Privacy Notice
Effective Date: 15/06/2026
1. INTRODUCTION
This Privacy Notice is issued by ZO Medical Skin Health Pty Ltd (ACN 125 671 490) (“We”, “Us”, “Our”), an Australian proprietary limited company. We operate the website located at zoskinhealth.com.au (the “Website”), an e-commerce platform offering skincare products and related services to customers in Australia. We are an APP entity within the meaning of the Privacy Act 1988 (Cth) (the “Privacy Act”) and are bound by the Australian Privacy Principles (“APPs”) set out in Schedule 1 to the Privacy Act.
This Privacy Notice describes how We collect, hold, use, and disclose Personal Information in connection with the Website and Our related services. It applies to all Personal Information collected through the Website, by telephone, by email, or through any other interaction with Us. This Privacy Notice is made available free of charge and in a form that is generally accessible to the public, as required by APP 1.3. By using the Website or providing Personal Information to Us, you acknowledge that you have read this Privacy Notice.
If you have any questions about this Privacy Notice, please contact Us using the details set out in the Contact Us section below.
2. DEFINITIONS
In this Privacy Notice, the following terms have the meanings set out below:
| Term | Definition |
|---|---|
| APP | An Australian Privacy Principle contained in Schedule 1 to the Privacy Act. |
| APP Entity | Has the meaning given in section 6(1) of the Privacy Act, and includes organisations and agencies bound by the APPs. |
| Privacy Act | The Privacy Act 1988 (Cth), as amended from time to time. |
| Personal Information | Has the meaning given in section 6(1) of the Privacy Act. |
| Sensitive Information | Has the meaning given in section 6(1) of the Privacy Act. |
| Website | The website operated by Us at the domain zoskinhealth.com.au, including all subdomains, web pages, and any associated mobile-optimised versions of that site. |
| You, Your | The individual whose Personal Information is collected, held, used, or disclosed by Us. |
Capitalised terms used in this Privacy Notice that are not defined in this section have the meanings given to them elsewhere in this notice or, where applicable, the meanings ascribed to them under the Privacy Act.
3. PERSONAL INFORMATION WE COLLECT
We collect the following categories of Personal Information:
| Category | Examples of Personal Information Collected |
|---|---|
| Identity Information | Full name, date of birth, title, and gender. |
| Contact Information | Email address, telephone number (including mobile number), and postal or residential address. |
| Account Information | Username, password (stored in encrypted form), account preferences, and account settings. |
| Transaction Information | Purchase history, order details, payment card details (processed by our third-party payment processors), billing address, shipping address, and transaction amounts. |
| Skin Profile Information | Skin type, skin concerns, responses to skin assessment quizzes, and product preferences derived from those assessments. |
| Device and Usage Information | Internet Protocol (IP) address, browser type and version, device identifiers, operating system, pages visited on the Website, time and date of visits, time spent on pages, clickstream data, and referring URLs. |
| Cookie Data | Information collected through cookies and similar tracking technologies used on the Website, including essential session cookies and marketing cookies placed by third-party advertising platforms. For further details, please refer to the Cookies and Tracking Technologies section of this Privacy Notice. |
| Communication Information | Records of correspondence with us, including emails, live chat messages, customer service inquiries, product reviews, and feedback you submit through the Website or by telephone. |
| Marketing Preferences | Your opt-in or opt-out status for marketing communications, preferred communication channels, and frequency preferences. |
You are not required to provide us with any Personal Information. However, if you choose not to, we may be unable to process your orders or provide you with certain features of the Website.
Where practicable, we will give you the option of interacting with us anonymously or by using a pseudonym. Certain services, such as placing an order, require us to collect your Personal Information.
We do not collect Personal Information that is unrelated to, or unnecessary for, the purposes described in this Privacy Notice.
4. SENSITIVE INFORMATION
Sensitive Information is a subset of Personal Information as defined in section 6(1) of the Privacy Act, and includes health information, genetic information, biometric information, and information about an individual’s racial or ethnic origin, among other categories.
We do not intentionally collect Sensitive Information through the Website. Our Regimen Finder collects information such as skin type, skin concerns, and quiz responses for the purpose of product recommendations, and We do not consider this information to constitute Sensitive Information within the meaning of the Privacy Act.
If We inadvertently collect Sensitive Information, We will handle it in accordance with the APPs. In particular:
- (a) We will not collect Sensitive Information unless You have consented to the collection and the information is reasonably necessary for one or more of Our functions or activities, or unless an exception under APP 3.4 applies.
- (b) Where We become aware that Sensitive Information has been collected without Your consent and no exception applies, We will take reasonable steps to either obtain Your consent or destroy or de-identify the information in accordance with APP 11.2.
- (c) We will not use or disclose any inadvertently collected Sensitive Information for a purpose other than the purpose for which it was collected, unless You have consented to the secondary use or disclosure, or an exception under APP 6 applies.
We will not use Sensitive Information for direct marketing unless We have obtained Your express consent, in accordance with APP 7.4.
5. HOW WE COLLECT PERSONAL INFORMATION
We collect Personal Information in the following ways:
Collection directly from You. We collect Personal Information directly from You when You:
- (a) create an account or register on the Website;
- (b) place an order or complete a purchase through the Website;
- (c) contact Us by telephone, email, live chat, or through any contact form on the Website;
- (d) subscribe to Our newsletters or other marketing communications;
- (e) complete a skin assessment quiz, skin profile questionnaire, or similar tool on the Website;
- (f) participate in a promotion, competition, survey, or event conducted by Us;
- (g) submit a product review, testimonial, or other user-generated content;
- (h) update Your account details, preferences, or communication settings; or
- (i) otherwise interact with Us and voluntarily provide Personal Information.
Automatic collection through the Website. When You access or use the Website, We may automatically collect certain Personal Information, including through the use of cookies and similar tracking technologies. These include a session cookie that supports shopping cart functionality, as well as cookies and tracking pixels placed by third-party marketing and advertising platforms, including Meta (Facebook) and Pinterest. This information may include Your IP address, browser type and version, operating system, device identifiers, pages visited, time spent on pages, referring URLs, clickstream data, and other usage and browsing information. For further details about the specific cookies and tracking technologies We use, please refer to the Cookies and Tracking Technologies section of this Privacy Notice.
Collection from third parties. We may also collect Personal Information about You from third-party sources, including:
- (a) payment processors and financial institutions, in connection with the processing of Your transactions;
- (b) shipping and delivery partners, who may provide Us with delivery status information and updated address details; and
- (c) publicly available sources, to the extent permitted by applicable law.
Where We collect Personal Information about You from a third party, We will take reasonable steps to ensure that You are made aware of the matters set out in this Privacy Notice. Where it is reasonable and practicable to do so, We will collect Personal Information about You only from You directly. Where We collect Personal Information from third parties, We will take reasonable steps to satisfy Ourselves that the information was originally collected in accordance with the APPs.
6. COOKIES AND TRACKING TECHNOLOGIES
The Website uses cookies and similar tracking technologies to collect information about Your use of the Website.
We use an essential session cookie to maintain shopping cart and checkout functionality on the Website.
We also use marketing and advertising cookies placed by Meta (Facebook) and Pinterest to track browsing behaviour on the Website for the purposes of advertising targeting, conversion measurement, and advertising attribution. Meta Platforms, Inc. and Pinterest, Inc. are each located in the United States of America, and Personal Information collected through their cookies is transferred to the United States. For information about how We manage cross-border disclosures of Personal Information, please refer to the Cross-Border Disclosure of Personal Information section of this Privacy Notice.
You can control and delete cookies through Your web browser settings. Most web browsers allow You to refuse or accept cookies, delete existing cookies, and set preferences for certain websites. For guidance on managing cookies in Your browser, please refer to the help or settings menu in Your browser. Please note that if You disable essential cookies, certain features of the Website (including shopping cart and checkout functionality) may not operate correctly.
You may also opt out of interest-based advertising from Meta by visiting Your Facebook Ad Preferences at https://www.facebook.com/adpreferences, and from Pinterest by visiting Your Pinterest privacy settings at https://www.pinterest.com/settings/privacy.
We will update this section if We add or change the cookies or tracking technologies used on the Website.
7. DATA RETENTION AND DESTRUCTION
We retain Your Personal Information only for as long as is reasonably necessary to fulfil the purposes described in this Privacy Notice, or as required or permitted by applicable law, including taxation, accounting, and record-keeping requirements. When Personal Information is no longer needed for any purpose for which it may be used or disclosed under the APPs, We will take reasonable steps to destroy or de-identify the information, in accordance with APP 11.2.
8. PURPOSES OF COLLECTION, USE AND DISCLOSURE
We collect, hold, use and disclose Your Personal Information for the following purposes:
- (a) Order Processing and Fulfilment: to process, manage and fulfil Your orders placed through the Website, including verifying Your identity, processing payments, arranging delivery, issuing invoices and receipts, and managing returns, exchanges or refunds.
- (b) Account Management: to create, maintain and administer Your account on the Website, including managing Your login credentials, account preferences, order history and saved information.
- (c) Customer Service: to respond to Your inquiries, requests and complaints, whether submitted by email, telephone, live chat or other communication channels, and to provide You with after-sale support.
- (d) Personalisation and Product Recommendations: to personalise Your experience on the Website, including by displaying content, products and offers that are relevant to Your preferences, purchase history and browsing behaviour.
- (e) Skin Assessments and Skincare Advice: to conduct skin assessments based on quiz responses and skin profile information You provide, and to deliver personalised skincare advice and product recommendations based on those assessments.
- (f) Marketing Communications: to send You marketing communications about Our products, services, promotions and events where You have provided Your consent or where You would reasonably expect to receive such communications, subject to APP 7 and the Spam Act 2003 (Cth).
- (g) Website and Product Improvement: to monitor, analyse and improve the performance, functionality and content of the Website, and to develop, test and improve Our products and services.
- (h) Analytics and Research: to conduct analytics, statistical analysis and market research in order to better understand how individuals interact with the Website and Our products, and to inform business decisions regarding product development, service offerings and customer engagement.
- (i) Fraud Detection and Prevention: to detect, investigate and prevent fraudulent transactions, unauthorised access to accounts, and other illegal or suspicious activity on the Website.
- (j) Legal Compliance: to comply with applicable laws, regulations and industry standards in Australia, including the Privacy Act, the Australian Consumer Law, taxation laws and record-keeping requirements.
- (k) Enforcement of Terms of Use: to enforce Our terms of use, terms of sale and other agreements, and to establish, exercise or defend legal claims where necessary.
We will not use or disclose Your Personal Information for a purpose unrelated to the purposes described above without first obtaining Your consent, unless otherwise permitted or required by law.
9. DISCLOSURE OF PERSONAL INFORMATION
We may disclose Your Personal Information to the following categories of third parties for the purposes described in this Privacy Notice, or as otherwise permitted or required by law:
| Category of Recipient | Description |
|---|---|
| ZO Skin Health group companies | We may disclose Personal Information to related bodies corporate within the ZO Skin Health group, including ZO Skin Health Ireland Limited and ZO Skin Health, Inc. in the United States, for the purposes of business operations, product development, internal administration, and the provision of services to You. |
| Payment processors and financial institutions | We disclose transaction-related Personal Information (including payment details and billing addresses) to payment processors and financial institutions as necessary to process Your payments, manage refunds, and detect or prevent fraud. |
| Shipping and logistics providers | We disclose Personal Information (including Your name, shipping address, and contact details) to shipping and logistics providers for the purpose of delivering Your orders. |
| IT service providers and hosting providers | We disclose Personal Information to IT service providers and hosting providers who assist Us in operating and maintaining the Website, including cloud storage providers, website hosting services, and software platform providers. |
| Marketing and advertising | We disclose Personal Information (including browsing behaviour, device identifiers, and interaction data) to third-party marketing and advertising technology providers, including Meta Platforms, Inc. (Facebook) and Pinterest, Inc., for the purposes of advertising targeting, conversion measurement, and advertising attribution. These providers may use cookies and similar tracking technologies on the Website to collect this information. |
| Professional advisers | We may disclose Personal Information to Our professional advisers, including legal, accounting, and auditing firms, where necessary for the provision of professional advice or the conduct of audits. |
| Government and regulatory authorities | We may disclose Personal Information to government agencies, regulatory authorities, law enforcement bodies, and courts where required or authorised by law, including in response to lawful requests, subpoenas, court orders, or to comply with reporting obligations. |
We do not sell Your Personal Information to third parties. Where We disclose Personal Information to a third-party service provider, We require that provider to handle the information consistently with the APPs. For information about the disclosure of Personal Information to overseas recipients, please refer to the Cross-Border Disclosure section of this Privacy Notice.
10. DIRECT MARKETING
We may use Your Personal Information to send You direct marketing communications about Our products, services, promotions, and offers where You have provided Your consent to receive such communications; or You would reasonably expect to receive direct marketing communications from Us, having regard to the nature of Your relationship with Us (for example, where You have purchased products from Us or created an account on the Website). This is consistent with Our obligations under APP 7.2.
Direct marketing communications may be sent to You by email, SMS, telephone, or post. Each direct marketing communication We send to You electronically will include a clear and simple mechanism for You to opt out of receiving future marketing communications from Us.
You may opt out of receiving direct marketing communications from Us at any time by clicking the "unsubscribe" link included in any marketing email or by sending an email to privacy@zoskinhealth.com requesting that You be removed from Our marketing lists. In accordance with APP 7.6 and APP 7.7, We will process Your opt-out request within a reasonable period and at no cost to You. If You opt out of direct marketing, We may still send You transactional or service-related communications (for example, order confirmations, shipping notifications, and account updates) that are not marketing in nature.
We will not use or disclose Sensitive Information about You for the purpose of direct marketing unless You have provided Your express consent to such use or disclosure, in accordance with APP 7.4.
11. CROSS-BORDER DISCLOSURE OF PERSONAL INFORMATION
We may disclose Your Personal Information to recipients located outside Australia, including ZO Skin Health group companies and third-party service providers. The countries in which overseas recipients are likely to be located include: the United States of America (ZO Skin Health, Inc., Meta Platforms, Inc., Pinterest, Inc., and other service providers).
Before disclosing Your Personal Information to an overseas recipient, We will take reasonable steps to ensure that the recipient does not breach the APPs in relation to that information (APP 8.1). These steps include:
- (a) entering into contractual arrangements with overseas recipients that require them to handle Personal Information in a manner consistent with the Australian Privacy Principles;
- (b) conducting due diligence on the privacy and data protection practices of overseas recipients before any disclosure;
- (c) implementing technical and organisational measures to protect Personal Information during and after transfer; and
- (d) monitoring compliance by overseas recipients with their contractual obligations on an ongoing basis.
12. ACCESS TO AND CORRECTION OF PERSONAL INFORMATION
You have the right to request access to the Personal Information we hold about you (APP 12). You have the right to request correction of Personal Information that is inaccurate, out of date, incomplete, irrelevant, or misleading (APP 13).
To submit an access or correction request, please contact Us at privacy@zoskinhealth.com. We may ask You to verify Your identity before processing Your request. We will respond within 30 days of receiving the request. If We require additional time, We will notify You. We may refuse access or correction in limited circumstances permitted under the APPs.
If We refuse a request, We will provide written reasons and information about how to complain.
13. COMPLAINTS
If You believe that We have breached the APPs, You are entitled to lodge a complaint with Us. Complaints should be submitted in writing to privacy@zoskinhealth.com.
When lodging a complaint, please provide Your name, contact details, and a description of the conduct You believe constitutes a breach of the APPs. Upon receipt of Your complaint, We will acknowledge it in writing and assign a designated officer to investigate the matter. We will endeavour to investigate and provide You with a written response within 30 days of receiving the complaint. If We require additional time to complete Our investigation, We will notify You of the delay and the reasons for it.
If You are not satisfied with Our response to Your complaint, or if We have not responded within the 30-day period, You may escalate Your complaint to the Office of the Australian Information Commissioner (OAIC).
14. GOVERNING LAW
This Privacy Notice, and any dispute or claim arising out of or in connection with it, is governed by and shall be construed in accordance with the laws of the Commonwealth of Australia, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
Nothing in this Privacy Notice excludes, restricts, or modifies any right or remedy implied or imposed by the Privacy Act or any other applicable legislation that cannot lawfully be excluded or limited. Any proceedings relating to a dispute arising under this Privacy Notice shall be subject to the non-exclusive jurisdiction of the courts of New South Wales, Australia.
15. CONTACT US
If You have any questions, concerns, or requests regarding this Privacy Notice or the handling of Your Personal Information, please contact Us using the details set out below.
| Entity | ZO Medical Skin Health Pty Ltd (ACN 125 671 490) |
| privacy@zoskinhealth.com | |
| Phone | 1300 503 679 |
| Business Hours | Monday to Friday, 8:00 AM to 5:00 PM AEST |