Henkel Australia Privacy Notice

Effective Date: 2 March 2021 (and posted October 14, 2020)

This Privacy Notice (“Notice”) applies to “Individuals” as defined by the Privacy Act 1988 (Cth) (“Privacy Act”) as a supplement to Henkel Corporation’s (“Company” “Us” “We” “Our”), other privacy policies, statements or notices. This Notice is limited to the data practices of Company in Australia. In the event of a conflict between any other Company policy, statement or notice and this Notice, this Notice will prevail as to Individuals and their rights under the Privacy Act. Please see also any general privacy statement or notice posted or referenced on our websites, apps, products, or services.

This Notice covers our collection, use, disclosure, and sale of Individual’s “Personal Information” (“PI”) as defined by the Privacy Act, except to the extent such PI is exempt from the notice obligations of the Privacy Act, for the twelve months preceding the Effective Date. This Notice also covers rights Individuals have under the Privacy Act, as well other notices to Individuals required by certain other laws. The description of our data practices in this Notice, as required by the Privacy Act, covers only calendar year 2020 and will be updated at least annually. Our practices in calendar year 2021, after July 1, 2020 may differ, however. If materially different from this Notice we will provide pre-collection notice of the current practices, which may include reference to our general or online privacy statements or other applicable privacy notices, which will reflect current practices.

Terms defined in the Privacy Act that are used in this Notice shall have the same meaning as in the Privacy Act. 

Based on our data practices in 2019, we give you notice that we collect the following types of PI about Individuals, with exemplary elements of PI listed. This notice will be updated annually, and our current privacy notices at the point of collection and general privacy statements may reflect more current practices.

Category of PI	Examples of PI
1. Identifiers	This may include but is not limited to: contact information (such as name, address, city, state, province/territory, Postal/ZIP code, email address and telephone number), IP address, device identifier, alias/account name, and in limited circumstances, state ID number, cosmetology license number, business tax ID, fingerprints and other identifiers for professional use.
2. Personal Records	This may include information such as: identifiers described above, date of birth, and other personal, financial, and consumer complaint information.
3. Personal Characteristics or Traits	This may include but is not limited to: gender, age, and race related to product use.
4. Customer Account Details / Commercial Information	This may include but is not limited to: products or services purchased or considered, service history, other purchasing or consumption histories or tendencies, and transaction records.
5. Internet Usage Information	This may include but is not limited to: information about your use of the Service, and data regarding network connected hardware, browsing activity, IP address, and device identifiers.
6. Geolocation Data	This may include but is not limited to: physical location.
7. Sensory Data	This may include but is not limited to: customer-submitted photographs, videos, and audio.
8. Professional or Employment Information	This may include but is not limited to: third-party employment status, employment history, and professional licenses.
9. Inferences from PI Collected	This may include but is not limited to: consumer preferences, aptitudes, attitudes, trends, and preferences.

The chart above reflects the categories of PI required by the Privacy Act. There may be additional information that we collect that meets the Privacy Act’s definition of PI but is not reflected by a category, in which case we will treat it as PI as required by the Privacy Act but will not include it when we are required to describe our practices by category of PI.

As permitted by applicable law, we do not treat deidentified data or aggregate consumer information as PI and we reserve the right to convert, or permit others to convert, your PI into deidentified data or aggregate consumer information, and may elect not to treat publicly available information as PI. We have no obligation to re-identify information or keep it longer than we need it to respond to your requests.

We may collect your PI directly from you or from service providers, vendors and suppliers, our affiliates, or other individuals and businesses as well as public sources of data. These sources include one or more of the following:

When you make a purchase in store or place an order online;

• Conducting a transaction including making a non-cash payment or registering for a service where we collect PI;
• When you contact us or make a request for customer service;
• Posting a review or comment on one of our websites or social media pages, or posting a rating or review or other user generated content on one of our websites or apps;
• Using one of our related websites, apps, social media and other digital services;

PI may also be required or requested by us from time to time. Some situations where we may require your PI include:

• Communicating with us through our contact forms;
• Asking for your contact details (including your address) while participating in raffles which we offer from time to time on our website;
• Your contact details while participating in product tests;
• Your contact details while participating in webinars;
• Your contact details while participating in any surveys;
• Any forms or applications to be submitted by an individual;
• A response to a request, direction, order or arrangement for sharing or transferring information between both entities;
• An entry in a visitors’ book.

We may also collect PI through third parties including, but not limited to:

• Our related companies;
• Our business partners;
• Our distributors, suppliers, service providers and contractors;
• Public sources;
• Data washing organisations and postal service providers.

Generally, we collect, retain, use, and share your PI to provide you services and as otherwise related to the operation of our business. For more detail on our disclosures and sale of PI, see the next section Sharing of PI. 

We may collect, use and share the PI we collect for one or more of the following business purposes:

• Processing Interactions and Transactions
• Managing Interactions, Requests and Transactions
• Establishing and verifying the identity of users
• Uploading and displaying your postings and similar submitted content („User Generated Content“ or „UGC“)
• Opening, maintaining, administering, and servicing users’ profiles, accounts or memberships
• Maintaining consumer relationships
• Performing Services
• Processing, servicing or enforcing transactions and sending related communications
• Communicating with you about our Products, Services and Promotions
• Understanding consumer preferences across multiple brands
• Research and Development
• Quality Assurance
• Operating and Improving Our Website Experience
• Systems Development and Testing
• Staff Training
• Security and Risk Management
• Complying with policies, procedures and legal requirements
• Debugging
  
  Additional business purposes include sharing PI with Henkel affiliates or third parties for other than a sale or one of the foregoing business purposes as required or permitted by applicable law, such as to our vendors that perform services for us, to the government or private parties to comply with law or legal process, to the Individual or other parties at the Individual’s  request, for the additional purposes explained in our Privacy Statement and Data Protection Statement, the privacy statements posted on our Australian brand websites, and to assignees as part of a merger or asset sale (“Other Business Purposes”).
  
  Subject to restrictions and obligations of the Privacy Act, our vendors may also use your PI for some or all of the above listed business purposes. Our vendors may themselves engage services providers or subcontractors to enable them to perform services for us, which sub-processing is, for purposes of certainty, an additional Other Business Purpose for which we are providing you notice.
  
  In addition, we may collect, retain, and use PI for the purpose of sharing it as set forth in the next section.

We may share PI with our service providers, affiliates, agents, consultants, and other vendors (including those that facilitate advertising and marketing), which during calendar year 2021 are as follows. In such circumstances, we will not use, hold, or disclose your PI for any purposes, other than the purpose for which it was collected, or a directly related secondary purpose, without your consent.

Category of PI	Categories of Recipients
1.Identifiers	Business Purpose Disclosure: Marketing & advertising agencies Government entities Operating systems and platforms Social networks Email service providers Advertising networks Sale: Not Sold
2. Personal Records	Business Purpose Disclosure: Marketing and advertising agencies Government entities Sale: Not Sold
3. Personal Characteristics or Traits	Business Purpose Disclosure: Marketing & advertising agencies Email service providers Sale: Not Sold
4. Customer Account Details / Commercial Information	Business Purpose Disclosure: Marketing and advertising agencies Government entities Sale: Not Sold
5. Internet Usage Information	Business Purpose Disclosure: Marketing & advertising agencies Government entities Operating systems and platforms Social networks Email service providers Advertising networks Sale: Not Sold
6. Geolocation Data	Business Purpose Disclosure: Marketing & advertising agencies Social networks Email service providers Advertising networks Sale: Not Sold
7. Sensory Data	Business Purpose Disclosure: Marketing & advertising agencies Social networks Sale: Not Sold
8. Professional or Employment Information	Business Purpose Disclosure: Government entities Sale: Not Sold
9. Inferences from PI Collected	Business Purpose Disclosure: Marketing & advertising agencies Social networks Advertising networks Sale: Not Sold

Henkel is also likely to share your PI with listed recipient categories which may be located outside of the United States, for marketing and other business activities, subject to certain rights of residents of Australia. Where Henkel does share information with overseas recipients, we make reasonable efforts to establish arrangements with those parties for the ongoing security and confidentiality of your PI. We impose strict requirements on all third parties as to how they store, handle and deal with your PI in accordance with the applicable privacy law and that this information will only be used by the recipients for the permitted purpose for which it is shared. However, please be advised that while Henkel makes all reasonable efforts to uphold these requirements, PI provided to overseas recipient may not have the same protection as set out in this Privacy Policy and may be exposed to inherent security and privacy risks beyond its control. Henkel make no guarantee as to the protection of PI.

, we may from time-to-time update information in our notices regarding our data practices and your rights, modify our methods for you to make and for us to respond to your requests, and/or supplement our response(s) to your requests, as we continue to develop our compliance program to reflect the evolution of the law and our understanding of how it relates to our data practices. It is your responsibility to review our website notices periodically to keep yourself updated on any changes.

We provide Individuals the privacy rights described in this section. You have the right to exercise these rights via an authorized agent who meets the agency requirements of the Privacy Act and related regulations., any request you submit to us is subject to an identification process (“Verifiable Consumer Request”). We will not fulfill your request unless you have provided sufficient information for us to appropriately verify you are the Individual about whom we collected PI, which may include matching at least between two to three data points provided by the Individual with data points maintained by us, depending on the type of request and sensitivity of the PI. Please follow the instructions at our Rights Request page here and respond to any follow up inquires we may make. You may also submit a request by calling us at 1300 856 031.

Some PI we maintain about Individuals is not sufficiently associated with enough PI about the Individual for us to be able to verify that it is a particular Individual’s PI when an Individual requests that requires verification is made (e.g., clickstream data tied only to a pseudonymous browser ID). As required by the Privacy Act we do not include that PI in response to those requests. If we cannot comply with a request, we will explain the reasons in our response. You are not required to create a password-protected account with us to make a Verifiable Request. We will use PI provided in a Verifiable Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.

We will make commercially reasonable efforts to identify Individual PI that we collect, process, store, disclose and otherwise use and to respond to your privacy rights requests. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.

Consistent with the Privacy Act and our interest in the security of your PI, we will not deliver certain sensitive data to you in response to a request.

Your privacy rights are as follows:

i. Categories:

You have the right to send us a requestfor any of the following for the period that is twelve months prior to the request date:

• The categories of PI we have collected about you.
• The categories of sources from which we collected your PI
• The business or commercial purposes for our collecting or selling your PI.
• The categories of third parties to whom we have shared your PI.
• A list of the categories of PI disclosed for a business purpose in the prior 12 months and, for each, the categories of recipients, or that no disclosure occurred.
• A list of the categories of PI sold about you in the prior 12 months and, for each, the categories of recipients, or that no sale occurred.

To make a request, call us at 1300 856 031. 

Please note that PI is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.

ii. ​​​​​​​Specific Pieces:

You have the right to make or obtain a transportable copy, no more than twice in a twelve-month period, of your PI that we have collected in the period that is 12 months prior to the request date and are maintaining. To make a request, call us at 1300 856 031. 

Please note that PI is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.

We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request such as if the request is excessive, repetitive, unfounded, or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.

We do not believe that during 2020, or through the Effective Date of this revised Notice, that we “sold” your PI as such is defined under the Privacy Act, but we reserve the right to do so. Accordingly, we provide Individuals a method to opt-out of sale here.

There may be cookies and other tracking technologies associated with our online services that may provide data, which may be treated as PI under the Privacy Act, to other parties that may use it for their own purposes, which in turn may provide that data to other parties for their own purposes. While there is not yet a consensus, we do not believe that data practices of third-party cookies and tracking devices associated with our online services constitute a sale of PI by us and therefore we do not currently treat these activities as a “sale.” Thus, currently, a do not sale request to us will not affect these third-party activities. However, you can exercise control over browser-based cookies by adjusting their settings on your browser, whilst mobile devices may offer ad and data limitation choices. In addition, third party tools may enable you to search for and opt-out of some of these trackers, such as the Ghostery browser plug-in available at https://www.ghostery.com/. For more information on cookies and your choices regarding them, including how to opt-out of certain interest-based advertising, see Section 11 of our general Privacy Policy here. You can also learn more about how to exercise certain choices regarding cookies and interest-based advertising at http://www.aboutads.info/choices, http://www.aboutads.info/appchoices and http://www.networkadvertising.org/choices/.

For easy access, here are links on how to manage cookies from some of the more popular browsers:

• Google Chrome
• Firefox
• Internet Explorer
• Edge
• Safari

We do not represent that these third-party tools, programs or statements are complete or accurate. Clearing cookies or changing settings may affect your choices and website experience and you may have to opt-out separately via each browser and other device you use. Cookie-enabled opt-out signals may no longer be effective if you delete, block, or clear cookies. We are not responsible for the completeness, accuracy or effectiveness of any third-party notices or choices.

Third parties may collect personal information through this Service for advertising, analytics and other purposes. Please visit here to opt-out of the sale of personal information by participating third parties. This is a third party program and we are not responsible for its effectiveness. You must opt out on every device and browser you use in order to effectuate your “Do Not Sell” requests from these parties. However, opting out does not mean you will stop seeing ads and you may continue to still see interest based ads. To learn more about interest-based advertising and additional opt-out choices related to it, please visit here or here.

Some browsers have signals that may be characterized as do not track signals, but we do not understand them to operate in that manner or to indicate a do not sell expression by you so we currently do not recognize these as a do not sell request. Further, there is no current consensus as to how various user-enabled privacy or “do not track” signals or settings should be treated, nor is there a consensus as to what they mean, so we will not look for or respond to any that are not expressly listed here as programs in which we participate or otherwise accept, which may change as programs evolve. We understand that various parties are developing do not sell signals and we may recognize certain such signals if we conclude such a program is appropriate.

We do not knowingly sell the PI of Individuals under 16. 

We may disclose your PI for the following purposes, which are not a sale: (i) if you direct us to share PI; (ii) to comply with your requests; (iii) disclosures amongst the entities that constitute Company as defined above, or as part of a merger or asset sale; and (iv) as otherwise required or permitted by applicable law.

We acknowledge your right to access PI we hold about you and welcome any concerns raised by individuals about their PI. Henkel will provide web pages or other mechanisms allowing you to delete, correct, or update some of the collected PI, and potentially certain other information about you (e.g., profile and account information) or to withdraw your consent at any time where your PI is processed with your consent. Should you request access to your PI, we will provide you with a copy, excerpt or summary of the information in document or record form, whether in physical format or electronic copy, unless there is a compelling reason not to. Except to the extent we have a basis for retention under the Privacy Act, you may also request that we delete your PI that we have collected directly from you and are maintaining. Our retention rights include, without limitation, to complete transactions and services you have requested or that are reasonably anticipated, for security purposes, for legitimate internal business purposes, including maintaining business records, to comply with law, to exercise or defend legal claims, and to cooperate with law enforcement. Note also that we are not required to delete your PI that we did not collect directly from you. To make a request, call us at 1300 856 031. Please note that for security reasons, we may require you to verify your identity before allowing you to access your information. Henkel will make good faith efforts to make requested changes in Henkel’s then-active databases as soon as practicable, but it is not always possible to completely change, remove or delete all of your information or public postings from Henkel’s databases. However, you may alternatively exercise more limited control of your PI by instead exercising one of the following more limited opt-outs: for promotional emails, following the opt-out instructions provided in email communications, or if available by changing your communication preferences by logging onto your account; and (ii) for text messages, following the instructions provided in text messages from Henkel to text the word, “STOP”; and (iii) for app push notifications turn off push notifications on the settings of your device and/or the app, as applicable. 

We will not discriminate against you in a manner prohibited by the Privacy Act because you exercise your  rights. However, we may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable data. In addition, we may offer you financial incentives for the collection, sale, retention and use of your PI as permitted by the Privacy Act that can, without limitation, result in reasonably different prices, rates, or quality levels. While we do not currently offer any such program, should we do so in the future the material terms will be explained and described in its program terms, and a link to those terms will be provided here. Please note that participating in incentive programs is entirely optional, you will have to affirmatively opt-in to the program and you can opt-out of each program (i.e., terminate participation and forgo the ongoing incentives) prospectively by following the instructions in the applicable program description and terms. We may add or change incentive programs and/or their terms by posting notice on the program descriptions and terms linked to above so check them regularly.

Authorized agents of Individuals may make a request by calling 1300 856 130. As permitted by the Privacy Act, any request you submit to us is subject to an identification and verification process, and confirmation of the agent’s authority, which may include attestation under penalty of perjury. Absent a power of attorney, we will also require the Individual to verify their own identity. We may verify identity based on matching information you provided with data we have maintained on you in our systems. This data could include, but is not limited to, email address, mailing address, or phone number.

Notwithstanding anything to the contrary, we may collect, use and disclose your PI as required or permitted by applicable law and this may override your rights. In addition, we need not honor any of your requests to the extent that doing so would infringe upon our or any other person or party’s rights or conflict with applicable law.

In addition to Privacy Act rights, Individuals are entitled to certain other notices, including:

You have the following rights regarding disclosure of your information to third parties for their own direct marketing purposes:

Although as of the Effective Date of this revised Notice it was not Henkel’s current practice to share your personal information with third parties, other than Henkel affiliated companies and subsidiaries, for such third parties’ own direct marketing purposes without your consent, we reserve the right to do so. Accordingly we provide Individuals with the option to opt-out of our sharing of such data for those purposes to third parties other than Henkel affiliated companies and subsidiaries. Individuals may exercise that opt-out and/or request information , and obtain disclosure of affiliated companies and subsidiaries Henkel has shared information for their direct marketing purposes absent your choice and the categories of information shared, by contacting Henkel at lhc.consumeraffairs.anz@henkel.com, or sending Us a letter addressed to:

Attention: Henkel Privacy Inquiries
Privacy Officer Department

Henkel Australia Pty Ltd

135-141 Canterbury Road

Kilsyth, Victoria, Australia 3137

Requests must include “ Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that Henkel is only required to respond to one request per customer each year, and Henkel is not required to respond to requests made by means other than through the provided e-mail address or mail address.

For more information on our online practices and your rights specific to our online services see our online Privacy Policy posted on our Australia Brand websites and our  Australian corporate Data Protection Statement. Without limitation, Individuals that visit our online services and seek or acquire goods, services, money or credit for personal, family or household purposes are entitled to the following notices of their rights:

Tracking and Targeting:

When you visit our online services, we and third parties may use tracking technologies to collect usage information based on your device for a variety of purposes, including serving you advertising, based on your having visited our services or your activities across time and third-party locations. Some browsers may enable you to turn on or off a so-called “Do Not Track” signal. Because there is no industry consensus on what these signals should mean and how they should operate, we do not look for or respond to “Do Not Track” signals. For more information on tracking and targeting and your choices regarding these practices, see Section 11 of our general Privacy Policy here.

Minors:

Although our online service(s) are intended for an audience over the age of majority, any Australian residents under the age of eighteen (18) who have registered to use our online services, and who posted content or information on the service, can request removal by contacting us here, detailing where the content or information is posted and attesting that you posted it. We will then make reasonably good faith efforts to remove the post from prospective public view or anonymize it, so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished or archived content by search engines and others that we do not control.

We appreciate your privacy concerns and endeavour to give you the peace of mind about how your PI is handled by us. If you believe that your PI has been the subject of any misuse, interference, and loss or unauthorised access, modification or disclosure, please send a written complaint to the Compliance Officer as soon as possible by using the contact details below. We will endeavour to respond within a reasonable timeframe (usually within 30 days). If you are not satisfied with our response, please let us know and we will investigate further and respond to you.

For further information on your privacy rights, or to make a complaint or concern about your privacy rights and/or Henkel’s handling of your PI contact us at 1300 856 031. You may also use our Rights Portal found here. Or, write to us at:

Henkel Privacy Inquiries
Privacy Officer Department
Henkel Australia Pty Ltd
135-141 Canterbury Road
Kilsyth, Victoria, Australia 3137