IntroductionBikini Body is committed to protecting our customer privacy and takes its responsibility regarding the security of customer information and data very seriously. We will be clear and transparent about the information we are collecting and what we will do with that information or data.This Policy sets out the following:
- What personal data we collect and process about you in connection with your relationship with us as a customer and through your use of our website, apps, mobile applications, and online services;
- Where we obtain the data from;
- What we do with that data;
- How we store the data;
- The persons to which we transfer or disclose personal data;
- How we deal with your data protection rights;
- How we comply with the data protection rules.
- That personal data is collected and processed in accordance with applicable data protection laws.
Data Controller“Bikini Body” (referred to as “we”, “us”, “our” or “Bikini Body”) in this policy primarily refers to The Bikini Body Training Company Pty Ltd, the main operating company of the Bikini Body group, and, where appropriate, to other companies in the Bikini Body group or other entities over which Bikini Body exercises management control. Bikini Body is the “data controller” of all personal data that is collected and used about Bikini Body customers for the purposes of privacy and data protection laws, principles and regulations which may apply in your country.
What personal data we collectPersonal data means any information relating to you which allows us to identify you, such as your name, phone number, social media name or ‘handle’, postal address, email address, details of products or services you have purchased, payment details and information about your access to our website.We may collect personal data from you (either directly or indirectly, through our third party partners or providers) in a number of ways.Specifically, we may collect the following categories of personal data:
Personal details including about your physical or mental health are considered “sensitive” personal data under applicable data protection laws. We will process any such data only if you have given your explicit consent, or it is necessary (for instance if you request special assistance), or you have deliberately made it public.
- Name, home address, e-mail address, telephone number, credit/debit card or other payment details;
- Information such as nationality, place and date of birth, and gender;
- Medical conditions or requirements, and dietary preferences;
- Information you provide about yourself and any preferences in your account;
- Information about your purchases of products and services from us or our partners;
- Information about your use of our website or app;
- Communications with us or directed to us via letters, emails, chat services, calls, and social media; and
- Location, including real-time geographic location of your computer or device through GPS, Bluetooth and your IP address, along with crowd-sourced Wi-Fi hotspot and cell-tower locations, but only if you use location-based features and turn on the location services settings on your device or computer.
What do we use your personal data for, why, and for how longYour data may be used for the following purposes:
We will only process your personal data where we have a legal basis to do so, which will depend on the reasons for which we have collected and need to use your personal data.In most cases we will need to process your personal data so that we can enter into our contract and fulfil the provision or delivery of goods or services to you.We may also process your personal data for one or more of the following:
- Provide products and services you request: we use the information you give us to perform the services for which you have signed up;
- Credit or other payment card verification/screening; and payment information for accounting, billing and audit purposes and to detect or prevent any fraudulent activities;
- Security, health, administrative, crime prevention/detection: we may pass your information to government authorities or enforcement bodies for compliance with legal requirements;
- Customer service communications: we use your data to manage our relationship with you as our customer and to improve our services and enhance your experience with us;
- Provide tailored services: we use your data to provide information we believe is of interest to you, prior to, during, and after your interactions with us, and to personalise the services we offer to you, such as special offers.
Only children above a certain age (generally 16 years or older, but varying from country to country) can provide their own consent. For children under this age, the knowledge and consent of the parents or legal guardians is required.We will not retain your data for longer than is necessary to fulfil the purpose for which it is being processed. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process it, and whether we can achieve those purposes through other means.We also consider the periods for which we might need to retain personal data in order to meet our legal obligations, or to deal with complaints and queries, and to protect our legal rights in the event of a claim being made.When we no longer need your personal data, we will securely delete or destroy it. We will also consider if and how we can minimise over time the personal data that we use, and if we can anonymise your personal data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.
- To comply with a legal obligation;
- Where you have consented to our using your personal data (eg. for marketing related uses);
- To protect your vital interests or those of another person (eg. in case of a medical emergency);
- If it is in our legitimate interests to do so (eg. for administrative purposes).
Security of your personal dataWe follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage. The data you provide to us is protected using SSL (Secure Socket Layer) technology. SSL is the industry standard method of encrypting personal information and credit card details so that they can be securely transferred over the Internet.
- Government authorities, law enforcement bodies and regulators for compliance with legal requirements;
- Other companies, contractors or agents to provide services to you including delivery, marketing, support ticket providers (which may include Zendesk), or marketing platform providers (which may include Emarsys), communications, legal services, debt collection, administration services, customer services, information technology providers, credit card or other payment methods to conduct transactions;
- Legal and other professional advisers, law courts and law enforcement bodies in countries in which we operate, in order to enforce our legal rights in relation to our contract with you;
- Our trusted third party ancillary partners (identified on our website), who many offer products and services on or through our website. If you choose to purchase products or services offered on our websites by third parties, you may be a customer of both Bikini Body and these third parties, and we and our partners may collect and share information about you, such as your contact details and your billing information. We are not responsible for third parties’ use of your personal data where such use is permitted for their own purposes. You should consult their privacy policies for further information.
International Data TransferBikini Body operates businesses in multiple jurisdictions, some of which are not located in the European Union or European Economic Area (EEA). While countries outside the EEA do not always have strong data protection laws, we require all services providers to process your information in a secure manner and in accordance with EU and other applicable laws on privacy and data protection.
Cookies and site trackingWe may collect data from other sources which may not always be obvious, such as through the use of “cookies”. We may also gather information from both online and offline data providers. This information could include internet browsing behaviour, demographic data or interest-based data.A cookie is a small text file stored on your computer that contains information that helps the website to identify and track the visitor. Cookies do no harm to your computer, consist only of text, cannot contain viruses, and occupy virtually no space on your hard drive.Two types of cookies are used: "Session Cookies", and cookies that are saved permanently on your computer. The first type of cookie commonly used is "Session Cookies". During the time you visit the website, our web server assigns your browser a unique identifier string so as not to confuse you with other visitors. A "Session Cookie" is never stored permanently on your computer and disappears when you close your browser. To use some of our websites without troubles you need to have cookies enabled.The second type of cookie saves a file permanently on your computer. This type of cookie is used to track how visitors move around on the website. This is only used to offer visitors better services and support. The text files can be deleted. On this website we use this type of cookie to keep track of your shopping cart and to keep statistics of our visitors. The information stored on your computer is only a unique number, without any connection to personal information.Here is a list of cookies that we currently use. We have listed them here so you that you can choose if you want to opt-out of cookies or not:
- _session_id, unique token, sessional, allows Shopify to store information about your session (referrer, landing page, etc).
- _shopify_visit, no data held, persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
- _shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, counts the number of visits to a store by a single customer.
- _cart_, unique token, persistent for 2 weeks, stores information about the contents of your cart.
- _secure_session_id, unique token, sessional storefront_digest, unique token, indefinite; if the shop has a password, this is used to determine if the current visitor has access.
Data Protection OfficerWe have appointed a Data Protection Officer (“DPO”) to oversee compliance with this policy. You have the right to make a complaint at any time to a supervisory authority. The data protection supervisory authority for you depends upon the country or geographical area in which you are located.
Your Data Protection RightsUnder certain circumstances, by law you have the right to:
If you want to exercise any of these rights, then please contact our DPO by email at firstname.lastname@example.org. Alternatively, if you are an Australian resident you can also contact our Privacy Compliance Officer at the same email address: email@example.com.You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly completely unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
- Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see e. below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
- Withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes to which you originally agreed, unless we have another proper and legitimate basis for doing so.