By ‘personal information’, we mean any details which can be used to identify you.
What personal information do we collect?
During the registration process and/or when a customer makes a purchase, we ask customers for:
Full name, address, email address, phone number, gender and date of birth.
Identification information e.g. Driver’s Licence or Passport information so we can identify you. We use Vix Verify (also known as GreenID) to check your information against government and other records, and we may also collect your personal information from Vix Verify when they give us results. We are required to verify your identity under the Anti-Money Laundering and Counter- Terrorism Financing Act 2006 (Cth).
Employment and financial information e.g. whether you are employed, what industry you work in, and information about your financial situation e.g. how much you earn. This is to assess whether can offer you GlamourPay services.
Payment information e.g. credit card, debit card or bank account number, and the account or cardholder’s name. When you give us payment information, it is securely collected and stored by the third party payment processer we use.
We may collect a customer’s personal information from third parties such as:
Organisations who help us verify customers’ identity, such as Vix Verify e.g. driver’s licence or passport information and other ‘know your customer’ information.
Tattoo studios , for example when they give us details of your purchase e.g. your name, the purchase amount, what the tattoo is and its size and position. We generally confirm these details with you before you accept a payment plan. Studios are independent to us, may have their own privacy policies and we are not responsible for their actions including privacy practices.
Customers can update their information in their online account or mobile app, as well as agree to payment plans, view plan details andmakepayments. Wemayalsocollectpersonalinformation from customers in other ways e.g. when customers contact us or respond to surveys or sign up for newsletters or promotions.
We also collect the personal information of studios when they register. This can include the names of staff, payment information and the studio license or government certificates.
The purposes for which we manage personal information
The main purpose for which we collect, store, use and disclose personal information is to provide payment instalment plans to customers of tattoo studios.
Other purposes include to:
Manage customers’ and studio’s ongoing requirements, develop our services and conduct research.
Perform internal functions such as administration, accounting, marketing, and information technology system requirements, and process transactions.
Verify customer identity which we are required to do by law, and assess customer and studio suitability to use our service.
Comply with legal requirements, prevent or investigate suspected fraud or crime.
Send merchants and customers marketing or other information about products and services that we believe will be of interest. We may do this by email, post or app notifications, and these can be opted out of at any time by getting in contact with us.
We may communicate by email or through our app unless you tell us that you do not wish to receive such communications. App notifications can be managed in the app.
Sharing personal information
We may disclose personal information to:
The studio a customer makes purchases with e.g. we may disclose a customer’s full name to a studio they have made an enquiry or purchase with including details of the purchase, payments made, the amount of GlamourPay funds the customer has available, the customer’s suburb or city, and the customer’s contact details . Studios may use this information to assist them in managing the purchases or to send marketing to customers.
Organisations who help us verify customers’ identity, such as Vix Verify.
People who help us provide our services, including software providers, our payments processor, IT services and hosting, cloud storage, marketing, communication services including sending emails, administration, compliance consultants, cyber security and fraud detection, debt collectors, auditors, accountants, lawyers and business partners.
Other organisations, service providers or business partners whom we consider may provide services or products customers would find useful.
Other companies in the event of a corporate sale, merger, reorganisation, dissolution or similar event.
Regulatory bodies, government agencies including AUSTRAC, law enforcement bodies and dispute resolution bodies e.g. the Australian Financial Complaints Authority.
If you don’t provide personal information
We cannot provide our services if customers or studios do not provide their personal information to us.
However we ask that personal information is not sent to us by email, as emails are not considered a secure method of communication.
How our website and app manages personal information
Data – We collect information about how users use our website, mobile app and interact with our emails, and we may give users advertisements by these means based on their activity.
For example the information we collect includes IP address, access times,pages accessed,and browser type. We may use technologies such as cookies and beacons to collect this information. We also use various software and IT service providers to analyse how users use our website, app and emails. We use this information for statistical purposes, to improve content and functionality, to better understand our users and improve our services.
Our mobile app and website may also log a user’s location e.g. to indicate to a user studios near them or the location of studios that have offers.
Analytics - Google analytics marketing features are active on our website. Cookies are used for marketing analysis purposes, so that Google can provide more relevant advertising through its channels. We will not identify users or facilitate the merging of personally identifiable information with non-personally identifiable information collected through any Google advertising product or feature. You can opt-out of the Google Analytics Advertising Features we use, through Ads Settings, Ad Settings for mobile apps, or any other available means, including the "Google Analytics opt- out browser ad-on" which can be found here: https://tools.google.com/dlpage/gaoptout/.
From time to time, we may use customer information for new, unanticipated uses not previously disclosed in this notice. If our information practices change at some time in the future, we will only use data collected from the time of the policy change forward for these new purposes.
How we store and protect personal information
We store the information we collect in secure data centres, at our premises or those of our service providers including Vix Verify.
We strive to maintain the relevance, reliability, accuracy, completeness and currency of the personal information we hold and to protect its privacy and security. We keep personal information only for as long as is reasonably necessary for the purpose for which it was collected or to comply with any applicable legal or ethical reporting or document retention requirements.
This will be for as long as a person has instalments we are collecting and may be for 7 years after that to comply with legal requirements and to ensure clarification of any questions.
We strive to ensure that the personal information is safe by using a range of physical and electronic security measures to protect it from misuse, interference, loss, unauthorised access, modification or disclosure.
Accessing and correcting your personal information
You have a right to request access to your personal information and to ask us to correct it.
If you wish to access or correct your personal information please email us in the first instance – [email protected]
Upon receipt of your written request and enough information to allow us to identify the information, we will disclose to you the personal information we hold about you. We will also correct, amend or delete any personal information that we agree is inaccurate, irrelevant, out of date or incomplete.
We reserve the right to charge a fee for searching for, and providing access to, your information on a per request basis.
In some limited cases, we may need to refuse access to your information or refuse a request for correction. We will advise you as soon as possible after your request if this is the case and the reasons for our refusal.
Making a complaint
We will try to respond with a decision within 30 days of you making the complaint.
If your complaint is not resolved, you may refer your complaint to: The Office of the Australian Information Commissioner
P: 1300 363 992
If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and, if we do, what that information is.
We welcome your comments regarding privacy. If you have any questions or concerns, please contact us at [email protected]