Privacy Policy

Natio Pty Ltd (Natio, we, us, our) are a supplier of skin care products, cosmetics and other related products, and have created this privacy policy to inform you (you, your) of our policy in relation to your personal information (Privacy Policy). This Privacy Policy has been developed in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and notifies you of:

  • What personal information is collected from you through our websites and other company databases
  • How the information is used and with whom the information may be shared
  • The kind of security procedures that are in place to protect your information

By accessing the website https://www.natio.com.au or any other Natio website (Sites) or otherwise transacting with us, you consent to the collection, storage, use and dissemination of your personal information in accordance with this Privacy Policy and as otherwise permitted under the Privacy Act.

Although we will comply with this privacy statement in respect of information provided to us by persons under the age of 18 years, those persons must obtain the consent of a parent or guardian prior to submitting their personal information to us or using our Sites and the parent or guardian will be responsible for appropriately supervising the person's use of our Sites.

Information Collection and Use

What personal information do we collect?

Natio collects personal information (meaning information or an opinion about an identified individual or an individual who is reasonably identifiable) if you:

  • join any Natio mailing list, including 'my.natio' to receive information about special offers and new product releases, we may collect your name, email address, postcode, gender and age;
  • make an online purchase through our Sites, we will collect your name, contact details, order details, payment details and delivery address;
  • send us an enquiry or provide us with feedback through our online form or via our Customer Service Centre, over the phone, or in person, we will collect your name, contact details, details of your enquiry or feedback and information about our response;
  • enter a competition or complete a survey, in online or printed format, we may collect your name, contact details and any other information you supply;
  • connect with us on social media, including Facebook or Instagram, we may collect via social media, your contact details and details of your submission to us;
  • apply for a job at Natio, we will collect the information you include in your job application, including your and your referee's contact details;
  • act as a Natio supplier or Natio corporate customer contact; we will collect your name, contact details and any other information you supply;
  • act as an employee of a third party retailer of Natio products; we will collect your name, contact details, gender and any other information you supply; or
  • submit any other personal information, about yourself or someone else, via our online services, advertisements and websites, including via our Sites, or otherwise.

However, we will not collect sensitive information from you unless:

  • you have given express consent for us to do so and the information is reasonably necessary for us to carry out our functions or activities, for example where you provide us with information regarding your health in order for us to respond to a query made by you in respect of our products; or
  • the use of information is otherwise permitted under the Privacy Act.

Why do we collect personal information?

This Privacy Policy deals with personal information of registered subscribers, customers, job applicants, referees, employees of third party retailers of Natio products, those who submit enquiries to us or our retailers, visitors to our Sites, service providers and other third parties.

We will not collect personal information unless the information is reasonably necessary for or directly related to one or more of our functions or activities. For example, we collect personal information in order to:

  • provide the products offered on our Sites and in any other forum to you directly or via our wholesale business customers and distribution channels. For example, we request information from you when you make an online purchase. This information is used for billing purposes, communication and to fill your order. If we have difficulty processing an order, this contact information is used to get in touch with you;
  • manage communications and promotional activities. For example, from time to time, our Sites may request information from you via surveys, promotions or competitions. Participation is completely voluntary and you therefore have a choice whether or not to disclose this information. Information requested may include contact information or demographic information (such as postcode, age level). Contact information will be used to notify winners and award prizes;
  • enhance and improve your use of the Sites and our products, for example through use of survey information we can monitor or improve the use and satisfaction of the Site;
  • respond to any questions, comments or queries submitted on our Sites or by any other means;
  • develop and disperse marketing and advertising materials, including on social media by using your information to enable the social media provider to deliver advertising to other social media users with similar demographics;
  • keep you informed about new products;
  • for internal business purposes, for example, to process job applications; and
  • as required or authorised by law, including under the Australian Privacy Principles.

How do we collect personal information?

We will generally collect personal information directly from you, unless it is unreasonable or impracticable to do so. We may also collect personal information from third parties such as our related companies, social media sites, third party publisher sites used for Natio advertising, suppliers, retailers of Natio products, credit reporting agencies or your representatives or publicly available sources of information.

We will only collect your personal information from third parties if you give the third party your consent to provide the information to us or it would be reasonably expected.

What if we receive unsolicited personal information?

If someone other than you provides us with personal information about you that we did not ask for, or you provide us with unsolicited personal information, we will only hold, use or disclose this information if we determine that we could have collected this information from you had we asked for it, and we will take all reasonable steps to notify you of the collection of that information as soon as practicable. If we could not have collected this personal information, we will lawfully de-identify or destroy the personal information.

Can I interact with Natio anonymously?

We will allow anonymous interaction whenever lawful and practicable, however failure to provide sufficient details may restrict the availability and quality of the services to be provided.

Does Natio use cookies on its Sites?

Cookies are small programs that enhance your use of the Internet and specifically we use cookies to enhance your usage of our Sites and to serve you advertising on non-Natio websites. Information about your use of these Sites is collected using server access logs and a tracking cookie, which attaches to the memory of your computer.

We use this information to help us make our site more useful to visitors and to better understand how and when our site is used as well as to keep you informed of events and activities via advertising. This information is not linked to any personal information you may provide and cannot be used to identify you. You should be able to configure your computer so that it disables cookies or does not accept them.

Natio's databases track the traffic through our Sites. This information is used to compile overall statistics. We use this information to analyse trends, administer the Sites and track users' movement in the aggregate. The statistics help us determine which products and services best serve our members and guests. Natio also uses aggregate information from demographic surveys, traffic patterns and IP addresses to improve and customise our Sites.

Disclosure of Information

In order to deliver the products and services that we provide to you, we may disclose your personal information to organisations outside of us, only in relation to, or in connection with, the purposes described in this Privacy Policy, or where disclosure is required by us to meet our legal and regulatory obligations. We take reasonable steps to ensure that these organisations are bound by privacy obligations in relation to the protection of your personal information. For example:

  • we may provide certain information about you, including your personal information to our related bodies corporate, but only to the extent necessary for our stated purposes;
  • if you choose to receive services from our third party partners, then we may provide your personal information to these third parties. These third parties are not allowed to use personal information except for the purpose of providing the services requested or as otherwise permitted by you;
  • we may provide hashed or encrypted personal information to digital marketing and other service providers such as advertising agencies, publishers and social media platforms such as Facebook and Instagram where you already interact with such platforms (and in future we may also provide such information other social media platforms such as Twitter, Snapchat, Vimeo, WeChat and/or YouTube);
  • we may provide personal information to technology support service providers where applicable to the service provided to you;
  • we may provide personal information to MailChimp to assist in distributing our email communications;
  • we may provide your personal information to our local representatives in the United Kingdom, New Zealand, Singapore, Korea and the United States, if you are based in such countries. If you are based in Australia, your information would not be provided in this context;
  • we may provide personal information to data storage providers on servers located within Australia;
  • we use external shipping companies, such as Australia Post eParcel service or DHL Economy, to ship orders and Shopify Payments, to process your purchases of our products. It is necessary for us to provide your personal information to these companies in order that we can process and deliver your order. These companies are not allowed to retain, share, store or use personal information for any secondary purposes;
  • we may provide personal information to government and law enforcement agencies and regulators; and
  • we may provide personal information to entities established to help identify illegal activities and prevent fraud where authorised by law.

We may also disclose your personal information to anyone authorised by you, or to whom you have provided your consent (either expressly or impliedly) or where another permitted general situation applies (as defined in Section 16A of the Privacy Act).

If we go through a business transition, such as a merger, acquisition by another company, or a sale of all or a part of our business assets, your personal information may be among the assets transferred.

We will not disclose information that personally identifies you to any third party other than as set out in this Privacy Policy.

Disclosure of Information Overseas

To assist in distributing our email communications, we may disclose your personal information to service providers such as MailChimp, whose servers and offices are located in the United States. For purposes mentioned in this Privacy Policy, we may also disclose hashed or encrypted information to Facebook and Instagram, whose services are provided, supported and hosted the United States and globally. The privacy policies of each of these providers are available on their websites. To the extent that the laws and rights of these countries are not equivalent to the laws of Australia, you agree to be bound by the laws and rights of the relevant extraterritorial jurisdiction. These countries have data protection laws that are not equivalent to the laws of Australia and you may not have equivalent rights of enforcement.

Third Party Sites

Although our Sites may link directly to websites operated by third parties (Linked Sites) you acknowledge that Linked Sites are not operated by us. We encourage you to always read the applicable privacy statement of any Linked Site on entering the Linked Site. We are not responsible for the content or practices of the Linked Sites nor their privacy policies regarding the collection, storage, use and dissemination of your personal information.

If we disclose personal information to third party social media sites and publishers, it may be stored by social media providers and publishers on their systems.

Subscription and direct marketing

If a user wishes to subscribe to any Natio database site, including my.natio.com.au, we ask for some contact information.

By ordering products on the Natio Sites, customers agree for their email address to automatically be added to Natio database sites, including the my.natio.com.au database.

We may use personal information about you for the primary purpose of providing you with our services, and for which you would reasonably expect us to use that information for, including sending you information about our new developments, products, promotions, competitions, services and special offers by post, telephone or any form of electronic communication. We may use any email address or other personal information you provide to us at any time for this purpose. You authorise us to use any email address or other contact information you provide to use at any time for such above purposes.

We will only use or disclose sensitive information for the purpose of direct marketing if you have consented to the use or disclosure for that purpose.

You can, at any time, opt out of receiving marketing material by contacting our Privacy Officer using the details below or using our functional unsubscribe facilities set out in our electronic mail. You agree and acknowledge that even if you opt out of receiving marketing material, we will still send you essential information that we are legally required to send you relating to the services we provide. Once you opt out of receiving marketing material from us, you agree and acknowledge that this removal from our databases may take up to 10 business days after the date you requested to be removed.

Security

The security of your personal information is important to us and we use all reasonable endeavours to keep your information in a secure environment and to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure.

When you submit personal information via our Sites, this information is protected both online and off-line. When our checkout process requires users to enter personal information (such as a credit card numbers and other personal details), the information is encrypted and protected using Secure Socket Layers (SSL). While on a secure page, such as our order form, a lock icon appears on the bottom of your Web browser. When you are not on a secure page, no lock icon will appear.

We keep records of the personal information we gather from you. We take reasonable precautions to protect user information off-line, and particularly to assist in your personal information not being accessed by unauthorised personnel, lost or misused. Finally, the servers that we store personal information on are kept in a secure environment under restricted access. If you have any questions or concerns about security on our Sites, or if you reasonably believe that there has been unauthorised use or disclosure of your personal information, please contact us (see details below).

If we no longer need your personal information, unless we are required under Australian law or a court or tribunal order to retain it, we will take reasonable steps to destroy, securely delete, or de-identify your personal information as appropriate.

Notifiable Data Breaches

In the event of a data breach, where your personal information is involved in the breach, we will notify you and the Office of the Australian Information Commissioner (OAIC) if the breach is likely to result in serious harm to you.

Accessing, correcting and updating your personal information

You have a right to access the personal information we hold about you subject to any exemptions allowed under the Privacy Act. You may request access to this information by contacting our Privacy Officer using the details provided below. If you request access to the personal information we hold about you, we will respond to your request within a reasonable period of time and, where reasonable and practicable, give access to the information in the manner you request. This will be subject to any exemptions provided under the Privacy Act. If your request is particularly complex or requires a detailed searching of our records, we may charge a reasonable fee for providing that information.

We take reasonable steps to ensure that the personal information held by us is accurate, complete and up to date. If your personal information changes, we provide a way to correct or update your personal information. This can be done by logging in to your account and editing your profile. Please contact us (see details below) if you have reason to believe your personal information held by us is not accurate, complete and up to date, and if this is the case we will take reasonable steps to correct it within 14 days. We may also take steps to ensure your information is up to date and our communications remain relevant to you, such that if you appear not to be engaging with our communications, we may cease to send you our communications until further notice by you.

If a user no longer desires our services, then we can also delete or deactivate that user's account on request, in accordance with our Terms and Conditions.

Contacting us and making a complaint

If you wish to access or update your personal information, or you believe your privacy has been breached and wish to make a complaint, please contact our Privacy Officer using the details below. We will respond to your request within a reasonable period of time, usually within 30 days. We may seek further information from you in order to provide a comprehensive and complete response.

Where it is practical to do so, when contacting us, you have the option to either not identify yourself or to use a pseudonym. However, this will not apply if we are required or authorised under Australian law (or a court or tribunal order) to only deal with individuals who have identified themselves.

If you are dissatisfied with the outcome of your complaint, or you do not receive a response to your complaint within 30 days, you may make a complaint to the OAIC. You may contact the OAIC via telephone on 1300 363 992, by submitting a complaint or inquiry online at www.oaic.gov.au or by mail at GPO Box 5218 Sydney NSW 2001.

If you would like further information on this Policy or if you have any concerns over the protection of your personal information, please contact:

The Privacy Officer
Natio Pty Ltd
110 Dougharty Road
Heidelberg West, Victoria 3081
Email: customerservice@natio.com.au

Changes to our Privacy Policy

We may at any time decide to change this privacy policy. If we do so, we will post the changes to this privacy statement so that you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. You can check this privacy statement at any time, to ensure that you are aware of any variations made. Unless the variations are minor in nature, we will also notify you of any updates. You will be deemed to have consented to any variations to this statement by your continued use of our Sites.