Privacy Policy

Makeup Cartel Pty Ltd (ABN 48 165 704 932) owns and operates the esmi skin minerals websites www.esmi.com.au and www.esmiskin.com (Website or Websites). Makeup Cartel Pty Ltd (ABN 48 165 704 932) (we, us or our) are committed to protecting the privacy of your personal information.

Personal information is information that identifies, you or information by which your identity can be ascertained and may include an opinion about you (Personal Information).

We collect, use, store, manage and disclose all Personal Information in accordance with this Privacy Policy and otherwise with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act), the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

We have appointed a Data Protection/Privacy Officer who is responsible for answering questions in relation to this Privacy Policy. If you have questions or concerns regarding this Privacy Policy, you should contact Makeup Cartel’s Data Protection/Privacy Officer at hello@esmiskin.com

This Privacy Policy contains the following sections:

1. ABOUT THIS PRIVACY POLICY

2. WHAT KIND OF PERSONAL INFORMATION DO WE COLLECT AND HOLD?
     2.1 General
     2.2 Sensitive Information

3. HOW DO WE COLLECT PERSONAL INFORMATION?
     3.1 Personal Information
     3.2 Billing Information
     3.3 Choosing not to Disclose Personal Information
     3.4 When you Browse our Website
     3.5 Cookies
     3.6 Other Social Platforms
     3.7 Children

4. HOW WE USE YOUR PERSONAL INFORMATION?
     4.1 General
     4.2 Direct Marketing
     4.3 Polls and Surveys
     4.4. Rate and Review

5. HOW YOUR PERSONAL INFORMATION MAY BE DISCLOSED?
     5.1 Business Associates and Contractors
     5.2 Statistical Data
     5.3 Permitted Disclosures by Law
     5.4 Links to Other Sites or Social Platforms

6. SECURITY

7. HOW TO ACCESS AND AMEND PERSONAL INFORMATION YOU PROVIDE

8. TRANSFER OVERSEAS

9. UK and EU RESIDENTS

10. CALIFORNIA RESIDENTS

11. CONTACT US

 

1. ABOUT THIS PRIVACY POLICY


This Privacy Policy explains how we collect, use, manage and disclose Personal Information and how you can contact us if you have queries about our management of your Personal Information.

This Privacy Policy applies to all Personal Information submitted to or collected by us through the use of our Website or social media sites, or where you otherwise contact or interact with us through other forms of communication.

By submitting personal information to us (including via our website or social media sites or purchasing and using our goods and services), you accept the terms of this Privacy Policy, and consent to our use, collection, disclosure and retention of Personal Information as described in this Privacy Policy. If you do not agree to any provisions in this Privacy Policy, please do not use this Website or otherwise disclose any Personal Information to us. You are welcome to print this Privacy Policy.

This Privacy Policy may be updated or revised from time to time. Changes to this Privacy Policy will be published by posting an updated Privacy Policy on our website. If we make material changes to our Privacy Policy we will notify you by email or by means of a notice on our homepage. You should review our Privacy Policy regularly to ensure you are familiar with any changes. If you do not agree with the changes to our Privacy Policy, please notify us immediately in writing. Unless we hear from you, or if you continue to use our services, website or social media sites, you are taken to have accepted the changes to our Privacy Policy.

This Privacy Policy was last updated on 2 March 2021.

 

2. WHAT KIND OF PERSONAL INFORMATION DO WE COLLECT AND HOLD?


2.1 General
As part of offering our products and services to you, it is likely that we will collect Personal Information about you. This may include:

- Identity Data which includes your first and last name, username, screen name, marital status, title, date of birth and gender;
- Contact Data which includes your billing address, residential address, delivery address, email address and telephone numbers;
- Financial Data which includes payment, PayPal, AfterPay, credit card or debit card details;
- Transaction Data which includes details about payments to and from you, shopping habits and preferences and products you have purchased from us; and
- Other Data which includes further information, instruction or comments you provide to us directly or indirectly including through our representatives or our website or social media sites, including via transactions, customer surveys or customer feedback.

2.2 Sensitive Information
We do not generally collect “sensitive information” as defined by the Privacy Act (such as information about ethnic origin, religious or political views, health information, tax file numbers etc) from you. If you voluntarily submit sensitive information to us, you consent to our collection of such sensitive information and we will only use or disclose such information: for the purpose for which it was provided or another directly related purpose; or as allowed by law.

 

3. HOW DO WE COLLECT PERSONAL INFORMATION?


3.1 Personal Information

We may collect Personal Information via a variety of avenues, including when you:

- speak to one of our representatives, either by telephone, email or online communication;
- create a customer account with us as a registered customer on our Website;
- purchase products and/or services from us;
- request a refund, repair or return of our products;
- access or use our website or social media sites;
- use the “Skin Advice Service” on our website or via other methods or platforms;
- participate in surveys;
- enter a promotion with us;
- subscribe to our mailing lists; or- submit a job application or accept employment with us.

We may also collect your Personal Information from third parties, including (but is not limited to):

- analytics providers such as Google;
- search information providers such as Google and Bing;
- contact, financial and transaction data from providers of technical, payment and delivery services such as Braintree, PayPal and Afterpay;
- Identity and contact data from publicly available sources;
- where you have agreed with them that your information may be disclosed to us, and with whom we have business relationships;
- law enforcement agencies and other government entities;
- from someone duly authorised to act on your behalf;
- your referees and/or previous employers, where you have applied for employment with us.

Your personal information will only be collected from third parties if it unreasonable or impractical to collect that personal information from you directly. If and when we do collect personal information from third parties, we will take reasonable steps in the circumstances to inform you of this collection and obtain your consent.

We may also collect certain non-personal information when you visit or use our Website, for example, through the use of cookies (see below), or online analytic tools such as Google Analytics, Facebook or AdRoll Pixels. This information may include the location from which you have come to the site and pages you have visited, technical data, including your IP address, the types of devices you are using to access the website, device attributes, operating system, internet browser and language. This information is collected in aggregate and you cannot be individually identified using this tracking information.

3.2 Billing Information

We use a third party payment processor (such as PayPal or AfterPay) to collect payments made by you on the website to us. In these situations, we do not have access to the credit card or billing information provided by customers to our third party payment processor (such as PayPal or AfterPay). If you are directed to our third party payment processor’s site, you may be subject to terms and conditions governing use of that third party’s service and that third party’s collection and disclosure practices in relation to personal information. Please review such terms and conditions and the third party’s privacy policy before using their services.

3.3 Choosing not to Disclose Personal Information

You have the option of not disclosing Personal Information to us or to use a pseudonym when dealing with us in relation to a particular matter. If you choose to withhold any Personal Information, we may not be able to provide you with part or all of our products or services or resolve a particular matter raised by you.

3.4 When you Browse our Website

When you only browse our website, we do not collect your Personal Information. Our internet service provider makes a record of your visit and records non-personal information such as your server address; your internet protocol address; the pages you accessed and documents downloaded; the previous site you visited; and the type of browser being used. This information assists us to analyse web traffic and improve your site navigation experience.

We do not identify you or your browsing activities except, in the event of an investigation, where a law enforcement agency may exercise a warrant or other such power to inspect the internet service provider's logs.

3.5 Cookies

We may also obtain anonymous information from our website or social media sites using a technology called “cookies”. Cookies are small text files which are transferred to the hard drive of your computer to provide additional functionality to our website and to help us analyse usage of our website or social media sites. Cookies can identify your web browser but not you. If you wish, you can disable your web browser from accepting cookies. If you disable cookies, you will still be able to access our website and social media sites but may not be able to access all of our services.

Additionally, your visits may be associated with location-based information:

(i) you manually provide;

(ii) derived from the IP address of your computer;

(iii) where you have accessed our website from your mobile device, GPS information where that has been enabled on your device; or

(iv) the proximity of your laptop computer, mobile wireless device, personal digital assistant, personal communication system, or other communications device (your Personal Communication Device) to the nearest radio tower or cell site. This information includes when your Personal Communication Device is activated as well as when and how you are using it. We may collect such data to verify the information you provide to us manually and to provide you with location-based content. We may also associate it with your existing personal information solely for our internal use in order to improve your experience with us.

We may also use third-party companies to serve ads and marketing content to you and to measure how relevant this content is to you. These companies may use cookies and other tracking tools on our websites and third-party websites to present personalized advertisements and other messages that may be of interest to you.

You can generally opt-out of receiving personalized ads from third party advertisers and ad networks who are members of the Network Advertising Initiative (NAI) or who follow the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioural Advertising by visiting the opt-out pages on the NAI website and DAA website. Our websites are not currently set up to respond to browser do-not-track signals, but you can configure your browser settings to reject all cookies or prompt you before a cookie is set.

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

- Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.

- Disclosure of Your Information for Third-Party Advertising. If you do not want us to share your personal information with unaffiliated or non-agent third parties for promotional purposes, you can opt-out by checking the relevant box located on the form on which we collect your data (the order form/registration form). You can also always opt-out by logging into the Website and adjusting your user preferences in your account profile, checking or unchecking the relevant boxes, or by sending us an email with your request to hello@esmiskin.com.

- Promotional Offers from the Company. If you do not wish to have your email address/contact information used by the Company to promote our own or third parties' products or services, you can opt-out by checking the relevant box located on the form on which we collect your data (the order form/registration form) or at any other time by logging into the Website and adjusting your user preferences in your account profile by checking or unchecking the relevant boxes or by sending us an email stating your request to hello@esmiskin.com. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. This opt-out does not apply to information provided to the Company as a result of a product purchase, warranty registration, product service experience or other transactions.

Targeted Advertising. To opt out of targeted advertising, some available third-party opt-out tools include: the Digital Advertising Alliance, the Network Advertising Initiative, and the European Interactive Digital Advertising Alliance (Europe only). On ads served to you, click the logo of the provider (eg: AdChoices) positioned with the ad to learn more about interest-based advertising, who served the ad, and manage your ad options.

We do not control third parties' collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt-out of receiving targeted ads from members of the NAI on the NAI's website.

3.6 Other Social Platforms

There may also be occasions when we collect Personal Information (to the extent it is available) from publicly available sources, including other social media platforms such as Facebook, Twitter, LinkedIn or Instagram.

If you engage or contact us on one of our social media platforms or otherwise direct us to communicate or engage with you via social media, you agree to allow us to receive information (which may include Personal Information) from our social media platforms. You also allow us to receive information about your visits and interaction with the sites and services of any of our third party partners that include our cookies and similar technologies unless you opt-out.

3.7 Children

We are committed to protecting the privacy of children and we encourage parents and guardians to take an active role in their children’s online activities and interests. This Website is designed and intended for use by people aged 18 and over. Access to certain parts of the website and/or eligibility to receive prizes, samples or other rewards may be limited to users aged 18 or over. Although we are not responsible for determining the age of our users, we may carry out verification checks. If we discover that we have inadvertently collected any Personal Information from a child under the age of 18 we will delete that Personal Information as soon as possible and may disable that individual’s access to the Website. A parent or legal guardian can notify us of an inadvertent collection of Personal Information from a child under the age of 18 and request that we remove such information by sending an email to or by contacting us at the contact information below. Any such request must contain the child’s name and email address so we can locate such child’s Personal Information.

 

4. HOW WE USE YOUR PERSONAL INFORMATION?


4.1 General

We collect, hold and use your Personal Information to:

- create orders and complete sales transactions;
- provide you with products and services and information about products and services, including the “Skin Advice Service”;
- deliver or manage any of our loyalty programs or customer relationship management systems;
- respond to your queries and requests, to resolve complaints and to respond to social media;
- keep a record of our dealings with you and enable us to contact you when necessary;
- help us tailor existing, or develop new, products, services or offers;
- promote and market our products and services inducing direct marketing and send you information about areas of specific interest;
- protect the security of our staff, customers, suppliers and merchandisers;
- recruit new staff (where applicable);
- achieve other purposes explained at the time of collection or submission.
- profiling and automated decision making;
- to prevent fraud and/or identify and investigate suspicious use of our Website;
- for any other purpose to allow us to comply with our obligations under law; and
- for any other purposes that would reasonably be expected by you.

4.2 Direct Marketing

By supplying us with your Personal Information, you give us permission to use your Personal Information to contact you to inform you about products and services we think would be of particular interest to you, including from other businesses operated by us. This may include contacting you through direct marketing, events and competitions, public relations and social media. This permission is not limited in time unless you choose to opt-out by contacting us using the contact information provided in this Privacy Policy, or by utilising an ‘unsubscribe’ facility on a communication we send to you in which case we will take steps to ensure you do not receive any such direct marketing information in future.

When visiting the Website, third parties may place cookies on your browser for targeted advertising purposes. To opt-out of targeted advertising, some available third-party opt-out tools include: the Digital Advertising Alliance, the Network Advertising Initiative, and the European Interactive Digital Advertising Alliance (Europe only). On ads served to you, click the logo of the provider (e.g.: AdChoices) positioned with the ad to learn more about interest-based advertising, who served the ad, and manage your ad options. You can also opt-out of seeing personalised ads using the NAI opt-out tool here.

- GetEmails: https://app.getemails.com/optout
- Digital Advertising Alliance: http://www.aboutads.info/
- Network Advertising Initiative: http://optout.networkadvertising.org/?c=1
- European Interactive Digital Advertising Alliance (Europe only): http:/www.youronlinechoices.com/
- NAI Out: http://optout.networkadvertising.org/?c=1

4.3 Polls and Surveys

We or third parties may contact you in relation to your participation in polls and surveys, deliver incentives to you to participate in such surveys or polls, or target advertisements to you based on your answers to the poll. We may share the aggregated demographic information in these polls and surveys with our sponsors, advertisers and partners. If, however, we conduct a poll or survey and wish to disclose your Personal Information to any third party, we will first explicitly seek your consent to do so. If a third party conducts a poll or survey and receives your Personal Information, then your Personal Information will be used and disclosed in accordance with the privacy policy of that third party.

4.4 Rate and Review

If you submit a review, rating or comments in relation to our products and services, you agree that we may publish part or all of your review, rating or comments together with your first name.

 

5. HOW YOUR PERSONAL INFORMATION MAY BE DISCLOSED?


We do not sell, rent, lease or provide your Personal Information to other entities unless outlined in this Privacy Policy. We may disclose your Personal Information where you have consented or when disclosure is necessary to achieve the purpose for which it was submitted (as outlined above). In addition, we may receive and disclose Personal Information from or to other businesses operated by us.

5.1 Business Associates and Contractors

We may disclose your Personal Information to third party organisations that carry out functions on our behalf, or assist us to deliver our services, such as our business associates, contractors, agents or service providers. These third parties may change from time to time. Some examples include:

- carefully selected suppliers and other third parties with whom we have commercial relationships, for business, marketing and related purposes;
- couriers and freight suppliers for delivering relevant products to you;
- financial services providers, such as our banks or third party suppliers for securing payment of the products or services we provided to you, such as PayPal, AfterPay and, where applicable, debt collectors;
- technology service providers, such as internet service providers, database management services, data storage providers, website hosting companies, website developers and digital mail providers who send communications on our behalf;
- sponsors or organisations that partner with us; and
- our professional advisers, accountants, lawyers and auditors.

We may combine personal information we receive about you, with other information we hold about you, including information received from third parties and publicly available information.

We will not use or disclose health information for any purpose other than the purpose for which you provided it to us, or complying with our regulatory and legal reporting obligations.

You agree that third parties which receive Personal Information from us may use and disclose the Personal Information subject to their respective privacy policies.

We endeavour to take reasonable steps to enter into agreements with third parties that collect, store, disclose and retain Personal Information in accordance and require all third parties to respect the security of your personal information and treat it in accordance with the law, we do not allow our third party service providers to use your personal information for their own purposes and only permit them to process it for specified purposes in accordance with our instructions.

5.2 Statistical Data

From time to time, we may provide third parties with information in the form of statistical representations about our customers collectively and for the purpose of statistical analysis. Where we provide such information to third parties for this limited statistical purpose, we will not provide Personal Information in such a way that your identity may be obtained.

5.3 Permitted Disclosures by Law

We may also release your Personal Information under the following circumstances:

- when required to do so by a court or under applicable laws or regulation (for example, a subpoena) or where requested by a government agency;
- where we consider a company or an individual may be engaged in fraudulent activity or other deceptive practices that a governmental agency should be made aware of; or
- to appropriate persons, where your communication suggests possible harm to others.

5.4 Links to Other Sites or Social Platforms

We may provide links to third party websites within our website and social media sites. These linked sites are not under our control, and we do not accept responsibility for the conduct of companies the websites of which are linked to the Website. Before disclosing your Personal Information to any third parties on such websites, we advise you to examine the terms and conditions of using that website and its privacy statement.

UK, EU and California residents may have additional personal information rights and choices. Please see UK and EU Residents and California Residents sections below for more information.

 

6. SECURITY


The security of your Personal Information is of utmost importance to us. We take such steps as are reasonable in the circumstances to maintain the integrity and store securely your personal information to protect it from interference, misuse and loss and from unauthorised use, access, modification or disclosure.

These measures include:

- instructing our staff and advisers who handle personal information to respect the confidentiality of customer information and the privacy of individuals;
- implementing procedures and installing equipment to safeguard your information; and
- continually reviewing privacy procedures and arrangements to ensure we are doing all that we can reasonably and technically feasible at the time.

We store Personal Information in either electronic or hard copy form or other formats. Since no system is 100% secure or error-free, we cannot guarantee that your Personal Information is totally protected, for example, from hackers or misuse. Except to the extent that liability cannot be excluded or limited due to applicable law, we assume no liability or responsibility for disclosure of your Personal Information due to unauthorised third party access, errors in transmission or other causes beyond our control.

If you enter or upload Personal Information on our website, you should exercise due care to safeguard any passwords and usernames created by you.

We will take reasonable steps to destroy or permanently de-identify any Personal Information from our records and systems which is no longer required by us. We may retain your Personal Information even after you have completed your transactions with us if retention is reasonably necessary to comply with our legal obligations, meet legal, financial, taxation and regulatory requirements, resolve disputes, prevent fraud or abuse or enforce this Privacy Policy and our terms and conditions. We may retain Personal Information for a limited period of time, if requested by law enforcement.

Please contact us immediately if you become aware or have reason to believe that there has been any unauthorised use of your personal information held by us.

 

7. HOW TO ACCESS AND AMEND PERSONAL INFORMATION YOU PROVIDE


We strive to keep your Personal Information accurate, up to date and complete. Our policy enables you to find out what information we hold about you and correct that information if it is wrong.

If you become aware that any Personal Information we hold about you is incorrect or out of date, or if you no longer desire our products or services, please let us know immediately.

You may correct, update or delete your personal information by logging into your account or you deactivate your account by emailing us at or by contacting our Data Protection/Privacy Officer using the contact details below.

We will be happy to accept updated Personal Information in writing from the owner of that information at any time. However, in order to protect your privacy and security, we will take reasonable steps to verify your identity before granting you access or enabling you to make corrections of your Personal Information. Except where the Privacy Act, GDPR or other applicable legislation provides otherwise, we reserve the right to recover any reasonable costs involved in providing extensive access to Personal Information, for example the cost of supplying information held in archives.

Our objective is to respond to any request to access personal information within a reasonable timeframe and no later than thirty (30) days. We will endeavour to inform you if this timeframe is not achievable.

In some circumstances, we may not be in a position to grant access to your Personal Information, such circumstances include where:

- providing access is likely to pose a serious threat to the safety of an individual or the public;
- providing access is likely to unreasonably impact on the privacy of others;
- the request for access is frivolous or vexatious;
- providing access would reveal information which relates to existing or anticipated legal proceedings or otherwise impact on any negotiations;
- providing access is unlawful (including being unlawful as directed by a court or tribunal order) or is likely to impact on actions being taken in relation to alleged unlawful activities relating to our functions and activities; or
- granting access would impact on a commercially sensitive decision-making process.

UK, EU and California residents may have additional personal information rights and choices. Please see UK and EU Residents and California Residents sections below for more information.

 

8. TRANSFER OVERSEAS


We may disclose your personal information to our, third party service providers who provide services to us including data warehousing, credit card processing and e-commerce services, mailing and logistics services or other recipients located in countries including but not limited to Australia and/or the United States.

We ensure that your personal information is protected by requiring all our group companies to follow the same rules when processing your personal data.

If you are a UK or EU resident, you should be aware that many countries do not afford the same legal protections to personal information as countries within the EEA. Transfers will be made in accordance with the applicable legislation and we will take all necessary measures to ensure that third parties involved will provide an adequate level of protection. Any future hosting/processing organisation that we use in relation to this website will be required to do the same.

By disclosing personal information to us, you acknowledge and consent to these potential transfers.

 

9. UK and EU RESIDENTS


If you are a UK or EU resident, under the European Union (EU) General Data Protection Regulation (GDPR), as a data subject you have the right to:

- request access your data;
- request to have your data corrected where it is inaccurate;
- request restriction of processing;
- withdraw consent to having your data processed;
- request to have your data erased;
- have your data provided in a standard format so that it can be transferred elsewhere;
- request the transfer of your data to a third party (data portability); and
- not be subject to a decision based solely on automated processing.

(Data Subject Rights).

We have processes in place to deal with Data Subject Rights requests. Our actions and responsibilities will depend on whether we are the controller or processer of the personal data at issue. Depending on our role as either a controller or processor, the process for enabling Data Subject Rights may differ, and are always subject to applicable law. Please refer to the contact Details section of this policy if you would like to make a Data Subject Rights request OR have a specific need for assistance with a Data Subject Rights request.

 

10. CALIFORNIA RESIDENTS


If you are a resident of California, the processing of your Personal Information by us is likely to be subject to the California Consumer Privacy Act (CCPA) which provides you with certain enhanced privacy rights which should be read in conjunction with this Privacy Policy.

As a resident of California, the CCPA says that you have the right:

- to know what Personal Information has been collected, used, and disclosed by us over the prior 12 months.
- to delete Personal Information held by us, subject to certain exceptions.
- to opt-out of sale of Personal Information. Consumers are able to direct a business that sells Personal Information to stop selling that information. Children under the age of 16 must provide opt-in consent, with a parent or guardian consenting for children under 13.
- to non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA.
- we do not sell Personal Information of customers to third parties. We do permit third parties to collect information for the business purposes described in this Privacy Policy.

California's "Shine the Light" law (Civil Code Section § 1798.83) also permits California residents to request certain information regarding our disclosure of their Personal Information to third parties for their direct marketing purposes.

To exercise one of the above rights or to find out further information about how we handle your personal information, please contact the Data Protection/Privacy Officer via email hello@esmiskin.com using the email subject line ‘California Resident Privacy Request’.

 

11. CONTACT US


If you have any questions about our Privacy Policy, or have a problem or complaint, please let us know. We will respond to a complaint as soon as possible, but within 10 working days, to let you know who is responsible for managing your complaint. We will also try to resolve the complaint within 30 days. When this is not possible, we will endeavour to contact you within that time to let you know how long it will take to resolve the complaint.

Our contact details are:

Data Protection/Privacy Officer
Makeup Cartel Pty Ltd (operating the Website)
Address: 17 Strathaird Road Bundall QLD 4217
Phone: (+61) 414 964 907
E-mail: hello@esmiskin.com

If you believe we have not adequately dealt with your complaint, you may complain to:

Australian residents: the Privacy Commissioner, whose contact details are found on their website http://www.oaic.gov.au/

UK or EU Residents: the Information Commissioner's Office (ICO) either through their website: http://ico.org.uk/ or through the ICO telephone helpline: 0303 123 1113.