Pixels to cater our advertisement and marketing strategies. This information is collected by third parties such as Facebook and Google.
* VI. WHO DO WE DISCLOSE YOUR INFORMATION TO:
Lashia may share your personal data with third parties in the course of providing our services. These include, but are not limited to:
* • our employees, related entities, contractors or third-party service providers whose services have a connection to the services we provide;
* • any third parties that we engage on your behalf or which you engage directly in connection with the services we are providing to you. These include:
* o postal services;
* o auditors;
* o accountants;
* o legal advisors;
* o third-party experts;
* o suppliers;
* o students;
* o Facebook and Google; and
* o other business consultants or advisors.
* • any legal industry regulatory body in any of the States and Countries that we operate in; and
* • any other organisation or individual for any authorised purpose with your consent.
* VII. PERSONAL DATA ABOUT OTHER PEOPLE WHICH YOU PROVIDE TO US
If you provide personal data to us about a different party you must ensure that you are entitled to disclose that personal data to us. In particular, you must ensure the individual concerned is aware of the various matters detailed in this Privacy Policy, as those matters relate to that individual, including our identity, how to contact us, our purposes of collection, our personal data disclosure practices (including disclosure to overseas recipients), the individual's right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided (such as our inability to provide services).
* VIII. ARE WE LIKELY TO DISCLOSE YOUR PERSONAL INFORMATION OUTSIDE OF AUSTRALIA?
We may disclose personal information to third-party suppliers and service providers located overseas for some of the purposes listed above. This may include countries which do not provide the same level of protection as the laws of your Australia. Lashia will always ensure a level of data protection at least as protective as that required in Australia. We will also require our agents, consultants and sub-contractors and others who are outside Australia and to whom we transfer your personal data to ensure a similar level of data protection.
* IX. WHAT HAPPENS IN THE EVENT YOUR PERSONAL DATA GETS BREACHED?
In the event of a data breach or suspected breach causing serious harm, Lashia will respond as set forth below:
* 1. immediately conduct a thorough investigation to determine whether the breach or the suspected breach likely to cause serious harm to you and customers of our business;
* 2. notify you in a timely manner as to the nature of the breach or suspected breach, what data was or could be compromised, how it may affect you and our recommendations to minimalize further or potential breach (i.e. change of passwords etc);
* 3. immediately conduct a thorough internal investigation together with IT security consultants and provide OAIC and you with a copy of this report;
* 4. pursuant to OAIC’s recommendation and requirements, publish a statement on a public platform (i.e. newspapers, website etc) in regard to the breach and the details thereof if determine to have caused serious harm;
* 5. work closely with our IT security consultants to mitigate or minimalize the breach and its subsequent affects; and
* 6. work closely with out IT security consultants to implement measures in place to ensure similar breaches does not occur in the future.
* X. YOUR RIGHTS
You have several rights in relation to the personal data that we hold about you. These rights are subject to certain exemptions and may differ across the jurisdictions in which Lashia operates.
* a. Request access to the personal data we hold about you
Subject to any applicable exceptions, we will provide you with a copy of your personal data within the timescales set out in relevant legislations.
* b. Right to rectification
If the information we hold about you is inaccurate, you have the right to have this information amended.
* c. Right to remove data
You can ask us to delete or remove your information in certain circumstances. In cases where we are processing your personal data based on our legitimate interests, you can ask us to stop processing your data for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
* d. Right to object
In certain circumstances, you have a right to object to privacy-related actions being carried out by us. Where personal data is being processed for direct marketing purposes, you have a right to object at any time.
* XI. MAKING A PRIVACY-RELATED COMPLAINT
If you would like to complain about a breach of the Australian Privacy Principles, you may contact our Privacy Officer at the details below.
We will respond to complaints within a reasonable period of time (usually 14 days).
If you disagree with our decision, you may refer your complaint to the Office of the Australian Information Commissioner by:
* • visiting: www.oaic.gov.au;
* • calling: 1300 363 992; or
* • by emailing: [email protected].
* XII. PRIVACY OFFICER
If you would like:
* • further information about the methods we manage personal information; or
* • to request access to your personal data; or
* • amend the details of your personal data; or
* • wish to make a complaint,
please contact our Privacy Officer by either:
* • Email: [email protected]
* • Telephone: 0424 036 630
* XIII. MAILING LIST
If you sign up to our mailing list, we may send you emails about our store, new products, sales or any other important information we believe you should know.
If after opt-in you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at [email protected]
* XIV. UPDATES TO THIS POLICY
This Privacy Policy was last updated in November 2019. We reserve the right to update and change this Privacy Policy from time to time to reflect any changes in the way we process your personal data or to meet changing legal requirements. We may notify you about changes to this Privacy Policy by posting an updated version on our website. We encourage you to check our website occasionally to ensure you are familiar with our latest Privacy Policy.
QUESTIONS AND CONTACT INFORMATION
If you would like to access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information, contact us at [email protected].