Privacy policy

Privacy Policy

1. INTRODUCTION

(a) McPherson’s Limited and its subsidiaries (“McPherson’s”, “we”, “us”, “our”) are committed to protecting personal information and managing data responsibly across all operations, including corporate functions and direct-to-consumer (D2C) digital platforms.

(b) McPherson’s operates across Australia, New Zealand and international markets supplying health, wellness and beauty products.

(c) This policy outlines how McPherson’s collects, uses, stores and protects personal information and enables responsible data use to support customer experience, digital growth and business operations.

(d) We are committed to protecting the privacy of personal information in accordance with applicable laws in Australia and New Zealand.

(e) This policy applies to:

(i) McPherson’s corporate operations
(ii) all McPherson’s brands and subsidiaries
(iii) McPherson’s websites, including direct-to-consumer (D2C) eCommerce platforms; and
(iv) digital platforms, applications, and marketing activities.

2. APPLICABLE LAWS AND REGULATORY FRAMEWORK

This policy complies with:

Australia

(a) Privacy Act 1988 (Cth);
(b) Australian Privacy Principles (APPs);
(c) Spam Act 2003 (Cth);
(d) Do Not Call Register Act 2006 (Cth); and
(e) Notifiable Data Breaches (NDB) Scheme.

New Zealand

(f) Privacy Act 2020 (NZ);
(g) Information Privacy Principles (IPPs); and
(h) Unsolicited Electronic Messages Act 2007 (NZ).

Where applicable, McPherson’s also considers:
(i) General Data Protection Regulation (GDPR) (for EU interactions); and
(j) Consumer Data Right (CDR) (where relevant)

3. WHAT PERSONAL INFORMATION WE COLLECT

We may collect:

(a) Customers & Consumers (D2C and Digital):

(i) name, email, phone number;
(ii) shipping and billing address;
(iii) purchase history and transaction data;
(iv) marketing preferences and engagement data; and
(v) device, browser, IP address, cookies

(b) Business Partners & Customers
(i) contact details;
(ii) account and transaction data; and
(iii) commercial agreements and communications.

(c) Website & Digital Users
(i) website usage data (analytics);
(ii) cookies and tracking technologies;
(iii) social media interactions.

4. HOW WE COLLECT INFORMATION

We collect personal information:
(a) directly from you (website, purchases, forms, customer service);
(b) through automated technologies (cookies, analytics tools); and
(c) from third parties (retailers, wholesalers, partners, marketing platforms).

5. PURPOSE OF COLLECTION

We collect and use personal information to:
(a) process and fulfil orders;
(b) provide customer service and support;
(c) manage business relationships;
(d) improve products, services and customer experience;
(e) conduct marketing and promotions;
(f) comply with legal and regulatory obligations.

6. MARKETING AND COMMUNICATIONS (SPAM ACT COMPLIANCE)

(a) McPhersons complies with:
(i) Spam Act 2003 (Cth) (Australia)
(ii) Unsolicited Electronic Messages Act 2007 (NZ)

(b) We will only send commercial electronic messages where:
(i) you have consented (express or inferred)
(ii) you would reasonably expect to receive them
(iii) the message includes:
(A) clear identification of McPherson’s; and
(B) a functional unsubscribe mechanism.

(d) We do not send unsolicited marketing communications in breach of applicable laws.

7. DISCLOSURE OF PERSONAL INFORMATION

(a) We may disclose personal information to:

(i) service providers (logistics, IT, marketing, payment processors);
(ii) wholesalers and distribution partners;
(iii) regulatory authorities (where required by law); and
(iv) professional advisors (e.g. legal, audit for the purposes of seeking professional and confidential advice).

(b) As part of our operating model, distribution and customer servicing may involve third-party logistics and wholesaler partners supporting national operations.

8. CROSS-BORDER DISCLOSURE

(a) McPherson’s operates across global markets and supply chains so personal information may be disclosed overseas for permitted purposes, including in:
(i) New Zealand;
(ii) Asia (e.g. sourcing and supply chain partners); and
(iii) other jurisdictions where service providers operate.

(b) We take reasonable steps to ensure overseas recipients comply with privacy obligations.

9. DATA SECURITY

(a) We take reasonable steps to protect personal information from:
(i) misuse, interference and loss; and
(ii) unauthorised access, modification or disclosure.

(b) These reasonable steps include:
(i) maintaining secure IT systems and secure and monitored access controls;
(ii) contemporary reasonable encryption and cybersecurity measures;
(iii) monitoring and incident response processes.

10. DATA RETENTION

(a) We retain personal information only for as long as necessary:
(i) to conduct our business operations; and
(ii) to comply with applicable legal and regulatory requirements.

(b) When no longer required, personal information is securely destroyed or de-identified.

11. ACCESS AND CORRECTION

(a) You have the right to:
(i) access your personal information; and
(ii) request corrections to your personal information.

(b) Requests for access or correction can be made via the contact details below.

12. COOKIES AND DIGITAL TRACKING

(a) Our websites use cookies and similar technologies to:
(i) improve user experience;
(ii) analyse traffic and behaviour; and
(iii) personalise marketing.

(b) You can manage your cookie preferences via your browser settings.

13. NOTIFIABLE DATA BREACHES

(a) In Australia, McPherson’s complies with the Notifiable Data Breaches (NDB) Scheme.

(b) If a data breach is likely to result in serious harm:
(i) Affected individuals will be notified; and
(ii) The Office of the Australian Information Commissioner (OAIC) will be notified.

14. COMPLAINTS

(a) If you have concerns about how your personal information is handled, please contact: Email: cosec@mcpher.com.au

(b) We will respond within a reasonable timeframe.

Australia
Office of the Australian Information Commissioner (OAIC)
www.oaic.gov.au

New Zealand
Office of the Privacy Commissioner
www.privacy.org.nz