1. Purpose
This Data Protection Policy outlines the principles and practices regarding the collection, handling, storage, and disclosure of personal information, in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). The objective is to ensure that all personal information is managed responsibly, transparently, and securely.
2. Scope
This policy applies to all personal information collected, used, and maintained through any form of interaction, whether online or offline, including websites, applications, communications, and services provided to individuals within Australia.
3. Collection of Personal Information
Personal information may be collected where it is reasonably necessary for business functions or activities. This may include, but is not limited to:
- Names, contact details, and communication preferences
- Payment and transaction information
- Account and login credentials
- Demographic and behavioural data
- Information voluntarily provided by individuals
Information is collected fairly, lawfully, and where possible, directly from the individual concerned.
4. Use of Personal Information
Personal information is used solely for the purposes for which it was collected, which may include:
- Providing and managing services or products
- Communicating with individuals
- Handling enquiries or complaints
- Marketing and promotional activities (subject to consent)
- Compliance with legal and regulatory obligations
5. Disclosure of Personal Information
Personal information may be disclosed to third parties only where:
- The individual has given consent
- Disclosure is required or authorised by law
- It is necessary for the delivery of services (e.g. payment processors, delivery providers)
- Contractual obligations require it, and appropriate data handling safeguards are in place
Personal information is not sold or rented to third parties.
6. Data Security
Reasonable steps are taken to protect personal information from misuse, loss, unauthorised access, modification, or disclosure. This includes physical, electronic, and managerial procedures to safeguard data integrity and confidentiality.
7. Access and Correction
Individuals have the right to request access to, or correction of, their personal information held. Requests will be addressed in accordance with the Privacy Act and processed in a timely manner.
8. Retention and Disposal
Personal information is retained only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Secure disposal practices are implemented when information is no longer needed.
9. Overseas Disclosure
Where personal information is disclosed to overseas recipients, reasonable steps are taken to ensure those recipients do not breach the APPs and that data is handled securely and in accordance with applicable laws.
10. Complaints and Inquiries
Any concerns or complaints regarding privacy or data protection practices may be submitted through the appropriate contact channel. All complaints will be investigated and resolved in accordance with the Privacy Act.