Updated January 2024
Your data security is important to us, and we therefore emphasise that your data is handled in a responsible manner. Below you can read how Australian Bodycare ApS (Australian Bodycare, we, us, our, etc.) processes personal data about you when we act as data controller. You can also read about your rights in connection with our processing.
1 our role as a data controller
Australian Bodycare has been a leader in problem-solving skincare since 1992. Our products are sold on our own website and through our many talented partners and retailers. In connection with the operation of our business, we process a number of personal data. We do this so that we can provide you with the best possible service.
We process personal data about you in a number of different situations. Read more below about our processing in the different situations.
2 personal data collected via cookies on Australian BodycarE’s websites
In order for Australian Bodycare's websites to function optimally, we will place small data files called cookies on your device. A cookie is a small text file that is stored in the web browser on your computer, smartphone, tablet or whatever else you use to surf the web when you visit websites.
A wide range of information is collected through cookies. On its own, this information is not necessarily personal data. However, the combination of this information means that it can become personal data. The actual collection depends on whether and to what extent you have consented to cookies.
We always place necessary cookies. They help us make our website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function optimally without these cookies. The information we collect about you through the use of these cookies is information about your favourite settings and choices on our website, it may also be information about your IP address, including your network location and information about your computer, device and browser. We collect this information in order to show you the version of the website that suits your preferences. The information is also used to determine your preferred region and language, to display videos and other visual elements on the website.
If you consent, we may also place statistical and marketing cookies.
Through statistical cookies, we collect information about how you interact with our website, including information about your visit such as information about the way you enter our website, the type of browser you use, how you navigate the website, which pages you visit, content you view and how often you visit the site. We collect this information to optimise the design, usability and efficiency of our website. In addition, we use the information to provide you with personalised content and to perform market analyses.
Through marketing cookies, we collect information about your interests, including which pages and adverts you click on, which products or services you show interest in or purchase on our and other websites, and which adverts you view. We do this to show you adverts that are relevant to you and your interests.
In order to show you relevant content and targeted adverts on our and other websites, we cooperate with other companies with whom we share information.
Some of our business partners may be located outside the EU/EEA, these are the following business partners:
- Google Marketing Platform and Google
- Youtube, Google
- Shopify and Shopify Analytics
- Meta Platforms, Inc
To the extent that we use business partners established outside the EU/EEA, this will be done in compliance with valid transfer guarantees in the form of the EU Commission's standard contractual clauses, cf. Article 46 of the General Data Protection Regulation, or for companies established in the United States as a result of the US company's adherence to the EU-U.S. Data Privacy Framework programme (DPF). You can see an overview of US companies enrolled in the DPF here. If you would like more information about our transfer basis, please contact us.
Our basis for the processing (including disclosure) of the personal data we collect through necessary cookies is our legitimate interests (GDPR article 6(1)(f)). For data collected through statistical cookies and marketing cookies, our basis for the processing (including disclosure) of your personal data is your consent (Article 6(1)(a) of the GDPR and Section 3 of the Cookie Order). You can withdraw your consent at any time via our cookie overview on our website or by deleting cookies in your browser.
3 Information you provide to us in connection with purchases etc.
When you as a private individual purchase a product from us or communicate with us about the products you have purchased, you provide us with a range of information.
The information you provide to us may include information about your name, address, e-mail address, telephone number, payment method, information about which products you purchase and have returned, information about enquiries and complaints, delivery requests, and information about the IP address from which the order was placed if the order is placed via our website.
We also process data that you provide us with in connection with your use of our website, e.g. when you fill in a contact form or create a profile, including your name, telephone number/mobile number, email address and other information that you provide to us in free text fields.
The purpose of our processing is so that we can deliver the products you have ordered and otherwise fulfil our agreement with you, including to be able to manage your user profile or your rights to return and complain, and to be able to contact you if necessary.
We may also process information about your purchases to comply with legal requirements, including product recall and accounting. When making purchases on our website, the IP address is collected for the purpose of our interest in preventing fraud.
When you purchase a product, information about your name, address, email, telephone number, order number and specific delivery requests will be passed on to the carrier who will deliver the purchased goods to you. When you make payment transactions on our website, this is done via our business partner. When you use a payment card on our website, only our partner - and not us - will have access to your card details.
Our basis for processing your data is our agreement with you to (1) purchase products, (2) create a user profile or (3) contact you (Article 6(1)(b) of the GDPR), or our legal obligation to comply with legal requirements for withdrawals and accounting (Article 6(1)(c) of the GDPR) and our legitimate interest in preventing fraud (Article 6(1)(f) of the GDPR).
Information collected in connection with your purchases and enquiries to us will generally be deleted 5 years after your purchase. We store the data during this period to fulfil your or our legitimate needs, e.g. to ensure your right to complain about the product, to fulfil invoicing requirements and accounting legislation, to use the data if necessary to establish, exercise or defend legal claims, or to store data that is necessary for us to fulfil other legal requirements.
4 Recipients of our newsletter and other marketing
We may send marketing material to you by email or other electronic channel, either (1) when we have obtained your consent to do so, when this is required under the rules of the Danish Marketing Practices Act, or (2) when we receive your email address in connection with you purchasing our products and you have had the opportunity to opt-out of marketing.
We process your data for the purpose of sending marketing about our company and our products and for the purpose of creating and managing you as a marketing subscriber. We use the information about your preferences and usage to understand the way our customers receive our marketing and to improve marketing to you and our other customers.
When you receive marketing from Australian Bodycare, we process information about your name and email address. If you have agreed to marketing cookies, we may also process information about your preferences in relation to marketing or communication and your use of the marketing we send you (including, for example, whether you have opened an email from us, whether the email has been read and which links you have opened), and information that you otherwise provide to us.
By signing up for Australian Bodycare's newsletter, you consent to Australian Bodycare processing your personal data (Article 6(1)(a) of the General Data Protection Regulation and Section 10 of the Danish Marketing Practices Act) for the sole purpose of receiving newsletters and marketing material. You can withdraw your consent at any time by unsubscribing from the newsletter (Art. 7(3) GDPR). You can do this by clicking on the unsubscribe link in the newsletter. Your data will then be deleted, unless we have another legal basis that allows us to continue processing the personal data.
When you receive our newsletter because you have purchased products from us, we process your personal data on the basis of our legitimate interest (Article 6(1)(f) GDPR).
Information about you will be deleted if you unsubscribe from our newsletters.
5 Visitors to our social media profiles
When you visit Austrailian Bodycare's social media pages (Facebook, Instagram, Youtube, Snapchat, TikTok and LinkedIn), we may process the information you have made available via settings on our social media pages, your reactions to our posts, your sharing of them and comments on our posts.
When you participate in live events and leave comments during the event, we collect your comments, which will be visible on the event.
The purpose of our processing of your personal data is to market ourselves on social media, as well as to respond to your enquiries, to let you participate in our live events and competitions, to contact you if you win a competition, and to let you participate and engage, including commenting on live events or posts on our pages.
The legal basis for our processing of your personal data is our legitimate interest in marketing ourselves through our presence and meeting you as a customer on the social media you use (Article 6(1)(f) of the General Data Protection Regulation)
When you use the social media mentioned, the social media process your personal data collected via our pages for their own use, e.g. to improve their advertising system. You can read more about the processing of personal data on the individual social media in their respective privacy policies, which you can find on the social media's website.
Information you provide on our social media pages will generally remain on these pages as part of the page's history, unless you delete it yourself.
6 information about business relationships
When you are a business customer or potential business customer of Australian Bodycare or a contact person of one of Australian Bodycare's business customers or potential business customers, Australian Bodycare processes personal data about your name, company name, company address, work telephone number/mobile number, email address, title, your purchases, payment details, as well as information from publicly available sources and other information that you provide to us.
We process personal data in order to fulfil the agreement with our business customers, to provide the services, invoicing, statistics and quality management, to maintain our customer registers and to provide general service, marketing and sales to our business customers and potential business customers.
When you are a business partner or supplier to Australian Bodycare or a contact person of a business partner or supplier, we also process information about your name, company name, business address, work telephone number, email address and title, as well as publicly available information and other information that you provide to us.
We process the data for contract management purposes as well as to receive goods and services from our suppliers and business partners and, where applicable, to fulfil agreements with our customers.
We may enrich the information described above with information from other sources. This may be publicly available information - including information that we obtain through commonly available sources.
Our basis for processing is our legitimate interests to fulfil the contract with our business partners and to market ourselves to relevant business partners (Article 6(1)(f) GDPR).
Information from business relations is stored as long as it is relevant in relation to existing or potential business relationships and for a subsequent period as long as it is necessary to document the relationship, including agreements, etc.
7 Other general purposes of data processing
Information obtained for the purposes described above may also be processed by Australian Bodycare for the purposes of compliance with laws and regulations to which Australian Bodycare is subject in connection with the operation of our business or to fulfil various reporting or disclosure obligations under applicable laws and regulations (Article 6(1)(c) of the GDPR).
If Australian Bodycare sells all or part of our business or sells or transfers our assets or is otherwise involved in a merger or transfer of all or a substantial part of our business, Australian Bodycare may transfer your information to the party or parties involved in the transfer as part of that transaction where permitted by law (Article 6(1)(f) of the GDPR).
Finally, Australian Bodycare may process your personal data in order to enforce or defend our or a third party's legal rights or legitimate interests, where necessary, appropriate and proportionate (Article 6(1)(c) of the GDPR).
8 Sharing information with data processors
As part of the operation of our business, we share the personal data we process with various data processors, which may be data processors that provide parts of our IT systems, host our servers, etc. The data processors act solely on our instructions and in accordance with the data processing agreement entered into between us and them.
In connection with our processing of your personal data, we may in some cases transfer the data to countries outside the EU/EEA. The data protection legislation in these countries may be less stringent than in Denmark and the rest of the EU/EEA. However, in some countries, the European Commission has determined that the level of data protection is equivalent to the level of protection in the EU/EEA.
To the extent that we use data processors established outside the EU/EEA, this will be done in compliance with valid transfer guarantees in the form of the EU Commission's standard contractual clauses, cf. Article 46 of the General Data Protection Regulation, or for companies established in the USA as a result of the US company's adherence to the EU-U.S. Data Privacy Framework programme (DPF). You can see an overview of US companies enrolled in the DPF here. If you would like more information about our transfer basis, please contact us.
9 data integrity and security
It is our policy to protect personal data by taking adequate technical and organisational security measures.
We have implemented security measures to ensure data protection for all personal data we process. We regularly conduct internal follow-ups on the adequacy of and compliance with policies and measures.
10 Your rights
As a data subject, you have a number of rights under the General Data Protection Regulation. If you want to exercise your rights, please contact us.
You can withdraw any consent at any time. This can be done by sending an email to us (see email below). Withdrawing your consent will not have any negative impact. However, it may mean that we will not be able to fulfil specific requests from you in the future.
Withdrawal of your consent will not affect the lawfulness of processing based on consent before it is withdrawn. Furthermore, it will not affect any processing carried out on any other lawful basis.
Your rights also include the following:
- Right of access: You have the right to access the personal data we process about you.
- Right to rectification: You have the right to have inaccurate personal data about yourself rectified and incomplete personal data completed.
- Right to erasure (right to be forgotten): In special cases, you have the right to have personal data about you erased before the time when we would normally erase your data.
- Right to restriction of processing: In special cases, you have the right to have the processing of your personal data restricted.
- Right to object: In certain cases, you have the right to object to our processing of your personal data, and always if the processing is for direct marketing purposes.
- Right to data portability: In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have this personal data transferred from one data controller to another.
- Right to lodge a complaint: You may at any time lodge a complaint with the Danish Data Protection Agency about our processing of personal data. Find out more from the relevant supervisory authority, where you can also find further information about your rights as a data subject.
There may be conditions or limitations on your rights depending on the specific circumstances of the processing activity.
11 Contact details
If you have any questions or complaints about our processing of your personal data, you can contact Australian Bodycare here:
Australian Bodycare Continental 2012 ApS
Cvr. nr. 34226261
Below you can find contact details for your national data protection authority:
The Austrian Data Protection Authority - www.dsb.gv.at/
The Croatian Personal Data Protection Agency - www.azop.hr
The Czech Office for Personal Data Protection - www.uoou.gov.cz
The Danish Data Protection Agency - www.datatilsynet.dk
The Data Protection Authority of the Faroe Islands - www.dat.fo
The Dutch Data Protection Authority - www.autoriteitpersoonsgegevens.nl
The Finnish Office of the Data Protection Ombudsman - www.tietosuoja.fi
The French Data Protection Authority - www.cnil.fr
The German Federal Commissioner for Data Protection and Freedom of Information - www.bfdi.bund.de
The Icelandic Data Protection Authority - www.personuvernd.is
The Information Commissioner of the Republic of Slovenia - www.ip-rs.si
The Italian Data Protection Authority - www.garanteprivacy.it
The Lithuanian State Data Protection Inspectorate www.vdai.lrv.lt
The Maltese Information and Data Protection Commissioner - www.idpc.org.mt
The Norwegian Data Protection Authority - www.datatilsynet.no
The Polish Data Protection Authority - www.uodo.gov.pl
The Spanish Data Protection Authority - www.aepd.es
The Swedish Data Protection Authority - www.datainspektionen.se
The Swiss Federal Data Protection and Information Commissioner - www.edoeb.admin.ch/edoeb/en/home.html