Privacy Policy Template (Australia)

1.1 Who this policy applies to: This policy applies to all personal information we collect and handle in connection with our business, whether you are a customer, supplier, website visitor, or other individual we deal with.

1.2 Our status: We are an APP entity bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles, because our annual turnover is more than $3 million or another provision of the Act applies to us.

1.3 What is personal information: "Personal information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether or not the information is true and whether or not it is recorded in a material form.

2.1 Types of information: Depending on how you interact with us, we may collect:

(a) your name and contact details (such as email address, postal address, and phone number); (b) identity information (such as date of birth and identity-document details); (c) financial and transaction information (such as payment-card or bank details and purchase history); (d) online and device data (such as IP address, cookies, and usage analytics).

2.2 How we collect it: We collect personal information directly from you when you create an account, make a purchase, subscribe to our newsletter, or contact our support team; automatically through cookies and analytics when you use our website; and from third parties such as our payment processor and referral partners where you have authorised them to share your information.

2.3 Unsolicited information: If we receive personal information we did not solicit, we will deal with it in accordance with APP 4, including by destroying or de-identifying it where the Act permits.

3.1 Purposes: We collect, hold, and use your personal information to provide and improve our products and services; to process orders and payments; to respond to your enquiries and provide support; to send you service updates and (where permitted) marketing; to detect and prevent fraud; and to meet our legal and regulatory obligations.

3.2 Use limited to purpose: We use your personal information for the purpose for which it was collected, for a related purpose you would reasonably expect, or for another purpose with your consent or as permitted by the Privacy Act (APP 6).

4.1 Who we disclose to: We may disclose your personal information to our cloud-hosting and IT providers; our payment processor; delivery and logistics partners; our marketing and analytics providers; our professional advisers; and government, law-enforcement, or regulatory bodies where required or authorised by law.

4.2 No sale of data: We do not sell your personal information. We disclose it only as described in this policy or as required or authorised by law.

5.1 Privacy Officer: If you have a question or concern about how we handle your personal information, contact our Privacy Officer, the Privacy Officer, at privacy@harbourdigital.com.au.

5.2 Complaints: If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Collection (APP 3): We only collect personal information that is reasonably necessary for our functions or activities, by lawful and fair means.

Notice of collection (APP 5): When we collect personal information, we take reasonable steps to tell you who we are, why we are collecting it, who we usually disclose it to, and how you can access and correct it or make a complaint.

Use and disclosure (APP 6): We use and disclose personal information only for the primary purpose of collection, a directly related secondary purpose you would reasonably expect, or with your consent.

Direct marketing (APP 7): We may use your personal information to send you direct marketing about our products and services where you would reasonably expect it or have consented. Every direct-marketing message contains a simple way to opt out, and we will stop sending it on request.

Quality (APP 10): We take reasonable steps to keep your information accurate and up to date, including by letting you review and update your account details at any time.

Security (APP 11): We protect personal information using encryption in transit and at rest, access controls and multi-factor authentication for staff, regular security testing, and a documented data-retention and destruction schedule.

Third parties: We disclose personal information to the following kinds of third parties who help us run our business:

Amazon Web Services (cloud hosting); Stripe (payments); a third-party fulfilment and delivery provider; Google Analytics (website analytics); and Atlassian and similar SaaS tools used to run our business.

We require these providers to handle personal information consistently with this policy and the Privacy Act.

Overseas disclosure (APP 8): We may disclose personal information to recipients located overseas. Before doing so, we take reasonable steps to ensure the overseas recipient handles your information consistently with the Australian Privacy Principles. The countries in which those recipients are likely to be located are:

the United States (cloud hosting and analytics), the United Kingdom, and member states of the European Union.

Under APP 8.1, we generally remain accountable for an act or practice of the overseas recipient that would breach the APPs.

What this covers: From 10 December 2026, the Australian Privacy Principles require an organisation that uses personal information in computer programs to make, or substantially help make, decisions that could reasonably be expected to significantly affect an individual's rights or interests to explain this in its privacy policy (an amendment to APP 1 made by the Privacy and Other Legislation Amendment Act 2024 (Cth)).

Our use of automated decision-making: We use automated processes to screen account applications and transactions for fraud risk, and to personalise the products and offers shown to you.

Decisions and information used: Automated decisions may include declining or flagging a transaction for review, and determining eligibility for certain promotions. We use your transaction history, device and online data, and account information to make these decisions.

Human review: Where an automated decision significantly affects you, you may ask us to have the decision reviewed by a person. We will tell you how to make that request and how the review works.

Access (APP 12): You may request access to your personal information by emailing our Privacy Officer. We will verify your identity, respond within 30 days, and provide the information in the format you request where reasonable.

Correction (APP 13): You can correct most of your information in your account settings, or ask our Privacy Officer to correct it. We will make the correction within a reasonable time and notify any third party to whom we disclosed the incorrect information, where you ask us to.

Complaints: If you believe we have breached the Australian Privacy Principles, you may complain in writing to our Privacy Officer. We will acknowledge your complaint and respond within 30 days. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or 1300 363 992.

Data breaches (NDB scheme): We comply with the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act 1988 (Cth). If we suffer an eligible data breach that is likely to result in serious harm, we will notify the affected individuals and the OAIC as soon as practicable.

More information: For more information about your privacy rights, visit the OAIC website at www.oaic.gov.au.

We may update this Privacy Policy from time to time to reflect changes in our practices or the law. The current version is always available on request and, where we operate a website, on that website.

This Privacy Policy is effective from 1 July 2026.