Last updated - August 2021
In the course of carrying out our activities Ben Buckler Eyewear Pty Ltd (ACN 155 832 241), Bailey Nelson Chadstone Pty Ltd (ACN 600 068 540), Bailey Nelson New Zealand Limited (company number 5654131), Bailey Nelson High Street Limited (company number 9429046446756), Bailey Nelson Inc (business number 737004697) and Bailey Nelson UK Limited (company number 10757573) and each of their subsidiaries and related bodies corporate (separately and/or collectively referred to as ‘we’ in this policy) trading as Bailey Nelson will collect, store, use and disclose personal information. We are committed to the protection of your personal information and to being in compliance with data protection law.
This policy refers to the General Data Protection Act (GDPR), UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018 or any subsequent legislation, in each case as amended or superseded from time to time.
Bailey Nelson is the controller of your personal information for the purposes of the applicable data protection law.
Personal information and sensitive personal information
Personal information, or personal data, refers to any information relating to an individual from which that person can be identified. There are special categories of more sensitive personal information that includes information about a person’s health (among other things).
Types of personal information we collect and hold
We collect and hold personal information about individuals for the provision of our products and services and purposes connected to those products and services.
Consistent with the provision of our products and services, the types of personal information we may collect and hold include:
We may also collect and hold sensitive personal information from you. The types of sensitive personal information we might collect includes prescription information, retinal imagery, medical histories, appointment information, family health histories and medicine regimes.
Lawful basis for processing
There are a number of reasons that as a company we will collect and process your personal information. The lawful basis for processing your personal information we use are:
If you don’t provide us with personal information, we are unlikely to be able to provide you with our services.
Purposes for which we hold, use and disclose information
We will not use or disclose personal information for any secondary purpose, unless that secondary purpose is related to the primary purpose for which we have collected that information, and you would reasonably expect the disclosure in the circumstances, or unless you consent to that use or disclosure.
The purposes for which we hold, use and disclose and process information include:
We may also disclose personal information to third party technology, marketing and analytics partners and service providers, including but not limited to Shopify and Microsoft Azure.
You are free to unsubscribe from receiving communication and or direct marketing from Bailey Nelson at any time. We will include an unsubscribe option with all communication and direct marketing. If you have any complaint about the use of your personal information or receipt of communication or direct marketing, please contact our Privacy Officer at: email@example.com.
How we collect and hold personal information
We may collect personal information in the course of providing our products and services, from our website using cookies (data files placed on your device or computer) and other similar technologies, via our clients who pass on your information or third-party agents, or directly from you.
Personal information is held securely, is subject to various security protections and is retained no longer than is necessary for the purpose we obtained it for or the required retention time under other legislation.
We take reasonable steps to ensure the security and integrity of the personal information we collect in store, use and disclose including restricted server access, encryption and other industry standard security protocols like use of firewalls and complex password protection.
Access and correction
We will take all reasonable steps to ensure any personal information we collect, use, or disclose is up to date and accurate. If you believe personal information, we hold about you is not up to date or accurate, you may ask us to correct it.
You may ask us to provide you with details of the personal information we hold about you, and copies of that information. We will respond to your request and attempt to provide you with the data within 30 days of receipt of your request (subject to extensions in some cases which we will notify you of).
If we provide you with copies of the information you have requested, we may charge a reasonable administration fee if we are allowed to do so by law or if a request is manifestly unfounded or excessive or to comply with requests for further copies of the same information.
Please direct all requests for access and correction to: firstname.lastname@example.org.
Some other rights in relation to your privacy
Some individuals also have a right, in certain circumstances, to have the information held about them erased. You can talk to us further about this at email@example.com.
You can also request that we restrict or suspend the processing of your personal information. If you do so, note that we will then be most likely unable to provide the services to you.
The GDPR also provides that in some circumstances individuals have a right to data portability, to withdraw their consent at any time, to object to data processing and to object to processing of data for marketing purposes.
In order to provide our services to you, we may disclose the information which we process to countries outside the European Economic Area (EEA) and the UK. Regardless of the location of our processing, we will impose adequate data protection safeguards and implement appropriate security measures (including technical and organizational as well as contractual measures) to ensure that your personal data is protected in accordance with applicable data protection laws.
In relation to our Australian operations:
We may, in the course of providing products and services, disclose personal information to overseas entities including by utilising overseas data servers to process information.
Those overseas entities are likely to be located in the following countries: UK, Australia, New Zealand and Thailand.
Third party links
Our website may contain links to and from the websites of our partner networks, advertisers and other third parties. If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
Changes to this policy
If you have questions or concerns about your personal information or our privacy notice, please contact our Data Protection Officer at:
29 Henrietta Street
If you do not consider our response satisfactory, you may also contact your relevant supervisory authority.
The supervisory authority for data protection matters in the UK is the Information Commissioner’s Office (ICO). You may contact ICO at its website https://ico.org.uk/,by telephone on 0303 123 1113 or at:
Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF.