This is the Privacy Policy of Dermavault ABN 90 709 480 072 (‘Dermavault’, ‘us’, ‘we’, ‘our’).  This Privacy Policy sets out Dermavault’s obligations in line with the Australian Privacy Principles (‘APP’) in the Privacy Act 1988 (Cth) (‘Privacy Act’). This Privacy Policy sets out the different types of information we collect, why we collect it and what you can do if you would like to remove yourself from our mailing list or change any details we may hold about you. 

What information does Dermavault collect and when does it collect this information?

Dermavault will collect information from you when you visit our website or when you otherwise transact with us. The types of information that Dermavault collects from you and the situations in which we collect personal information are outlined below.

Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information”. 

We collect Device Information using the following technologies: 

  • “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. 
  • “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps. 
  • “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site. 

If you sign up as a member: we will collect your name, address, country of origin and email address. You will not be put on the mailing lists of any third parties.

If you do not sign up as a member: we may collect general site traffic data.

When you place an order: we collect your name, billing address, delivery address, email address and telephone number. This information must be provided to allow us to effect delivery of the products that you order, and to contact you if necessary. These details are retained in our database for record keeping purposes. Your email address may also be used to contact you in the event that you discontinue a shopping session. We or our service providers may contact you by email to see if there were any problems and if we can help you to complete your transaction.

If you elect to pay online using your credit card: your credit card details are not stored by us. They are encrypted and passed directly to the Bank through our security provider. Any other information you provide at the checkout, such as comments or survey responses is stored by us and is used to better plan future items to add and developments for the website.

When you use our website: general site traffic data is collected for the purpose of site maintenance and improvement and provides information about which and how often certain pages are viewed. This helps us to understand what sorts of products our customers are interested in and alerts us to any areas of the site that may be difficult to navigate.  The data we collect may include your IP address, your approximate geographic location, and data sent to us by your web browser, such as your operating system, browser type and version, computer type, MAC address and screen resolution. Cookies and other tracking technologies are used by us and our third-party partners, such as our advertising and analytics partners and our fraud prevention service provides, to provide functionality and to recognise you across different services and devices. You may opt out of sending us cookie data but this may adversely affect your experience using our services.

When you engage in business with us: Dermavault may collect personal information from you when you provide it to us in the ordinary course of business, for example when you contract with us or otherwise engage with our business. 

Enquiries: when you make an enquiry with us online or by phone, we may collect your name and contact details in order to respond to your enquiry.

What happens if you do not provide personal information?

The main consequence for you, if some or all of the above personal information is not collected by us is that we may not be able to provide goods, services or information to you, or be able to provide them to the same standard as if we had the information requested.

Why does Dermavault collect personal information?

Dermavault collects personal information to:

  • Provide you with information that you have requested;
  • Process orders you make through our website;
  • Add you to our mailing list;
  • Send you marketing materials;
  • Promote our goods and services;
  • Deliver to you the goods that you have ordered and provide you with customer service following these orders;
  • Improve the website experience of our visitors;
  • Provide services to you;
  • Contract with you; and
  • Comply with our legal obligations.

We also use personal information for our own internal business purposes including:

  • Data analysis to improve our products and services;
  • Auditing our internal processes to ensure they function as intended and that we comply with regulatory requirements;
  • Fraud and security monitoring;
  • Developing new products and services;
  • Identifying usage trends so we can understand which part of our services are of most interest to our customers;
  • Determining the effectiveness of marketing campaigns so that we can adapt to the needs and interests of our customers; and
  • Operating and expanding our business activities such as understanding which of our services are of most interest to our customers, so we can focus on our customers’ needs.

Do we engage in direct marketing?

As part of our promotional, educational and marketing campaigns, we may contact you using the email address you have provided. If you prefer not to hear from us, please email us at hello@dermavault.com.au and you will be removed from any future communications. 

Who do we disclose your personal information to?

In the course of conducting our business we may provide your personal information to:

Third parties in the course of providing products and services to you including, without limitation, through your use of our website.  These third parties may include fraud prevention providers, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers and electronic network administrators

We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy. We also use Google Analytics to help us understand how our customers use the Site -- you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout

Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights. 

We may disclose your personal information to third parties:

  • To enable our website (and your shopping experience) to function in the manner it is intended;
  • To prevent payment fraud;
  • As part of our business processes;
  • To meet the purpose for which your personal information was submitted;
  • If we have your consent to do so or otherwise when we are authorised by law;
  • If we are required by law to disclose the information; or
  • To process product returns.

Does Dermavault store personal information outside of Australia?

Some of the third party service provides to whom we send data are located outside of Australia or may store your data outside of Australia.

Generally, we require that our service providers who handle or obtain personal information acknowledge the confidentiality of this information, undertake to respect any individual’s right to privacy and comply with applicable privacy laws. By providing your personal information to us, you consent to the transfer of that information to our third party providers and to the storage of your personal information by us or our third party

When we send information overseas, in some cases we may not be able to take reasonable steps to ensure that overseas providers comply with the Privacy Act and/or the GDPR and those providers may not be subject to the same level of protection or obligations that are offered by the Privacy Act and the GDPR.  By proceeding to acquire our services and products you agree that you cannot seek redress under the Privacy Act, the GDPR or in any other way against us (to the extent permitted by law) and you may not be able to seek redress overseas. If you do not agree to the transfer of your personal information outside of Australia, please contact us before you agree to this Privacy Policy. In these circumstances, we may be prevented from providing products or services to you.

How do we hold your information?

All personal information held by us will be handled and stored in accordance with our obligations under the Privacy Act.  We will take reasonable steps to:

  • Make sure that the personal information we collect, use or disclose is accurate, complete and up to date;
  • Protect the information from misuse, interference, loss or unauthorised access, modification or disclosure both physically and through security methods; and
  • Destroy or permanently de-identify the information if it is no longer needed for any purpose.

While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.

For how long do we keep information?

We will retain your personal information for as long as needed or permitted in light of the purpose(s) for which it was obtained.  The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and provide services to you;
  • Legal obligations we may have to keep (or destroy) your data; or
  • Legal advice we receive (such as in regard to litigation, regulatory investigations or applicable statutes of limitation).

When your information is no longer required it is destroyed in a secure manner.

How can I access my information?

You are entitled to request access to personal information we hold about you and to request any information we hold about you be corrected or deleted. If you would like to request to review, correct, update, suppress, restrict or delete personal information that you have previously provided to us, or if you would like to request to receive an electronic copy of your personal information for purposes of transmitting it to another company (to the extent this right of data portability is provided to you by applicable law), you may contact us by emailing hello@dermavault.com.au and we will provide this information to you consistent with applicable law.

In your request, please make clear what personal information you would like to have changed, whether you would like to have your personal information deleted from our database or otherwise let us know what limitations you would like to put on our use of your personal information. For your protection we may need to verify your identity before implementing your request. We will comply with your request within a reasonable period after you make your request. We reserve the right to charge a fee for providing access to your information when permitted by law. If we delete your information, we may not be able to provide goods, services or information to you, or be able to provide them to the same standard as if we had your information.

What about links to other websites?

This Privacy Policy is strictly limited to the collection, storage and use of personally identifiable information collected by Dermavault in the course of our business.  It does not apply to any third parties.  We have no control over the privacy practices or the content of any third-party websites and assume no liability for the privacy practices of those websites. We urge users to take time to examine individual privacy policies and guidelines on other websites.


Our products and services are not directed to individuals under the age of sixteen, and we do not knowingly collect personal information from individuals under 16.  If we become aware that a person under 16 has provided us with personal information, we will take steps to delete such information.  If you become aware that a child has provided us with personal information, please contact us using the details below.

Contacting Us

You can contact us by email at hello@dermavault.com.au, or in writing to:

PO Box 511,
Lidcombe NSW 1825

How can I complain?

If you would like to complain about a breach of the Australian Privacy Principles or the GDPR you can contact us using the Contacting Us details above.  We will look into your complaint and respond promptly in writing notifying you of what we will do in response. If you are unsatisfied with our response you can contact the Office of the Australian Information Commissioner (‘OAIC’).  Contact details are on the OAIC website at https://www.oaic.gov.au.

Changes to this Policy

This policy is subject to change over time without prior notice.  We may amend this policy by updating it and posting it on our website.