In the course of carrying out our activities Ben Buckler Eyewear Pty Ltd (ACN 155 832 241), Bailey Nelson Australia Franchising Pty Ltd (ACN 620 658 568)., Bailey Nelson New Zealand Limited (company number 5654131), Bailey Nelson High Street Limited (company number 9429046446756), Bailey Nelson Inc (business number 737004697) and each of their subsidiaries and related bodies corporate together with companies who are franchisees of Bailey Nelson (separately and/or collectively referred to as ‘we’ in this policy) trading as Bailey Nelson will collect, store, use and disclose personal information. We are committed to the protection of your personal information and to being in compliance with privacy law.
Personal information and sensitive information
Personal information is information or an opinion about an identified or reasonably identifiable individual, whether or not the information or opinion is true and whether or not the information is recorded in a material form. Sensitive information is personal information that includes information about a person’s health (among other things).
Types of personal information we collect and hold
We collect and hold personal information about individuals for the provision of our products and services and purposes connected to those products and services.
Consistent with the provision of our products and services, the types of personal information we may collect and hold include:
We may also collect and hold sensitive information from you. The types of sensitive information we might collect includes prescription information, retinal imagery, medical histories, appointment information, family health histories and medicine regimes.
The basis for our processing of your personal information under the General Data Protection Regulation (GDPR) is with your consent and to enable us to perform the contract with you related to the services you have asked us to provide. If you don’t provide us with personal information we are unlikely to be able to provide you with our services.
How we collect and hold personal information
We may collect personal information in the course of providing our products and services, from our website using cookies (data files placed on your device or computer) and other similar technologies, via our clients who pass on your information or third party agents, or directly from you.
Personal information is held securely, is subject to various security protections and is held only for as long as the information remains relevant to the purpose for which it was collected.
We take reasonable steps to ensure the security and integrity of the personal information we collect in store, use and disclose including restricted server access, encryption and other industry standard security protocols like use of firewalls and complex password protection.
Purposes for which we hold, use and disclose information
We will not use or disclose personal information for any secondary purpose, unless that secondary purpose is related to the primary purpose for which we have collected that information, and you would reasonably expect the disclosure in the circumstances, or unless you consent to that use or disclosure.
For the purposes of the GDPR we are a data processor and a data controller.
The purposes for which we hold, use and disclose and process information include:
We may also disclose personal information to Bailey Nelson group companies, companies who are franchisees of Bailey Nelson and to third party technology, marketing and analytics partners and service providers, including but not limited to Shopify and Microsoft Azure.
Access and correction
We will take all reasonable steps to ensure any personal data we collect, use or disclose is up to date and accurate. If you believe personal information we hold about you is not up to date or accurate, you may ask us to correct it.
You may ask us to provide you with details of the personal information we hold about you, and copies of that information. We will respond to your request and attempt to provide you with the data within 30 days of receipt of your request.
If we provide you with copies of the information you have requested, we may charge you a reasonable fee to cover the administrative costs of providing you with that information.
Please direct all requests for access and correction to firstname.lastname@example.org.
Some other rights in relation to your privacy
Some individuals also have a right, in certain circumstances, to have the information held about them erased. You can talk to us further about this at email@example.com.
You can also request that we restrict or suspend the processing of your personal information. If you do so, note that we will then be most likely unable to provide the services to you.
The GDPR also provides that in some circumstances individuals have a right to data portability, to withdraw their consent at any time, to object to data processing and to object to processing of data for marketing purposes.
Relevant to the GDPR, in order to provide our services to you, we may disclose the information which we process to countries outside the European Economic Area (EEA). Regardless of the location of our processing, we will impose adequate data protection safeguards and implement appropriate measures to ensure that your personal data is protected in accordance with applicable data protection laws.
In relation to our Australian operations:
We may, in the course of providing products and services, disclose personal information to overseas entities including by utilising overseas data servers to process information.
Those overseas entities are likely to be located in the following countries: UK, Thailand.
Changes to this policy
If you consider a breach of the Privacy Act 1988 (Cth) has occurred, you may direct your query to our Privacy Officer and we will attempt to resolve your complaint.
Bailey Nelson’s Privacy Officer
SE1201, Level 12, 100 William St
If you do not consider our response satisfactory, you may contact the Australian Privacy Commissioner at its website www.oaic.giv.au or by telephone on 1300 363 992 or you can contact another appropriate supervisory authority. For EU individuals, you can contact the European Data Protection Supervisor.U