Privacy Policy

JUICE PLUS+ AUSTRALIA PRIVACY AND DATA PROTECTION POLICY

• Next review date: 1st December 2023


Introduction
Juice Plus+® Australia Pty ltd (JPCA) needs to gather and use information about individuals. These
can include Customers, Suppliers, Employees, Juice Plus+® Independent Virtual Franchisees
(Franchisees) and other people we have a relationship with or may need to contact.


This policy describes how personal data must be collected, handled and stored and ensures:
• Compliance with the Australian Privacy Act 1988 (Privacy Act).
• Protection of the rights of Staff, Customers and Franchisees.
• JPCA is open about how we store and processes individual’s data.
• Protection from the risk of data a breach.
• Protection from possible reputational damage.


The Privacy Act is under underpinned by seven important principles. The principles cover:
• The open and transparent management of personal information including having a privacy
statement.
• An individual having the option of transacting anonymously or using a pseudonym where
practicable.
• The collection of solicited personal information and receipt of unsolicited personal
information including giving notice about collection.
• How personal information can be used and disclosed (including overseas).
• Maintaining the quality of information.
• Keeping personal information secure.
• The right for individuals to access and correct their personal information.


Policy Scope
This policy applies to:
• The Juice Plus+ Company (Australia) Pty Ltd (JPCA).
• All Australian Juice Plus+ Independent Virtual Franchisees.
• All Employees of JPCA.
• All contractors, suppliers and other people working on behalf of JPCA


Responsibilities
Everyone who works for or with JPCA has some responsibility for ensuring data is collected, stored
and handled appropriately.
Each team including Franchisees must ensure that data is handled and processed in line with
this policy and data protection principles.
The following people have key areas of responsibility:
• The Board of Directors is ultimately responsible for ensuring that the organisation meets
its legal obligations.


The Financial Controller is responsible for:
• Keeping the Board updated about data protection responsibilities, risks and issues.
• Reviewing all data protection procedures and related policies, in line with an agreed
schedule.
• Arranging data protection training and advice for the people covered by this policy.
• Handling data protection questions from Staff.
• Ensuring the Customer Service and Accounts Receivable teams can answer questions
from Customers.
• Dealing with requests from individuals to see the data that we hold about them.
• Checking and approving any contracts or agreements with third parties that may handle
our sensitive data.


The IT Manager is responsible for:
• Ensuring all systems, services and equipment used for storing data meet acceptable
security standards.
• Performing regular checks to ensure security hardware and software is functioning
properly.
• Evaluating any third-party services, the organisation is considering using to store or
process data. For instance, cloud computing services.


The Sales and Marketing Director is responsible for:
• Ensuring Franchisees understand their responsibilities when handling data.
• Ensuring the Franchise team can answer data handling questions from Franchisees.
• Where necessary, working with other Staff to ensure marketing initiatives abide by data
protection principles.


The general guidelines for all Staff, Contractors and Franchisees are:
• The only people able to access data covered by this policy should be those who need it for
their work.
• Data should not be shared informally.
• JPCA will provide training to all Employees, Contractors and Franchisees.
• Employees, Contractors and Franchisees should keep all data secure, by taking
sensible precautions and follow the guidelines below:
• Strong passwords must be used, and they should never be shared.
• Personal data should be not disclosed to unauthorised people, either within the
organisation or externally.
• Data should be regularly reviewed and updated if found to be out of date. If no longer
required it should be deleted, destroyed or archived.
• Employees, Contractors and Franchisees should request help from an appropriate
manager within the organisation if unsure about any aspect of data protection.


Data Storage and Use
All personal data relating to the purchase of products by Customers and Franchisee’s business
activities is stored on the Juice Plus+® worldwide secure computer system server located at the
Juice Plus+® headquarters in Collierville, Tennessee, a suburb of Memphis. All other personal data is
held on the Australian secure server located at JPCA office in Newcastle NSW.
These rules describe how and where data should be safely stored and used.


When data is stored on paper, it should be:
• Kept in a secure place where unauthorized people cannot see it, such as in a locked draw or
filing cabinet.
• Not left on desks or printers.
• Should be shredded and disposed of securely when no longer required.


When data is stored and used electronically, it must be protected from unauthorised access,
accidental deletion and malicious hacking attempts by:
• Protecting data with strong passwords that are changed regularly and never shared.
• Storing of removable media in a locked location, when not being used.
• Storing data only on designated drives and servers.
• Backing up data frequently onto a secure site. Those backups should be tested regularly.
• Protecting all servers and computers containing data with security software and
firewall.
• Ensuring that when working with personal data, their computer screens are locked when
left unattended.
• Ensuring that users do not save copies of personal data to their own computers.
• Encrypting financial data before being transferred to authorised external service
providers.


Data Accuracy
It’s the responsibility of Employees, Contractors and Franchisees to take reasonable steps to
ensure data is kept accurate and up to date by:
• Keeping data in as few places as necessary.
• Taking every opportunity to ensure data is updated when dealing with Customers
and Franchisees.
• Updating data as inaccuracies are discovered. For instance, if a Customer can no longer
be reached on their stored telephone number it should be removed from the database.


Requests to Access Personal Data
All individuals who are the subject of data held by the organisation are entitled to:
• Ask what information is held about them and why.
• Ask how to gain access to it.
• Be informed on how to keep it up to date.
• Be informed on how the organisation is meeting its data protection obligations.
Requests for individuals to access their personal data stored by the organisation is to be madein
writing. We aim to provide the relevant information within 14 days. Before providing information
the organisation will verify the identity of the person making a request.


Data Breaches Involving Personal Information
As a requirement of the Privacy Act we will notify individuals if there has been a breach of their
personal data that is likely to result in serious harm to the individual affected. We will also advise
them the steps we are taking and what they can do to reduce the impacts to their privacy.


European Union Requirements
JPCA does not operate in the European Union, however Australian Franchisees are entitled to trade
worldwide including the EU. We believe that these guidelines are harmonised with EU requirements.