POLICIES

Privacy policy

  1. Privacy
  2. Refunds
  3. Shipping
  4. Terms

Privacy policy

Last updated October 2023

Privacy Policy

Our privacy commitment to you

Vitaco Health Australia Pty Limited trading as MUSASHI is committed to protecting your privacy and personal information.

This privacy policy (Privacy Policy) describes the personal data collected or generated (processed) when you use our site and/or purchase products from us. It also covers the following topics:

  • Who is responsible for the processing of your personal information?
  • What kind of personal information do we collect?
  • How do we collect your personal information?
  • How do we use cookies?
  • How do we obtain your consent?
  • What do we use your personal information for?
  • Who do we disclose your personal information to?
  • How do we manage and protect your personal information?
  • How can you access and update your personal information?
  • How do we handle enquiries and complaints?
  • When might we change this this Privacy Policy?

By:

  • using any of our websites;
  • purchasing Products from any of our websites;
  • taking part in any of our promotional or marketing campaigns;
  • applying for employment with us; or
  • or visiting our premises,

You agree that:

  • By using this site and/or purchasing products from our site you consent to the collection and use of your personal information as set out in this Privacy Policy.
  • If you find any links to other websites on our site, this Privacy Policy does not apply to them.  Always check the privacy policy of any website you access.
  • We collect your Personal Information through your use of our site, and as otherwise permitted by the Privacy Act 1988 (Privacy Act).
  • If you access this website outside of Australia you agree that any personal information you provide us is subject to this Privacy Policy and the Privacy Act.
  • This site is not intended for children under the age of 13. We do not knowingly collect personal information online from visitors in this age group.

Who is responsible for the processing of your personal information?

Vitaco Health Australia Pty Limited or its affiliate Vitaco Health (NZ) Limited trading as MUSASHI and Shopify Inc. where the context requires, are responsible for the processing of your personal information. MUSASHI is referred to as “MUSASHI”, “our”, “we” or “us” in this privacy policy.

What kind of personal information do we collect?

When you purchase something from our site as part of the buying and selling process, we collect the following personal information from you:

  • Contact details including your name, gender, address, telephone number, email address, residential address, and delivery address.
  • Login and account information, including screen name, password and unique user ID.
  • Details about your orders from us, purchase history and product preferences
  • When you browse our site, digital information, such as cookies, your mobile device’s unique number, pixels, software versions used, device identifiers (like IP addresses), location data (where available and not disabled by you), dates, times, file metadata, referring website, data entered, and your user activity such as links clicked, adding items to a shopping cart, and making purchases which help us learn about your browser and operating system
  • Financial information including credit card details, billing information, whether you are a member of MUSASHI United
  • Information that you voluntarily provide to us through your responses to competitions, promotions, surveys, product testing, feedback and enquiries.

and where we are dealing with you on a business-to-business basis, your ABN (if you are an Australian business), trading name, delivery address and vehicle registration details if you visit one of our premises.

Sensitive Information

Some personal information we may collect from you is ‘sensitive information’. The collection of such sensitive information will depend on the nature of our interaction with you, but may include information which we require for the purpose of providing advice to you. This might include information about your weight, height, body measurements, health, diet, lifestyle and if needed, your medical background.

By purchasing products through our site, you do not have to provide sensitive information. However, if you contact our Naturopathic & Nutrition Team hotline or our Customer Services Representatives we may need to collect sensitive information from you. In such circumstances, we will advise you of this in a separate privacy notice at the time of collection.

Providing your Personal Information is voluntary

You may decide not to provide us with your personal information we ask for. However if you do so, or if you provide us with personal information that is inaccurate or incomplete, we may not be able to respond adequately to your enquiries or provide you with the products or services you require or create an account for you.

How do we collect your personal information?

We collect most personal information directly from you. We may collect personal information when:

  • you create an account.
  • you add products to your cart.
  • you place an order with us.
  • you use Naturopathic & Nutrition Team hotline.
  • you contact our Customer Service representatives.
  • you communicate and interact with us, including in person, by email, by letter, telephone, online or via social media, or participate in any of our marketing or promotional campaigns.
  •  you visit one of our premises.

Other ways we may collect personal information from you:

  • If you visit one of our premises, we may also collect personal information about you on CCTV as part of our security and crime prevention measures. We may also collect your name and contact details and, where applicable, your vehicle registration through our visitor registration system Visitor Rego, for security and health and safety purposes, and your visiting history to our premises, and to provide facilities such as Wi-Fi.  This information, including CCTV footage may constitute ‘personal information’ as defined in the Privacy Laws.

  Social Media

We also use social media services, such as Facebook and Instagram. These services may be linked to our site through the use of social media buttons. Your use of these third party services is entirely optional. We may collect and use any information that you make public when you use any such third party social media service for the purposes of our business. All such third party services are governed by the privacy policies and/or practices of those services providers, for which we are not responsible. If you do not wish to provide your personal information to any of those third parties, or make information publicly available, you should not use their particular service.

Other ways we may collect personal information from you:

  • We may also collect personal information from third parties, through competitions or promotions operated in conjunction with MUSASHI by one of our partners
  • If you contact us by the hotline or our Customer Service phone number your personal information may be collected by us as a recorded voice message if our Naturopaths, Nutritionists or Customer Service team are temporarily unavailable to answer a call and you choose to leave a voice message.

How do We Use Cookies?

We may use “cookies” which enable us to monitor traffic patterns on our site and to serve you more efficiently if you revisit our site. A cookie does not identify you personally but it does identify your computer or device. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance. For specific information about the Cookies that we use related to powering our store with Shopify, see

  • Third party vendors, including Google, may show our ads on sites on the internet and use cookies to serve ads based on a user’s prior visits to a website
  • You may opt out of Google’s use of cookies by visiting the Google advertising opt-out page
  • We use cookies for the purposes of conducting re-marketing campaigns. Google’s Display Network use the DoubleClick Cookie
  • Our cookies typically expire after 60 days. After the expiry date, your browser will delete the cookie (depending on browser used and your browser settings). You can manually delete cookies in your browser anytime.

How do we obtain your consent?

When you provide us with personal information in the course of using our site, such as to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, you are consenting to us collecting it and using it for that reason.

If we ask for your personal information for a secondary reason, such as to send you marketing communications, we will either ask you directly for your express consent, or, if obtaining your express consent is not required by any relevant law, provide you with an opportunity to say no.

If after you opt-in, you change your mind, you may withdraw your consent for us to contact you by contacting us using the contact details set out further below. You may also opt out of marketing emails by using the unsubscribe functionality within every email we send you.

Right to Opt out of Sale or Sharing or Targeted Advertising. You may have a right to direct us not to "sell" or "share" your personal information or to opt out of the processing of your personal information for purposes considered to be "targeted advertising", as defined in applicable privacy laws. Please note that if you visit our Site with the Global Privacy Control opt-out preference signal enabled, depending on where you are, we will automatically treat this as a request to opt-out of the "sale" or "sharing" of information for the device and browser that you use to visit the Site.

  What do we use your personal information for?

The main purpose for collecting your personal information is to enable us to operate our business, provide our products and services to you, and to comply with the law.

We may collect, use and share your personal information for these purposes, including in order to:

  • Create and administer your account.
  • Fulfil your order, confirm your order and deliver the products to you.
  • Charge you for products we provide to you.
  • Let you know about promotions, competitions, products and services which we think may be of interest to you.
  • Respond to returns requests, queries, feedback, and complaints about our products or services.
  • Manage and improve our products and services and other relationships and arrangements.
  • Provide advice to you regarding our products from naturopaths and nutritionists.
  • Undertake product recalls.
  • Monitor our sales of products and for quality control purposes, including undertaking customer surveys and analysis, or seeking feedback from you.
  • Develop new products.
  • Diagnose and fix problems on the site.
  • Meet our legal obligations or if you breach our terms of use or Shopify’s Terms of Service
  • Undertake any other purpose disclosed to you at the time the relevant personal information is collected and for purposes directly related to any of the above
  • Undertake contact tracing in relation to the Covid-19 outbreak (if you attend our premises).

If you have provided your consent in accordance with the relevant law or if consent is not required by any relevant law, we will collect, use and disclose your personal information for the purposes of sending you marketing material (such as newsletters and promotions) or to advertise our products to you on third party websites such as Facebook. If you do not wish to receive information about promotions or activities we think you may be interested in, you can opt-out by contacting us on the details below, or by using the unsubscribe function in emails.

Who do we disclose your personal information to?

We may disclose your personal information for the purposes listed above to third parties that include the following:

  • Shopify Inc. who provide us with the online e-commerce platform that allows us to advertise and sell our products to you. We use Shopify to support personalised advertising with third-party services. Our business and marketing partners will use your information in accordance with their own privacy notices.
  • Our related entities, such as MUSASHI’s offices located in New Zealand or Australia
  • Other companies or individuals who assist us in supplying our products and services or who perform functions on our behalf, such as delivery contractors, couriers, payment providers, credit card processors, mailing houses, advertising and media agencies and technology hosting providers such as Shopify Inc.
  • Other persons that we need to deal with in connection with employment and engagement of staff (such as insurers, next-of-kin, referees) where required or authorised by law to do so and to anyone else whom you authorise us to disclose it.
  • We have “sold” and “shared” (as those terms are defined in applicable law) personal information over the preceding 12 months for the purpose of engaging in advertising and marketing activities, as follows.

Category of Personal Information

Categories of Recipients
  • Identifiers such as basic contact details and certain order and account information
  • Business and marketing partners
  • Commercial information such as records of products or services purchased and shopping information
  • Business and marketing partners
  • Internet or other similar network activity, such as Usage Data
  • Business and marketing partners

Otherwise, we will only disclose your personal information without your consent if doing so is:

  • To assist with any request from WorkSafe, the Ministry of Health or a District Health Board in New Zealand or any Commonwealth, State or Territory health authority in Australia in relation to contact tracing for Covid-19.
  • Necessary to protect or enforce our legal rights or interests, or to defend any claims made against us by any person (including you).
  • Necessary in order to report a data breach, cyber incident or for cyber security purposes (including to prevent unauthorised access to, or attacks on, our systems).
  • Necessary to lessen a serious threat to a person’s health or safety.

Unless otherwise disclosed to you in a separate privacy notice, the only overseas disclosures of personal information Vitaco makes is between our offices in New Zealand and Australia which assist us with the following functions:

  • Storage of personal information of past, current and prospective employees
  • Staffing of the Naturopathic & Nutrition Team and Customer Service hotlines and customer complaints and enquiries handling.

Shopify Inc.

Your personal information collected through this site is disclosed to Shopify and stored in Shopify’s data storage, databases and the general Shopify application. They store your personal information in compliance with industry standards.

Shopify also collects your personal information for the purposes set out in their Privacy Statement.  You can view their Privacy Statement here: https://www.shopify.com/legal/privacy .

In summary, this information is collected when you access our online store, place a product order, or sign up for an account with us. Personal information collected by Shopify is used to provide us with their e-commerce services, such as processing orders, authenticating and processing payments, screening for fraudulent transactions, improving the services Shopify offers and, if you have opted in to Shopify Pay, to pre-fill your checkout information and to offer you customised advertising.

Shopify may also share your personal information with third parties where it is necessary to prevent or take action against illegal activity, where you have violated Shopify’s Terms of Service, where it is necessary to comply with any legal obligations, or where we have authorised the transfer of your personal information to other third parties (such as payment gateways).

For more insight, you may also want to read Shopify’s Terms of Service found here https://www.shopify.com/legal/terms.

Transfer to Other Third Parties

Otherwise, we will only disclose your personal information without your consent to other third parties if doing so is necessary to facilitate your payment for an order, to deliver the products you order to you and to send you our marketing communications

The third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

We may transfer (or authorise Shopify to transfer) your personal information to other third party services providers (such as those described in the other sections of this Privacy Policy) to perform services on our behalf, to process the personal information on our behalf, or to hold it on our behalf. We use Shopify's ad services such as Shopify Audiences to help personalise the advertising you see on third party websites. To restrict Shopify merchants that use these ad services from using your personal information for such services, visit https://privacy.shopify.com/en.

These third parties may be based outside of Australia. However, we will ensure that your personal information is not transferred to a country that has lesser protections in place.

If you proceed with a transaction using our online store, then your personal information may become subject to the laws of the jurisdiction(s) in which the third party or its facilities are located.

We will not authorise any of these other third parties to use your personal information for their own purposes, except where it is necessary for the third party to enforce its legal rights, or to comply with its legal obligations.

Once you leave this site or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our site’s Terms.  You should review their privacy policy when you are on their website.

When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

  Otherwise, we will only use your personal information and share it with third parties where it is necessary:

  • To protect or enforce our legal rights or interests under the Terms, or to defend any claims made against us by any person (including you)
  • To report a data breach, cyber incident or for cyber security purposes (including to prevent unauthorised access to, or attacks on, our systems)
  • For us, or other authorised agencies (such as credit card and payment facility providers) to detect, investigate, prevent or address fraud, security or technical issues
  • To respond to a government request to which we are obliged by law to respond, or where the Privacy Act permits us to respond
  • To lessen a serious threat to a person's health or safety.

How do we manage and protect your personal information?

Personal information collected by us is held by us via Shopify, in accordance with the information provided in the section headed Shopify above. When you provide us with your personal information, it is transferred to where the Shopify servers are located. Shopify collects and holds that personal information in accordance with their privacy policy as set out above. Shopify’s address is 150 Elgin St., 8th Fl, Ottawa, ON K2P 1L4, Canada.

We will retain your personal information for the duration of your relationship with us (including where you hold an active account with us), as needed to provide you with our products (including where you have consented to receiving marketing communications), or to meet any legal obligations we may have to retain your personal information.

We will not hold your personal information for longer than is necessary for the lawful purpose for which the information was collected.

However we may retain records of your personal information for a period of time; for example, to follow-up on a request, resolve a dispute or for similar reasons or in order to comply with applicable federal, state, or local law. In addition, some personal information may also continue to be stored on back-up files for financial, legal, or technical reasons.

If you wish to cancel your account, request that we delete your personal information, request that we no longer use your information to provide you with marketing communications, or withdraw your consent to use your personal information please contact us at the address detailed further below. 

Protection of your Personal Information

We, and Shopify securely store your personal information in a way that ensures that it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

We take such steps as are reasonable in the circumstances to protect your personal information from risks including:

  • Storing your personal information on secure server behind a firewall
  • Using software on the Shopify platform which encrypts information
  • Utilising passwords, firewalls and virus scanning tools to prevent against unauthorised access to our systems
  • Training and reminding our staff of their obligations with regards to your personal information
  • Restricting staff and authorised contractors that have access to the personal information to those on a “need to know” basis
  • If we no longer require your personal information, taking reasonable steps to destroy or de-identify it.
  • CCTV footage will usually be retained for a period of 60 days, after which time it will be overwritten.
  • Site visitor logs and personal information collected for the purposes of COVID-19 contact tracing using the VisitorRego system will be retained for a period of 60 days, after which time they will be deleted.

The security of your personal information is important to us and Shopify and we are committed to handling such information carefully. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, neither we nor Shopify can guarantee its absolute security.

How can you access and update your personal information?

  • We seek to ensure that all personal information collected and stored is correct and accurate
  • If you wish to cancel your account, request that we delete your personal information, request that we no longer use your information to provide you with marketing communications, or withdraw your consent to use your personal information please contact us as set out below. We may require you to verify your identity so that we can ensure your personal information is disclosed only to you and specify what personal information you want access to. It may take up to 15 days to delete personal data once the request has been received.
  • We will respond to your request within 30 days.

How we handle enquiries and complaints

For any privacy enquiries, issues or concerns, or if you believe that we have not complied with the Privacy Laws contact us in writing:

By mail: Privacy Officer Vitaco Health Australia Pty Level 3, 68 Waterloo Road North Ryde NSW 2113

Email: privacy@vitaco.com.au

We will investigate any complaint and will respond to you as soon as is practicable after we receive your complaint.

If you do not agree with the way we have handled your complaint you can refer your complaint to:

Office of the Australian Information Commissioner Website: www.oaic.gov.au Phone: 1300 363 992 Changes to this Privacy Policy

We may update this policy from time to time. We will let you know of significant changes to this Privacy Policy by posting a notification on our websites.

WebsiteRef: v2108070959 ContentRef: v2103