Privacy Policy

Privacy Policy
This website is operated by Zoe & Hope Pty Ltd (ABN: 22 736 437 123), located in Brooklyn, Victoria. We take your privacy very seriously; therefore, we urge you to read this policy very carefully.

1. Privacy Policy

1.1 Background

We recognise and value:

  • The protection of your personal information; and
  • That you have an interest in our collection and use of your personal information.

We have implemented this Privacy Policy in accordance with the Privacy Act 1988 (Cth) (Privacy Act), Australian Privacy Principles (APP) and other data protection rules in order to be open and transparent about how we collect, hold, and use your personal information, and under what circumstances we may disclose or transfer it. Please note that this Privacy Policy forms part of the Zoe & Hope Pty Ltd (we, our, us, and similar terms) terms and conditions of our various agreements with you (if any).

1.2 Disclaimer

While your privacy is very important to us, nothing in this privacy policy constitutes a voluntary opt in to any privacy laws, anywhere in the world, which we are not statutorily bound to comply with.

1.3 What is “personal information”?

Personal information held by us may include your:

  • Name and date of birth;
  • Residential and business postal addresses, telephone/mobile/fax numbers, and email addresses;
  • Bank account and/or credit card details for agreed billing purposes;
  • Any information that you provided to us during an account creation process or added to your user profile;
  • Medical information and information relevant to medical trials;
  • Preferences and password for using our software and services;
  • Your computer and connection information; and
  • Any information that you otherwise share with us.

1.4 Collection

We collect personal information when you use the website (https://zoeandhope.com.au) and/or any associated services or software, including (without limitation) when you:

(i) Engage with our content or any platforms we choose to host that content on;
(ii) Use our services, software, or the software and services of any associated third parties under an agreement with us;
(iii) Create an account or fill out a sign-up form;
(iv) Enter information on software or services which we provide to you;
(v) Add information to your user profile(s);
(vi) Purchase any products or services through us or our site;
(vii) Engage with us, including by chatting directly with our representatives;
(viii) Complete an online contact form to contact us or any third party supplier;
(ix) Provide information to us by telephone or through marketing forms; or
(x) Send us an email or other communication

This information is used to assist you with the supply of products, the provision of services, and any related assistance or other purposes requested through such communication. Information will be collected directly from you unless you authorise another person to provide the information. We may also collect information about you from third-party sources like business partners or mailing lists, subject to their respective policies.

IP Addresses
We may also collect Internet Protocol (IP) addresses. IP addresses are assigned to computers on the internet to uniquely identify them within the global network. We collect and manage IP addresses as part of our services, website, and for security purposes. We may also collect and use web log, computer, and connection information for security purposes and to help prevent and detect any misuse of, or fraudulent activities involving, the website and any products/services.

1.5 Use

The personal information you provide is used for purposes related to our primary business operations. Examples include:

  • Conducting cosmetic trials or facilitating testing for the purposes of cosmetic products;
  • Developing products or services based on information we have collected from you;
  • Providing you with the products and services you have requested;
  • Administration needs in relation to providing you with products and services, including your account;
  • Dealing with requests, enquiries, or complaints and other customer care-related activities;
  • Verifying your identity;
  • Informing you about our products and services;
  • Assisting you to use functionality on the website or services;
  • Processing any purchases of services that you may make through us or this site, including charging, billing, and collecting debts;
  • Making changes to your account(s);
  • Responding to any queries or feedback that you may have;
  • Conducting appropriate checks for credit-worthiness and for fraud;
  • Preventing and detecting any misuse of, or fraudulent activities involving, this site, the services, or software;
  • Conducting research and development in respect of our services;
  • Gaining an understanding of your information and communication needs or obtaining your feedback or views about our services in order for us to improve them;
  • Maintaining and developing our systems and infrastructure, including testing and upgrading of these systems;
  • Marketing our products and services generally; and
  • Carrying out any activity in connection with a legal, governmental, or regulatory requirement imposed on us or in connection with legal proceedings, crime, or fraud prevention, detection, or prosecution;

And for any other purpose reasonably considered necessary or desirable by us in relation to the operation of our organisation.

We may also use personal information for purposes reasonably expected by you in connection with the activities described above. We will not use your information for purposes other than those described in this privacy policy unless we have your consent or there are specific law enforcement, public health, or safety reasons.

1.6 Our Use of Cookies, Pixels, and Web Beacons

This site and our products and services may use cookies to help personalise your online experience. A cookie is a text file or packet of information that is placed on your hard disk by a web page server to identify and interact more effectively with your computer. There are two types of cookies that may be used by us: a persistent cookie and a session cookie.

A persistent cookie is entered by your web browser into the cookie folder on your computer and remains in that folder after you close your browser, and may be used by your browser on subsequent visits to this site. A session cookie is held temporarily in your computer’s memory and disappears after you close your browser or shut down your computer.

Cookies cannot be used to run programs. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. In some cases, cookies may collect and store personal information about you. We extend the same privacy protection to your personal information, whether gathered via cookies or from other sources.

You can configure your internet browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Please refer to your internet browser’s instructions to learn more about these functions. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of this site.

1.7 Why We Use Cookies

This site and our other services may use cookies in order to:

  • Remember your preferences;
  • Recognise you as logged in while you remain so (if applicable), avoiding the need to log in on every page visit;
  • Show relevant notifications to you (e.g., notifications that are relevant only to users who have or have not created an account or subscribed to newsletters or other subscription services); and
  • Remember details of data that you choose to submit to us (e.g., through online contact forms or by way of comments, forum posts, chat room messages, reviews, ratings, etc).

Many of these cookies are removed or cleared when you log out, but some may remain so that your preferences are remembered for future sessions.

1.8 Third-Party Cookies

In some cases, third parties may place cookies through this site. For example:

  • Google Analytics may use cookies to generate de-identified data about how long users spend on this site and the pages that they visit.
  • Google AdWords may use cookies to serve more relevant advertisements across the web and limit the number of times that a particular advertisement is shown to you.
  • Facebook Pixel is a re-marketing cookie and service which allows us to advertise to previous visitors on this site based upon their activity. The pixel triggers based on actions you take on our website, meaning we can reach you again using Facebook’s re-marketing tools. We can also use the Pixel to tailor our marketing to better suit your needs and to display advertisements that are relevant to you on both the Facebook platform and third-party websites. None of your personal Facebook information is reported to us by our use of the Pixel, and Facebook implements their Pixel service in accordance with their terms and privacy policy. Facebook has also enabled privacy functionality that allows you to opt out of targeted advertising if you wish.
  • Third-party social media applications (e.g., Facebook, Twitter, LinkedIn, Pinterest, YouTube, Instagram, etc.) may use cookies to facilitate various social media buttons and/or plugins on this site. Log files track actions occurring on the websites and collect data including your IP address, browser type, internet service provider, referring/exit pages, and date/time stamps.

1.9 Our Use of Google Analytics

In the case of Google Analytics, information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators, and providing other services relating to website activity and internet usage.

Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.

By using this website, you consent to the processing of data about you by Google in the manner described in Google's Privacy Policy and for the purposes set out above. You can opt out of Google Analytics by disabling or refusing the cookie, disabling JavaScript, or using the opt-out service provided by Google.

1.10 Interacting with Us

If you contact us with a general question, we may interact with you anonymously or through the use of pseudonyms. However, when requesting the supply of products or support services, you are required to provide true and accurate details. You agree to provide accurate information if so required.

1.11 Direct Marketing

From time to time, we may send you marketing or promotional material. Such material will only be sent if you have opted into receiving marketing communications.

We (or an appointed third party) may also conduct surveys or market research and may periodically request further information from you. These surveys provide us with information that allows us to improve the type, quality, and manner in which our products and services are offered.

To opt out of receiving certain marketing materials, you may contact us or select the “unsubscribe” link provided in the email.

1.12 Sharing Your Personal Information

We may disclose your personal information to:

  • Medical organisations or companies involved in developing our products;
  • Employees, related companies, and professional advisors such as our lawyers;
  • Law enforcement agencies to assist in the investigation and prevention of criminal activities;
  • Credit-reporting and fraud-checking agencies;
  • Credit providers (for purposes such as assessing creditworthiness, credit rating, credit provision, and financing);
  • Our related entities;
  • Government and regulatory authorities and other organisations, as required or authorised by law;
  • Organisations managing our business strategies, including those involved in a transfer/sale of all or part of our assets or business (including accounts and trade receivables) and those involved in managing our business risk and funding functions; and
  • (i) Third-party contractors or service providers with whom we have a business association, including:
    (i) Integration providers;
    (ii) Marketing service providers;
    (iii) Accounting service providers; and
    (iv) Information technology service providers including cloud application providers.

We will not disclose your personal information other than in accordance with this privacy policy without your consent. Unless necessary for our business purposes, we will de-identify your information where it is shared with third parties.

1.13 Overseas Disclosure

We may disclose your personal information to third-party contractors, service providers, or customers with whom we have a business association.

While we do not generally disclose your personal information to overseas entities (unless provided for in a separate agreement with you), we do engage service providers (such as cloud data services, software-as-a-service companies, or communications providers) who may have international data centres, hardware, and disaster recovery sites or may be based overseas. Consequently, these providers may have access to your information.

We rely solely on reputable organisations for such cloud services.

1.14 Security of Your Personal Information

We store your personal information on servers with built-in measures designed to prevent unauthorised access, modification, or disclosure.

While we endeavour to maintain personal information that is accurate, complete, and up-to-date, please contact us if you become aware that your information is no longer accurate or complete.

1.15 Disposal of Personal Information

If we hold personal information about you and no longer need it for any purpose, we will take reasonable steps to destroy or de-identify that information in accordance with the APP and the European Union General Data Protection Regulation (GDPR), unless we are prevented from doing so by law.

You may request in writing that we remove your personal information, and where permitted, we will do so in accordance with the APP and the GDPR.

Under Australian law, financial records related to financial transactions must be retained for 7 years after the transactions are completed.

1.16 How to Access Your Personal Information

Upon your request and after verifying your identity, we will provide access to your personal information that we hold, except in certain prescribed circumstances including where:

  • We believe that providing access would pose a serious threat to the life, health, or safety of any individual, or to public health or safety;
  • Providing access would be unlawful;
  • Granting access would have an unreasonable impact on the privacy of other individuals;
  • We would be in breach of our obligations under a Technical Assistance Notice (TAN), Technical Capability Notice (TCN), or Computer Access Warrant (CAW) from an Australian Government agency;
  • The request for access is frivolous or vexatious; or
  • There are anticipated legal proceedings.

We will amend any personal information held by us that is inaccurate, incomplete, or out-of-date if you request us to do so. If we disagree with your view regarding the accuracy, completeness, or currency of any record, and you request that a statement be associated with that record reflecting your contrary view, we will take reasonable steps to do so.

1.17 Third-Party Websites

You may click through to third-party websites from this site. We recommend that you refer to the privacy statement of the websites you visit. This Privacy Policy applies solely to this site, and we assume no responsibility for the content of any third-party websites.

1.18 GDPR

We welcome the General Data Protection Regulation (GDPR) of the European Union (EU) as an important step in streamlining global data protection. We intend to comply with the GDPR in respect of any personal information of data subjects in the EU that we may obtain.

GDPR Rights
The requirements of the GDPR are broadly similar to those set out in the Privacy Act and include the following rights:

  • You are entitled to request details of the information that we hold about you and how we process it. For EU residents, this information will be provided at no cost;
  • (i) Have that information rectified or deleted;
  • (ii) Restrict our processing of that information;
  • (iii) Prevent unauthorised transfers of your personal information to a third party;
  • (iv) In some circumstances, have that information transferred to another organisation; and
  • (v) Lodge a complaint with your local supervisory authority regarding our processing of your personal information.

You may also have the right to withdraw your consent at any time where we rely on your consent as our legal basis for collecting and processing your data.

If you object to the processing of your personal information, or if you withdraw your consent after having provided it, we will respect your decision in accordance with our legal obligations. However, please be aware that:

  • Withdrawing your consent may mean that we are unable to provide our services to you, and could unduly affect our ability to provide services to other clients subject to appropriate confidentiality protections; and
  • Even after you withdraw your consent, we may be required to continue processing your personal information to the extent required or permitted by law, particularly to:
    • (i) Pursue our legitimate interests in running our business without materially impacting your rights, freedoms, or interests; and
    • (ii) Exercise and defend our legal rights and meet our legal and regulatory obligations.

1.19 Compliance with Australian Assistance and Access Legislation

Recent changes to Australian law require companies to share data with Australian intelligence agencies and law enforcement or build data sharing mechanisms that may report directly to these agencies. While we endeavour to protect your data and our technology from vulnerabilities, we must comply with the law and cannot notify you if we are issued with a notice under these new requirements.

By using our platform or website, you expressly release and indemnify us from any liability arising from sharing data or implementing data sharing mechanisms (including ‘back-doors’ and vulnerabilities) into our technology at the direction of the Australian Government and its agencies, including if those mechanisms are later exploited by a third party.

1.20 User Security

New digital threats are emerging continuously, and the online environment is increasingly hostile. To protect your data online, including any data or material transmitted by you to us, we recommend that you review and implement relevant procedures and safety tips recommended by the Department of Industry, Innovation and Science (https://www.business.gov.au/Risk-management/Cyber-Security) and the Australian Cyber Security Centre (https://www.acsc.gov.au/, https://cyber.gov.au).

1.21 Complaints Procedure

Your privacy is important to us. If you have any complaints or concerns about our information handling practices regarding your personal information, please first contact our privacy officer via email at info@zoeandhope.com.au.

If you remain unsatisfied after our investigation, you may contact:

The Office of the Australian Information Privacy Commissioner
GPO Box 5218
Sydney NSW 2001
Telephone: 1300 363 992
Email: enquiries@oaic.gov.au

Erasure of Personal Information

You are entitled to request the erasure of any personal data Zoe & Hope Pty Ltd holds about you, in accordance with the EU General Data Protection Regulation (GDPR).

Zoe & Hope Pty Ltd will endeavour to respond promptly upon receipt of your written request or any additional information required to comply with your request.

Please email info@zoeandhope.com.au.