Spa Ceylon and Vilentri are committed to protecting the personal information entrusted to it. Spa Ceylon and Vilentri has a strong commitment to maintaining the security and integrity of personal information within our care. We endorse the Australian Privacy Principles contained in the Privacy Act 1988 and support the role that the Australian Privacy Commissioner within the Australian Human Rights Commission plays.
- give individuals a better and more complete understanding of the sort of personal information that Spa Ceylon and Vilentri holds, and the way we handle that information
- clearly communicate the personal information handling practices of Spa Ceylon and Vilentri, and
- Enhance the transparency of Spa Ceylon and Vilentri’s operations.
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not. We have addressed how we manage the personal information of customers and suppliers separately below.
We have used a ‘layered policy’ format with click through links to help you find the information you want faster.
Queries Complaints Access and Correction
You have a right to request access to your personal information held by us and to request its correction. If you wish do to do so please use the contact details below.
If you wish to make a formal complaint, please make provide your complaint in writing to our one of the addresses below. We will consider your complaint promptly and contact you to seek to resolve the matter.
If we have not responded to you within a reasonable time, you are entitled under the Privacy Act to make a complaint to the Australian Privacy Commissioner within the Australian Human Rights Commission.
Queries, complaints, requests for access to or correction of personal information can be sent to email@example.com or by mail or phone to
Vilentri Pty Ltd.
Spa Ceylon Australia
27 Darvel Drive
Mernda VIC 3754
Phone: 1300 CEYLON (1300 239566)
SECTION 1 – WHAT INFORMATION WE COLLECT?
We collect a range of information from our customers that is directly related to the products and services you choose. Where we wish to use the information for other purposes we will seek your agreement beforehand. The kind of personal information we collect can include: name, contact details, location, demographic information like gender, age, relationship status and so on, products you are interested in, where you shop, what you buy, who you shop for, where else you like to shop, what loyalty programs you belong to.
SECTION 2 - WHAT DO WE DO WITH YOUR INFORMATION?
Spa Ceylon Pty Ltd. respects the rights of individuals to determine to whom they give their personal information and how their information is used. Our customer’s privacy is very important to us and we will value the trust you place in us in giving us your personal information. We take this responsibility seriously and we are committed to safeguarding your information and using it for the purposes for which you have entrusted it to us.
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
We may use personal information in the following ways:
- Provide, deliver, source, administer, improve and personalise our products and services
- Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
- Process payments and provide refunds and discounts;
- Enable our third party service providers to provide us with IT products and services, carry out product investigations, data processing, data analysis, business consulting, auditing, archiving, printing, delivery and mailing services;
- Provide more relevant marketing offers through direct marketing, database compilation, market research, data analysis and segmentation, and the processing or creation of other marketing information;
- Combine or compile with publicly available information for the processing or creation of marketing offers and information;
- Personalising our customers shopping experience, including, where appropriate, identifying individuals;
- Communicating with our customers, including product recalls and responding to queries and complaints;
- Fraud prevention, including services regarding the protection of our customers’ information, eg. credit card information;
- Develop and expand our operations to better suit our customers’ needs, such as planning for future store locations;
- Maintaining and keeping our customers information current and as accurate as possible;
SECTION 3 - CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
Where feasible, you can interact with Spa Ceylon and Vilentri anonymously or using a pseudonym. This will mean that there are some products and services that you will not be able to enjoy. These include layby, online shopping and better access to product offers likely to be of a more direct interest to you personally.
You can access the personal information that we hold about you and you can ask us to correct the personal information we hold about you.
How do I withdraw my consent?
If you are listed on one or more of our Direct Marketing email lists you can opt out at any time. You can unsubscribe by using the ‘unsubscribe’ options contained in our emails.
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at firstname.lastname@example.org or mailing us at:
SPA CEYLON AUSTRALIA
GPO Box 2868
MELBOURNE VIC 3001
SECTION 4 - DISCLOSURE
We do not disclose personal information to third parties unless we are permitted to do so by law or you have given us your consent to do so. Third parties we may disclose personal information to include:
- Our related companies
- Our service providers including IT service providers, major delivery companies, advertising and marketing service providers, out-sourced call centres, mail houses and third party fulfilment contractors; and
- Our professional advisors including our accountants, auditors and lawyers;
- Payment system operators and financial institutions; and
- Government agencies.
Some of our service providers provide services to us entirely or partly from overseas locations and we may in order to receive those services occasionally transfer personal information overseas, predominantly to the United States of America, Europe and the Asia Pacific Region, including where:
- we use service providers, cloud computing solutions or data storage located overseas;
- we, or our related bodies corporate, have offices overseas;
- we need to comply with foreign legal or regulatory requirements; or
- an international payment has been made.
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 5 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
SECTION 6 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 7 - SECURITY
We take active steps to protect the personal information we hold against loss, unauthorised access or use, modification or disclosure, and against other misuse. This includes any information that we disclose overseas. To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
Where data is held overseas, we require third parties to store such data in restricted access premises and provide appropriate protection against unauthorised disclosure. As a minimum security requirement, password authentication is required to access those databases in all cases. We also use fire walls, SSL technology and encryption for transmission of data where appropriate.
When the personal information that we collect is no longer required, we destroy, delete or de-identify it in a secure manner, in accordance with Spa Ceylon’s Document
Retention and Destruction Policy.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 8 - COOKIES
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
SECTION 9 – EMAIL AND SMS SUBSCRIPTION LISTS
We currently have an electronic Direct Marketing (eDM) email list which provides marketing offers to subscribers. If you elect to subscribe to our eDM, these services will be provided to you to communicate product information, special events and offers. We also use search engine and social media sites to make marketing offers which may be of interest to you. Our marketing subscription list is an ‘opt in’ system. eNEWS You may unsubscribe easily by clicking on the unsubscribe link that appears in all of our marketing communications to you. We also send SMS to customers who have subscribed to receive SMS messages from us. Our SMS subscription list is an ‘opt in’ system. You may unsubscribe easily by clicking on the unsubscribe link that appears in all of our SMS communications to you
SECTION 10 – SUPPLIERS
Spa Ceylon collects information from its suppliers in relation to sourcing and purchase of its products and provision of services to Spa Ceylon, Vilentri or its customers. This information is collected for business related purposes but does contain some limited personal information related to the name and contact details of the people that it deals with at its suppliers and service providers. The information will usually be collected directly from the supplier but may also be provided by third party sourcing agencies or business contacts.
Where the supplier provides products for Spa Ceylon stores, this information may be shared with Spa Ceylon related entities that are located overseas and with third party buying agencies predominantly located in the Asian. Spa Ceylon and its related entities will hold this information securely and will only disclose it for business related purposes.
The information is used for activities such as
- Sourcing and acquiring products for Spa Ceylon stores;
- Product innovation and quality control;
- Communicating with Suppliers
- Investigation of complaints;
- Maintaining and keeping our suppliers’ information current and as accurate as possible.
SECTION 11 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
We will never knowingly send you electronic messages without your consent. For more information on the Spam Act 2003, please visit https://www.comlaw.gov.au/Details/C2013C00021
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at email@example.com or by mail at
SPA CEYLON AUSTRALIA
[Re: Privacy Compliance Officer]
27 Darvel Drive
Mernda VIC 3754