Updates as of 01/2022
The privacy of your Personal Data is important to Health and Happiness (H&H) Hong Kong Limited and its related companies and affiliates (referred to collectively as “H&H”, “we” or “our”) and we are committed to ensuring that your Personal Data is handled responsibly, in accordance with the applicable Data Protection Legislation.
- Data protection legislation
- Data controller
- Personal Data we collect and hold;
- Information you provide us;
- Information we collect from third parties;
- Information we automatically collect from you;
- Purpose for which we collect, hold, use and disclose your Personal Data;
- Consequences for you if your Personal Data is not provided to us;
- Disclosures of Personal Data to third parties;
- Storage and transfer of your Personal Data to other countries;
- How Personal Data is held and protected;
- Accessing and correcting your information;
- Privacy complaints or disputes;
- Rights of users in the European Economic Area;
- Contacting us about privacy.
DATA PROTECTION LEGISLATION
We adhere to the Privacy Act 1988 (Cth) (“Privacy Act”) including the Australian Privacy Principles (“the APPs”) (hereinafter jointly referred to as the “Australian requirements“).
In addition, we adhere to the European Data Protection Legislation as described below to the extent it applies to the Personal Data we process about you.
“Personal Data” is data relating to you from which you can be reasonably identified. Examples of Personal Data include your full name, postal address, email address and telephone number. We recognise that your Personal Data is valuable and process your information in accordance with the Australian requirements and European Data Protection Legislation (hereinafter jointly referred to as “Data Protection Legislation”).
Health and Happiness (H&H) Hong Kong Limited is responsible as data controller for the processing of your Personal Data collected on the Biostime® Websites under the European Data Protection Legislation and the Australian requirements as applicable.
PERSONAL DATA THAT WE COLLECT AND HOLD
We collect Personal Data to allow us to provide you with services and deliver information on the products and/or services offered by us. We make sure that the Personal Data we collect from you is necessary for and directly related to this purpose.
The type of Personal Data that we collect from you, will vary depending on the circumstances in which we are dealing with you. This information may include:
- Personal details about you such as your name, gender, date of birth, residential and business addresses, telephone numbers, email and other electronic addresses;
- If you have registered on our Website, we may collect any information from your browser and our servers that may be connected to the contact details you gave when you registered, such as username, password, profession, company, etc. Other details relating to your relationship and dealings with us, including if we deal with you in a capacity other than a customer (for example, if you have applied for a position with us, pre-employment history, income, results of aptitude and other tests, contact and emergency details).
- Information that you voluntarily provide to us through your responses to competitions, surveys, search functions, questionnaires, feedback, ratings and reviews and the like.
Credit card information we collect from you will go directly to our processor or bank and no personnel of H&H will have access to this data. If you choose to purchase a product from us, our third-party payment processors will collect your payment information, and none of our personnel will have access to this data.
As a general rule, we do not collect sensitive information about you, such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health or condition, sexual orientation and judicial or criminal records (“Sensitive Information“). However, in circumstances where we require Sensitive Information from you for a lawful purpose, for example for the purpose of providing our services to you, we will seek your consent to collect Sensitive Information prior to collecting it.
We collect such Personal Data from you in a number of ways, including:
- directly from you, such as when you enter your personal details on our Websites (for example during registration or application for products and services), when you provide information by phone or in documents such as an application form;
- from our affiliated companies;
- from your representatives;
- from our agents or service providers when engaged by us to do so or by other third parties, such as from referees, to verify the information you have provided us or to assist us to locate or communicate with you
- from sources where you’ve made your information publicly available;
- from credit-reporting and fraud-checking agencies and credit providers for credit related purposes such as credit worthiness, credit rating, credit provision and financing;
- from our own records of your dealings with us; or
- when legally required to do so.
We make sure that the way we collect data from and about you is lawful and fair in your circumstances.
We take all practical steps to ensure that you are informed of what data you are obliged to provide us, what data you may voluntarily provide us and what we may do if you do not provide us with data which you are obliged to provide.
PURPOSES FOR WHICH WE USE INFORMATION YOU PROVIDE US
This is information you give us when you enter your personal details on the Biostime® Nutrition Websites (for example during registration or application for products or services) or by contacting us via post, phone, e-mail or otherwise, in the context of your communication with H&H. We will use your Personal Data to:
- Identify you. We do this because it is in our legitimate interest to make sure that your enquiry is genuine and is not being made for fraudulent reasons or is spam. We may also do this because we may be subject to legal obligations which require us to confirm the details that you provide us with before entering into a relationship with you.
- Create an account when you register with us. We will do this because it is in our legitimate interest to use your Personal Data to communicate with you, to respond to your requests and to develop the relationship between us in the context of establishing and operating your account. If you submit Personal Data comprising an email address to H&H, we may send you product and/or service-related emails (e.g., transactional emails, service and policy updates in respect of matters related to or arising from the use of this Website) because it is in our legitimate interests to keep you informed of your account activities or service changes. It may also be necessary for us to:
- use your Personal Data to perform an agreement with you, where we would be unable to provide those services without that information;
- use your Personal Data to perform an agreement with you, where we would be unable to provide those services without that information;
- Provide, administer and manage services and carry out obligations arising from any contracts entered into between us, such as but not limited to online purchases. In these circumstances, we will use your Personal Data to perform an agreement with you because we would be unable to provide those services without that information;
- Monitor your use of the Websites to ensure that content from our Websites is presented in the most effective manner, to view given your device and to help the further development of the Website by compiling aggregate statistics about our users to analyze Website usage. We do this because it is in our legitimate interests to understand user behaviour so that we can ensure that we present information on the Websites that is of most interest to users and to ensure that information is displayed to you correctly and in a user-friendly way;
- To enable H&H to conduct research and/or analysis on the use of our Websites and to evaluate and improve the products and/or services offered by H&H. We do this because it is in our legitimate interests to understand the trends in the use and popularity of our products and services so that we can adapt existing and offer new services based on this research and analysis;
- Conduct communications between you and H&H and respond to feedback with regard to your needs and expectations of services and/or products offered by H&H. We will do this because it is in our legitimate interest to use your Personal Data to communicate with you, to respond to your requests about the services and facilities you require and to develop the relationship between us in the context of your use of our Website;
- Fulfil recruitment and staffing purposes. We will use your Personal Data to consider and decide how to respond to your enquiry because it is in our legitimate interests to use your Personal Data to consider whether we have any suitable job vacancies and to contact you about them. It may also be necessary for us to use your Personal Data to comply with a legal obligation relating to how we manage our business.
- Comply with various Australian laws, which may either expressly or in effect, require us to collect your Personal Data. Such laws include the Commonwealth Taxation Administration Act, Income Tax Assessment Act and other taxation laws (for example, to comply with information requests issued by the Federal Commissioner of Taxation) and employment laws (for example the Fair Work Act).
- Provide you with information related to H&H including the products, services, news, events and other privileges, benefits and other advantages from time to time offered by H&H, where you have opted in to receive this information.
When you opt-in to receive communications from us, you are giving your consent for your Personal Data to be used by us to contact you (depending on your selection) by email, direct mail and telephone, and to deliver personalized Website experiences, to share information about relevant products and services, news and events in relation to H&H’s offering.
We shall not use your Personal Data for marketing communications unless we have received your consent. Your consent may be communicated to us without charge by checking the opt-in / consent box in this Website or by writing to our Data Protection Officer, Aaron Xie at:
Attention: Aaron Xie, Data Protection Officer
111 Cambridge Street
Collingwood, Victoria 3066
If you subsequently decide that you do not want to receive correspondence from us about the services we could provide, you are entitled to withdraw your consent to us contacting you by clicking the “unsubscribe” link provided in a promotional email message, by amending your communication preferences or by contacting our Data Protection Officer at Aaron.Xie@hh.global or by post at 111 Cambridge Street Collingwood, Victoria 3066 AUSTRALIA. Withdrawing your consent will not affect our use of the Personal Data prior to you withdrawing that consent but it will mean that we will not be able to contact you about the services we may be able to offer you or your business in the future.
We will let you know when you must provide us with Personal Data in order to perform an agreement with you or your business or to comply with a legal obligation. If you do not provide us with the Personal Data in these circumstances, we may be unable to respond to your enquiry and/or engage in further communications with you.
INFORMATION WE COLLECT FROM THIRD PARTIES
We may use information provided to us by third parties that operate automated tracking technologies on third party websites, information you may have made publicly available or information provided by third party sources, such as marketing opt-in lists or data aggregators.
PURPOSES FOR WHICH WE USE INFORMATION WE AUTOMATICALLY COLLECT FROM YOU
When you visit the Biostime® Nutrition Websites, we may automatically collect information such as your IP address and browser type using cookies, log files, and pixel-tags (also called web beacons). This automatic data is primarily used for delivering and optimising services offered by us, such as:
- authenticating your identity and confirming whether you are currently logged in as you move through our Websites. Your browser allows us to place some information (e.g., session-based IDs and/or persistent cookies) on your computer’s hard drive that identifies the computer you are using.
- tracking your usage across our Biostime® Nutrition Websites in order to provide you with relevant, personalised content;
- improving our services, whereby we may occasionally display different versions of content to you and measure your usage of our web site pages.
To the extent this information constitutes Personal Data, we use it to ensure that content from the Biostime® Nutrition Websites is presented in the most effective manner for you and your device because it is in our legitimate interest to improve our customers’ online experience in relation to the Biostime® Nutrition Websites.
The following information sets out the types of cookies used on the Biostime® Nutrition Websites and provides detail about what they are used for. When you use the Biostime® Nutrition Websites for the first time, cookies which are essential to make the Biostime® Nutrition Websites operate (see those identified as “essential cookies” below) will have been set but other cookies will not have been set unless you agreed to those cookies being set at that time. If you have agreed to accept cookies then the Biostime® Nutrition Websites will remember this and continue to set cookies each time you visit. If you do not want cookies to be stored, then you may, via your browser, turn off certain cookies listed below individually or you can select the appropriate options on your web browser to delete some or all cookies. Please note, however, that if you block some or all cookies (including essential cookies) you may not be able to use or access all or parts of the Biostime® Nutrition Websites, such as being able to log on to member specific areas.
What types of cookies do we use?
We use a number of different cookies, outlined below:
- These cookies store temporary information essential to the site in order to display its content and are usually deleted when you close your browser.
- These cookies are stored in your browser for a set amount of time and stay on your computer after you close your browser. They usually contain information you may want to keep from session to session (e.g., your location or username).
First party cookies:
- These are ‘our’ cookies – the ones that we set up on your device and allows us to recognise you when you return to our Websites. It also helps keep track of your activity as you move page by page through our Website and enables us to personalise our content and remember your preferences (for example, your choice of language or region).
Third party cookies:
- Other websites or servers set these cookies up on our behalf, or allow us to access their cookies for activities such as tailored advertising, or tracking our ads’ performance on other websites.
Authentication, Security, Basic Functionality cookies:
- Sometimes called “essential cookies”, these cookies are needed for our Websites to work properly. Without these cookies, core site services, such as accessing secure areas, can’t be provided. Some of these cookies even help us to detect fraud and keep the sites secure. These cookies don’t gather information about you and are not used for marketing or remember where you’ve been online.
Site Performance cookies:
- These cookies collect information about how our sites are performing. For example, they tell us which content is popular, which pages create errors, or how people are moving around our sites. The information they collect is anonymous, and is used to help us improve how our Websites works.
- These functional cookies are all about the choices you make both on our sites and our advertising partners’ sites. They store information about your choices (such as your username, language or the region you’re in) and tailor your internet experience to provide relevant features and content for you, such as localised information or news. These cookies can also be used to remember changes you’ve made to text size, font and other customisable content.
- Without these cookies, our Websites won’t remember any choices you’ve previously made, or personalise your browsing experience.
Advertising, Marketing and Analytics cookies:
- These cookies help us tailor our marketing information online. They do things like limit the number of times you see an ad, as well as help us to measure the performance of our advertising – if you don’t like what you see, we want to know it. On the other hand, if you are interested in a particular topic, we want to help you get the best information we have.
- These cookies help us deliver ads that are more relevant both on our sites and our advertising partners’ sites. They remember that you have visited a particular website, and this information may be shared between us and other organisations, such as advertising partners. They also help us get a better understanding of you, your needs, your behaviours and how you interact with us so we can engage in product and service research, development and business strategy.
If you would like to disable cookies, you can set your web browser to reject cookies. However, if you disable the cookie function, you may not be able to access or receive all the information contained on the Biostime® Nutrition Websites. How to alter your cookie setting will depend on the type of browser you use. We have provided examples of how to disable cookies on the most popular browsers below:
Microsoft Internet Explorer
- choose the “tools” menu then “Internet Options”;
- click on the “privacy” tab; and
- select the appropriate setting.
- choose the “tools” menu then “Options”;
- click on the “privacy” menu then “Options”;
- click on the “privacy” icon; and
- find the “cookie” menu and select the relevant options.
CONSEQUENCES FOR YOU IF YOUR PERSONAL DATA IS NOT PROVIDED TO US
If you do not provide us with the Personal Data we ask for or the information provided is incorrect or incomplete, we might not be able to provide you with our products or services.
By visiting the Biostime® Nutrition Website, you agree to disclosures to the following third parties:
- related entities, commercial partners (including parties with whom we have various types of commercial arrangements) and affiliates;
- service providers;
- other companies and individuals which we employ to provide you promotional and informational offers on behalf of H&H, such as email marketing services (e.g., analysing customer lists, deliverability statistics, opens and clicks), marketing assistance or consulting services. These third parties may have access to information needed to perform their function but cannot use that information for any other purpose;
- advertisers, which may collect aggregated statistics from the Biostime® Nutrition Websites;
- payment processors who will collect your payment information if you choose to purchase a product from us;
- credit reporting agencies and other financial institutions including our own bankers, service providers; our professional advisers, such as our accountants, auditors and lawyers, insurers and industry groups having a legitimate reason to receive such information.
- other persons that we need to deal with in connection with engagement of staff (such as training or medical providers, insurers, next-of-kin, referees); and
- other persons and entities as permitted under the Privacy Act (such as insurers).
STORAGE AND TRANSFER OF YOUR PERSONAL DATA TO OTHER COUNTRIES
If you provide Personal Data to H&H, it may be transferred to, processed in, stored at or accessible from a destination outside Australia or the European Economic Area (“EEA”), such as New Zealand, Canada, China, the USA and Switzerland, or any other country in which H&H or its service providers maintain facilities. All practical steps are taken to ensure that all data is treated confidentially, kept secure and protected against unauthorised or accidental access, processing, erasure or other use and is maintained and kept no longer that is necessary for the purpose for which it is intended.
H&H has operations in, among other territories, Australia, which is a territory not currently deemed to offer adequate data protection by the European Commission. If you provide your Personal Data to us in circumstances where our processing of it is subject to European Data Protection Legislation, please note that you are doing so on the basis that you explicitly consent to the transfer of your data outside the EEA. The potential consequence of you explicitly consenting to this are that there is a risk that your Personal Data will not be protected in a manner that complies with European Data Protection Legislation. You can withdraw your consent for this reason at any time by emailing our Data Protection Officer via Aaron.Xie@hh.global. Withdrawing your consent will not affect our use of the Personal Data prior to your withdrawing that consent but it will mean that we may not be able to contact you about the services we may be able to offer you in the future.
Where we pass your Personal Data that is subject to European Data Protection Legislation from a location inside the EEA to parties located outside the EEA that does not offer adequate protection as determined by the European Commission, and if they are not subscribed to an approved data protection framework, such as the EU-US Privacy Shield that permits us to transfer the Personal Data to them from the EEA, we will enter into agreements which enable us to transfer Personal Data to them and that enable you to exercise your rights in accordance with the European Data Protection Legislation. A copy of these terms can be obtained by emailing our Data Protection Officer via Aaron.Xie@hh.global.
HOW PERSONAL DATA IS HELD AND PROTECTED
We will keep a record of the Personal Data that we receive from you in order to answer your query, respond to a request for more information about the services, or in response to an enquiry from one of our existing suppliers. Subject to legal requirements, we will only retain the Personal Data collected from a user for as long as the user’s account is active or has otherwise not been cancelled and the user has not requested that their Personal Data be deleted. We will retain Personal Data to fulfil the purposes for which we have initially collected it, unless otherwise required by law. All Personal Data will be retained only as necessary to comply with our legal obligations.
We will delete our copy of your Personal Data 7 years from the end of our contact with you or when we are no longer required by law to retain it (whichever is later), although we may retain a record of the existence of the relationship, to the extent and for so long as we are required to do so by law. For example, if you have contacted us to ask us for the processing of your Personal Data to be erased, we will retain a record of your request in order to ensure we comply with your wishes.
Your Personal Data may be stored in hard copy documents or in electronic form in our computer systems. In particular, your Personal Data, will be stored in 128 SSL bit encryption on database servers at our data centres or at data centres owned by third party hosting companies.
You should keep in mind that Internet transmissions (including emails) are never completely secure or error-free. As such, you should take steps to protect yourself, especially online and take special care in deciding what information you send to us via e-mail or other transmissions. Moreover, where you use passwords, ID numbers, or other special access features on our Websites, it is your responsibility to safeguard them. You should choose a strong password, do not use the same password that you use on other websites and do not share your password with anyone else. Also remember to sign out of our Websites and close your browser window when you have finished to ensure that others who may have access to your computer cannot access your Personal Information.
ACCESSING AND CORRECTING YOUR INFORMATION
You have a right to access the Personal Data that we hold abut you at any time, subject to certain exemptions under the Privacy Act.
We will take all reasonable steps to ensure that the Personal Data we collect, use or disclose is accurate, complete, up-to-date and relevant to our dealings with you and the nature of our relationship with you.
If you would like to request access to your Personal Data or correction of your Personal Data held by us, you may contact us in writing. The relevant contact details are provided below (see “Contact us”).
PRIVACY COMPLAINTS OR DISPUTES
If you are unhappy with the handling of your complaint you may refer the complaint to the Office of the Australian Information Commissioner (visit www.oaic.gov.au for more information).
RIGHTS OF USERS IN THE EUROPEAN ECONOMIC AREA
With respect to the Personal Data that H&H collects about you from the Biostime® Nutrition Websites, to the extent that you are located in the EEA, under the European Data Protection Legislation you have the right to:
- request access to that Personal Data;
- receive a copy of the Personal Data that you have provided to H&H in a structured, commonly used and machine-readable format so that you can share it with others;
- request the transfer of your Personal Data to another party;
- ask that Personal Data be erased;
- object to us possessing your Personal Data by asking for the processing of that Personal Data to be restricted or stopped. For example, if H&H uses Personal Data for marketing purposes or to make other decisions automatically; and
- make a complaint to a European data protection authority about the manner in which H&H processes your Personal Data. The contact details for the European data protection authorities can be found at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Please contact H&H Customer Service to exercise these rights or for additional information on 1800 794 773.
In addition to the above, you have the right to review, update, and correct your account information and preferences at any time by managing your account’s Profile page. If there is any information that you are not able to edit or delete, contact our Customer Service to help you make the amendments.
You have the right to request for your account to be terminated and your information to be deleted when there is no longer a legitimate or legal reason for us to keep your Personal Data.
On the other hand, if you wish to change or use other services affiliated to us, you may request for your Personal Data to be transferred or transmitted.
Biostime Nutrition is part of the H&H Group along with other brands including Swisse, Dodie, Solid Gold, Zesty Paws, Aurelia London, Good Gout and CBII. For any information on the H&H group, head to their website https://www.hh.global/.
If you wish to contact us about the privacy-related matters described above or find out more information about our privacy practices, please use the contact details below:
Attention: Privacy Officer
111 Cambridge Street
Collingwood, Victoria 3066
Attention: Aaron Xie, Data Protection Officer
111 Cambridge Street
Collingwood, Victoria 3066