HOUSE OF POLISH - ADELAIDE

Privacy Policy

Privacy Policy – House of Polish

Effective Date: 27 May 2025

1. Introduction

House of Polish Pty Ltd (“we”, “us”, or “our”) operates https://houseofpolish.com.au (“our website”) and is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy outlines how we collect, use, disclose, store, and manage your personal information when you interact with our online store.

2. Information We Collect

We only collect information reasonably necessary for our business functions. This may include:

  • Personal details: Name, date of birth, billing and delivery address, email address, phone number.

  • Order information: Purchase history, payment details (via third-party processors).

  • Technical data: IP address, browser type, geolocation, device identifiers, usage logs.

  • Account details: Login credentials, preferences, wishlists, reviews.

We do not collect sensitive information as defined in APP 3.3 unless legally required or with your consent.

3. How We Use Your Information

We collect and use your information for the following purposes:

  1. To process and fulfil orders, payments, and returns.

  2. To send order updates, transactional and promotional emails (with opt-out).

  3. To personalise user experience and website functionality.

  4. To manage your account, preferences, and communication settings.

  5. To detect, prevent, and address technical or fraudulent issues.

Usage complies with APP 6 and is directly related to our primary purpose of collection.

4. Disclosure of Personal Information

We may disclose your personal information under APP 6 and APP 8:

  • To service providers: Such as payment gateways (e.g. Stripe), couriers (e.g. Australia Post), IT hosting, marketing platforms, or customer service tools.

  • To comply with legal obligations: Under APP 6.2 or by court order.

  • To overseas recipients: Including cloud services located in the United States and Europe. These transfers are conducted in accordance with APP 8.1 with contractual safeguards in place.

Disclaimer: We cannot guarantee that overseas recipients comply with APPs. By interacting with us, you consent to such international disclosures.

5. Data Security

We take reasonable steps under APP 11 to protect your personal information from misuse, interference, loss, and unauthorised access.

Security measures include:

  • SSL encryption

  • Access controls and role-based restrictions

  • Regular software updates

  • Secure third-party payment integrations

In the event of a notifiable data breach (as defined in the Notifiable Data Breaches Scheme), we will notify affected individuals and the OAIC within 30 days, including recommendations for protective actions.

6. Data Retention

We retain your personal information only as long as necessary:

  • Customer records: 7 years (for taxation/audit purposes)

  • Inactive accounts: Deleted after 36 months of inactivity

  • Marketing data: Removed upon opt-out request

  • Support emails and tickets: Retained for 12 months

You may request erasure sooner, unless retention is required by law.

7. Your Rights

Under APP 12 and 13, you have the right to:

  • Access the personal information we hold about you

  • Correct inaccurate, incomplete, or outdated data

  • Withdraw consent to direct marketing at any time

  • Request deletion subject to legal obligations

Requests should be sent in writing (see Contact section below). We respond within 30 days, per APP guidelines.

8. Cookies and Tracking Technologies

Our website uses cookies to enhance user experience and website performance. We use:

  • Strictly necessary cookies – for essential functionality.

  • Performance cookies – e.g., Google Analytics, to analyse traffic.

  • Marketing cookies – for personalised ads and retargeting.

By continuing to use our site, you consent to our use of cookies. You may manage cookies via browser settings. Declining may limit functionality.

9. Changes to This Policy

We reserve the right to modify this Privacy Policy at any time. Updates will be posted at https://houseofpolish.com.au/privacy and marked with a revised “Effective Date.”

Material changes will be notified via email (if available) and website notice.

10. Contact Us

For privacy concerns, data requests, or complaints:

House of Polish Pty Ltd

Email: privacy@houseofpolish.com.au

Phone: (08) 8327 0170

Address: Level 1, 123 Beauty Lane, Sydney NSW 2000, Australia

If unresolved, you may escalate to:

Office of the Australian Information Commissioner (OAIC)

Website: www.oaic.gov.au

Phone: 1300 363 992

11. Next Compliance Steps

  1. Enable GDPR-style Cookie Consent Banner (with ‘Decline’ option)

    Urgency: High | Impact: Prevents compliance risk with EU visitors and browser security checks.

  2. Implement Quarterly Access Audits and Breach Drill Simulations

    Urgency: Medium | Impact: Reinforces security posture and satisfies obligations under the NDB Scheme.

This Privacy Policy is fully aligned with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and is suitable for immediate implementation at https://houseofpolish.com.au.