Nad's Privacy Policy

SI&D (Aust) Pty Ltd (ACN 116 591 925)
trading as
‘Sue Ismiel & Daughters’

Nad's is committed to safeguarding your privacy online. Please read the following policy to understand how your personal information will be treated as you make full use of our many offerings.

1. About this policy

SI&D (Aust) Pty Ltd (ACN 116 591 925) t/as Sue Ismiel & Daughters and related entities (collectively referred to as “SI&D” “we”, “us” or “our”) are committed to protecting the privacy of personal information in accordance with Australian privacy laws.

Our Privacy Policy sets out how we and our related entities collect, use, disclose and manage your personal information. Our related entities include:

• Nad’s Pty Ltd (ABN 56 121 427 969);
• N-Hance Pty Ltd (ABN 85 107 028 660).

Our Privacy Policy also complies with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) as amended from time to time (‘Privacy Act’).

2. Consent

When you engage us to provide you with any goods or services, apply or complete, communicate with us through email, by telephone, in writing, participate in any of our promotional activities, or use any of our other services, including our websites and our Nad’s Laser Clinics you agree to the use and disclosure of your personal information in the manner described in this policy.

Where applicable we may require you to confirm your express, explicit consent when collecting your personal information for the purposes of compliance with the Privacy Act and the regulations set out in the General Data Protection Regulation (EU) ('GDPR').

We may, from time to time, review and update this Privacy Policy so please check our website periodically to stay informed of any updates. All personal information collected and held by us will be governed by the most recently updated Privacy Policy.

3. Types of personal information we collect

The kinds of personal information we may collect from you will depend on what type of interaction you have with us. Personal information we may collect from you includes, among other things:

• identity particulars - such as your name, address, date of birth, occupation, telephone numbers, e-mail address and hobbies and interests;
• health information including current and past medical history (as per paragraph 13);
• personal information you provide to us when you participate in a promotion, competition, promotional activity, survey, market research, subscribe to our mailing list or interact or follow any of our social media pages like Facebook, Twitter and Instagram;
• your, bank, credit or debit account details when you make a purchase;
• your records of communication with us;
• if you visit our website, your website usage information such as your IP address.

4. The purpose for collecting your personal information

We will generally only collect and use your personal information for the primary purposes of:

• our general business operations;
• effectively providing you with our goods and services;
• communicating with you;
• responding to your enquires or complaints;
• meeting our legal and regulatory obligations, particularly regarding the collection of health information;
• conducting, improving and developing a relationship with you;
• direct marketing (such as providing you with information about our products and/or services and promotional notices and offers); and
• conducting business on our website and improving our websites.

Your personal information is only collected by lawful and fair means; and where practicable, only from you or from a person acting or authorised to act on your behalf.

Where you have applied for commercial credit account with us, we may also make enquiries in respect of commercial credit with third parties with your consent. This could include persons nominated by you as trade references, credit reporting bodies (‘CRBs’) and your bankers.

We will take reasonable steps to ensure that you are aware of:

• the likely use of the information;
• the right of access to the information;
• the identity and contact details of our employee/representative collecting your personal information;
• any law requiring collection of the information; and
• the main consequences of failure to provide your personal information.

5. How we may use and disclose your personal information

We may use your personal information for:

• the primary purposes for which it was collected, such as those described above;
• administering and responding to your enquiry or feedback about our products and/or services;
• conducting, and allowing you to participate in, a promotion, competition, promotional activity, survey, market research or customer behavioural activity;
• promoting and marketing our current and future products and services to you, informing you of upcoming events and special promotions and offers and analysing our products and services so as to improve and develop new products and services (but giving you the opportunity to opt out of such direct marketing)’ or
• improving the operation of our websites.

We may disclose personal information we collect from you:

to our related companies, suppliers, consultants, contractors or agents for the primary proposes for which it was collected or for other purposes directly related to the purpose for which the personal information is collected. For example, your name and telephone number may be disclosed to our supplier to enable that supplier to respond to your request for information about a particular product and/or service;

• for direct marketing by, but giving you the opportunity to opt out of such direct marketing; We will include our contact details in any direct marketing.
• to relevant Federal, State, Territory medical, health and safety authorities (as required);
• where the law requires or authorises us to do so;
• to others that you have been informed of at the time any personal information is collected from you;
• with your consent (express or implied) to others.

Where the Privacy Act permits us to do so, we may also disclose your credit related information (in respect of commercial credit) to CRBs such as Veda or Dunn & Bradstreet, if you apply for commercial credit or request to increase in your commercial credit limit with us.

Where we collect information that we are likely to disclose to a CRB, please note:

• the CRBs may include that information in reports provided to us to assist us to assess your creditworthiness;
• if you fail to meet payment obligations in relation to commercial credit or commit a serious credit infringement, we may be entitled to disclose this to the CRB;
• if you are an individual you may access information from us in accordance with this privacy policy and may access this information for the purpose of requesting us to correct the information or make a complaint to us.

We do not disclose your personal information for any secondary purposes unless your consent has been given or as required by law, and we will not sell or license any personal information that we collect from you.

6. How your personal information is stored and secured

We take reasonable steps to protect your personal information from loss, misuse or unauthorised access by restricting access to the information in electronic format and by appropriate physical and communications security.

If a substantial data breach has or may have occurred (for example, your personal information was shared with unauthorised persons) we will notify you as soon as is practicable.

We only keep your personal information for as long as it is required for the purpose for which it was collected or as otherwise required by law. We will take appropriate measures to destroy or permanently de-identity your personal information if we no longer need to retain it. These measures may vary depending on the type of information concerned, the way it was collected and how it was stored.

7. What do we do if there is a data breach?

In the event of a data breach, such as the unauthorised loss, use or disclosure of personal information, we will assess and respond in line with our applicable policies and procedures, which incorporate the requirements contained in the Privacy Act.

Pursuant to our obligations under the Privacy Act, we will notify you where your personal information is involved in an eligible data breach that is likely to result in serious harm. Such notification will also include making recommendations about the steps you should take in response to the breach. Where required by law, the Australian Privacy and Information Commissioner will also be notified of eligible data breach.

8. Using our Website and Cookies

As with most websites, when you visit our websites or use an application on our websites, we may record anonymous information such as IP address, time, date, referring URL, pages accessed, and documents downloaded type of browser and operating system.

We also use “cookies”. A cookie is a small file that stays on your computer until, depending on whether it is a sessional or persistent cookie, you turn your computer off or it expires. Cookies may collect and store your personal information. They allow us to track usage patterns and to compile data that can assist us improve our content, products, services and target advertising. If you do not want information collected through the use of cookies, your browser may allow you to deny or accept the cookie feature. You may adjust your internet browser to disable cookies. If cookies are disabled you may still use our websites, but the websites may be limited in the use of some of the features.

Our websites may contain links to or from other websites. We are not responsible for the privacy practices of other websites. This privacy policy applies only to the information we collect on our websites. We encourage you to read the privacy policies of other websites you link to from our websites.

9. Marketing and Opting-Out

We may use your personal information for:

• promoting and marketing of our current and future products and services;
• informing you of upcoming events and special promotions and offers; and
• analysing our products and services so as to improve and develop new products and services.

We may exchange your personal information between our related entities and so they can also assist in the marketing of our products and services to you.

We will only offer you products or services, where we reasonably believe that they could be of interest or benefit to you.

At the point we collect information from you, you may be asked to “opt in” to consent to us using or disclosing your personal information. You will generally be given the opportunity to “opt out” from receiving marketing communications from us. You may “opt out” from receiving these communications by clicking on an unsubscribe link at the end of an email or by contacting us with this request.

10. Cross boarder disclosure

Your personal information may also be processed by, or disclosed to employees, representatives, or other third parties operating outside of Australia who work for, or are engaged by us in other countries. For example, we engage an organisation located overseas to assist us conduct internal business audit, which may include the disclosure of your personal information.

We will take reasonable steps, in the circumstances, before your personal information is disclosed to an overseas recipient, to ensure that the overseas recipient does not breach privacy laws in relation to your personal information (‘the reasonable steps’).

The reasonable steps may not apply if you consent to the disclosure of your personal information to an overseas recipient and we reasonably believe that the overseas receipt is subject to laws that are suitability similar to privacy laws in Australia.

If you consent to the disclosure of your personal information to an overseas recipient, the overseas recipient may not be accountable under the Privacy Act, and you will not be able to seek redress for breaches under the Privacy Act.

11. GDRP Applicability

Data Subject Rights

Where applicable under the GDPR, and in addition to the rights set out above, you have the following rights regarding your personal information stored with us:

• the right to object to your personal information being processed;
• the right to data portability of your personal information;
• the right to complain or query how we process your personal information;
• the right to object to automated decision making using your personal information; and;
• the right to have your personal information forgotten by us.

Data Controller and Data Processor

• You acknowledge that when using our website, you will be deemed to be the data controller in relation to any personal information that you collect and store and will be responsible for how such personal
• You must ensure that you obtain consent and provide notice to any persons as required under the relevant privacy legislation in relation to the collection, storages and use of their personal information.
• When you use our website, we act as a data processor only in relation to personal information and data entered, collected and stored by you. We will only access your data in accordance with written instructions given by you, or unless required to do so by the Privacy Act or GDPR.

12. Accurate and up-to-date information

We take reasonable steps to ensure your personal information is accurate, up-to-date and not misleading by updating records whenever true and correct changes to the data come to our attention.

If you believe your information is incorrect, incomplete or not current, you can request that we update this information by contacting our Privacy Officer. To contact our Privacy Officer please see contact details below in paragraph 18.

We will correct information we hold about you if we discover, or you are able to show to a reasonable standard, the information is incorrect. If you seek correction and we disagree that the information is incorrect, we will provide you with reasons for taking that view.

We disregard information that seems likely to be inaccurate or out-of-date by reason of the time that has elapsed since it was collected or by reason of any other information in our possession.

13. Access to your personal information

We acknowledge that you have a general right of access to information concerning you, and to have inaccurate information corrected. You are able to access the personal information we hold about you by contacting our Privacy Officer.

To contact our Privacy Officer please see contact details below. If you make an access request, we may ask you to verify your identity and put your request in writing for security reasons. We may charge a reasonable administration fee to cover the costs of meeting your request.

14. Dealing with unsolicited information

We take all reasonable steps to ensure that all unsolicited information is destroyed immediately.

15. Anonymity when dealing with us

Only where it practicable to do so, we may allow you the option not to identify yourself when dealing with us.

16. Collecting sensitive information

We may, from time to time, collect sensitive information in the form of your health information or information regarding your ethnicity. This is permitted by law in instances where such collection is reasonably necessary for our business functions and activities (such as ensuring the right laser treatment is provided) and your consent is first obtained. Additionally, your health information or any other sensitive information will not be used for any secondary purposes unless your consent has been given or as required by law.

17. Government identifiers

We do not use government identifiers (e.g. tax file numbers or Medicare numbers) to identify individuals.

18. Complaints and disputes

If you have reason to believe that we have not complied with our obligations relating to your personal information under this Privacy Policy or under the Privacy Act, please refer any compliant to our Privacy Officer (details below).

We will ensure your compliant is handled by our Privacy Officer in an appropriate and reasonable manner. Were necessary we may consult with our related entities and partners in order to deal with your complaint. A written notice of our decision regarding your complaint will be provided to you. If you are not satisfied with the outcome, then you may contact the Office of the Australian Privacy Commissioner:

Office of the Australian Information Commissioner
Website: www.oaic.gov.au
Phone: 1300 363 992

19. Who should you contact for further information?

Please refer any queries or complaints about our Privacy Policy or privacy issues to our:

Privacy Officer
SI&D (Aust) Pty Ltd
Suite 402, Lakeside Corporate Centre
29-31 Solent Circuit
Norwest NSW 2153
Phone: 612 88509444
Email: customerservice@sueanddaughters.com

Our Privacy Officer will consider your question or complaint and respond to you in a reasonable timeframe.

Updated 7 August 2019