Privacy Policy

1. URBAN SPA manufactures, markets and distributes cosmetic products.

   In addition it owns and runs The SPA Salons and overseas franchise salons.
   Telephone: (02) 964346416
   Facsimile: (02) 87651199
   Email: info@studentspa.com.au

1. The SPA is bound by the Privacy Act 1988 and the National Privacy Principles and deals with personal information in accordance with such principles. This Privacy Policy has been established in accordance with National Privacy Principle 5.1.
2. The National Privacy Principles can be obtained through the website of the office of the Federal Privacy Commissioner (http://www.privacy.gov.au).

1. Personal Information from salon owners

   From salon owners, information such as name, address of salon, telephone number, facsimile number, account details, contract information and confidential business information.

   The personal information collected from salon owners is used for the following:

   1. day to day business communications with salons;
   2. providing salon assistance arranging meetings and conferences;
   3. maintaining account records;
   4. providing salon contact details to members of the public.
2. Personal information from the community

   From the community, information such as names, contact details and email addresses of members of the public who contact  us with request for information or feedback.

   The personal information collected from the community is used for the following:

   1. To respond to those requests;
   2. To fulfil orders placed with The SPA by any means (including through its website); and
   3. To provide newsletters and marketing information to members of the public.
3. Personal information from other third parties

   From other third parties such as agents, suppliers and contractors who provide services to The SPA the personal information collected from other third parties is used to communicate and correspond with such persons or organisations.

1. Use and disclosure of information
   1. Use and disclose personal information about you that is required in the provision of information about or the promotion or delivery of our products or services, administration of The SPA’s business, business analysis, or to meet any legal obligation imposed on The SPA (Primary Purpose).
   2. Use de-identified information for any statistical or other analysis or similar research purposes. We may publish or provide this statistical data to other parties.
   3. We may use personal information collected from you for the purpose of providing you with direct marketing material and information upon your registering your details with us. However if you wish to cease receiving any such information you may let us know either by email or by mail and your request will be actioned within 5 working days.
   4. Personal information may be disclosed to agents, suppliers or external contractors, but only to enable us to provide services to you. Such contractors will be required to adopt and adhere to our Privacy Policy.
   5. Consistent with National Privacy Principle 2, The SPA will only use or disclose personal information about an individual for a Primary Purpose or a purpose other than the Primary Purpose of collection (a Secondary Purpose) if:
   6. The Secondary Purpose is related to the Primary Purpose of collection and you would reasonably expect us to use or disclose the personal information for the Secondary Purpose;
   7. You have consented to the use or disclosure;
   8. The use or disclosure is permitted or required under the law;
   9. We reasonably believe on health or public safety grounds that the information should be used for another purpose; or
   10. It is otherwise permitted under the National Privacy Principles.
2. Manner of collection
   The SPA receives personal information from salons and other third parties through direct communications with such persons in the normal course of business. The SPA may collect personal information about individuals from third parties but will only do so in accordance with the National Privacy Principles.
3. Information collected on visiting our website

   When you look at this website, a record is made of your visit and for the purpose of analysing and evaluating the performance and operation of our website, the following information is logged:

   Your IP address;
   The date and time of your visit to the site;
   The pages you accessed and documents downloaded;
   The previous site you have visited;
   The type of browser you are using.

4. How The SPA uses cookies
   1. A “Cookie” is a small text file which is placed on your computer by webpage servers. The purpose of a cookie is to help analyse web traffic and may let the website know when you visit a particular site. Cookies allow a web application to respond to you as an individual. They can record information about your visit to the site, allowing it to remember you next time you visit and provide any relevant information to you. Cookies are also used to enhance the secure use of websites.
   2. Cookies can be stored in your hard drive (“persistent cookies”) or in memory (“session cookies”). A persistent cookie is a cookie which will enable a continuing record to be kept of your visits to the website. A session cookie is a cookie which is a transient cookie and tracks your visits for a website session only.
   3. The SPA only uses session cookies to identify which pages of the website are being used for a website session only. Upon closing your browser the session cookie set by this website is destroyed and no personal information is maintained. The SPA does not make any attempt to identify users or their general browsing activities.
   4. If you fail to accept the use of cookies, you may not experience optimum website performance.
5. Data quality

   Consistent with National Privacy Principle 3, The SPA is committed to ensuring that personal information collected by The SPA remains accurate, complete and up to date. In pursuit of this goal, The SPA provides via its website, a facility for authorised users to update relevant personal details.

6. Storage and data protection
   1. Personal information is contained both in hard copy and electronic format within the offices of The SPA. Personal information stored electronically is maintained in a secure environment.
   2. The above records are only accessible to personnel of The SPA who require access to enable them to perform their duties. All personnel have signed Privacy and Confidentiality Agreements binding them to comply with the National Privacy Principles.
   3. We take all reasonable steps to ensure that the personal information we collect through our website is protected from unauthorised access, loss, misuse, disclosure or alteration. Our website has electronic security systems in place, including the use of firewalls. All pages that require you to enter your personal information or payment details on our site use 128 bit SSL encryption. To ensure that the page you are viewing uses 128 bit SSL encryption, you should look for the padlock icon in your browser
7. Links to other websites

   Although we offer you access to external websites through the links we have provided, those websites are not subject to our privacy standards, policies and procedures. We recommend that you make your own enquires as to the Privacy Policies of these third parties. The SPA is in no way responsible for the privacy practices of these third parties.

8. Destruction of records

   The SPA will destroy records relating to personal information when such information is no longer necessary to be retained within The SPA’s records. Personal information will be destroyed by shredding or other secure process.

9. Openness

   Consistent with National Privacy Principle 5.2, The SPA will upon request, inform a person generally about what information it holds concerning that person and for what purpose such information is held. With respect to gaining access to or correction of records, please see paragraph 4.11 (“Access to records”)

10. Access to records
    1. Individuals may access personal information by writing to the Privacy Compliance Officer of The SPA. No reasons have to be provided for seeking access. Where The SPA holds information to which a person is entitled to access, it will endeavour to provide a suitable range of choices as to how access may be given.
    2. If a person believes that information held by The SPA is incorrect, incomplete or inaccurate they may request amendment of that personal information. The SPA will consider if the information requires amendment. If The SPA does not agree that there is any ground for amendment it will, if the person seeking the amendment requires, place with that person’s personal information, a statement from that person as to why the information is not accurate or up to date.

1. The SPA is committed to providing those persons whose personal information it holds, a fair and responsible system for the handling of complaints concerning the collection, accuracy or disclosure of personal information.
2. The SPA has a designated officer (the “Privacy Compliance Officer”) whose role includes dealing with complaints, concerns or queries that individuals may have with respect to personal information held by The SPA. Should you have any issues concerning your personal information, those complaints should be addressed to the Privacy Compliance Officer of The SPA (at the address referred to in paragraph 1.2 of this Policy).
3. The Privacy Compliance Officer is empowered to deal with all such complaints as expeditiously as possible through The SPA’s complaints handling process. However, if you feel that we have not adequately dealt with your concerns you may refer the matter to the Office of the Federal Privacy Commissioner at:
   Postal: GPO Box 5218, Sydney NSW 1042
   Telephone: 1300 363 992
   Facsimile: (02) 9284 9666
   E-mail: privacy@privacy.gov.au

AS WE PLAN TO ENSURE OUR PRIVACY POLICY REMAINS CURRENT, THIS POLICY IS SUBJECT TO CHANGE. PLEASE RETURN PERIODICALLY TO REVIEW OUR PRIVACY POLICY.