Privacy Policy
About This Policy
This Privacy Policy explains how Lotus Beauty ("we", "us", "our") collects, uses, stores, and discloses personal information in connection with our beauty and wellness services and our website at lotusbeauty.au.
We are committed to handling your personal information in accordance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and applicable state and territory laws.
By using our services, booking an appointment, visiting our website, or communicating with us, you acknowledge that you have read and understood this Privacy Policy.
Information We Collect
We may collect the following types of personal information:
Identity & Contact Information
- Name, phone number, email address
- Date of birth (if provided)
- Gender (if provided)
Booking & Service Information
- Appointment history, services received, preferred services
- Staff preferences
- Notes relevant to your service (e.g., skin conditions, allergies, or sensitivities you disclose to us)
Transaction Information
- Payment method type (e.g., card, cash, gift card)
- Purchase history, transaction amounts, discounts applied, tips
- Gift card details (code, value, usage)
We do not store your full credit card or bank account details. Payment processing is handled by our third-party payment providers.
Communication Information
- Messages you send us via Facebook Messenger, Instagram, email, phone, or our AI-powered chat assistant
- Feedback and reviews
Technical & Website Information
- IP address, browser type, device information
- Pages visited, time spent on our website
- Referral source (how you found us)
This information is collected through Google Analytics 4 and standard website cookies. We do not use additional tracking cookies beyond what is necessary for website functionality and analytics.
Marketing Preferences
- Whether you have opted in or out of receiving marketing emails or SMS
How We Collect Information
We collect personal information through:
- Direct interactions: When you book an appointment (via phone, in-store, or online through Fresha), fill in a consultation form, purchase a gift card, or communicate with us
- Our booking platform: Fresha, our salon management software, collects and processes booking and client data on our behalf
- Digital channels: When you message us on Facebook Messenger, Instagram, or interact with our AI-powered chat assistant
- Our website: Automatically through Google Analytics 4 when you browse lotusbeauty.au
- Third parties: Referral information from booking platforms (e.g., Fresha Marketplace)
How We Use Your Information
Service Delivery
- To manage and confirm your bookings
- To provide personalised beauty and wellness services
- To maintain records of your service history for continuity of care
Communication
- To send appointment reminders and confirmations
- To respond to your enquiries and messages
- To notify you of changes to our services, opening hours, or policies
Marketing (with your consent)
- To send promotional offers, birthday greetings, and updates about new services via email or SMS
You may opt out of marketing communications at any time by contacting us or using the unsubscribe link in our emails.
Business Operations
- To process payments and manage transactions
- To analyse business performance and improve our services
- To manage gift card issuance, redemption, and expiry
- To identify and manage no-show or disruptive behaviour in accordance with our Terms & Conditions
AI-Powered Customer Assistance
We use an AI-powered chat assistant ("Nhã Ninh") to help answer your questions, provide service information, and assist with bookings. When you interact with this assistant, your messages and relevant service information may be processed by artificial intelligence technology to generate responses. The chat assistant does not make decisions that produce legal or similarly significant effects on you.
Legal & Safety
- To comply with applicable laws and regulations
- To protect our rights, property, and the safety of our clients and staff
How We Store and Protect Your Information
We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure.
Storage
- Client and booking data is stored securely on our salon management platform (Fresha) and on our secure cloud database hosted on Google Cloud Platform
- Our cloud infrastructure is hosted in data centres operated by Google Cloud, which may include servers located outside Australia (see Section 7)
- Electronic communications (business email) are managed through Lark Mail
Security Measures
- Encrypted data transmission (HTTPS/TLS)
- Access controls limiting data access to authorised personnel only
- Regular review of data storage and security practices
Retention
We retain personal information for as long as necessary to fulfil the purposes outlined in this policy, or as required by law. If you request deletion of your data, we will take reasonable steps to do so, subject to our legal obligations and legitimate business needs.
Sharing and Disclosure
We do not sell, rent, or trade your personal information.
We may share your personal information with the following third parties, solely for the purposes described in this policy:
| Third Party | Purpose |
|---|---|
| Fresha | Salon management, booking, payment processing |
| Smartpay | In-store card payment processing |
| Google (Analytics & Cloud) | Website analytics, secure data storage, AI services |
| Meta (Facebook / Instagram) | Responding to your messages via Messenger and Instagram |
| Lark Mail | Business email communication |
We require our service providers to handle your personal information consistently with this policy and applicable privacy laws. We do not authorise them to use your personal information for their own marketing purposes.
Overseas Disclosure
Some of our third-party service providers may store or process data on servers located outside Australia, including in the United States (Google Cloud Platform) and other jurisdictions where our service providers operate.
Where personal information is transferred overseas, we take reasonable steps to ensure the overseas recipient handles your information in accordance with the Australian Privacy Principles.
Cookies and Website Tracking
Our website uses:
- Google Analytics 4: To collect anonymised data about website traffic, user behaviour, and referral sources. You can opt out by installing the Google Analytics Opt-out Browser Add-on.
- Essential cookies: Necessary for basic website functionality (e.g., WordPress session cookies).
We do not use advertising cookies or third-party tracking cookies beyond the above.
Your Rights
You have the right to:
- Access your personal information held by us
- Correction: Request correction of inaccurate or incomplete information
- Opt out of marketing communications at any time
- Request deletion of your personal information, subject to our legal obligations
- Complain if you believe we have breached the Australian Privacy Principles
We will respond to access and correction requests within 30 days. If we refuse a request, we will provide reasons in writing.
Children's Privacy
We do not knowingly collect personal information from children under the age of 16 without parental or guardian consent. Services for minors are subject to our Terms & Conditions, which require a parent or guardian to be present.
Changes to This Policy
We may update this Privacy Policy from time to time. The updated policy will be posted on our website with a revised "Last Updated" date. Your continued use of our services after any changes constitutes your acceptance of the updated policy.
