Privacy Policy

This Privacy Policy (“Policy”) sets out how Douglas Pharmaceuticals Australia Pty Limited (“BraveFace”, “we”, “us” and “our”) and/or its ’related companies’ (as that term is defined in the Companies Act 1993) and our third party contractors collect, store, use, process and disclose your personal information in connection with the provision of our website, your access and use of our website and any products or services we provide to you (“Services”).  The use of this website is subject to our relevant website’s Terms of Service and this Policy.

By providing us with your personal information, you agree to the collection, storage, use and disclosure of your personal information in accordance with this Policy and any laws applicable to you, such as the Privacy Act 2020 for customers located in New Zealand and the Privacy Act 1988 for customers located in Australia.

We may need to amend this Policy from time to time. If we make any changes, then we will post an updated Policy on our website. Any changes will take effect from the date we update and post the amended Policy, so please check this Policy when you access our website.

Collecting Personal Information

We will collect personal information about you when you visit certain areas of our website, purchase products or services from us, subscribe to any communications from us, or otherwise voluntarily provide personal information to us. 

When you provide us with personal information, that information may be stored and processed by authorised third parties (such as our third-party contractors), some of whom may be located outside of New Zealand. 

Once you access the website, we may collect information by using cookies and monitoring software such as pixel tags, web beacons, embedded web links, and similar technology. Information stored or collected regarding your usage of the Services helps us improve and offer the Services you need each time you visit.  This information may include Internet Protocol address, browser type, the date and time that you visit the website or access the Services, referring/exit pages and URLs, number of clicks, cookie information, what sites or products you view, and information about a mobile device.  

Please refer to your mobile device or browser’s technical information for instructions on how to delete and disable cookies and other tracking or recording tools

if you wish to do so. Please also be aware that disabling cookies or similar tools may disable some of the features available through the website.

We may collect personal information if you place an order. Such information may include your name, billing address, shipping address, payment information (including credit card details), email address and phone number. This information will enable us to process your purchases, provide Services to you, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our Services. 

We may also collect personal information, such as your email address, through user communications with our customer and technical support teams or when automated technical reports are generated in connection with a technical issue.

You have no obligation to provide any information requested by us. However, if you choose to withhold any information requested, we may not be able to provide you with the Services that depend on the collection of that information. 

Use and Disclosure of Personal Information

We use your personal information in accordance with the New Zealand Privacy Act 2020 and Australian Privacy Act 1988 (as applicable).  We may use your personal information so that we can provide you with the Services and other information such as promotional material and news, to provide customer support, to improve or update our Services, to communicate with you, to show you advertising that is most relevant to you and your interests, to load the site accurately for you, to perform analytics on the site usage to optimise our site, for credit check and debt collection purposes and to confirm the accuracy of any information you have provided us. 

We may disclose your personal information to third party contractors to help us provide our Services to you, as described
above. For example, 

1. We use Shopify to power our online stores. You can read more about
   how Shopify uses your personal information here: shopify.com/legal/privacy.
2. We may share your personal information to comply with applicable
   laws and regulations, to respond to a subpoena, search warrant or other lawful
   requests for information we receive, or to otherwise protect our rights.
3. We may also disclose your personal information from time to time to
   debt collection or credit checking agencies, third parties involved in the
   provision of the Services (including for delivery and payment processing
   purposes) and our related parties and advisors for any of the purposes listed
   in this Policy. 
4. We may de-identify and aggregate data collected through the Services
   and use it for any purpose, provided such information does not identify you
   individually.

The personal information we collect will never be sold, traded or leased to any third party, except:

• where you have authorised us to do so;
• for the purposes of any sale, transfer or assignment of our business; or 
• if we are required or permitted by law to disclose such information.

We may access, preserve, and disclose personal information and other account information if we believe doing so is required or appropriate to: (i) comply with law enforcement requests and legal process, such as a court order or to facilitate court proceedings; (ii) respond to your requests; or (iii) protect users’, ours or others’ rights, property, or safety.

We will retain your information for as long as needed to provide you the Services and where necessary to comply with our legal obligations.

We will take reasonable technical and organisational precautions (including complying with generally accepted industry standards) to protect personal information that is held by us from unauthorised access, use, disclosure, alteration, or destruction.

Access and Correction of Personal Information

Individuals also have the right to request access to and correction of personal information about themselves. We may require you to verify your identity prior to providing you access to, or correction of, your personal information. If your personal information is corrected, we may disclose the corrected personal information to recipients as outlined above.

We will not charge you a fee for requesting access to your information or for any corrections. To request access to or correction of your personal information, send details of your request to team.legal@douglas.co.nz.

Behavioural Advertising and Opt-out Notice

We may also use your personal information and any other information to communicate with you or to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

• We use Google Analytics to help us understand how our customers use the site. You can read more about how Google uses your personal information here: https://policies.google.com/privacy?hl=en. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
• We share information about your use of the site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by:

• FACEBOOK - https://www.facebook.com/settings/?tab=ads 
• GOOGLE - https://www.google.com/settings/ads/anonymous 
• BING -https://advertise.bingads.microsoft.com/enus/resources/policies/personalized-ads

Additionally, you can opt-out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.

Users may opt-out of marketing emails from us at any time by using the opt-out link in an email or by contacting us at the email address displayed at the end of this Policy.

Californian Users - Do not sell my information

Sharing of personal information for targeted advertising based on your interaction on different websites may be considered "sales", "sharing", or "targeted advertising" under California state privacy laws. Depending on where you live, you may have the right to opt out of these activities. If you would like to exercise this opt-out right, please follow the instructions below.

If you visit our website with the Global Privacy Control opt-out preference signal enabled, depending on where you are,
we will treat this as a request to opt-out of activity that may be considered a “sale” or “sharing” of personal information or other uses that may be considered targeted advertising for the device and browser you used to visit our website.

To opt out of the "sale" or "sharing" of your personal information collected using cookies and other device-based identifiers as described above, you must be a resident of California.

Australian Users

If you are accessing the Services from Australia by providing your personal information to us, you consent to the collection, use, storage and disclosure of your personal information in accordance with this Policy, including as set out in this section.

When you provide us with personal information, that information may be stored and processed by authorised third parties (such as our third-party contractors), some of whom may be located in New Zealand or other jurisdictions outside Australia. 

You have the right to request access to the personal information we hold about you and to ask that your personal information be corrected, updated, or de-identified.

You have the right to deal with us anonymously. However, if you choose to withhold any information requested, we may not be able to provide you with the Services that depend on the collection of personal information. 

International Users

If you are accessing the Services from the European Economic Area (“EEA”) or other regions outside of New Zealand by providing your personal information to us, you consent to the collection, use, storage and disclosure of your personal information in accordance with this Policy, including as set out in this section.

If you are accessing the Services from the EEA or other regions outside of New Zealand with laws governing data collection and use, please note that you are agreeing to the transfer and processing of your information outside of your home jurisdiction.

You have the right to access the personal information we hold about you and to ask that your personal information be corrected, updated, or erased. Where we have disclosed your personal information to third parties, we will take reasonable steps to inform those third parties of your request.

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the EEA, we process your personal information under the following lawful bases:

• the provision of the Services;
• compliance with our legal obligations;
• to perform a task carried out in the public interest; and 
• for our legitimate interests, which do not override your fundamental rights and freedoms.

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a
legal effect on you or otherwise significantly affects you.

We do not engage in fully automated decision making using customer data that has a legal or otherwise significant effect using customer data.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

• Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
• Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.

Your personal information may be initially processed by Shopify in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.

Cookies

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

We use the following cookies to optimise your experience on our site and to provide our services.

Cookies Necessary for the Functioning of the Store

• _ab - Used in connection with access to
  admin.
• _secure_session_id - Used in connection with navigation through a storefront.
• cart - Used in connection with shopping cart.
• cart_sig - Used in connection with checkout.
• cart_ts - Used in connection with checkout.
• checkout_token - Used in connection with checkout.
• secret - Used in connection with checkout.
• secure_customer_sig - Used in connection with customer login.
• storefront_digest - Used in connection with customer login.
• _shopify_u - Used to facilitate updating customer account information.

Reporting and Analytics

• _tracking_consent - Tracking preferences.
• _landing_page - Track landing pages
• _orig_referrer - Track landing pages
• _s - Shopify analytics.
• _shopify_fs - Shopify analytics.
• _shopify_s - Shopify analytics.
• _shopify_sa_p - Shopify analytics relating to marketing & referrals.
• _shopify_sa_t - Shopify analytics relating to marketing & referrals.
• _shopify_y - Shopify analytics.
• _y - Shopify analytics.

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. More information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising and Opt-out Notice” section above.

General 

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

We may update this Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.

Your personal information is collected and held by:

• Douglas Pharmaceuticals Limited;
• Healthcare by Douglas Limited;
• Douglas Pharmaceuticals Australia Pty Limited; and
• Healthcare by Douglas Pty Limited,(and/or these entities’ ’related companies’ (as that term is defined in the Companies Act 1993)), having our offices at Central Park Drive, Lincoln, Auckland 0610, New Zealand and in Cremorne VIC 3121 respectively. 

References in this Policy to "we", "our", "us" or similar are references to Douglas Pharmaceuticals Limited and Douglas Pharmaceuticals Australia Pty Limited (including their related entities (as that term is defined in the Companies Act 1993)). 

The rights set out in the general (non country specific) portions of this Policy apply if you are a resident of New Zealand. Additional rights may apply if you are a resident of Australia, EEA, United States of America and other countries as set out in this Policy. If you would like to exercise these rights, please contact us through the contact information below. If you would like to designate an authorised agent to submit these requests on your behalf, please contact us at the address below.

For any privacy related inquiries please contact our Privacy Officer at the following email address: team.legal@douglas.co.nz or physical address: c/- Privacy Officer, Douglas Pharmaceuticals Limited, Central
Park Drive, Lincoln, Auckland 0610, New Zealand. 

Date last updated 11th June 2025