RATIONALE Skincare Pty Ltd ABN 54 070 218 012 and its related corporations (RATIONALE, we, us or our) respect your privacy and we are committed to handling your personal information in accordance with our obligations with the Australian Privacy Principles under the Privacy Act 1988 (Cth) (‘Privacy Act’) and other relevant laws, including where applicable the Singapore Personal Data Protection Act (No 26 of 2012) (‘Singapore PDPA’), the Personal Data (Privacy) Ordinance of Hong Kong, the EU General Data Protection Regulation (‘GDPR’), the GDPR as it forms part of the Laws of the UK by virtue of Section 3 of the UK European Union (Withdrawal) Act 2018 ('UK GDPR'), the California Consumer Privacy Act of 2018 ('CCPA') and the US Privacy Act of 1974. Please refer to Appendix 1 for additional information where the UK or EU data protection laws apply (e.g. if you are a UK/EU resident). 

This Privacy Policy applies to the RATIONALE products, services and website(s) that we provide to you and if you work for us or apply for an employment position with us (see section 9 below), and explains how and why we collect, use, disclose, store and otherwise process your personal information. Subject to your rights at law, the prevailing terms of this Privacy Policy may be updated from time to time on our website. 

This Privacy Policy supplements but does not supersede nor replace any other consents you may have previously provided to us in respect of your personal information, and the provisions herein are cumulative and additional to any rights which we may have at law to collect, use, disclose and/or process your personal information. This Privacy Policy does not affect any rights which we may have at law in connection with the collection, use, disclosure and/or processing of your personal information. 

1. THE PERSONAL INFORMATION THAT WE COLLECT 

As used in this Privacy Policy, 'personal information' means all data that falls within the definition of personal information, personal data, personally identifiable information, health information or similar language under the any applicable law relating to the protection, privacy and security, collection, use, disclosure and/or processing of those types of information.   

The types of personal information that we collect and hold about you could include: 

Identification and Contact Information, such as your name, title, postal or email address, telephone numbers, date of birth, age, sex, gender, pronouns, social media handles and proof of identity (e.g. driver’s licence, passport, social security/national ID details). 

Financial Information, such as your credit card number, payment details and bank account details; 

Communications and Activity Information – information about your communications, activity and interactions with us or relating to us, including about your purchases on the RATIONALE website and in our stores (‘Flagships’), and your usage of our websites, online services, social media profiles and IT resources; 

Skin Care Information – information (including sensitive or "special category" information) relevant to your skin care, including skin type, images of your face and skin, skin sensitivity, the colour of your skin, eyes and hair, health conditions, medication, DNA cheek swab tests and results, lifestyle information (e.g. smoking and use of solariums), ethnic heritage and family history;  

Information about Your Preferences, Opinions and Needs relevant to us and our business; and 

Additional Personal Information that you choose to tell us that we consider is reasonably necessary to perform our business functions and activities. 

2. HOW WE COLLECT YOUR PERSONAL INFORMATION 

We collect personal information about you via a variety of ways, this includes when you fill out a form with us or submit an application, when you visit or submit information through our website, when you purchase a product or service from us or one of our stockists, when someone makes a purchase (e.g. a gift card) for you, from third parties (such as those described in section 3) and from publicly available sources (such as social media channels). 

We may also collect personal information: 

from records of activities and communications, including monitoring records like CCTV, site access, telephone records and use of our website and IT resources; and 

by creating new information such as analysis, commentary, reports and reviews. 

If you provide incomplete or inaccurate information or do not want to provide your personal information to us, we may not be able to provide you with the product or service that you want, or, personalise your experience with us. 

Where you provide us with personal information about someone else you must have their consent to provide it to us based on this Privacy Policy. 

3. HOW WE USE, DISCLOSE AND OTHERWISE PROCESS YOUR PERSONAL INFORMATION 

We collect, store, use, disclose and/or process personal information for purposes including to:  

provide, review and improve our products and services; 

understand your preferences and needs; 

communicate with you; 

provide advertising and promotions; 

customise your experience with us (including on our website and social media channels);  

maintain and update our records;  

verify your identity and information; 

facilitate business transfers, e.g. any sale or potential sale of our business; 

protect the safety and security of our customers, staff, sites, systems and assets; 

detect, investigate and deal with fraud and unlawful activity; 

manage claims, complaints and investigations; 

protect, exercise and defend our legal rights; and 

comply with our legal obligations – e.g. under surveillance devices acts and similar laws which deal with when and how surveillance can be conducted.   

See Appendix 1 for further details regarding the particular legal bases that we rely on under UK and EU law for the processing of personal information. 

The types of third parties with which we share personal information include our agents, related companies, RATIONALE group companies, government agencies, business partners, parties (including professional advisers) involved in business transfers, suppliers and third party service providers such as providers of website, delivery, payment, data management, legal, accounting, investigation, marketing, advertising, e-commerce, social media and insurance services.  

We also exchange personal information (including sensitive or "special category" information information such as DNA cheek swab tests, with your consent or in accordance with applicable law), with our third party service provider SkinDNA as part of providing the RATIONALE Platinum Consultation, The Platinum Experience and The Platinum Facial in our Flagships.   

Some of the third parties we disclose personal information to may be located in USA, Denmark, Australia, UK, EU and other countries. We are usually required by applicable laws to take steps to ensure we only disclose personal information to other countries where it is safe or reasonable to do so. Those steps may include: 

Confirming that the recipient is subject to laws or a binding scheme which offer similar protection for personal information, including where those laws or scheme have been assessed as providing sufficient protection under applicable law. 

Contractual clauses with the with the recipient, including standard contractual clauses approved under applicable law, where relevant. 

Obtaining your consent. 

Ensuring another applicable exception applies (e.g. public interest, legal claims, fulfilling a contract with you or benefitting you). 

If you consent to us processing your personal information, you may withdraw your consent by contacting us at the details below. We must then cease any processing that relied on your consent. 

4. QUALITY OF YOUR PERSONAL INFORMATION 

We aim to ensure that your personal information is accurate, complete and up to date. If you believe that the information we have about you is not accurate, complete or up-to-date, please contact us at the details below and we will use all reasonable efforts to correct the information. 

5. HOW WE KEEP YOUR INFORMATION SECURE 

We take the protection of your personal information seriously and have implemented a range of measures designed to protect that information from loss, misuse and interference, from unauthorised access, collection, use, copying, disposal, modification or disclosure, and from similar risks and from the loss of any storage medium or device on which personal information is stored. Depending on the circumstances, those measures include electronic access controls, premises security and network firewalls.   

We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of our service providers.   

6.  RETENTION OF YOUR PERSONAL INFORMATION 

We will retain any personal information for as long as is reasonably necessary, having regard to the purpose for which it was obtained and other permitted purposes.  Our data retention period will be determined by a number of factors, including your interactions with us and any applicable legal or tax obligations. After the lawful retention period has expired, we will take appropriate steps in accordance with the applicable legal obligations, to securely destroy or de-identify the information. 

7. VISITING OUR WEBSITE 

Cookies and similar technologies 

When you visit RATIONALE’s website, we may collect information such as your IP address, the date and time of your visit, the number of pages that you viewed, navigation patterns, what country you visited from, what system you used to access the website, and, when entering our website from an external website, the address of that website through the use of 'cookies'. This information on its own does not identify an individual but it does provide RATIONALE with statistics that we can use to analyse and improve our website.   

A 'cookie' is a small packet of information that allows the server (the computer that houses the website) to identify and interact more effectively with your device. When you use our website, we send you cookies that serve the following purposes: 

To maintain security, e.g. in relation to online checkout and payments. 

To store your preferences, e.g. in relation to region. 

To remember you when you return to the website. 

To enable functionality, such as shopping carts and chat sessions. 

For relevant advertising, e.g. to ensure that ads appear properly, to reduce repetition of ads and to display and tailor ads based on your interests. 

For analytics to help us understand how users engage with our website and promotional communications.   

These cookies may be set by us or by our service providers such as providers of e-commerce, social media, marketing and analytics services. 

We and our service providers may also use other technologies similar to cookies, such as web beacons (also known as pixel tags and clear GIFs), for similar purposes to those described above. 

You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Please refer to your browser instructions or help screens to learn more about these functions. Our order entry system does require cookies during the order entry process; however, it does not use the information once the order is complete. At the end of your interaction with our website, you can have your device ensure that the cookie is deleted. This means it no longer exists on your device and can’t be used for further identification or access to your device. 

Online service providers   

We also use third parties for the provision of online services such as personalised advertising and website analytics, to collect anonymous internet usage data and for social media engagement. These third parties may use cookies and other tracking technologies, such as web beacons on our website in connection with the online services that they provide. For example, with personalised advertising, we can customise the delivery and content of our ads on third party websites and online services for people who have previously visited our websites (this is also known as retargeting) so that we can serve advertisements and content that we think may be of relevance to you. Advertisements or content may also be targeted to users based on location (identified via an IP address), gender, age and interests. No personal information will be collected on these occasions. These third parties may also transfer this information to other parties including where they are required to do so by law, or where such other parties process the information on their behalf. 

We may use Google services such as Google Analytics and Google Ads from time to time to provide the services set out above. For more information about how Google collects and processes data, including information on how to opt-out of certain conduct, please see Google’s privacy policy and their information at www.google.com/policies/privacy/partners/. There are also opt-out facilities which cover multiple online services, such as https://optout.aboutads.info/ and https://optout.networkadvertising.org/.   

RATIONALE partners with Rakuten Advertising, who may collect personal information when you interact with our digital property, including IP addresses, digital identifiers, information about your web browsing and app usage and how you interact with our properties and ads for a variety of purposes, such as personalisation of offers or advertisements, analytics about how you engage with websites or ads and other commercial purposes. For more information about the collection, use, and sale of your personal information and your rights, please use the below links here: https://rakutenadvertising.com/legal-notices/services-privacy-policy/ and here: https://rakutenadvertising.com/legal-notices/services-privacy-rights-request-form/. 

If you visit our website via an external website, or click on a link on the RATIONALE website to other websites, please be aware that we are not responsible for the privacy practices of these other websites. This Privacy Policy applies only to personal information that we collect from you as set out here. We encourage you to be aware of the privacy practices and privacy policies of these third party websites. 

8. HOW WE MARKET OUR PRODUCT AND SERVICES TO YOU 

You may be a subscriber to our newsletters and we may send you information on promotions, product updates and general RATIONALE news. If you decide you no longer wish to receive communication from us, you can opt-out of receiving them by following the instructions included in every newsletter or communication, by unchecking the newsletter subscription box in your RATIONALE online account, or by contacting customer service at consultant@rationale.com or writing to us at the address in the ‘Contact Us’ section below: 

9. ADDITIONAL INFORMATION FOR STAFF AND JOB APPLICANTS 

Job applicants   

If you apply for a position with us, we may also collect the information necessary to manage and consider your application including your resume, employment history, qualifications, experience, screening checks (including references and police or other background checks) and interview notes.   

We collect, use and disclose your personal information to assess your job application, conduct screening checks and consider and contact you regarding other positions. We may exchange your personal information with academic institutions, recruiters, screening check providers, professional and trade associations, law enforcement agencies, referees and your current and previous employers. Without your personal information we may not be able to progress considering you for positions with us. 

Staff 

This section applies to our current and former employees and contractors in addition to the job applicants’ section above.   

We may collect information relating to your current or former employment or engagement including information about your training, disciplining, resignation, termination, terms and conditions, emergency contact details, performance, conduct, use of our IT resources, payroll matters, union or professional/trade association membership, recreation, leave and taxation, banking or superannuation affairs. We are required or authorised to collect your personal information under various laws including, in Australia, the Fair Work Act, Superannuation Guarantee (Administration) Act, Income Tax Assessment Act, Taxation Administration Act, occupational health and safety acts, public health acts, workplace surveillance acts and workers compensation acts.   

We collect, use and disclose your personal information for purposes relating to your employment or engagement with us including engagement, training, disciplining, payroll, superannuation/pension or applicable funds, health and safety, administration, insurance and staff management purposes. We may exchange your personal information with your representatives (including unions) and our service providers including providers of payroll, banking, staff benefits, surveillance and training services. Without your personal information we may not be able to effectively manage your employment or engagement. 

10. CHANGES TO THIS PRIVACY POLICY   

We may make changes to this Privacy Policy from time to time for any reason. We will publish those changes on our website. The Privacy Policy was last updated on September 19th 2022. 

11. YOUR PRIVACY RIGHTS 

Many privacy and data protection laws give individuals various rights in respect of their personal information and its processing. Depending on which laws apply, those rights may include: 

To access your personal information. 

To update or correct your personal information. 

To erase your personal information. 

To be informed about the personal information we collect and how it is processed. 

To object to our processing of your personal information. 

To restrict our handling of your personal information. 

To withdraw consent you have previously provided in relation to our processing of your personal information. 

To transfer your personal information to another party nominated by you. 

To enquire about exercising any of these rights, please submit a request by contacting us at the details provided below. Please provide as much detail as you can with your request (e.g. details about the particular information you are enquiring about), in order to help us process your request. We may need to verify your identity. Where we decline a request, we will generally let you know the legal basis for doing so. 

You also have the right to to complain about your privacy and personal information to a relevant data protection authority in certain circumstances, for example: 

• Australia: www.oaic.gov.au  
• Singapore: www.pdpc.gov.sg  
• UK: www.ico.co.uk  
• EU: edpb.europa.eu/about-edpb/about-edpb/members_en   

12. CONTACT US 

If you have a query or complaint about how we handle your personal information, would like to withdraw a consent you have given to any processing of your personal information, or have any requests, issues or concerns regarding your personal information or any aspect of this Privacy Policy, then please contact us on the details provided below. We may request additional details from you regarding your concerns, and may need to engage or consult with other parties in order to investigate and deal with your issue. We will keep records of your request and any resolution. 

RATIONALE Skincare Pty Ltd 

Att: Privacy Officer 

PO Box 188 

Clifton Hill 3068 

Victoria, Australia 

dataprivacyofficer@rationale.com