Privacy Policy

Bellish is committed to following and continuously evolving best practices to safely and respectfully secure your data. Your data is yours, and we guard it closely. We do not sell any of your information. We are transparent on how we collect and use your data, so please read on for more details.
Last updated: 6 Feb 2020

1. Openness and transparency

We understand that protecting your privacy and respecting and upholding your rights under the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and the General Data Protection Regulation (EU 2016/679) (the GDPR) (collectively, Privacy Laws) is important.  We take all necessary and reasonable steps to comply with the relevant Privacy Laws and to deal with inquiries or complaints from individuals about compliance with the relevant Privacy Laws.

By accessing and using our website, products and services, you understand that we will collect, use, process, store and disclose  personal information as set out in this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our services.

2. Personal information

Personal information is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The type of personal information we may collect from you includes, without limitation, the following:

  • your full name;
  • address;
  • email address;
  • telephone number(s);
  • date of birth;
  • images of you;
  • your body measurements;
  • credit card information or payment details (through our third party payment processor);
  • your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
  • details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries;
  • any additional information relating to you that you provide to us directly through our website or app or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information;
  • information you provide to us through customer surveys;
  • billing information (including credit and bank details); or
  • any other personal information that may be required in order to facilitate your dealings with us or which you may provide to us.

3. Collection

We will collect personal information only by lawful and fair means.  Generally, we will collect personal information directly from you, and only to the extent necessary to provide our products and services requested or ordered by you and to carry out our administrative functions or as required by a relevant Privacy Law.

We will not collect sensitive personal information (as defined under the relevant Privacy Laws) from you. We also do not knowingly seek or collect personal information from children below the age of 16 years.

We may also collect personal information from you when you fill in an application form, communicate with us, visit our website, use our app, provide us with feedback, complete online surveys or participate in competitions. We may collect personal information about you that you have provided to our business partners or from other third parties, and in respect of which you have given the third party consent to share with us.

If you use a pseudonym when dealing with us or you do not provide identifiable information to us, we may not be able to provide you with any or all of our services as requested. If you wish to remain anonymous when you use our website do not sign into it or provide any information that might identify you.

We require individuals to provide accurate, up-to-date and complete personal information at the time it is collected.

4. What is our legal basis?

Under the GDPR, we must have a legal basis to process personal information collected from individuals located in the European Union. We rely on several legal bases to process your personal information, including:

  • where you have sought access to, and use of our product, services and website. In this instance, we will rely on performing a contract to process the necessary personal information;
  • for our legitimate interests to provide, operate and improve our products, services or website;
  • where you have freely and expressly consented to the processing of your personal information by us for a specific purpose, which you may withdraw at any time; or
  • where we are under a legal obligation to process your personal information.

5. What do we do with your Personal Information?

The following section 5 is applicable under the Privacy Act 1988 (Cth).

We use, process and disclose your personal information  for purposes including (but not limited to):

  • providing our website, products and services to you;
  • administering, protecting, improving or optimising our website, products and services (including performing data analytics, conducting research and for advertising and marketing purposes);
  • billing you for purchasing or using our website, products and services;
  • informing you about our website, products, services, rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;
  • responding to any inquiries or comments that you submit to us;
  • any other purpose you have consented to;
  • any other use which is required or authorised by a relevant Privacy Law; and
  • to comply with our legal obligations and resolve any disputes that we may have.

6. Disclosure of Personal Information

We may disclose your personal information to:

  • third-parties we ordinarily engage from time to time to perform functions on our behalf for the above purposes;
  • any person or entity to whom you have expressly consented to us disclosing your personal information to;
  • our external business advisors, auditors, lawyers, insurers and financiers; and
  • any person or entity to whom we are required or authorised to disclose your personal information to in accordance with the relevant Privacy Laws.

‍Upon written request, we may provide you with a list of the third parties we use to process your Personal Information.

7. Access and management

The following section 7 is applicable under the Privacy Act 1988 (Cth).

You may request access to your personal information in our customer account database, or seek correction of it, by contacting us.  See section 14: Contact information. Should we decline you access to your personal information, we will provide a written explanation setting out our reasons for doing so.

We may charge a reasonable fee that is not excessive to cover the charges of retrieving your personal information from our customer account database.  We will not charge you for making the request.

If you believe that we hold personal information about you that is not accurate, complete or up-to-date then you may request that your personal information be amended.  We will respond to your request to correct your personal information within a reasonable timeframe and you will not be charged a fee for correcting your personal information.

8. Direct marketing

Where we:

  • have your express consent (which you may withdraw at any time by contacting us);
  • have a another legal basis; or
  • are otherwise permitted by relevant Privacy Laws,

We may use and process your personal information to send you information about products and services we believe are suited to you and your interests or we may invite you to attend special events.

At any time you may opt out of receiving direct marketing communications from us. You can opt out by following the unsubscribe instructions included in the relevant marketing communication, or by contacting us in writing at hello@bellish.co.

9. Cross-border disclosure

The countries to which we send data for the purposes listed above may not have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we will perform those transfers in accordance with the requirements of applicable law; and (ii) we will protect the transferred personal information in accordance with this Privacy Policy.

10. Bellish website

When transmitting personal information from your computer to the Bellish website, you must keep in mind that the transmission of information over the Internet is not always completely secure or error-free. Other than liability that cannot lawfully be excluded, we will not be liable in any way in relation to any breach of security or any unintended loss or disclosure of that information.

The Bellish website may use 'cookies' or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but if you do so, you may not be able to fully experience the interactive features of the Bellish website.

11. Security

We may hold your personal information in either electronic or hard copy. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information. For example, we implement multi-factor authentication and least privilege and need-to-know principles; we only store data in services that employ strong data-protection policies and employ industry best practices.

To the extent we require you to provide any financial account information, such as when you purchase subscriptions from us, that information will be collected and processed by third-party PCI-compliant service providers. We do not store financial account information transmitted through the website provided that we do store (or our payment processor on our behalf will store) just the last four digits of your credit card number, if you provide this to us, to comply with credit card processing requirements of authorizations, charges and chargebacks.

However, we cannot guarantee the security of any personal information transmitted over the internet and therefore you disclose information to us at your own risk. We will not be liable for any unauthorised access, modification or disclosure, or misuse of your personal information.

12. Enhanced privacy rights (European Union only)

Under the GDPR, an individual residing in the European Union has enhanced privacy rights, including the right to:

  • request access to the details of the personal information we hold about you;
  • require us to rectify any personal information held about you that is inaccurate or incomplete;
  • require the deletion of personal information concerning you in certain situations;
  • data portability for personal information you provide to us in certain situations;
  • object or withdraw your consent at any time to the processing of your personal information;
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you; or
  • otherwise restrict our processing of your personal information in certain circumstances.

13. Data Retention

Under the GDPR, we will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information, whether we can achieve those purposes through other means and the applicable legal requirements.

In some circumstances you can ask us to delete your data: see section 12 above for further information.

In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for analytics, research or statistical purposes in which case we may use this anonymised information indefinitely without further notice to you.

14. Contact information

If you require further information regarding our Privacy Policy or wish to make a privacy complaint, please contact us at hello@bellish.co

If you wish to access, manage or make any other request about your data, please email data@bellish.co


15. Miscellaneous

We reserve the right to modify this Privacy Policy in whole or in part from time to time without notice and amendments will be effective immediately upon posting of the amended Privacy Policy on the Bellish website.


Contact

You can contact us via email at hello@bellish.co