1. INTRODUCTION
1.1 SkinKandy Australia Pty Ltd (ACN 148 135 639) and/or SkinKandy NZ Limited (NZBN 9429051635848) trading as SkinKandy and/or any of its related parties, subsidiaries or franchisees (we, us, our, SkinKandy), are committed to protecting the privacy of Personal Information in accordance with the Privacy Laws.
1.2 Please read this privacy policy carefully as it describes how we collect, use, disclose and otherwise handle your Personal Information in New Zealand and Australia (Privacy Policy). A copy of this policy is available on the Site, or you can request a copy by contacting SkinKandy at the contact details set out below.
1.3 For the purposes of this Privacy Policy:
(a) “Australian PA” means the Australian Privacy Act 1988 (Cth).
(b) “Gift Cards” means a gift card purchased from SkinKandy.
(c) “Goods” means the goods provided by SkinKandy, which may be purchased from our Site and/or Studio.
(d) “Guardian” means a Minor’s parent or legal guardian.
(e) “Member” means a member of the Program.
(f) “Minor” means individuals under 18 years of age if located in Western Australia, or individuals under the age of 16 if located in all other states and territories in Australia, and in New Zealand.
(g) “New Zealand PA” means the New Zealand Privacy Act 1993.
(h) “Personal Information” has the meaning given at section 6(1) of the Australian PA, and 7(1) of the New Zealand PA, and includes the types of personal information described in this Privacy Policy.
(i) “Piercing Consent Form” means the piercing consent form you sign (or if you are a Minor, your Guardian signs), whether completed in paper or digital form, before receiving piercing related Services.
(j) “Privacy Laws” means the New Zealand PA, Australian PA, and any other applicable privacy laws in New Zealand and/or Australia.
(k) “Program” means the loyalty program known as KandyClub.
(l) “Representatives” means all individuals engaged by or associated with SkinKandy including SkinKandy’s directors, employees, subcontractors and agents.
(m) "Services" means the services provided by SkinKandy to you which may include but are not limited to body piercing services, needle-free piercings, dermal insertion, jewellery downsize services, jewellery change-over services, consultations, free re-pierce, and styling/curation services. Services also include any ancillary, promotional, digital, administrative, or membership based services offered by SkinKandy from time to time, including participation in loyalty or membership programs such as the Program, the purchase or redemption of Gift Cards, bookings, events, promotions, and any other services made available by SkinKandy whether via its Site or Studio.
(n) “Site” means the official SkinKandy website (www.skinkandy.com).
(o) “Studio” means any SkinKandy store where the Services are provided to you, and/or where you can purchase Goods.
(p) “you” means any individual about whom we collect Personal Information from.
2. WHAT PERSONAL INFORMATION DOES SKINKANDY COLLECT ABOUT YOU?
2.1 The types of Personal Information SkinKandy may collect depends on the purposes for which it is collected but may include (without limitation) your name, gender, date of birth, photo ID and ID details (for example, drivers licence numbers), occupation, residential address, email address, telephone number and other contact details, previous order information, purchasing preferences, IP address, credit card details, purchasing behaviour, employment history, medical history/health information and other information relating to your work experience.
2.2 SkinKandy will not collect sensitive information which includes medical information, information about racial or ethnic groups or religious beliefs, without your express consent or as otherwise required by the Privacy Laws. The exceptions to this are set out at clauses 2.5(a)(ii) and (c)(iii) below. We will not use sensitive information for marketing purposes.
2.3 When you communicate with us through our social media pages, such as Facebook or Twitter, the social network provider and its partners may collect and hold your Personal Information overseas. You should consult their privacy policy for further information
2.4 You can always decline to give SkinKandy any Personal Information we request, but that may mean we cannot provide you with some or all of the Goods and/or Services you have requested, and/or access the Site. If you have any concerns about Personal Information we have requested, please contact the Privacy Officer at the contact details set out below.
2.5 Without limitation, SkinKandy will collect Personal Information from the following groups or individuals below:
(a) Users and/or Purchasers of Goods and/or Services
(i) SkinKandy collects Personal Information from individuals who enquire about, purchase and/or use our Goods and/or Services. Generally, we will collect this information directly from you.
(ii) Subject to your consent, we may collect sensitive information about you such as information about your health (including any disability or conditions). In limited circumstances as provided by Privacy Laws, SkinKandy may collect sensitive information without your consent if collecting information from your directly is not practicable or would undermine the purpose of collection (for example, if you are injured at a Studio, we may collect health information about you in an emergency).
(b) Members
(i) When you become a Member, a record is made which includes your Personal Information.
(ii) The type of Personal Information that we collect will vary depending on the circumstances of collection, but will typically include the name, e-mail, postal address, telephone number and other contact details of each Member, and any additional Personal Information you provide to us, or authorise us to collect, as part of your interactions with SkinKandy.
(c) Prospective Employees or Applicants
(i) We collect Personal Information when recruiting personnel, such as your name, contact details, qualifications and work history. Generally, we will collect this information directly from you.
(ii) We may also collect Personal Information from third parties in ways which you would expect (for example, from recruitment agencies or referees you have nominated). Before offering you a position, we may collect additional details such as your IRD number and KiwiSaver information and other information necessary to conduct background checks to determine your suitability for certain positions. Subject to your consent, we may also collect sensitive information about you such as information about your health (including any disability), any criminal record, if it is relevant to the role that you are applying for.
(iii) Subject to your consent, we may collect sensitive information about you such as information about your health (including any disability or conditions). In limited circumstances as provided by Privacy Laws, SkinKandy may collect sensitive information without your consent if collecting information from your directly is not practicable or would undermine the purpose of collection (for example, if you are injured at a SkinKandy owned or operated premises, we may collect health information about you in an emergency).
(d) Other Individuals
(i) SkinKandy may collect Personal Information about other individuals who are not clients of SkinKandy. This includes individual service providers and contractors to SkinKandy, and other individuals who interact with SkinKandy on a commercial basis.
(ii) The kinds of Personal Information we collect will depend on the capacity in which you are dealing with SkinKandy. Generally, it would include your name, contact details, and information regarding our interactions and transactions with you.
(e) Visitors on our Site
(i) SkinKandy collects Personal Information when you visit and/or use our Site.
3. HOW DOES SKINKANDY COLLECT PERSONAL INFORMATION?
3.1 Where it is reasonable and practicable to do so, SkinKandy will collect your Personal Information from you. If you are under the age of 18, SkinKandy may collect Personal Information about you from your parent or legal guardian.
3.2 We collect Personal Information in a number of ways including over the phone, digitally, by email, over the internet or in person. We may collect your Personal Information directly from you or in the course of our dealings with you, for example:
(a) information that you provide to us, such as your name;
(b) information when you buy our Goods and/or Services, such as your purchase history;
(c) information that you provide in your Piercing Consent Form when using piercing related Services (including personal information and sensitive information);
(d) information you provide when making an online payment;
(e) when you subscribe to a mailing list or follow our social media pages including Facebook, Twitter and Instagram;
(f) if you use social media, any information that you allow that social media site to share with us;
(g) if you provide feedback and opinions about our Goods and/or Services through any channel;
(h) if you are applying for a position with SkinKandy, we will collect information as outlined in the section above titled “Prospective employees or applicants”;
(i) by accessing our Site via links in an email we have sent and/or by accessing our Site where you have identified yourself, you consent to the collection of such information where it is Personal Information. We may combine your anonymous or personal visitor session information or other information collected through tracking technologies with other Personal Information collected from you from time to time in order to understand and measure your online experiences and to determine what Goods, Services and/promotions likely to be or interest to you; and
(j) information that you provide to us digitally through in-Studio digital devices
3.5 Our Site may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control, endorse or make representations about these third-party sites and you are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy policy of every website you visit. If you choose to give Personal Information to unrelated third parties, it will not be covered by this Privacy Policy.
4. WHY DOES SKINKANDY COLLECT USE, HOLD AND DISCLOSE YOUR PERSONAL INFORMATION?
4.1 We will only collect Personal Information from you that we reasonably require for one or more of our business functions or activities, and will do so in accordance with this Privacy Policy and Privacy Laws.
(a) respond to requests for information and other general inquiries or complaints;
(b) create and update your account, including your Member account or any other SkinKandy account;
(c) verify your identity;
(d) to assist us in providing Goods and/or Services to you;
(e) processing orders you place with us via the Site or a Studio, providing you with our Goods and processing refunds where applicable;
(f) perform internal operations necessary to provide our Goods and/or Services, including to troubleshoot software bugs and operational problems, to conduct data analysis, testing, and research, and to monitor and analyse usage and activity trends;
(g) features to personalise your experience on our SkinKandy platforms, including the Site;
(h) to identify Goods and/or Services that may be of interest to you;
(i) facilitating our internal business operations, including fulfilment of any legal and regulatory requirements;
(j) informing you of our activities, events, facilities and services; and
(k) recruitment processes (including for volunteers, internships and work experience).
4.3 When we collect your Personal Information, your Personal Information will only be used or disclosed for the primary purpose for which it was collected, a related secondary purpose, in accordance with any express consent you give SkinKandy or as otherwise lawfully required (for example where your Personal Information is requested by a law enforcement agency).
4.4 If you use Facebook, we may use your email address in an encrypted format to match with your Facebook profile so that we can provide you with personalised advertising on Facebook. This is subject to the privacy settings you have chosen on Facebook.
5. WHO DOES SKINKANDY DISCLOSE YOUR PERSONAL INFORMATION TO?
5.2 We may also disclose the Personal Information to third parties where this is relevant to our primary purpose, including but not limited to mailing houses and data entry providers. These third parties include contractors and service providers used for payment services, data processing, data analysis, information technology services and support, Site maintenance/development, printing, archiving, and mail-outs.
5.3 Third parties to whom we have disclosed your Personal Information may contact you directly to let you know they have collected your Personal Information and to give you information about their privacy policies.
5.4 We will also disclose your Personal Information if required by law or other reason in accordance with the Privacy Laws.
6.1 SkinKandy will, wherever it is lawful and practicable, provide individuals with the opportunity of remaining anonymous or using a pseudonym in their dealings with us (for example, when making a general enquiry) by contacting the Privacy Officer using the contact details set out below.
6.2 In some instances this may prevent us from being able to provide you with Goods and Services, for example where you place an order for Goods online.
7.1 SkinKandy stores information in paper-based files, on the cloud or through other electronic record keeping methods in secure databases (including trusted third party storage providers based in New Zealand and overseas).
7.2 Personal Information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed).
7.3 We take reasonable steps to protect your Personal Information from misuse, interference and loss and from unauthorised access, modification or disclosure.
7.4 SkinKandy maintains physical security over paper and electronic data stores, such as through locks and security systems at our premises. We also maintain computer and network security, for example, we use firewalls (security measures for the internet), encryption and other security systems such as user identifiers, restricted user permissions and passwords to control access to our computer systems.
7.5 We only keep your information for as long as it is required for the purpose for which it was collected or as otherwise required by law, including specific retention requirements applicable to piercing, health and consent records under relevant New Zealand and/or Australian laws. We will take appropriate measures to destroy or permanently de-identify your information that we no longer require. These measures vary depending on the type of information concerned, the way it was collected and how it was stored.
7.6 SkinKandy retains user profile and other information for as long as you maintain a Member account or any other SkinKandy account. If you withdraw consent to the collection or use of Personal Information, SkinKandy deletes such Personal Information. This may mean the deletion of your Member account. You may request deletion of your Member account by contacting the Privacy Officer at the contact details set out below.
7.7 There may be circumstances relating to employment or inappropriate or legal conduct which prevent SkinKandy from permanently deleting Personal Information. For example, in the case of fraud or where litigation has been threatened.
8.1 Some of our Representatives and/or third parties providers, are based outside of New Zealand and/or Australia. We may therefore need to share your Personal Information with organisations and or persons located outside of New Zealand and/or Australia.
8.2 If we disclose Personal Information to a third party in a country which does not have equivalent Privacy Laws, we will take steps reasonable in the circumstances to ensure that the Personal Information that it transfers will not be held, used or disclosed by the recipient of the information inconsistently with, or otherwise in breach of, applicable Privacy Laws. For example, SkinKandy may adopt appropriate contractual clauses with overseas recipients that ensures their compliance with applicable Privacy Laws.
9.1 We take protecting your Personal Information seriously and are continuously developing our security systems and processes. We have a number of security controls in place and use a range of resources, process and technology controls to protect your Personal Information.
9.2 While we endeavour to protect the Personal Information of users of our Site, we cannot guarantee the security of information you disclose online. You disclose that information at your own risk. You should be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. Users of our Site are encouraged to exercise care in sending Personal Information via the internet. You can also help protect your Personal Information by keeping your account details confidential, access is limited and encourage you to use a unique and strong password, limit access to your computer and log out after use. If you become aware of unauthorised access, please let us know as soon as practicable.
9.3 In the event of any loss, or unauthorised access or disclosure of your Personal Information that is likely to result in serious harm to you, SkinKandy will investigate and notify you and where applicable the relevant supervisory authority (for example, the relevant Privacy Commissioner) as soon as practicable after becoming aware of the loss, or unauthorised access or disclosure, in accordance with applicable Privacy Laws.
9.4 When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information.
10.1 Access
(a) You are entitled to access your Personal Information held by SkinKandy on request. To request access to your Personal Information please contact our Privacy Officer using the contact details set out below.
(b) We will generally provide you with access to your Personal Information subject to some exceptions permitted by law. When making an access request, please provide as much detail as you can about the particular information you seek, in order to help us retrieve the information. We may ask you to verify your identity before proceeding with any request you make, this includes providing us satisfactory proof of identity as determined by us. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act or will contact you directly to seek your permission.
(c) You will not be charged for making a request to access your Personal Information but you may be charged for the reasonable time and expense incurred in compiling information in response to your request.
10.2 Correction
(a) We will take reasonable steps to ensure that the Personal Information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in Personal Information we hold about you and letting us know if your personal details change.
(b) If you ask us to correct Personal Information that we hold about you, or if we are satisfied that the Personal Information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading. If we correct Personal Information about you, and we have previously disclosed that information to another agency or organisation that is subject to the Privacy Laws, you may ask us to notify that other entity. If so, we will take reasonable steps to do so, unless this would be impracticable or unlawful.
(c) A record of the changes made to your Personal Information may be noted in your account or filing. You acknowledge that there may be circumstances where SkinKandy is entitled to assume such accuracy and completeness and reserves the right to not correct Personal Information, where permitted under relevant laws.
(d) We may decline your request to access or correct your Personal Information in certain circumstances in accordance with the Privacy Laws. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your Personal Information about the requested correction.
11. WHAT IS SKINKANDY’S INQUIRIES PROCEDURE?
11.1 You may contact SkinKandy at any time if you have any questions or concerns about this Privacy Policy or about the way in which your Personal Information has been handled.
11.2 You may make a complaint to the Privacy Officer at the contact details set out below. We may ask you to submit your complaint in writing. We may discuss and share your complaint with our staff and our service providers and others as required and appropriate.
11.3 The Privacy Officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within a week.
11.4 If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.
11.5 In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
11.6 If you are not satisfied with our response to your complaint, or you consider that SkinKandy may have breached Privacy Laws, a complaint may be made to the relevant Privacy Commissioner at the following details:
(a) Australia: Lodge a privacy complaint with us | OAIC
(b) New Zealand: Office of the Privacy Commissioner | Contact us
12.1 We may use automated processes, including data analytics and artificial intelligence tools, to support our business operations and to personalise marketing content, promotions and recommendations based on factors such as demographics, preferences, interactions and purchase history. Where automated decision-making involves the processing of personal information, we will do so in accordance with applicable Privacy Laws. We take reasonable steps to ensure automated processes are fair, lawful and subject to appropriate human oversight. You may request further information on how SkinKandy uses AI tools by contacting the Privacy Officer at the contact details set out below.
13. DIRECT MARKETING
13.1 SkinKandy may use or disclose your Personal Information for the secondary purpose of direct marketing communication, if:
(a) SkinKandy collected the information from you;
(b) you would reasonably expect your Personal Information would be used or disclosed for direct marketing;
(c) SkinKandy has provided a simple means by which you can request not to receive direct marketing; and
(d) you have not made a request not to receive direct marketing.
14. HOW DOES SKINKANDY MAKE CHANGES TO THIS POLICY?
14.1 SkinKandy may amend this Privacy Policy from time to time, with or without notice to you. We recommend that you visit our Site regularly to keep up to date with any changes. The current version will be posted on our Site and a copy may be obtained by contacting SkinKandy.
15. CONTACT DETAILS
15.1 If you would like further information about how we manage your Personal Information, or if you have any queries relating to our Privacy Policy, or wish to lodge a complaint in relation to an alleged breach of Privacy Laws, please contact our Privacy Officer at the following details:
(b) Phone: 1300 129 991