Customer Privacy Policy

Updated May 28, 2007

Our Commitment:

At Nàdarra Skin Care we recognize that the protection of the privacy of your personal information is a very important principle in building and maintaining our relationship with you.

This Customer Privacy Policy describes the commitments of Nàdarra Skin Care and the rights of our Customers regarding personal information. It complies fully with the Personal Information Protection and Electronic Documents Act (the “Act”) and is based on the Canadian Standards Association Model Code for the Protection of Personal Information.
The Customer Privacy Policy applies to the collection, storage, use, disclosure, protection, and accuracy of Personal Information collected and controlled by Nàdarra Skin Care.

Definitions:

Collect - to gather, acquire, or obtain Personal Information from any source, including third parties.
Consent – voluntary agreement with what is being done or proposed. Consent can either be express or implied. Express consent is given explicitly, either orally or in writing. Implied consent may reasonably be inferred from the action or inaction of the Customer.
Direct marketing – direct communications targeted to Customers, including mail, telemarketing, fax or electronic mail.
Personal Information – information about an identifiable Customer recorded in any form.
Supplier – a company under contract to provide services, data collection, or processing services to Nàdarra Skin Care.

Summary of Principles:

PRINCIPLE 1: Accountability
Nàdarra Skin Care is responsible for the Personal Information under its control, including Personal Information disclosed by Nàdarra Skin Care to a third party for data and list processing and shall designate one or more persons who are accountable for compliance with the Customer Privacy Policy.
1.1
The Executive Management is accountable for Nàdarra Skin Care’s compliance with the Customer Privacy Policy.
1.2
Nàdarra Skin Care has appointed an internal Chief Privacy Officer and, with the assistance of Corporate Counsel, this person oversees Nàdarra Skin Care’s compliance with the Customer Privacy Policy. To contact the internal Chief Privacy Officer, please email info@nadarra.com.
1.3
Nàdarra Skin Care uses legal agreements to provide a comparable level of protection for Personal Information while the information is being processed by an authorized third party.
1.4
The Management of Nàdarra Skin Care has developed procedures to implement the Customer Privacy Policy, such as the following:

Procedures to protect Personal Information;
Procedures to receive and respond to complaints and enquiries;
Procedures to inform and train our employees on privacy policies and procedures; and,
Making available information about the Customer Privacy Policy to Customers.

PRINCIPLE 2: Identifying Purposes
Nàdarra Skin Care shall identify the purposes for which Personal Information is collected at or before the time the information is collected.
2.1
Nàdarra Skin Care provides Customers with information that explains why the Personal Information is needed and how the Personal Information will be used or disclosed.
2.2
Nàdarra Skin Care obtains consent of Customers before using Personal Information for a purpose that has not been specified, unless the new purpose is required by law.
2.3
Nàdarra Skin Care collects Personal Information for the following purposes:

to communicate information and offers to Customers;
to understand and analyze Customer sales, needs and preferences;
to develop, enhance, market and provide products and services to meet Customer’s needs;
to enable Customers to participate in promotions and contests;
to enable Customers to participate in Customer research or focus groups;
to process exchanges or product returns;
improve our Shops; and,
to respond to requests or complaints.

Customers can opt out of receiving direct marketing and promotional communications in electronic, printed or verbal format by writing to:

Nàdarra Skin Care
100 Vanderhoof Avenue
Toronto, ON M4G 4C9
416 220-1535
info@nadarra.com

PRINCIPLE 3: Consent
Every reasonable effort is made by Nàdarra Skin Care to ensure that the Customer understands the purpose of the Personal Information. A Customer’s consent is obtained as required for the collection, use or disclosure of his or her Personal Information, except where it is inappropriate to do so.
3.1
Nàdarra Skin Care provides information about the purpose of the Personal Information through printed materials, our Web site, its Customer Service Representatives and Shop Sales Associates.
3.2
Nàdarra Skin Care obtains consent for the collection, use or disclosure of Personal Information. This consent is obtained verbally in Shop, or written registration form or on electronic enrollment forms, survey forms and/or during telephone conversations with Customers. It may also be obtained verbally from Customers through our Shop staff.
3.3
Consent to provide Personal Information is not a condition for Nàdarra Skin Care selling a product to Customers, unless the information requested is required to fulfill an explicitly specified and legitimate purpose.
3.4
A Customer may withdraw their consent at any time per section 2(iv) above and Nàdarra Skin Care makes them aware of the implications of their withdrawal.
PRINCIPLE 4: Limiting Collection
Nàdarra Skin Care limits the amount and type of information it collects to what is necessary for the identified purposes.
4.1
Nàdarra Skin Care does not collect Personal Information indiscriminately. The amount and type of Personal Information collected are limited to that which is necessary to fulfill the purposes identified.
4.2
Although the kind of Personal Information depends largely on the specific purpose, Nàdarra Skin Care may typically collect the following Personal Information from its Customers:

Name;
address;
phone number;
date of birth;
e-mail address;
credit card number;
gender;
language preference; and
merchandise category preferences.

4.3
Nàdarra Skin Care collects Personal Information from the Customer:

in-shop;
through online and electronic sales transactions with Nàdarra Skin Care;
through interaction with our Customer Service Representative;
through telephone, paper and online surveys and contests;
through exchange and refunds of product transactions;
through mail or phone orders.

PRINCIPLE 5 – Limit Use, Disclosure and Retention
Nàdarra Skin Care does not use or disclose Personal Information for purposes other than those for which it is collected, except with the consent of the Customer or the use or disclosure is authorized by the Act or as required by law. Nàdarra Skin Care only keeps Personal Information for as long as is necessary to satisfy those purposes.
5.1
Nàdarra Skin Care does not give, rent or sell Customer lists to any organization or individual other than the business units of Nàdarra Skin Care, its Franchisees, agents, and companies contracted to process and manage Customer transactions, analyze data, handle direct mailings or telemarketing, or arrange Customer research and focus groups.
5.2
As Nàdarra Skin Care develops its business, it might sell or buy Shops or assets. In such transactions, Personal Information may be one of the transferred business assets. Also, in the event that Nàdarra Skin Care or substantially all of its assets are acquired, Personal Information will be one of the transferred assets.
5.3
Nàdarra Skin Care retains Personal Information in accordance with guidelines and procedures established by Nàdarra Skin Care. The Personal Information is collected and retained for as long as is necessary to satisfy identified purposes.
5.4
Nàdarra Skin Care has procedures to govern the destruction of Personal Information that is no longer required to fulfill the identified purposes. Customer transaction records including Internet order, mail order and phone order records, Customer mailing lists, and Consumer Help Desk logs that are inactive after two (2) years are deleted from Nàdarra Skin Care data base(s). “Inactive” means that no purchases or returns have been recorded during the previous twenty-four (24) consecutive-month period.

PRINCIPLE 6 – Accuracy
Nàdarra Skin Care keeps Personal Information as accurate, complete and up-to-date as necessary, taking into account its use and the interests of the Customer.
6.1
Nàdarra Skin Care updates Personal Information as it is made available by Customers.
6.2
Customers are responsible for informing Nàdarra Skin Care about changes to their Personal Information, as appropriate.
6.3
Nàdarra Skin Care does not normally update Personal Information unless such a process is necessary to fulfill the purposes for which the Personal Information is collected.

PRINCIPLE 7 – Use of Safeguards
Nàdarra Skin Care protects Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification with security safeguards appropriate to the sensitivity of the Personal Information, regardless of the format in which it is held.
7.1
The methods of protection for Personal Information, depending on the type of personal information, include:

physical measures, for example: locked filing cabinets, restriction of access to offices, and company alarm systems.
technical tools, for example: passwords and encryption, using PGP encryption software.
organizational controls, for example: confidentiality agreements, limiting access on a “need-to-know” basis, staff training and security clearances.

7.2
When Nàdarra Skin Care uses a third party to process information on its behalf, legal agreements require the third party to protect the privacy and confidentiality of the Personal Information. Further, these agreements ensure that the Personal Information is retained only as long as necessary to complete the assigned task and that the third-party organization only uses it for the specified purposes for which it is given.
7.3
Nàdarra Skin Care has appropriate training programs and provides employees with information about its policies and procedures for protecting Customers’ Personal Information and the importance of maintaining the confidentiality of Personal Information.
7.4
Personal Information is disposed of or destroyed with care to prevent unauthorized parties from gaining access to the information.

Principle 8 – Openness
Nàdarra Skin Care makes specific information about its policies and practices relating to the management of Personal Information readily available to its Customers.
8.1
Nàdarra Skin Care is open about its policies and practices with respect to the management of Personal Information.
8.2
Nàdarra Skin Care makes information about its privacy policies and practices available to its Customers through written materials (a copy of this Policy is available upon request), its Web Site (www.nadarra.com), and its Consumer Help Desk.

Principle 9 – Individual Access
Upon request, Nàdarra Skin Care gives Customers access to their Personal Information and an account of its use and disclosure.
9.1
All Customer requests for access to Personal Information held by Nàdarra Skin Care must be in writing and directed to: Chief Privacy Officer, Nàdarra Skin Care, 100 Vanderhoof Avenue Toronto, ON M4G 4C9. Upon request, Nàdarra Skin Care informs the Customer whether or not it holds Personal Information about that Customer, and discloses details of that Customer’s Personal Information, including, where available, the source, its use, and third parties to which it has been disclosed.
9.2
Nadarra Skin Care may request sufficient information from the Customer including adequate identification to verify the identity of the Customer when requesting the existence, use and/or disclosure of Personal Information held by Nàdarra Skin Care. Nàdarra Skin Care will assist any Customer who informs Nàdarra Skin Care that he or she needs assistance in preparing a request for access.
9.3
Nàdarra Skin Care responds to a request for information within thirty (30) business days of receipt of request.
9.4
Responding to a Customer request for information will usually be done at no or minimal cost to the Customer. However, a fee for reasonable costs incurred may be charged in responding to more complex requests, provided the Customer is informed of the fee in advance. The Personal Information requested is provided to the Customer in a form that is generally understandable.
9.5
Nàdarra Skin Care amends the Personal Information contained in Nàdarra Skin Care Customer data bases or elsewhere, as required, when an individual successfully demonstrates the inaccuracy or incompleteness of the Personal Information. An amendment may involve the correction, deletion or addition of information. However Nàdarra Skin Care is unable to amend purchase information or return transaction information.
9.6
When it is not possible to provide a list of third parties or agents to which Nàdarra Skin Care has disclosed Personal Information about a Customer, Nàdarra Skin Care provides a list of the third parties or agents to which it may have disclosed such Personal Information about the Customer.
9.7
A Customer has the opportunity to challenge the accuracy and completeness of the Personal Information and have it amended as appropriate. When a challenge is not resolved to the satisfaction of the Customer, Nàdarra Skin Care will keep a written record of the challenge, and the existence of the challenge is transmitted to third parties as appropriate.
9.8
If Nàdarra Skin Care is unable to provide access to all the Personal Information it holds about a Customer, the reasons for denying access are provided to the Customer.

Principle 10 – Challenging Compliance
A Customer is able to address a challenge concerning Nàdarra Skin Care’s compliance with the above principles with the individual identified in Section 1.2.
10.1
Nàdarra Skin Care has procedures in place to receive and respond to inquiries about Skin Care’s policies and practices relating to its handling of Personal Information.
10.2
Nàdarra Skin Care investigates all complaints and responds within ninety (90) business days after receipt of written correspondence. If the complaint is found to be justified, Nàdarra Skin Care takes appropriate measures to resolve the complaint, including, if necessary, amending its policies and practices.