Last updated - May, 2020
In the course of carrying out our activities Ben Buckler Eyewear Pty Ltd (ACN 155 832 241), Bailey Nelson Chadstone Pty Ltd (ACN 600 068 540), Bailey Nelson New Zealand Limited (company number 5654131), Bailey Nelson Inc (business number 737004697) and Bailey Nelson UK Limited (company number 10757573) (separately and/or collectively referred to as ‘we’ in this policy) trading as Bailey Nelson will collect, store, use and disclose personal information. We are committed to the protection of your personal information and to being in compliance with privacy law.
Personal information and sensitive information
Personal information is information or an opinion about an identified or reasonably identifiable individual, whether or not the information or opinion is true and whether or not the information is recorded in a material form. Sensitive information is personal information that includes information about a person’s health (among other things).
Types of personal information we collect and hold
We collect and hold personal information about individuals for the provision of our products and services and purposes connected to those products and services.
Consistent with the provision of our products and services, the types of personal information we may collect and hold include:
- Your identity and contact details - includes your name, date of birth, gender, email address, home postal address, delivery address (if different), and your contact telephone numbers;
- Your payment details - your bank details and payment card details. Please note payment transactions are encrypted by the acquiring bank so we will not retain any payment card details submitted by you;
- Your profile data - if you register a customer account, this includes the profile you create to identify yourself when connecting to our website and apps (including your username and password) and other data about purchases and your personal preferences;
- Other information – we may collect insurance information, Medicare information, text of communications gathered in the course of our interaction with you on live-chat, social media and emails, and other information from your interactions with us online, including IP address, URL’s, search histories and other associated information.
We may also collect and hold sensitive information from you. The types of sensitive information we might collect includes prescription information, retinal imagery, medical histories, appointment information, family health histories and medicine regimes.
The basis for our processing of your personal information under the General Data Protection Regulation (GDPR) is with your consent and to enable us to perform the contract with you related to the services you have asked us to provide. If you don’t provide us with personal information we are unlikely to be able to provide you with our services.
How we collect and hold personal information
We may collect personal information in the course of providing our products and services, from our website, via our clients who pass on your information or third party agents, or directly from you.
Personal information is held securely, is subject to various security protections and is held only for as long as the information remains relevant to the purpose for which it was collected.
We take reasonable steps to ensure the security and integrity of the personal information we collect in store, use and disclose including restricted server access, encryption and other industry standard security protocols like use of firewalls and complex password protection.
Purposes for which we hold, use and disclose information
We will not use or disclose personal information for any secondary purpose, unless that secondary purpose is related to the primary purpose for which we have collected that information, and you would reasonably expect the disclosure in the circumstances, or unless you consent to that use or disclosure.
For the purposes of the GDPR we are a data processor and a data controller.
The purposes for which we hold, use and disclose and process information include:
- conducting our business which includes providing our services, or the services of a third party, to you;
- maintaining the safety and security of our operations (e.g. electronic and other security monitoring, maintaining management records);
- to communicate information about our products and services or third party products or services that may be of interest to you;
- for our internal administrative, research, planning, marketing and development purposes; and
- for our regulatory and legal compliance, including without limitation compliance with our licensing obligations.
We may also disclose personal information to third party technology partners, including but not limited to Shopify, Autopilot, Klaviyo, Amazon Web Services, Facebook, Google and other marketing service providers.
Access and correction
We will take all reasonable steps to ensure any personal data we collect, use or disclose is up to date and accurate. If you believe personal information we hold about you is not up to date or accurate, you may ask us to correct it.
You may ask us to provide you with details of the personal information we hold about you, and copies of that information. We will respond to your request and attempt to provide you with the data within 30 days of receipt of your request.
If we provide you with copies of the information you have requested, we may charge you a reasonable fee to cover the administrative costs of providing you with that information.
Please direct all requests for access and correction to email@example.com.
Some other rights in relation to your privacy
Some individuals also have a right, in certain circumstances, to have the information held about them erased. You can talk to us further about this at firstname.lastname@example.org.
You can also request that we restrict or suspend the processing of your personal information. If you do so, note that we will then be most likely unable to provide the services to you.
The GDPR also provides that in some circumstances individuals have a right to data portability, to withdraw their consent at any time, to object to data processing and to object to processing of data for marketing purposes.
Relevant to the GDPR, in order to provide our services to you, we may disclose the information which we process to countries outside the European Economic Area (EEA). Regardless of the location of our processing, we will impose adequate data protection safeguards and implement appropriate measures to ensure that your personal data is protected in accordance with applicable data protection laws.
In relation to our Australian operations:
We may, in the course of providing products and services, disclose personal information to overseas entities including by utilising overseas data servers to process information.
Those overseas entities are likely to be located in the following countries: UK, Thailand.
Changes to this policy
If you consider a breach of the Privacy Act 1988 (Cth) has occurred, you may direct your query to our Privacy Officer and we will attempt to resolve your complaint.
Bailey Nelson’s Privacy Officer
Level 5, 104 Commonwealth St
If you do not consider our response satisfactory, you may contact the Australian Privacy Commissioner at its website www.oaic.giv.au or by telephone on 1300 363 992 or you can contact another appropriate supervisory authority. For EU individuals, you can contact the European Data Protection Supervisor.U