Privacy Policy | Rose-Hip Vital Australia

1. ABOUT THIS NOTICE

1.1 Scope. Rose-Hip Vital has sought to adopt a rigorous and best practice approach to collecting, using, disclosing, managing, protecting and otherwise Processing Personal Data. This is necessarily subject to applicable Data Protection Laws and Regulations in relevant jurisdictions.

1.2 Non-binding. This Privacy Notice is not incorporated into the terms of engagement or employment of a person to whom it is intended to apply. It does not create contractual rights against Rose-Hip Vital.

1.3 Data Protection Agreement. Nothing in this Privacy Notice affects the terms of any Data Protection Agreement or a Customer Agreement between us and a Customer or other relevant person concerning matters of data protection and privacy.

1.4 Amendment. Rose-Hip Vital may change, vary or modify all or part of this Privacy Notice at any time in our sole discretion. It is your responsibility to check this Privacy Notice periodically for changes. If we issue a new Privacy Notice:

1.4.1 we will post the new Privacy Notice on the Platform; and

1.4.2 it will then apply to you through your acceptance of it by subsequent or continued use of the Platform and/or by being a Customer acquiring relevant goods and/or services from us or otherwise in respect of your relationship and dealings with us.

2. PURPOSE

2.1 Primary Purposes.
We collect Personal Data from you and, subject to clause 3.4, you consent to us and our Related Bodies Corporate (and where relevant any Third Party Service Provider) collecting, using and otherwise Processing and allowing the Processing (as applicable) your Personal Data for the following Primary Purposes and you consent to all such use:

2.1.1 Functionality of Rose-Hip Vital Platform: To operate, use and offer functionality of the Rose-Hip Vital Platform to supply the Rose-Hip Vital Products. Including (without limitation):

- - to enable your use of Rose-Hip Vital Platform (in each case, as may be permitted);
  - to assess whether you are a permitted User;
  - to make available personal information to a relevant Customer;
  - to store in a relevant database; to personalise and customise your experiences with us;
  - to help us review, manage and enhance the Rose-Hip Vital Products and the Rose-Hip Vital Platform; to develop insights used in reports or other content developed by us;
  - to communicate with you and any relevant Third Parties; and to lawfully carry out our functions and activities in relation to such matters. to make available personal information to a relevant Customer; ·to store in a relevant database;
  - to personalise and customise your experiences with us; to help us review, manage and enhance the Rose-Hip Vital Products, the Rose-Hip Vital App and the Rose-Hip Vital Platform;
  - to develop insights used in reports or other content developed by us; to communicate with you and any relevant Third Parties; and
  - to lawfully carry out our functions and activities in relation to such matters.

The type of Personal Data we collect for these purposes includes Identity Information, Contact Information, Customer Information, Financial Information, Transaction Information, Marketing and Communications Information.

The basis for the use is for the performance of a contract with you, to improve our Products, and to meet legal and regulatory requirements. This is also necessary for our legitimate interests (such as our legitimate interests in performing, maintaining and securing our products and services and operating our business in an efficient and appropriate manner). This is in accordance with APP 3.2, which allows us to collect personal information when it is reasonably necessary for one or more of Rose-Hip Vital’s functions or activities.

2.1.2 Processing Personal Data
To Process Personal Data, most usually as a data processor in respect of use of the Rose-Hip Vital Platform by a relevant Customer and/or user, but also as a Controller in some instances (e.g. in our own capacity as an employer and with respect to our own business activities), including but not limited to:

- - delivering Products to you or a relevant Customer;
  - verifying your identity and assess whether you are a permitted User; and
  - developing insights used in reports or other content developed by us.

The type of Personal Data we collect for these purposes includes Identity Information, Contact Information, Financial Information, Transaction Information and Customer Information.

The basis for the use is for the performance of a contract with you and to meet our legal and regulatory requirement. This use is also necessary for our legitimate interests (e.g., to enable us to provide Products). This is in accordance with APP 3.2, which allows us to collect personal information when it is reasonably necessary for one or more of Rose-Hip Vital’s functions or activities.

2.1.3 Enquiries at request

To provide you with information about the Products you requested or enquired about.

The type of Personal Data we collect for these purposes includes Identity Information, Contact Information, Customer Information and Marketing and Communications Information.

The basis for the use is for the performance of a contract and to improve our Products. This is in accordance with APP 3.2, which allows us to collect personal information when it is reasonably necessary for one or more of Rose-Hip Vital’s functions or activities.

2.1.4 Assessment of Applications

To help us assess an application submitted by you, or on your behalf, in relation to your employment with, or engagement by, us, including to conduct visa, criminal and/or migration checks via Third Party Service Providers or a relevant governmental body.

The type of Personal Data we collect for these purposes includes Identity Information, Contact Information, Technical Information, Profile Information and Financial Information.

The basis for the use is for the performance of a contract with you and to meet our legal and regulatory requirements. This is also necessary for our legitimate interests (e.g., to determine your suitability for employment with us and arranging for payment to you in accordance with your employment or contractor agreement). This is in accordance with APP 3.2, which allows us to collect personal information when it is reasonably necessary for one or more of Rose-Hip Vital’s functions or activities.

2.1.5 Third Party Disclosures
To disclose to Third Parties engaged by us to perform functions related to the Rose-Hip Vital Platform, including:

- - website application providers, IT hosting and service providers, and other technical support services;
  - our professional advisors;
  - persons authorised by you to receive personal information or other data held by us;
  - a purchaser of all or any part of the Rose-Hip Vital business or any other part of our business; and
  - any other persons as required or permitted by any law.

The type of Personal Data we collect for these purposes includes Identity Information, Contact Information, Transaction Information and Customer Information.

The basis for the use is for the performance of a contract with you and to meet our legal and regulatory requirements. This is also necessary for our legitimate interests (e.g., enabling us to supply Products). This is in accordance with APP 3.2, which allows us to collect personal information when it is reasonably necessary for one or more of Rose-Hip Vital’s functions or activities.

2.1.6 Investigation of Complaint
To investigate any complaints about, or made by you, or if we have reason to suspect you have breached any relevant terms or contract.

The type of Personal Data we collect for these purposes includes Identity Information, Contact Information, Technical Information, Profile Information and Financial Information.

The basis for the use is to meet our legal and regulatory requirements and to improve our Products. This is also necessary for our legitimate interests (e.g., to ensure that we continue to supply Products in accordance with industry best-practice and/or relevant obligations). This is in accordance with APP 3.2, which allows us to collect personal information when it is reasonably necessary for one or more of Rose-Hip Vital’s functions or activities.

2.1.7 Contemplated in Terms + Conditions

For the purposes contemplated by our Terms + Conditions. The type of Personal Data we collect for these purposes includes Identity Information, Contact Information, Customer Information, Technical Information, Marketing and Communications Information and Profile Information. The basis for the use is for the performance of a contract with you. This is in accordance with APP 3.2, which allows us to collect personal information when it is reasonably necessary for one or more of Rose-Hip Vital’s functions or activities.

2.1.8 Produce and develop Products

To help us produce and develop Products associated with Rose-Hip Vital as well as develop insights to enhance User experience.
The type of Personal Data we collect for these purposes includes Identity Information, Contact Information, Customer Information, Technical Information, Marketing and Communications Information and Profile Information
The basis for the use is necessary for our legitimate interests (e.g., to develop our Products, to grow our business, and to inform our marketing strategy). This is in accordance with APP 3.2, which allows us to collect personal information when it is reasonably necessary for one or more of Rose-Hip Vital’s functions or activities.

2.1.9 Communication
To communicate with you, including by email, mobile and in-application notifications.
The type of Personal Data we collect for these purposes includes Identity Information, Contact Information and Profile Information.
The basis for the use is for the performance of a contract with you. This is also necessary for our legitimate interests (e.g., to resolve any matters that require attention by us in relation to the Products supplied to you). This is in accordance with APP 3.2, which allows us to collect personal information when it is reasonably necessary for one or more of Rose-Hip Vital’s functions or activities.

2.1.10 Payments
To process payments, including (without limitation), sending you account related reminders and providing confirmation of Products purchased.
The type of Personal Data we collect for these purposes includes Identity Information, Contact Information, Financial Information, Transaction Information and Customer Information.
The basis for the use is to comply with our legal and regulatory requirements. This is also necessary for our legitimate interests (e.g., to facilitate a transaction). This is in accordance with APP 3.2, which allows us to collect personal information when it is reasonably necessary for one or more of Rose-Hip Vital’s functions or activities.

2.1.11 Customer Health
To understand customer health needs and usage of our Products, including (without limitation):

- - collecting health-related information you provide voluntarily (e.g., in surveys, emails or contact forms);
  - using that information to improve our Products and develop new ones;
  - understanding demographics and health-related trends in relation to Product use; and
  - tailoring communications and offers to better align with your health interests and needs.

The type of Personal Data we collect for these purposes includes Identity Information, Contact Information, Customer Information and Health Data.

The basis for the use is this data necessary for our legitimate interests (e.g., to improve our Products, ensure our Products are fit for purpose, and marketing our Products). This is in accordance with APP 3.4(a), which permits us to collect sensitive information where it is reasonably necessary for one or more of Rose-Hip Vital’s functions or activities, and the individual has consented to its collection.

2.1.12 Legal Requirements
To do anything else as required or permitted by any relevant law
The type of Personal Data we collect for these purposes includes Identity Information, Contact Information, Financial Information, Transaction Information, Customer Information, Technical Information, Marketing and Communications and Profile Information.

The basis for the use is to meet our legal and regulatory requirement. It is also necessary for our legitimate interests. This is in accordance with APP 3.2, which allows us to collect personal information when it is reasonably necessary for one or more of Rose-Hip Vital’s functions or activities.

3. WHAT WE COLLECT

3.1 Personal Data . Personal Data we collect about you may include or be comprised within:

3.1.1 personal contact information such as name, mobile device number, email address, mailing address and encrypted password;

3.1.2 geolocation data, unique IDs collected from mobile devices, network carriers or data providers; and

3.1.3 Biometric Data, authentication data, financial and payment information and such other information necessary or convenient for delivering or in connection with our Products.

3.2 We also may collect additional information as part of our collection of Identity Information, Contact Information, Financial Information, Transaction Information, Technical Information, Marketing and Communications Information, Customer Information and Profile information used for the Primary and Secondary Purposes.

3.3 Other information . We may collect, directly or through platform and website, and you consent to us collecting, information relating to you that is not Personal Data, such as data relating to your activity on the Rose-Hip Vital Platform, including:

3.3.1 the Internet Protocol address or MAC (device) address and a component of the domain name used (e.g., .com or .net);

3.3.2 the type of browser and operating system you used;

3.3.3 the date and time you visited the Rose-Hip Vital Platform;

3.3.4 the web pages you accessed at the Rose-Hip Vital Platform;

3.3.5 the time spent on individual pages and the Rose-Hip Vital Platform overall;

3.3.6 which files you downloaded;

3.3.7 information about your computer and Internet connections using cookies;

3.3.8 information regarding your dealings with us, including feedback and insights;

3.3.9 information relating to purchases made through the Rose-Hip Vital Platform, including product selections, order history, payment method, delivery preferences, and subscription settings; and

3.3.10 information regarding your past or current employment if you apply for employment with, or engagement by, us, interact with us on behalf of your employer or other person, or apply to volunteer with us.

3.4 Sensitive Personal Data. We will only collect, hold, use, disclose or otherwise Process any Sensitive Personal Data about you with your consent or if you volunteer such Sensitive Personal Data to us. If we collect or hold your Sensitive Personal Data in accordance with this clause, we may disclose or Process such Sensitive Personal Data as you may consent unless required or permitted by law.

4. HOW WE COLLECT

4.1 How we collect. Your Personal Data may be collected:

4.1.1 when you complete an application, consent, purchase, account sign-up or similar form via the Rose-Hip Vital Platform or otherwise;

4.1.2 when you upload a testimonial on the Rose-Hip Vital Platform and any attachments;

4.1.3 when you use the Rose-Hip Vital Platform;

4.1.4 when you contact us to submit a query or request;

4.1.5 when you interact with the Rose-Hip Vital Platform;

4.1.6 from you when you request support from us;

4.1.7 from affiliate marketplace website partners;

4.1.8 from you when you subscribe to a marketing list;

4.1.9 from you when you request further information from us;

4.1.10 from you or a relevant Customer when you make a purchase of any Rose-Hip Vital Product;

4.1.11 from government regulators, law enforcement agencies and other government entities;

4.1.12 from business contacts, external service providers and suppliers; or

4.1.13 by other means reasonably necessary.

4.2 Third party collection. If we collect any Personal Data about you from someone other than you, to the extent not already set out in this Privacy Notice, we will inform you of the fact that we will collect, or have collected, such information and the circumstances of that collection before, at or as soon as reasonably practicable after we collect such Personal Data.

4.3 Authority. If you provide us with the Personal Data of another individual, without limiting any other provision of this Privacy Notice, you acknowledge and agree that the other individual:

4.3.1 has authorised you to provide their Personal Data to us; and

4.3.2 consents to us using their Personal Data in order for us to supply our Products and for the purposes contemplated by this Privacy Notice.

4.4 Unsolicited information. If we receive unsolicited Personal Data about you that we could not have collected in accordance with this Privacy Notice and applicable Data Protection Laws and Regulations, we will, within a reasonable period or otherwise to the extent lawful, destroy or de-identify such Personal Data received.

4.5 Anonymity. If you would like to access or use any of our Platform on an anonymous or pseudonymous basis we will take reasonable steps to comply with your request. However:

4.5.1 you may be precluded from taking advantage of some or all of our Products or services; and

4.5.2 we will require you to identify yourself if:

a) we are required by law to deal with individuals who have identified themselves; or

b) it is impracticable for us to deal with you if you do not identify yourself.

4.6 Destruction. We will, within a reasonable period or otherwise to the extent lawful, destroy or de-identify your Personal Data if:

4.6.1 the purpose for which we collected the Personal Data from you no longer exists or applies; or

4.6.2 you request us to destroy your Personal Data,
and we are not required by law to retain your Personal Data.

4.7 Social Media Tools. We use Facebook, YouTube and Instagram and may from time to time use other social media tools.

5. USE

5.1 Primary and secondary use. We will only use, disclose or otherwise Process your Personal Data for the Primary Purposes, but we may use or disclose your Personal Data for a secondary purpose:

5.1.1 if you would reasonably expect us to use or disclose the Personal Data for that secondary purpose, and:

a) if the information is Sensitive Personal Data, the secondary purpose is directly related to the primary purpose of collection; or

b) if the information is not Sensitive Personal Data, the secondary purpose is related to the primary purpose of collection; or

5.1.2 if we otherwise get your consent to do so; or

5.1.3 as may be permitted otherwise by applicable Data Protection Laws and Regulations.
Any such use or disclosure shall be in accordance with this Privacy Notice and applicable Data Protection Laws and Regulations.

5.2 Third parties. We will not sell, trade, rent or licence for use your Personal Data to Third Parties, although we may for clarity permit a Third Party Service Provider to use your Personal Data in the provision of a relevant service to us.

5.3 Direct marketing . We will offer you a choice as to whether you want to receive direct marketing communications about our Services. If you choose not to receive these communications, we will not use your Personal Data for this purpose.

5.4 We will otherwise only use or disclose your Personal Data for the purposes of direct marketing if:

5.4.1 we collected the Personal Data from you;

5.4.2 it is reasonable in the circumstances to expect that we would use or disclose the Personal Data for direct marketing purposes;

5.4.3 we provide you with a simple means to ‘opt-out’ of direct marketing communications from us; and

5.4.4 you have not elected to ‘opt-out’ from receiving such direct marketing communications from us.

5.5 Opt-out. You may opt out of receiving such communications by contacting us using our contact details set out at clause 11.

5.6 Automated decision-making . We may use secure artificial intelligence systems to assist us in providing supplying our Products. Where we do so, we will only input your Personal Data in a way which complies with this Privacy Notice.

6. DISCLOSURE

6.1 How we disclose. We may disclose Personal Data and you expressly consent to us disclosing, for the purpose of use or other Processing, such Personal Data to:

6.1.1 Third Parties engaged by us to perform functions related to Rose-Hip Vital;

6.1.2 Third Party Service Providers who perform functions or supply Products or provide services on our behalf;

6.1.3 relevant regulatory bodies in the industry in which we or you operate;

6.1.4 credit agencies;

6.1.5 our professional advisors, including our accountants, auditors and lawyers;

6.1.6 our Related Bodies Corporate;

6.1.7 a relevant person entitled to use or enjoying rights concerning the Rose-Hip Vital Service;

6.1.8 persons authorised by you to receive Personal Data or other data held by us;

6.1.9 persons authorised by you to receive information held by us;

6.1.10 a government authority, law enforcement agency, pursuant to a court order or as otherwise required by law;

6.1.11 a party to a transaction involving the sale of all or any part of the Rose-Hip Vital business or any other part of our business or our assets or a sale of new or existing securities in Rose-Hip Vital; and

6.1.12 any other persons as required or permitted by any law.

6.2 Clauses 6.1.1 to 6.1.11 do not apply to Sensitive Personal Data.

6.3 Overseas disclosure. We may in some circumstances send your Personal Data to overseas recipients to enable us to supply our Products to you or as contemplated by clause 6.1 or to facilitate or ameliorate the supply of our Products to you or a Customer. This may be for the purposes of disclosure but commonly will be for the purposes of use or Processing (i.e. without releasing the subsequent handling of Personal Data from our effective control).

6.4 Overseas recipients . Overseas recipients that may handle or Process your Personal Data include (but are not limited to) the server hosts of our email services and cloud storage.

6.5 Reasonable protections. We consider that overseas recipients of Personal Data (if any) subject to a law, or binding scheme, that has the effect of protecting Personal Data in a way that, overall, is at least substantially similar to the way in which the APPs protect Personal Data and there are mechanisms that a relevant individual can access to take action to enforce that protection of the law or binding scheme. In any event, if we send or transmit your Personal Data to overseas recipients, we will take such steps as are reasonable in the circumstances to ensure there are arrangements in place to protect your Personal Data as required by the APPs and Data Protection Laws and Regulations.

6.6 GDPR. If we become aware that you are a citizen of, or are located within, the European Economic Area at the time at which we collect Personal Data about you, or at the time at which we propose to transfer Personal Data about you overseas, we will take steps to ensure that we comply with Articles 45 to 49 of the GDPR in relation to the transfer of your Personal Data overseas. However, you acknowledge that as we conduct our business from and predominantly within Australia, you are required to provide us with written notice of our need to comply with the GDPR in relation to your Personal Data if you wish for us to take steps that are not already set out in this Privacy Notice.

7. ACCESS + CORRECTION

7.1 Access. If you require access to your Personal Data, please contact us using our contact details set out at clause 11. You may be required to put your request in writing and provide proof of identity.

7.2 Exceptions. We are not obliged to allow access to your Personal Data (subject to Data Protection Laws and Regulations) if:

7.2.1 it would pose a serious threat to the life, health or safety of any individual or to the public;

7.2.2 it would have an unreasonable impact on the privacy of other individuals;

7.2.3 the request for access is frivolous or vexatious;

7.2.4 it relates to existing or anticipated legal proceedings between you and us and would not ordinarily be accessible by the discovery process in such proceedings;

7.2.5 it would reveal our intentions in relation to negotiations with you in a way that would prejudice those negotiations;

7.2.6 it would be unlawful;

7.2.7 denying access is required or authorised by or under an Australian or other relevant law or a court/tribunal order;

7.2.8 we have reason to suspect that unlawful activity, or misconduct of a serious nature relating to our functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;

7.2.9 it would likely prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body;

7.2.10 it would reveal commercially sensitive information; or

7.2.11 a relevant law provides that we are not obliged to allow access to your Personal Data (e.g. under the Privacy Act or the GDPR, as may be applicable).

7.3 Response to access request. If you make a request for access to Personal Data, we will:

7.3.1 respond to your request within a reasonable period after the request is made; and

7.3.2 if reasonable and practicable, give access to the Personal Data as requested.

7.4 Refusal of access. If we refuse to give access to the Personal Data, we will give you a written notice that sets out at a minimum:

7.4.1 our reasons for the refusal (to the extent it is reasonable to do so); and

7.4.2 the mechanisms available to complain about the refusal.

7.5 Correction. We request that you keep your Personal Data as current as possible. If you feel that information about you is not accurate or your details have or are about to change, you can contact us using our contact details set out at clause 11 and we will correct or update your Personal Data.

7.6 Response to correction request. If you otherwise make a request for us to correct your Personal Data, we will:

7.6.1 respond to your request within a reasonable period after the request is

made; and

7.6.2 if reasonable and practicable, correct the information as requested.

7.7 Refusal to correct. If we refuse a request to correct Personal Data, we will:

7.7.1 give you a written notice setting out the reasons for the refusal and how you may make a complaint; and

7.7.2 take reasonable steps to include a note with your Personal Data of the fact that we refused to correct it.

7.8 Restriction. If you are a citizen of, or are located within, the European Economic Area at the time at which we collect Personal Data about you, or at the time at which you make a relevant request, we will take steps to ensure that we comply with a request by you to restrict the use of your Personal Data pursuant to Article 18 of the GDPR. You acknowledge that, depending on the nature of the restriction you request, we may be unable to provide you with some or all of our Products if we comply with your request. In such circumstances, we will advise you of our inability to provide or continue to provide you with the relevant Products, and if you confirm that you would like us to proceed with your request, we may terminate a relevant agreement with you in relation to our Products.

8. SECURITY + PROTECTION

8.1 Reasonable protections. In relation to all Personal Data, we will take all reasonable steps to:

8.1.1 ensure that the Personal Data we collect is accurate, up to date and complete;

8.1.2 ensure that the Personal Data we hold, use or disclose is, with regard to the relevant purpose, accurate, up to date, complete and relevant; and

8.1.3 protect Personal Data from misuse, loss or unauthorised access and disclosure.

8.2 Security . We store your Personal Data on a secure server behind a firewall and use security software to protect your Personal Data from unauthorised access, destruction, use, modification or disclosure. Only Authorised Personnel may access your Personal Data for the purposes of disclosure set out in clause 6 above.

8.3 Obligation to notify. Please contact us immediately if you become aware of or suspect any misuse or loss of your Personal Data.

9. DATA BREACHES

9.1 Compliance. We are required to comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act.

9.2 Investigation and assessment. If we become aware that a Data Breach in respect of Personal Data held by us may have occurred, we will:

9.2.1 investigate the circumstances surrounding the potential Data Breach to determine whether a Data Breach has occurred; and

9.2.2 if a Data Breach has occurred, carry out a reasonable and expeditious assessment of whether there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach.

9.3 Undertaking. If we become aware that there has been an eligible data breach in respect of Personal Data held by us, and the Personal Data relates to you or you are at risk from the eligible data breach, we will ensure that either we, or a relevant APP entity that is the subject of the same eligible data breach:

9.3.1 prepare a statement that complies with subsection 26WK(3) of the Privacy Act;

9.3.2 provide a copy of the statement to the Office of the Australian Information Commissioner (OAIC); and

9.3.3 if it is practicable, notify you of the contents of the statement, or otherwise publish a copy of the statement on the Website and take reasonable steps to publicise the contents of the statement, as soon as practicable after the completion of the preparation of the statement.

10. COMPLAINTS

10.1 Complaint. If you have a complaint about how we collect, use, disclose, manage, otherwise Process or protect your Personal Data, or consider that we have breached applicable Data Protection Laws and Regulations or the APPs, please contact us using our contact details below. We will respond to your complaint within 14 days of receiving it.

10.2 Response and resolution. Once the complaint has been received, we may resolve the matter in a number of ways:

10.2.1 Request for further information: We may request further information from you. Please provide us with as much information as possible, including details of any relevant dates and documentation. This will enable us to investigate the complaint and determine an appropriate solution.

10.2.2 Discuss options: We will discuss options for resolution with you and if you have suggestions about how the matter might be resolved you should raise these with our Privacy Officer.

10.2.3 Investigation: Where necessary, the complaint will be investigated. We will try to do so within a reasonable time frame. It may be necessary to contact others in order to proceed with the investigation. This may be necessary in order to progress your complaint.

10.2.4 Conduct of our employees: If your complaint involves the conduct of our employees we will raise the matter with the employee concerned and seek his or her comment and input in the resolution of the complaint.

10.3 Notice of decision. After investigating the complaint, we will give you a written notice about our decision.

10.4 OAIC. You are free to lodge a complaint directly with the OAIC online, by mail, fax or email. For more information please visit the OAIC website at oaic.gov.au.

11. CONTACT

Contact. Please forward all correspondence in respect of this Privacy

Notice to:
Privacy Officer
Rose-Hip Vital Pty Limited
Unit 2, 329 High Street,
Chatswood, NSW, 2067
Australia

Tel: 1800 851 888
Email: support@rosehipvital.com.au

12. INTERPRETATION + DEFINITIONS

12.1 Personal pronouns: Except where the context otherwise provides or requires:

12.1.1 the terms we, us or our refers to Rose-Hip Vital; and

12.1.2 the terms you or your refers to a user of the Rose-Hip Vital Platform, a Customer to whom we supply Products and any other relevant Data Subject from, or concerning, whom we collect their Personal Data directly, or indirectly.

12.2 Terms defined in the Privacy Act have the meaning given to them in the Privacy Act.

12.3 Defined terms: In this Privacy Notice unless otherwise provided, the following capitalised terms shall have their meaning as specified:

Appropriate Safeguards has the meaning contemplated in Article 46 and Recital 108 of the EU GDPR and Article 89 of the UK GDPR, as applicable.

APPs means any of the Australian Privacy Principles set out in Schedule 1 of the Privacy Act.

Authorised Personnel means any Rose-Hip Vital employee or contractor or any Third Party Service Provider who has been duly authorised to access or Process your Personal Data.

Biometric Data means Personal Data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data.

Contact Information includes billing address, postal address, email address and telephone or mobile number (these details may relate to your work or to you personally, depending on the nature of our relationship with you).

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

Customer means any person who purchases or orders goods from Rose-Hip Vital via the Rose-Hip Vital Platform or through any other authorised channel.

Customer Agreement means an agreement relating to the Rose-Hip Vital Platform which is entered into between Rose-Hip Vital and the relevant Customer.

Data Breach means unauthorised access, modification, use, disclosure, loss, or other misuse of Personal Data controlled or Processed by us.

Data Protection Agreement means a data protection agreement entered into between Rose-Hip Vital and a Customer or other relevant person.

Data Protection Laws and Regulations means any and all applicable laws relating to the Processing of Personal Data, data security and privacy applicable to the performance of an Agreement of which the Data Processing Service Schedule forms part or in another relevant context, including applicable guidance and codes of practice, codes of conduct issued by the OAIC, any other relevant supervisory authority, Member States of the European Union or the European Data Protection Board (as may be applicable), or any applicable association and including to the extent applicable the EU GDPR, UK GDPR, the Privacy Act 1988 (Cth) and corresponding privacy laws and regulations in each state and territory of Australia, such laws as amended from time to time.

Data Subject means the identified or identifiable person to whom Personal Data relates.

Financial Information includes bank account and other payment method details.

EU GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Genetic Data means Personal Data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question.

Health Data means Personal Data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status, and (if relevant) any information which is "health information" (as that term is defined in the Privacy Act).

Rose-Hip Vital means Rose-Hip Vital Pty Ltd (ABN 35 313 072 038) of Unit 2, 329 High Street, Chatswood, New South Wales 2067, Australia.

Identity Information includes first name, maiden name, last name, address, username or similar identifier, marital status, title, date of birth, gender.

Marketing and Communications Information includes your preferences in receiving marketing from us and your communication preferences. This may include information about events to which you or your colleagues are invited, and your Personal Data and preferences to the extent that this information is relevant to organising and managing those events (for example, your dietary requirements).

Personal Data means any information or an opinion (including information or an opinion forming part of a database), whether true or not and whether recorded in material form or not, relating to: (i) an identified or identifiable or apparent or reasonably ascertainable natural person or (ii) an identified or identifiable legal entity (in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person or otherwise where such information is protected similarly as Personal Data or personally identifiable information or personal information under applicable Data Protection Laws and Regulations). This includes Personal Information.

Personal Information means any information or an opinion (including information or an opinion forming part of a database), whether true or not and whether recorded in material form or not, about an individual whose identity is apparent, or can be reasonably ascertained, from the information or opinion.

Primary Purposes means the primary purposes stated at clause 2.1.
Privacy Act means the Privacy Act 1988 (Cth) as amended from time to time.

Privacy Notice means this Privacy Notice as amended from time to time.

Process means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (subject to applicable laws).

Processor means a natural or legal person, public authority, agency or other body who Processes Personal Data on behalf of the Controller.

Profile Information includes username and password, preferences, feedback, survey responses and all other profile or similar information you provide through your use of our Platform, or otherwise through your contact or communications with us.

Related Body Corporate has the meaning given to that term in section 50 of the Corporations Act 2001 (Cth).

Rose-Hip Vital or Products means the relevant Rose-Hip Vital products and services to which are available on the Platform or otherwise that brand and trade mark is applied by Rose-Hip Vital or the relevant rights holder, from time to time.

Rose-Hip Vital Platform means the platform and its relevant functionality and attributes which is located at https://rosehipvital.com.au

Sensitive Personal Data means Personal Data (in respect of a Data Subject) consisting of information as to:

(a) racial or ethnic origin of the Data Subject;

(b) political opinions;

(d) whether a member of a political organisation, professional or trade association or trade union;

(e) physical or mental health or condition;

(f) sex life, sex practices or sexual orientation;

(g) the commission or alleged commission by him of any offence;

(h) Genetic Data;

(i) Biometric Data (where processed to uniquely identify a person); or

(j) Health Data; or

(k) any proceedings for any offence committed or alleged to have been committed by the Data Subject, the disposal of such proceedings or the sentence of any court in such proceedings.

Sensitive Personal Data also includes, where the context so requires or is relevant, any other information falling within the definition of "sensitive information" under the Privacy Act.

Sub-processor means any Processor engaged by Rose-Hip Vital.
Technical information includes (as relevant):

(a) the Internet protocol (IP) address or MAC (device) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;

(b) Information about your visit to our Website, such as the full Uniform Resource Locators (URL), clickstream to, through and from our Website (including date and time), services viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from a page, any phone number used to call our central switchboard number, and direct dials or social media handles used to connect with our fee earners or other employees; and

(c) Location data which we may collect through our Platform and which provides your real-time location in order to provide location services (where requested or agreed to by you) to deliver content or other services that are dependent on knowing where you are. This information may also be collected in combination with an identifier associated with your device to enable us to recognise your mobile browser or device when you return to the website/App. Delivery of location services will involve reference to one or more of the following:

(i) the coordinates (latitude/longitude) of your location;

(ii) look-up of your country of location by reference to your IP address against public sources; and/or

(iii) your Identifier for Advertisers (IFA) code for your Apple device, or the Android ID for your Android device, or a similar device identifier. See our cookie policy for more information on the use of cookies and device identifiers on the website/Apps.

Terms + Conditions means the teams and conditions relating to the goods provided by Rose-Hip Vital Pty Ltd which is entered into between Rose-Hip Vital Pty Ltd and the relevant Customer

Third Party means a legal entity, company, or person that is not a party to a Customer Agreement and is not the Customer or Rose-Hip Vital.

Third Party Service Provider means any third party service provider engaged by us to perform functions or provide Services on our behalf.

Transaction Information includes details about payments to and from you or other relevant person and other associated information.

UK GDPR means the United Kingdom General Data Protection Regulation, as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018.

User means the permitted user of the Rose-Hip Vital Platform.