Section 1 — Introduction
Frank Body recognises the importance of safeguarding your information. This Privacy Statement therefore sets out how we use your information and the steps we take to ensure your privacy remains protected.
Frank Body offers Australian-made, coffee-based skincare products sold online and through a number of global retailers. Our company is registered as SNDR Pty Ltd trading as Frank Body, 47 Dover Street, Cremorne, VIC, 3121, Australia.
This Privacy Statement applies to personal information from from individuals in the European Union (under GDPR regulation) and all other global customers collected, processed, disclosed and stored (collectively “used”) by Frank Body.
If you have any queries or requests regarding this Statement or our use of your personal information, do not hesitate to contact us using the details set out below.
Section 2 — How Do we Collect Your Information?
As you interact with us, we will collect your information in several ways. Often you will provide this information directly to us, but in other cases it might be collected automatically through technical means such as Cookies.
If you contact us through our website, by email, by social media or purchase items from our store, we will collect the following information in order to provide the contract to you and respond to any queries:
- Your name
- Your postal address
- Your email address
- Order details.
- Financial or payment information such as your card details if a purchase has been made.
We collect the following information about you automatically, through technical means such as Cookies, when you browse our store:
- Internet protocol (IP) address
- Country geolocation using IP address
- Browsing data linked to Google Analytics.
See section 7 below for more details.
Section 3 – What do we do with your information?
We will use the information we collect about you in a variety of ways. For example, we will use it to fulfil your orders, to analyse and improve how our business and websites work, and, where we have your consent, to provide you marketing updates. We will never sell your information to any third party, and we only use your information when we have a lawful basis for doing so.
To fulfil our obligations to you or enable us to enter a contract:
- We will collect your personal details, contact information and address so that we can process and fulfil your orders.
Where we have your consent:
- We will periodically send emails to the address you provide so that you can find out more about our store, new products and other updates. If you want to withdraw this consent you can do so at any time – for more information see the Your Rights section.
Where we have a legal obligation to do so:
- We are required to keep certain financial records for financial reporting and accounting purposes.
Where we have a legitimate interest in using your information (and this information is not overridden by your own rights as an individual:
- We will use the information automatically collected about you through technical means such as Cookies to analyse how visitors use our website so that we can understand how visitors engage with Frank Body and improve how our website works.
- We also keep a record of transactions and correspond so that we can bring claims or defend ourselves in the event of a legal claim or complaint.
You can find out more about how Frank Body’s interests are balanced with your own rights and interests by getting in contact with us using the details set out below.
SECTION 4 – how will your information be shared?
We will share the information we collect about you with our service providers to the extent necessary for purposes outlined above. We may disclose your personal information if required to do so by law or if you violate our Terms of Service.
Sharing your information with Shopify:
- Shopify provides us with the online e-commerce platform that allows us to sell our products and services to you.
- Shopify therefore hosts the data we collect about you.
- Your data is stored through Shopify’s data storage, databases and the general Shopify application, on a secure server behind a firewall. Your data will be stored in Shopify’s servers in the USA.
- If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS).
- Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.
Sharing your information with other third parties:
Where Frank Body uses third party service providers, we may disclose to them your personal information – but they will only use your information to the extent necessary to allow them to perform the services on our behalf.
Frank Body will share your information with the following categories of service providers:
- Third parties providing payment gateways
- Third parties who process payments or transactions on our behalf
- MaxMind: MaxMind provides IP intelligence through the GeoIP brand. Over 5,000 companies use GeoIP data to locate their Internet visitors and show them relevant content and ads, perform analytics, enforce digital rights, and efficiently route Internet traffic.
- Google AdWords: Google AdWords is an online advertising service developed by Google, where advertisers pay to display brief advertising copy, product listings, and video content within the Google ad network to web users. Google AdWords’ system is based partly on cookies and partly on keywords determined by advertisers. Google uses these characteristics to place advertising copy on pages where they think it might be relevant. Advertisers pay when users divert their browsing to click on the advertising copy. Partner websites receive a portion of the generated income.
- Google Analytics: Google Analytics is a freemium web analytics service offered by Google that tracks and reports website traffic. Google launched the service in November 2005 after acquiring Urchin. Google Analytics is now the most widely used web analytics service on the Internet.
- Facebook: Facebook is an American online social media and social networking service company based in Menlo Park, California. Its website was launched on February 4, 2004, by Mark Zuckerberg, along with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dustin Moskovitz, and Chris Hughes.
- Salesforce: Salesforce.com, Inc. is an American cloud computing company headquartered in San Francisco, California. Though its revenue comes from a customer relationship management product, Salesforce also sells commercial applications of social networking through acquisition and internal development.
- NextBee: NextBee is a word-of-mouth marketing platform which was built by identifying and fitting together those pieces of the technological puzzle which are absolutely essential to the success of promotional campaigns. Nextbee is used to facilitate the frank body loyalty program, Hotel Pink.
- Yotpo; Using Yotpo’s complete platform, we use this to collect customer reviews and visual marketing posts to display on site to show product benefits. Yotpo is based in the United States.
- LiveChat: LiveChat is an offline customer service software with live support, help desk software, and web analytics capabilities. It was first launched in 2002 and is currently developed and offered in a SaaS business model by LiveChat Software.
- Commission Factory: Commission Factory is an affiliate marketing network based in Sydney, NSW Australia. Commission Factory has three client sets that it services within the Performance-based advertising space, such as the Affiliate, Merchant and Agencies
- SnapChat: Snapchat is a multimedia messaging app popular around the world created by Evan Spiegel, Bobby Murphy, and Reggie Brown,former students at Stanford University, and developed by Snap Inc., originally Snapchat Inc. Its a social media platform that allows customers to share stories
- Shopify: Shopify is a Canadian e-commerce company headquartered in Ottawa, Ontario. It is also the name of its proprietary e-commerce platform for online stores and retail point-of-sale systems.
Other circumstances in which we may share your information:
- From time to time we may need to disclose your information to law enforcement agencies or regulators.
- In addition, we may need to disclose your information if you violate our Terms of Service.
- If our store is acquired or merged with another company, your information may be shared with the new owners so that we may continue to sell products to you.
Frank Body takes steps to ensure that the third parties we engage to provide services to us on our behalf use your data in accordance with this Statement.
Such third parties may be located outside the European Economic Area (“EEA”) and to the extent that this is the case, the following Section 5 will apply.
Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Statement or our website’s Terms of Service. When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
Section 5 – International Transfer
Frank Body may transfer your information outside the EEA, to locations in which data protection standards are less strict. When doing this, we will take steps to ensure that your information remains protected in line with this Statement.
The internet is a global environment and in practice it is not at all unusual for information to be transferred internationally – for example if the servers used to host your information are located abroad. If we transfer personal information outside the EEA (for example to our parent company in Australia) we will adhere to certain safeguards approved under data protection laws. If you wish to find out more or to obtain a copy of the safeguards put in place to protect your privacy, please contact us using the details set out below.
SECTION 6 – SECURITY
To protect your personal information, we take put in place appropriate technological and organisational measures and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 7 – COOKIES
SECTION 8 – CHILDREN
Our site is not directed at those under the age of 16 and customers must have credit or debit cards to make purchases.
SECTION 9 – Automated decision-making
We do not undertake an automated decision making.
SECTION 10 – Data Retention
Frank Body will keep your information only for as long as is reasonably necessary for the purposes set out in this Statement and to fulfil our legal obligations. Where you are a customer this is usually at least for as long as you remain a customer, to be able meet our legal and contractual obligations to you, and if necessary, to resolve any disputes.
We only retain your information for as long as is necessary for us to use your information as described above or to comply with our legal obligations. However, please be advised that we may retain some of your information after you cease to use our services, for instance if this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes.
When determining the relevant retention periods, we will take into account factors including:
- our contractual obligations and rights in relation to the information involved;
- legal obligation(s) under applicable law to retain data for a certain period of time;
- statute of limitations under applicable law(s);
- (potential) disputes; and
- guidelines issued by relevant data protection authorities.
Otherwise, we securely erase your information once this is no longer needed.
For further information on how long your information shall be retained by Frank Body, please get in touch with us using the details set out below.
SECTION 11 – Your Rights
Subject to certain conditions, you will, by law, be able to exercise certain rights in respect of your information. Further information about your rights can be obtained from your national data protection authority – which in the UK is the Information Commisioner’s Office. You can exercise these rights by contacting us using the details set out below. In almost all circumstances these rights will be free to exercise, although if requests are made on a repeated or manifestly unfounded basis we may charge a reasonable administrative fee.
The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Statement.
The right of access. You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Statement).
The right to rectification. You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by getting in contact with us.
The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information that we hold.
The right to object to processing. You have the right to object to certain types of processing, and you can exercise this right by contacting us using the details set out below.
The right to restrict processing. You have right to ‘block’ or supress further use of your information. When processing is restricted, we can still store your information, but will not use it further.
The right to data portability. You have rights to obtain and reuse your information for your own purposes across different services. If this right is applicable, we will provide you with an accessible copy of your information so that you can use a similar service elsewhere.
The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your information with your national data protection regulator.
The right to withdraw consent. If we rely on your consent as our lawful basis for processing your information, you may withdraw your consent at any time. However, doing so will not make unlawful the actions we have taken with your personal data while we had your active consent. You can withdraw your consent to the processing of your information at any time by contacting us using the contact details set out below.
Section 12 – CONTACT INFORMATION
If you would like to exercise Your Rights, register a complaint, or simply want more information about this Privacy Statement or how we use your data, please get in touch with us using the details below.
You can email our Privacy Compliance Officer at;
Or you can get in contact by mail at:
[Re: Privacy Compliance Officer]
47 Dover Street, Cremorne, VIC, 3121, Australia
If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.