Privacy policy

The Beauty Colab values the privacy of its customers and other people whose Personal Information we hold. The purpose of this document is to help you understand what you can expect from The Beauty Colab when we hold your Personal Information.

SCOPE OF THIS POLICY

This policy applies to Personal Information collected by The Beauty Colab and our obligations under the Privacy Act. This includes Personal Information collected through our online store, booking system, in-store treatments, and any other contact with us.

DEFINITIONS

"Personal Information" means information about an identifiable individual (being a natural person, not a corporate body), as defined in the Privacy Act.

"Health Information" means information about an individual's health, medical history, allergies, or skin conditions collected for the purpose of providing beauty therapy treatments.

"Privacy Act" means the Privacy Act 2020.

"Privacy Breach" means unauthorised or accidental access to, or disclosure, alteration, loss, or destruction of, Personal Information, or an action that prevents The Beauty Colab from accessing the information either temporarily or permanently.

PRINCIPLES

These principles are subject to requirements in other Acts of Parliament which may override the principles, in which case we are not bound by them. There may be some other circumstances where strict adherence to the principles is not reasonably possible. The Beauty Colab will endeavour to adhere to the principles so far as is reasonably possible.

Collecting Information

We will only collect Personal Information where it is needed for a lawful purpose connected with a function or activity of The Beauty Colab.

Personal Information should be collected directly from the individual, unless an exception listed in principle 2 of the Privacy Act applies and allows collection from a third party.

We collect Personal Information through The Beauty Colab's website, online store, booking system, and in-store when you use our services. The types of information we may collect include:

  • Name, contact details, and delivery address
  • Purchase history and order information
  • Appointment history and booking preferences
  • Health information, including skin conditions, allergies, and contraindications, collected for the purpose of providing safe and appropriate beauty therapy treatments
  • Payment information (processed securely through our payment providers)

Where Personal Information is being collected from an individual, we will take reasonable steps to ensure that the individual is aware:

  • that we are collecting the information;
  • what information is being collected;
  • why the information is being collected;
  • any law (if any) which authorises or requires the collection of the information and whether it is voluntary or mandatory for the individual to supply the information;
  • the consequences (if any) if the requested information is not provided;
  • how the information will be used;
  • who the information will be shared with; and
  • what rights they have to access and correct that information.

We will not collect Personal Information by unlawful means or by means that are unfair or unreasonably intrusive.

Health Information

Where we collect Health Information from clients for the purpose of providing beauty therapy treatments, we treat this information with the highest level of care. Health Information is:

  • Collected only where necessary to provide safe and appropriate treatments
  • Used solely for the purpose of delivering and improving your treatment experience
  • Stored securely and accessible only to authorised staff
  • Not disclosed to third parties except where required by law or with your explicit consent

Once We Have the Information

We will ensure reasonable security safeguards protect the Personal Information we hold from loss, unauthorised use, and misuse.

Individuals are entitled to receive confirmation of whether The Beauty Colab holds any Personal Information about them and to access their Personal Information. We will respond to any access requests within 20 working days of receipt, as required by the Privacy Act. Individuals who access their Personal Information should be advised that they may request the correction of that information.

We will not use Personal Information without taking reasonable steps (if any) to ensure it is accurate, up to date, complete, relevant, and not misleading.

Personal Information will only be used for the purpose for which it was collected, unless an exception listed in principle 10 of the Privacy Act applies and allows use for other purposes.

Unique identifiers will only be assigned to individuals if it is necessary to enable The Beauty Colab to carry out one or more of its functions efficiently. Unique identifiers will only be assigned to individuals whose identities are clearly established and the risk of misuse of a unique identifier will be minimised.

We will not keep Personal Information for longer than required by lawful purposes or by law.

Website Cookies and Tracking

Our website uses cookies and similar tracking technologies to improve your browsing experience, process transactions, and understand how our site is used. This may include cookies set by Shopify and other tools we use to operate our online store.

By continuing to use our website, you consent to the use of cookies in accordance with this policy. You can manage or disable cookies through your browser settings, though this may affect some functionality of our website.

Marketing Communications

If you have signed up to receive marketing communications from us, we may use your contact details to send you promotional emails, product updates, and special offers. You have the right to opt out of marketing communications at any time by clicking the unsubscribe link in any email we send, or by contacting us directly at hello@thebeautycolab.com.

We will not use your Personal Information for direct marketing without your consent.

Third-Party Services

In order to operate our business, we use the following third-party software services which may collect, store, or process your Personal Information:

  • Shopify — our online store and e-commerce platform, used to process orders and payments. Shopify is based in Canada and is subject to privacy laws that provide comparable safeguards to New Zealand's Privacy Act. You can view Shopify's privacy policy at shopify.com/legal/privacy.
  • Timely — our booking and appointment management software, used to manage treatment bookings and client records. Timely is a New Zealand-based company and is subject to the Privacy Act. You can view Timely's privacy policy at gettimely.com/privacy-policy.
  • Xero — our accounting software, used to manage invoicing and financial records. Xero is a New Zealand-based company and is subject to the Privacy Act. You can view Xero's privacy policy at xero.com/nz/about/legal/privacy.

We take reasonable steps to ensure these providers maintain appropriate privacy and security standards. Personal Information shared with these providers is limited to what is necessary for the purposes described above.

Accessing and Correcting the Information

Where we hold Personal Information, the individual concerned shall be entitled to request correction of the information and request that a statement of correction be attached to the Personal Information.

  • We will take reasonable steps to ensure the Personal Information is accurate, up to date, complete and not misleading.
  • We are not required to correct the Personal Information if we disagree with the correction. However, if this is the case, the "correction" will be attached to the Personal Information.
  • Where we receive a request for correction of Personal Information we will inform you of the action taken as a result of the request.
  • We will respond to all access and correction requests within 20 working days.

Disclosing the Information

We will not disclose Personal Information to another person or agency unless we believe on reasonable grounds:

  • The disclosure is directly related to the purposes in connection with which the Personal Information was obtained;
  • The Personal Information is publicly available and disclosure is not unfair or unreasonable;
  • The disclosure is authorised by the individual concerned;
  • The Personal Information is to be used in a form where the individual concerned is not identifiable; or
  • Non-compliance is necessary for one or more of the reasons stated in principle 11 of the Privacy Act.

We will only disclose Personal Information to a foreign person or entity where one of the following applies:

  • the individual concerned authorises the disclosure after being expressly informed that the foreign person or entity may not be required to protect the information in a way that provides comparable safeguards to the Privacy Act;
  • the foreign person or entity is carrying on business in New Zealand and The Beauty Colab reasonably believes the foreign person or entity is subject to the Privacy Act;
  • The Beauty Colab reasonably believes the foreign person or entity is subject to laws that provide comparable safeguards to the Privacy Act.

REGULATORY COMPLIANCE

The Beauty Colab operates in accordance with applicable New Zealand legislation, including the Privacy Act 2020 and local bylaws. As a beauty therapy business operating in New Plymouth, we hold a Health and Hygiene Licence issued by the New Plymouth District Council and comply with all associated health and hygiene requirements.

PRIVACY BREACHES

The Beauty Colab will notify the Privacy Commissioner as soon as practicable after becoming aware that a notifiable Privacy Breach has occurred and will comply with the notification requirements in section 117 of the Privacy Act.

The Beauty Colab will notify affected individuals as soon as practicable after becoming aware that a notifiable Privacy Breach has occurred.

PRIVACY OFFICER

We have a privacy officer who is responsible for:

  • Maintaining this policy and relevant processes;
  • Supporting staff with complying with the policy;
  • Liaising with third parties in respect of privacy matters, including the Privacy Commissioner or other relevant regulators;
  • Dealing with any requests we receive under the Privacy Act; and
  • Managing any privacy complaints received.

For requests or complaints please contact the privacy officer: Kimberly Whitham — hello@thebeautycolab.com

REVIEW OF POLICY

Policy Date: June 2026

Review Date: June 2027