1. Introduction

At Style Within Grace, we are committed to protecting the privacy and security of our customers’ personal information. This Data Protection Policy outlines how we collect, use, disclose, and store personal data, ensuring compliance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and other applicable laws and regulations in Queensland, Australia.

 

  1. Data Collection and Use
  • Purpose: We collect personal information from our clients to provide personalized styling services, communicate effectively, and improve our services.
  • Types of Data Collected: This may include names, contact details, style preferences, and transactional information necessary for service delivery.
  • Legal Basis: We collect and process personal data based on consent provided by clients or where necessary for the performance of our services.
  • Data Minimization: We only collect data that is necessary and relevant for the specified purposes.

 

  1. Data Security
  • Security Measures: We implement appropriate technical and organizational measures to protect personal information from unauthorized access, use, or disclosure. This includes encryption, secure servers, and access controls.
  • Access Control: Access to personal data is restricted to authorized personnel only.
  • Data Retention: We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law.
  • Data Disposal: When personal data is no longer needed, we securely delete or anonymize it to prevent unauthorized access.

 

  1. Consent and Transparency
  • Obtaining Consent: We obtain explicit consent from clients before collecting and processing their personal information. Consent may be obtained through consent forms, opt-in checkboxes, or other transparent methods.
  • Transparency: We provide clear information to clients about how their data will be used, including any third parties involved in service delivery.
  • Right to Withdraw Consent: Clients have the right to withdraw consent at any time. We provide easy mechanisms for clients to withdraw consent, where applicable.

 

  1. Data Access and Accuracy
  • Access Rights: Clients can request access to their personal data, update or correct inaccuracies, or request deletion of their data, subject to legal obligations.
  • Accuracy: We take reasonable steps to ensure that personal data we hold is accurate, complete, and up-to-date. Clients are encouraged to update their information as needed.

 

  1. Data Breach Response
  • Detection and Reporting: We have procedures in place to detect, assess, and promptly report data breaches to the Office of the Australian Information Commissioner (OAIC) and affected clients, where required under the Notifiable Data Breaches (NDB) scheme.
  • Investigation: We conduct thorough investigations into reported data breaches to assess the extent and impact on client data.
  • Notification: We notify affected clients of data breaches in accordance with legal requirements, providing information about the breach and steps taken to mitigate risks.

 

  1. Monitoring, Auditing, and Policy Review
  • Monitoring and Auditing: We monitor our data protection practices through regular audits and assessments to identify and address vulnerabilities or areas for improvement.
  • Policy Review: This Data Protection Policy is reviewed regularly to ensure it remains accurate, relevant, and compliant with applicable laws and regulations. Any updates or changes will be communicated to clients as required.

 

  1. Third-Party Data Processors
  • Contracts: When engaging third-party service providers or processors that may have access to client data, we ensure contracts include data protection requirements and obligations consistent with this policy and applicable laws.

 

  1. Customer Rights
  • Information Access: Clients can exercise their rights to access, correct, or delete their personal data by contacting us directly using the contact details provided in this policy.
  • Complaints: Clients can lodge complaints regarding our data protection practices with the OAIC or our designated Privacy Officer.

 

  1. Policy Review

This Data Protection Policy is reviewed regularly to ensure it remains accurate, relevant, and compliant with applicable laws and regulations. Any updates or changes will be communicated to clients as required.

 

Contact Us

For questions or concerns about our Data Protection Policy, or to exercise your rights under this policy, please contact:

Email: info@stylewithingrace.com