Privacy Policy


At RLLB Pty Ltd, trading as Haircare Superstore, (ACN 641 085 234), your privacy is paramount. We are dedicated to upholding the Australian Privacy Principles and complying with the Privacy Act 1988 (Cth), ensuring that your personal information is handled responsibly and transparently. Our Privacy Policy outlines how we manage your personal information across various interactions and services we provide.

This policy provides detailed information on how we collect, use, secure, and share the personal information we may obtain during our interactions with you. It also explains your rights regarding accessing, correcting, or raising concerns about the personal information we hold. When you entrust us with your personal information, whether through our websites, promotions, or other means, we commit to protecting and respecting your privacy.


We collect and use personal information from customers, users, or visitors of our websites, social media channels, products, or services. The types of personal information we collect and use depend on your interactions with us and can include your name, address, telephone number, email address, postal or delivery address, date of birth, billing information (such as credit card and bank account details), proof of identity information and documents, information about the products and services you have ordered or inquired about, and your beauty profile. If you prefer that we do not collect any personal information from you, please do not provide us with any such information.

When you submit your personal information to us, or by using, browsing, or accessing our websites or social media channels, you are giving your consent to the collection, use, and disclosure of your personal information as set forth in this Privacy Policy.

Should we collect personal information about you from another source, we will take reasonable steps to ensure that you are made aware of:

  • The fact that we have collected personal information about you and how you can contact us regarding this collection;
  • How you can gain access to the personal information collected;
  • The purposes for which we collected the personal information;
  • The parties to whom we would usually disclose such personal information;
  • Any legal obligation we have to collect personal information.

You are not obligated to provide any information requested by us. However, please be aware that we may not be able to provide you with the products or services you require if their provision depends on the collection of that information, including when the collection is required by law.


We collect personal information about you in a variety of ways, including:

  • Through your use of, or orders for, our products and services; when you visit or submit information through our website, social media, and other online channels; when you contact us with a query or request information about our products and services; when you complete any forms or agreements for our products and services; when you participate in competitions, promotions, events, sweepstakes, surveys, questionnaires, or rewards programs.
  • From third parties, including our related bodies corporate, business partners, and service providers, credit reporting bodies, and government agencies.
  • From publicly available sources of information, including but not limited to, social media sites.

The personal information collected by us is used to track your use of, or to enhance your use of, the aforementioned activities and assist us in providing a better service. We do not use or share personal information for any purpose other than for the purpose for which it was disclosed. By providing your personal information to us, you acknowledge that you are authorised to provide such information. We may collect personal information about you for our related bodies corporate and service providers, and when you request information about products and services. We will only collect personal information that is necessary for one or more of our functions or for the purpose disclosed to you.


We use your personal information for the purposes for which it is collected. The personal information we collect is generally used to provide our products, services, and customer rewards programs to you. This includes customising online content and advertising on our website and social media channels. We also use it to improve or develop our products, services, and website, to operate, maintain, test, and upgrade our systems, and to notify you of opportunities that we think might interest you. We do not use or share personal information for any purpose other than for the purpose for which it was originally collected and disclosed. We do not provide, trade, or sell personal information to other organizations without your consent. However, we may disclose personal information to our related bodies corporate, business partners, third-party contractors, agents, and suppliers in connection with providing our products or services to you.

By providing your personal information to us, you consent to the following:

  • We may collect and use your personal information for the purpose disclosed to you.
  • You are authorised to provide such information to us.
  • Any information provided may be disclosed on a confidential basis to our third-party contractors, agents, or suppliers.
  • Information provided to us in the process of delivering a product or service to you may be used by us for recruitment or job opportunity purposes.

If you provide your personal information to us, whether via one of our websites, social media channels, through any of our promotions, competitions, or otherwise, the information you provide may be used by us to include you in a customer rewards program, create and deliver to you communications such as direct mail, emails, SMS, surveys, or invite you to participate in customer research or discussion groups. These communications may contain product, service and event information, tips, promotions, or competitions. If you prefer not to receive such communications, including those related to any rewards programs, please see Section 5.


We take all reasonable steps to ensure that all personal information we hold is accurate. However, it is your responsibility to ensure that the information you provide us is accurate and to advise us of any changes to your details. You may contact us at any time to request a correction if you believe that the personal information we have about you is inaccurate or incomplete. Alternatively, you can visit our website and log in to manage your personal information at any time.

If we determine that personal information is no longer needed for any purpose, we will take reasonable steps to destroy or permanently de-identify that personal information, unless we are required by law or a court or tribunal order to retain the information.


Where we have your express or implied consent, or where we are otherwise permitted by law, we may use your personal information to send you information about the products and services we offer, as well as other information that may be of interest to you. We may send this information by mail, email, SMS, telephone, or via social media and other online channels, including by customising online content advertised or displayed on our websites or social media channels.

If you do not wish to receive direct marketing communications from us, you may opt-out at any time by:

Please note, opting out of direct marketing communications will not remove you from our customer rewards programs nor will it prevent you from receiving social media or other online channel communications or customised online content advertised or displayed on our website or social media channels.


We take reasonable steps to ensure your personal information is protected from unauthorized access, loss, misuse, disclosure, or alteration, both online and offline. We store personal information in various forms, including paper and electronic form. We employ security procedures to protect the personal information we hold. Unfortunately, no data transmission over the Internet can be guaranteed to be completely secure. However, we will endeavour to take all reasonable steps to protect the personal information you may transmit to us.

Access to and use of personal information within our organization is strictly limited to prevent misuse or unlawful disclosure of that information. Our employees, contractors, and service providers are obliged to respect the confidentiality of any personal information held by us.


Compliance with Laws and Fraud Protection

We may disclose any information, including personal information, to law enforcement bodies, regulatory authorities to assist with their functions, courts of law, or as otherwise required or authorised by law.

We may also exchange information, including personal information, with other companies and organisations for credit fraud protection and risk reduction. This may occur in several instances, including when your bank or other financial institution requests proof of authorisation of a payment.

Service Providers

We may engage other companies and individuals to perform functions consistent with our Privacy Policy on our behalf. Examples include customer support specialists, hosting companies, web developers, internet service providers, fulfilment companies (e.g., companies that coordinate mailings), marketing, analysis and research and data analysis firms, data centres, cloud-based storage providers, customer relationship management providers, email service providers, financial and credit card institutions to process payments, insurers, and external business advisors (such as auditors and lawyers). Such third parties may be provided with access to personal information needed to perform their functions but may not use such information for any other purpose. In all circumstances where your personal information is disclosed, we will ensure that these third parties undertake to protect your privacy.


We take all reasonable steps to ensure that the personal information we collect through any of our websites is protected from unauthorized access, loss, misuse, disclosure, or alteration. Our website is equipped with electronic security systems, including the use of firewalls. All pages that require you to enter your personal information or payment details on our site use 128-bit SSL encryption. To verify that the page you are viewing uses 128-bit SSL encryption, you should look for the padlock icon in your browser.

Despite our reasonable steps, we cannot guarantee the security of any personal information transmitted to us. Accordingly, all personal information disclosed by you to us is at your own risk, and we are not liable for any unauthorized access to the personal information.


A cookie is a piece of data that enables us to track and target your preferences. We use cookies to identify you as a returning user and to personalize and enhance your experience on our sites. Most web browsers are initially set up to accept cookies. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. If you choose to receive warnings before accepting cookies, you will receive the warning message with each cookie. If you reject our cookies, you may still use our site, but your access to some features may be limited. We use cookies to help us improve our service to you when you access our site and to ensure that our site remains easy to use and navigate. We may also use IP addresses to analyse trends, administer our sites, track traffic patterns, and gather demographic information for aggregate use, as well as in combination with your personal information for credit fraud protection and risk reduction.

Services that our website uses include Google Analytics, which transmits website traffic data to Google servers. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand traffic and usage on our website. By using our website, you consent to Google processing your data as described in Google's Privacy Policy and for the purposes outlined in this policy.

Google may transmit this data to its partners and other third parties to achieve its purposes. For more information on how Google uses the information collected from cookies, please refer to the relevant section of Google’s Privacy Policy.


Although our sites may contain links to external websites, these websites are not subject to our privacy standards, policies, and procedures. We recommend that you make your own inquiries regarding the privacy policies of these third-party sites. We are not responsible for the privacy practices of these third parties. This Privacy Policy applies only to the information we collect on our sites.


We use resources and servers located in various countries around the world to help provide our services. As such, we may transfer your personal information outside of Australia, including to the United States and Canada, where our service providers such as Klaviyo and Shopify operate.

Your information may be processed and stored in these locations and governed by applicable laws in these regions. We take steps to ensure that your personal information is protected with adequate safeguards and transfer mechanisms such as standard contractual clauses, especially when transferred outside the EEA, UK, or Switzerland.

We comply with legal requirements and ensure that your personal information is protected across borders by enforcing the privacy protections as stipulated by Canadian law, which is recognized by the European Commission as providing adequate protection.

It is important that the personal information we hold about you is accurate and current. You can update your personal information anytime by emailing us at or using the Contact Us page on our website. Please include your name, address, and email address in any requests, so we can ascertain your identity and implement the changes promptly.


We are committed to ensuring the security of your personal information and have put in place suitable measures to safeguard and secure the data we collect. However, should there be any breach of personal data that is likely to result in a risk to your rights and freedoms, we will notify the appropriate authorities within 72 hours of becoming aware of the breach, in accordance with the Notifiable Data Breaches scheme under the Australian Privacy Act.

We will also communicate any such data breaches directly to you as quickly as possible, along with details about the affected data, the potential impact, and our planned response measures. This communication will include guidance on how you can protect yourself from potential adverse effects resulting from the breach.


For any privacy-related concerns or questions, please contact:

We are committed to working directly with you to resolve any concerns about your privacy or the handling of your data. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC).