Privacy Policy

1. Warm Welcome from LA CLINICA FOR SKIN & BODY

    Welcome to LA CLINICA FOR SKIN & BODY (La Clinica) and thank you for visiting us! We provide cosmeceutical skin care products and treatments.

    We wrote this Privacy Policy to give you a better understanding of how we collect, use, disclose and store your personal information.  Please read it carefully as it gives you an understanding of our privacy practices.

    By accessing or using La Clinica, you agree to be bound by our Terms and Conditions and this Privacy Policy.

    2. Introduction

    In this Privacy Policy, “our” “we” or “us” means Personal Care Innovations Pty Ltd (ACN 626 391 071) - the owner and operator of La Clinica, and its related bodies corporate.

    We are committed to protecting your privacy through compliance with the Privacy Act 1988 (Cth) (“Privacy Act”), the Australian Privacy Principles (“APP”) and any other privacy laws applicable to our platform.

    We are committed to protecting your privacy through compliance with the Privacy Act 1988 (Cth) (“Privacy Act”), the Australian Privacy Principles (“APP”), the General Data Protection Regulation (“GDPR”) and any other privacy laws applicable to our platform.

    Where our platform contains links to third-party websites, these sites are not governed by this Policy. We are not responsible for their operation and their privacy practices so please check those.

    If you link your social media accounts from other third party services to La Clinica, we may also get information from those accounts. The information we get from those services depends on your settings and their privacy policies, so please check what those are.

    3. Types of Data and Information We Collect

    3.1 Personal Information

    We collect personal information from our visitors and members to provide you with a personalised, insightful and rewarding experience.

    ‘Personal information’ when used in this Privacy Policy has the meaning given to it in the Privacy Act but it generally means any information that can be used to personally identify you.  When you sign up for or use La Clinica, the type of personal information we collect includes your name, contact information including email address, demographic information such as postcode, preferences and interests and other information relevant to customer surveys and/or offers.

    Your personal information will only be used and stored for the primary purpose for which it was collected and not for any other purpose, unless you would reasonably expect us to use or disclose the information for a secondary purpose or your consent has been obtained to use the information for additional purposes under clause 4 of this Policy.

    3.2 Log Data

    When you use our platform, our servers record information including information that your browser automatically sends whenever you visit a website, or that your mobile app automatically sends when you’re using it (“log data”). This log data includes device identifiers, device type, geo-location information, connection information, statistics on page views, traffic to and from our platform, mobile network information, time, date, referring URL, the type of operating system and browser, ad data, IP address, server address, date and time of your visit to La Clinica, information of documents you download, pages visited, search terms, cookie information, and standard web log data.

    The log data may be processed for the purposes of operating our platform, providing our services, ensuring our security, maintaining back-ups of our databases and communicating with you.

    3.3 Cookies and Other Similar Technologies

    To capture log data, we may use cookies and similar technologies like pixels, web beacons and local storage to collect and store personal and non-personal information about how you use La Clinica.

    Cookies are files that store information on the device on which you are using or accessing our platform. Cookies also retain your details and preferences, so you can easily continue your browsing session upon return to our platform. If you do not want to activate cookies, you can opt-out of receiving them by amending the settings of your internet browser, although you may find that some parts of our platform will consequently have limited functionality and personalisation if you do so!

    We try our best to handle any information collected by cookies in the same way that we handle other personal information described in this Policy.

    3.4 Third Party Analytics Tools

    Third-party analytics tools collect non-personal information such as how often you visit our platform, the web pages you visit, add-ons, and other analytics data that assists us in improving our services. These tools might include Google Analytics, Google AdWords conversion tracking, Google Tag Manager, or Facebook Ads conversion tracking. Third-party cookies may be placed on your computer by a service provider to us, for example, to help us understand how our platform is being used. Third-party cookies may also be placed on your device by our business partners to advertise the service to you elsewhere on the Internet. We reserve our rights to modify, add or remove any third-party analytics tools. By using La Clinica, you consent to the processing of any non-personal data these tools will collect in the way and for the purposes described above.

    4. Legal Basis of our Data Processing (In Other Words, Why We Collect Your Data)

    We collect, store, use and disclose your personal information through lawful and fair means, so we can perform our business activities. The legal basis for our processing of your personal information and other data is based on:

    • your consent through your voluntary submission of the information and agreeing to these terms or ticking “I agree” button on our platform;
    • the information being necessary for the performance of a contract (being our Terms and Conditions) to which you are a party (primary purpose), including for us to supply the products you have ordered to you;
    • for carrying out pre-contractual measures; and/or
    • any other legitimate interests as detailed in this Privacy Policy.

    By using La Clinica, you provide your consent to us processing your personal information for secondary purposes including (without limitation):

    • for internal operations such as record keeping, database management, data analytics or training;
    • sending you marketing and promotional messages and other information that may be of interest to you;
    • verifying your identity, investigating any complaints related to you, or if we have reason to suspect that you are in breach of any of our Terms And Conditions; and
    • managing, researching and developing our products and services.

    We may also use personal information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate:

    • under applicable law, which may include laws outside your country of residence
    • to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence
    • to protect our rights, privacy, safety, property, or those of other persons.

    5. If You Choose Not to Provide Your Information to Us

    We respect your privacy and personal choice when it comes to your data. You can choose not to provide us with your personal information. However, this may mean that:

    • we will not be able to provide you with our services, or be limited in how we can do so
    • we will not be able to interact with you
    • we may be unable to process and open an account for you
    • we will not be able to properly investigate or resolve any complaint you submit.

    6. Other Ways We Collect, Use and Disclose Your Information

    Use and disclosure of your information will only be made in accordance with APP 6.

    6.1 Collection from Third Parties

    To use your information in accordance with this Policy, we may also collect your personal information from third parties including:

    • service providers
    • credit reporting bodies
    • marketing companies
    • referrals who may have referred you to us
    • organisations with whom we have an agreement to share information for marketing purposes
    6.2 Disclosure of Personal Information

      We take reasonable steps to ensure that personal information is only accessible by people who have a genuine "need to know" as well as "right to know".

      If we disclose your personal information it will only be for the primary purpose for which it was collected or for a related secondary purpose where you would reasonably expect us disclose the information. We may disclose personal information, and you consent to us disclosing your personal information, to the following parties:

      • our employees, related bodies corporate and employees of those entities
      • our business partners
      • third parties, contractors and other suppliers who provide services to us from time to time, including customer enquiries and support services, manufacturing services, shipping and freight services, debt-recovery functions, information technology service providers, marketing and advertising services. These suppliers include (without limitation) Yotpo, Shippit and MailChimp
      • payment systems operators
      • our sponsors or promoters of any competition which we conduct
      • any third parties authorised by you to receive information held by us
      • government, regulatory and law enforcement agencies as required, authorised or permitted by law

      Your personal information may be transferred overseas or stored overseas for a variety of reasons (such as to our data hosting and IT service providers based overseas). If your personal information is sent to a recipient in a country with data protection laws which are at least substantially similar to the APP, and where there are mechanisms available to you to enforce protection of your personal information under that overseas law, we will not be liable for a breach of the APP if your personal information is mishandled in that jurisdiction. If your personal information is transferred to a jurisdiction which does not have data protection laws as comprehensive as Australia's, we will take reasonable steps to secure a contractual commitment from the recipient to handle your information in accordance with the APP.

      Your personal information will not be disclosed to recipients outside Australia unless you expressly request us to do so. If you request us to transfer your personal information to an overseas recipient, the overseas recipient will not be required to comply with the APP and we will not be liable for any mishandling of your information in such circumstances.

      6.3 Automated Individual Decision-Making

      If you reside in the European Union or EFTA States, you shall have the right not to be subject to a decision based solely on automated processing, including profiling, as long as the decision is not necessary for entering into, or the performance of, a contract between us, or is not authorised by Union or Member State law to which we are subject, or is not based on your explicit consent. If you wish to exercise your rights please contact us.

      7. Data Security

      7.1 Anonymity, Destruction and De-identification

      We will allow our users to transact with us anonymously or by using a pseudonym wherever that is lawful and practicable.

      We destroy or permanently de-identify personal information which is no longer needed in accordance with the APP 11, unless we are otherwise required or authorised by law to retain the information for a period of time.

      In some circumstances, we will not attempt to match de-identified or anonymous data collected through surveys or such online devices as "cookies", without your consent. By providing us your personal information, you consent and agree to our cookies-related activities as set out under clause 3.3 of this Policy.

      7.2 Data Quality and Security

      We take reasonable precautions to ensure that the personal information we collect, use, store and disclose is accurate, complete, relevant and up-to-date.  However, the accuracy of that information depends to a large extent on the information users provide. That's why we recommend that you:

      • let us know if there are any errors in your personal information
      • keep us up-to-date with changes to your personal information such as your name or address.

      You may change your personal details by using the relevant facility on our platform or by contacting us (contact details provided in clause 11.

      While we try our best to ensure your personal information is protected from loss, misuse, unauthorised access, modification or disclosure (via measures such as firewalls, data encryption, virus detection methods, and password restricted access), we cannot guarantee the absolute security of your personal information (it’s the Internet after all!). In the event of a data breach, we will attend to the reporting requirements that apply to us. We cannot accept responsibility for the misuse, loss or unauthorised access to, your personal information where the security of information is not within our control.

      7.3 Notifiable Data Breach Scheme (NDBS) and GDPR notification rules

      If you reside in Australia, in the event that there is a data breach and we are required to comply with NDBS of the Privacy Act, we will take all reasonable steps to contain the suspected or known breach where possible and follow the process set out in this clause.

      If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach or sooner if possible. We will follow the guide published by the Office of the Australian Information Commissioner (if any) in making this assessment.  If we reasonably determine that the data breach is not likely to result in serious harm to any individuals involved or any remedial action we take is successful in making serious harm no longer likely, then no notification or statement will be made.

      In the case of a personal information breach that affects an EU citizen, we shall without undue delay and where feasible, not later than 72 hours after having become aware of the breach, notify you and the Information Commissioner’s Office, unless the breach is unlikely to result in a risk to your right and privacy.

      8. Choices You Have About Your Information

      You may contact us or update your settings to correct, delete or update your personal information.  We may, in accordance with the APP, refuse to provide you with access to your personal information if, for instance, granting you such access would have a negative impact on the privacy of another person.

      You can ask us to stop using your information, including when we use your information to send you marketing emails or push notifications.  These communications may be sent in various forms, including mail, over the phone, via SMS or via email, in accordance with applicable marketing laws, such as the Spam Act 2004 (Cth) and the Do Not Call Register Act 2006 (Cth). If you opt out of receiving marketing messages from us, we may still send you newsletters and updates about your account. We only send you marketing material if you've agreed to it, but if you'd rather we don't, you can easily unsubscribe at any time.

      You may have your information, where technically feasible, sent to another organization, where we hold this information with your consent or for the performance of a contract with you.

      We will not normally charge a fee for processing a request unless the request is complex or is resource intensive.  We do, however, reserve the right to charge an administration fee if an individual requests access to their personal information more than once in a 3 month period.

      9. Assignment, Change of Control and Transfer

      All of our rights and obligations under our Privacy Policy are freely assignable by us to any of our affiliates, in connection with a merger, acquisition, restructuring, or sale of assets, or by operation of law or otherwise, and we may transfer your information to any of our affiliates, successor entities, or new owner.



      10. Changes to Our Policy

        We may change this Policy from time to time and if we do, we’ll post any changes on this page. If you continue to use our platform after those changes are in effect, you agree to the new Policy. If the changes are significant, we may provide a more prominent notice or get your consent, as required by law.

        11. Contact Us

          If you have any feedback or questions about this Privacy Policy, any privacy related dealings with us or a possible breach of your privacy or would like further information about our information management practices, you can contact us here:

          Privacy Officer                 

          Personal Care Innovations Pty Ltd

          2/77-89 Remington Drive, Dandenong South, 3175, Australia

          If you wish to raise a concern about our use of your information you have the right to do so with your local supervisory authority, a list of which can be found here.

          © 2020 La Clinica for Skin and Body. ALL RIGHTS RESERVED.

          This Privacy Policy was last updated on 14/12/20