Privacy Policy


Last updated 17/03/2023

[ESK CARE PTY LIMITED] (registered number ACN 614 758 182) (“us”, “our”, “we”, “ESK”) is the controller of your personal data collected through (“Website”). ESK is committed to protecting and respecting your privacy.

The purpose of this privacy policy (the “Policy” or “Privacy Policy”) is to inform users of this website of the personal data we collect when they visit the site and how this information is used.

  1. Introduction

This Privacy Policy outlines who we are, why and how we process personal data collected through your use of the Website and, if you are the subject of any of the personal data concerned, what rights you have and how to get in touch with us.

The Privacy Policy has been divided into several sections:

  1. Introduction
  2. What personal data do we collect?
  3. How is your personal data collected?
  4. How and why do we use and share your personal data? 
  5. For how long do we keep your personal data?
  6. Security
  7. International Data Transfers
  8. Your Rights
  9. Contact Details

It is important that you read this Policy together with any other privacy notice or fair processing notices that we may provide on the Website at or around the time that we collect or process personal data about you (for example, fair processing notices that we may display to you at the time that you sign up to receive e-mail updates from us) so that you are fully aware of how and why we are using that data. 

This Policy supplements other notices on the Website and is not intended to override or replace them.

By visiting or otherwise using the Website, you confirm that you have read and understood this Privacy Policy. If, for any reason, you do not agree with this Privacy Policy, please stop using the Website.

We reserve the right to revise or amend this Policy at any time to reflect changes to our business or changes in the law.  Where these changes are significant, we will endeavour to let users of the Website know. However, it is your responsibility to check this Privacy Policy before each use of the Website. For ease of reference the top of this Policy indicates the date on which it was last updated. This Website is not intended for children, and we do not knowingly collect data relating to children.

  1. What personal data do we collect?

What is personal data?

‘Personal data’ refers to data about you from which you could be identified – such as your name, your date of birth, your contact details and even your IP address. It does not include data where the identity has been removed (anonymous data).

What types of data do we collect from you when you use the Website?

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  •   Identity Data which includes your name.
  •   Contact Data which includes your e-mail address and phone number.
  •   Technical Data which includes your IP address and browser type and version.
  •   Usage Data which includes information about how you use the Website.
  •   Marketing and Communications Data which includes your preferences in receiving marketing from us and our associated third parties.
  1. How is your personal data collected?

Web log files

In common with most websites, ESK website automatically logs certain information about every request sent to it. This information is used for system administration and for producing usage statistics. Summary statistics are extracted from this data and some of these may be made publicly available, but these do not include information from which individuals could be identified. Relevant subsets of this data may be used as part of investigations of computer misuse involving this site. Data may also on occasion be used to enable investigation of technical problems on the website. Otherwise logged information is not passed to any third party except if required by law.

Electronic forms

From time to time we will use electronic forms on this site to gather personal information for purposes directly related to a service, function or activity of ESK. When we do so we will let you know the purpose for which the information is being collected (including if the information is to be published). Completion of and submission of any form on this website is entirely at the discretion of you, the website user.

Updating your information

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

If you want to update the information you have previously given to us, please contact us.


  1. How and why do we use/share your personal data?


Lawful basis for processing your information

We will only use your personal data when the law allows us to. In using and submitting forms on the website you agree that ESK may use any personal data of yours that you supply through the forms. The personal data will most commonly be used in the following circumstances:

  1. ESK will only collect and use your information to administer, support, improve and obtain feedback on its service
  2. ESK may also use this information to assess what services may be of interest to you and to personalise our service and marketing
  3. ESK may also contact you to obtain feedback on services and any improvements we can make to them

You have the right to ask us at any time not to contact you by way of direct marketing. ESK will not disclose your personal data to any other organisations without your permission.

Here are some examples about how we may use the information we collect about you and the lawful basis we rely on to do so.



Examples of the types of personal data we may collect

Lawful basis for processing

To deliver the Website to you.

Identity data, technical data and usage data.

Performance of a contract with you.

To manage our relationship with you including notifying you of any changes to the Website or services provided on the Website.

Identity data, contact data and marketing communications data.

We have a legitimate interest in doing this (to ensure a positive and informed user experience).

To administer and protect our business and this Website (including troubleshooting, data analysis and system testing.)

Identity data, contacts, marketing communications data, technical data and usage data.

We have a legitimate interest in doing this (to ensure the safety of the Website and our business).

To use data analytics to improve the Website, services, marketing, customer relationships and experiences.

Technical data and usage data.

We have a legitimate interest in doing this to ensure a positive and informed user experience).


Marketing and Communications

Other websites

It is important to appreciate that ESK website provides links to other independent sites, but this policy and statement applies only to direct use of our website. You will need to consult the providers of other websites for information on their policies.


When you subscribe to Evidence Skincare’s SMS sign-up, you agree to receive automated marketing text messages from us about our products and services to the phone number you provided, and that the messages may be sent via automatic telephone dialling system or other technology. We collect your phone number, information about your browser, information about the page you signed up on, and any other additional information you may provide to us. Message frequency is recurring. Message and data rates may apply. We reserve the right at all times to disclose any information as necessary to satisfy any law, regulation or governmental request, to avoid liability, or to protect our rights or property.


Opting Out of Marketing

To opt out (Australian recipients) click the unsubscribe link in any text message to cancel. You'll receive a one-time opt-out confirmation text message. You understand and agree that attempting to opt-out by any means other than texting the opt-out commands above is not a reasonable means of opting out. For more information on SMS messages, please read our Terms of Use.

Evidence Skincare uses cookies to help keep track of items you put into your shopping cart including when you have abandoned your cart and this information is used to determine when to send cart reminder messages via SMS.

The above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.


Sharing your personal data


Depending on how and why you provide us with your personal data we may share it in the following ways:


  •   We may share your personal data with any member of our group company inclusive of our subsidiaries and our ultimate holding company and any of its subsidiaries. For UK consumers, please note the legal meaning of these entities is defined in section 1159 of the UK’s Companies Act 2006 and, in other Permitted Territories, the meaning of these entities shall bear the same meaning as those defined in the applicable laws of those other Permitted Territories;
  •   with selected third parties to which we sub-contract to provide various services and/or aspects of the Website’s functionality, such as where third party plugins provide functionality such as message boards or image hosting services (see “Service Providers” below); and
  •   with analytics and search engine providers that assist us in the improvement and optimisation of this Website as described above.


We may also disclose your personal data to third parties in the following events:


  •   if we were to sell or buy any business or assets, in which case we might disclose your personal data to the prospective seller or buyer of such business or assets as part of that transaction;
  •   if Evidence Skincare ESK or substantially all of its assets are acquired by a third party, in which case personal data held by us about our customers and contacts will be one of the transferred assets;
  •   if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or if we are asked to provide your details to a lawful authority in order to aid in the investigation of crime or disorder; and/or
  •   in order to enforce or apply the terms of use or terms and conditions of sale of our products and services; or to protect the rights, property, or safety of our company, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.


Service Providers (Data Processors)


Our service providers provide us with a variety of administrative, statistical, and technical services. We will only provide service providers with the minimum amount of personal data they need to fulfil the services we request, and we stipulate that they protect this data and do not use it for any other purpose. We take these relationships seriously and oblige all of our data processors to sign contracts with us that clearly set out their commitment to respecting individual rights, and their commitments to assisting us to help you exercise your rights as a data subject. The following is a list of the types of service providers we use:

  •   Website Analytics Providers: Google Analytics and Shopify Plus
  •   Website Developers: Shopify Plus and Simplex Agency
  •   Website Maintenance Providers: Shopify Plus
  •   Website Security Providers: Shopify Plus


Links to third party sites

It is important to appreciate that ESK website provides links to other independent sites, but this policy and statement applies only to direct use of their website. You will need to consult the providers of other websites for information on their policies.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.


  1. For how long do we keep your personal data?


We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.


In some circumstances you can ask us to delete your data: see ‘Your Rights’ below for further information, although this may not always be possible if we are obliged to retain the data for compliance purposes.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.


  1. Security

ESK takes the protection of your personal data very seriously. We have put in place technological and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. 

We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.  They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  1. International Data Transfers

We share your personal data within ESK’s Group. This will involve transferring your data out of the country.

We ensure your personal data is protected by requiring all our group companies to follow the same rules when processing your personal data. 

Many of our external third parties are based in different geographic and legal jurisdictions, so their processing of your personal data will involve a transfer of data outside the country.

Whenever we transfer your personal data out of the country, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented: 

  • Where we use certain service providers, we may use specific contracts approved for use in Australia and the UK which give personal data the same protection it has in those countries. 

Please contact if you want further information on the specific mechanism used by us when transferring your personal data out of the country.


  1. Your Rights

You have the right to make a complaint at any time to the relevant regulator in your country (in the case of UK, this is the Information Commissioner's Office (ICO), the UK regulator for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the relevant regulatorso please contact us in the first instance.

As a data subject you have a number of rights in relation to your personal data. Below, we have described the various rights that you have, as well as how you can exercise them.

 Right of Access

You may, request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. 

Your Right to Correction

You may request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

 Your Right to Restrict Processing

You may request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. 

Your Right to Portability

You may request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Your Right to object to processing

You may object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Your Right to object to automated decision making and profiling

You have the right to be informed about the existence of any automated decision making and profiling of your personal data, and where appropriate, be provided with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing that affects you. 

Withdraw consent, where consent is the lawful basis for processing

You have the right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

  1. Contact Details

If you have any queries regarding this Privacy Policy, if you wish to exercise any of your rights set out above or if you think that the Privacy Policy has not been followed, you can contact us by:

  •   Emailing us at