Reading time: 6 minutes

Any organisation that collects and deals with personal information in New Zealand must comply with our privacy laws. Your beauty business likely collects personal information from your customers, so this means you need to know your privacy obligations. Otherwise, you run the risk of breaking the law and facing legal, reputational, and financial penalties. The Privacy Commission can fine businesses up to $10,000 for failing to comply with their privacy obligations. Individuals can also take their case to the Human Rights Review Tribunal for a breach of privacy. Therefore, you need to take appropriate steps to protect your customers’ privacy and comply with the law. This article will explain how privacy law may apply to your beauty business and what you need to do to protect your customers’ privacy.

Determine What Personal Information You Use

Under the Privacy Act, personal information is any data about an identifiable individual. This means that when you use this information, whether by itself or alongside other data, you can identify the living person that it is about. This covers a broad range of information, so it may not be immediately apparent when you collect personal information. In the beauty industry, you may collect personal information from:

  • face to face conversations and transactions;
  • health questionnaires;
  • customer loyalty programmes;
  • sweepstakes;
  • employee contracts; and
  • online transactions.

The exact nature of the personal data you collect will depend on the nature of your beauty business. If you operate online, you will collect more information about your customers than you would in a brick and mortar beauty salon.

For example, you may need to collect customers’ delivery addresses if you sell beauty products online. However, if you sell your beauty products in-store, you may not need to collect this kind of personal information.

Some personal information you may collect includes:

  • customers’ names;
  • physical addresses;
  • IP addresses;
  • mobile numbers;
  • date of birth;
  • debit or credit card details;
  • allergies or prior health conditions;
  • email addresses; or
  • medical history.

You may collect information about a customers’ health to determine the best treatment to give them. This classifies as personal health information, which you need to take extra care to protect. 

Handling Personal Information in Your Business

The Privacy Act that governs how you should handle personal information operates on 13 privacy principles. Ensure you are familiar with these principles to know what you need to do to protect your customers’ privacy within your business. You want to prioritise transparency with your customers to show them you are a business that values their privacy and can keep up with modern security issues. Ensure someone at your business covers a privacy officer’s duties and share your privacy procedures with your customers using a privacy policy.

Tip: Keep your privacy policy accessible. For instance, include a link in your website footer or have a copy at your checkout desk.

In particular, evaluate how you handle personal information in the following situations.

Collecting Information

Identify when you do and do not need to collect personal information. You can only collect information when necessary for a legitimate business purpose, so evaluate whether you actually need the information you collect. 

For instance, you may collect customers’ birthdate details to send them a special discount promotion on their birthday. Instead of collecting this information, allow customers to receive this discount if they come in on their birthday with proof of the correct date. They still receive the discount, but you do not have to store this information in your databases.

When you collect personal information from your customers, you want to make sure you collect it directly from the source where possible. When dealing with sensitive information, such as personal health information, do so in a secure environment.

Using Information

You need to tell your customers what you use their information for when you collect it and get their consent if this purpose changes. Only use information that is accurate and up to date.

For example, if you collect mobile phone numbers, you need to tell your customer that this is for sending them appointment reminders. If you later want to send them details of sales as they happen, you need their consent to do so.

Securing and Storing Information

You need to take reasonable steps to secure any personal information you store in a way that is proportionate to its sensitivity. When you store personal health information, such as details of allergies or skin conditions, you will likely require more extensive protections. How you protect your information will also depend on its format.

If you store personal client files in cloud servers, you should encrypt that information and implement other digital protections. If your client files are physical folders, keep them in a locked cabinet. 

Sharing With Third Parties

You generally cannot share your clients’ personal information with third parties unless:

  • you have their consent;
  • that was the reason you collected the information;
  • the law requires it; or
  • the information does not identify them.

When you do share information, you need to tell your clients who you are sharing it with. Be sure that the third party is aware of their own privacy obligations when handling sensitive information.

Key Takeaways

If you handle personal information at your beauty business, you need to implement appropriate measures to comply with the law and protect your customers’ privacy. Therefore, identify privacy issues in your business, and handle them accordingly. If you would like more information or help with privacy in your beauty business, contact LegalVision’s privacy lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

Do I Use Personal Information at My Beauty Business?

If you collect any information that could identify a living individual, you use personal information. This applies both when you use the information by itself or combined with other information.

Does My Beauty Business Need a Privacy Policy?

When you deal with personal information, you need to ensure your customers know how you handle it. You can inform them with a privacy policy or privacy statement.

Does Privacy Law Apply to My Beauty Business?

When you collect personal information, then New Zealand privacy law will apply to you. If you use the personal information of EU residents, then the General Data Protection Regulation (GDPR) will also apply to you. For example, if you sell your beauty products online to EU residents.

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards