Privacy Policy

This Privacy Policy explains how Heritage (“we”, “us”, “our”) collects, uses, discloses and protects your personal information when you visit our website, make a purchase, contact us, or interact with our services.
Contact: [info@theheritageroomaus.com] | [Registered address, NSW, Australia]

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where applicable, we also consider certain overseas laws (e.g., EU/UK GDPR) for relevant customers.

1) Personal information we collect

We collect information you provide directly and information collected automatically:

Provided by you

  • Contact details (name, email, phone, shipping/billing address)

  • Order details (items purchased, preferences, size)

  • Payment details (processed securely by our payment providers—see §4)

  • Messages (customer service enquiries, reviews, survey responses)

  • Event or marketing sign-ups (newsletter, waitlists, giveaways)

Collected automatically

  • Device and session information (IP address, browser type/version, device IDs)

  • Usage data (pages viewed, referring/exit pages, time on site, clicks)

  • Cookies and similar technologies (see §6 Cookies)

Sensitive information: We do not intentionally collect sensitive information. Please do not submit health, biometric, or other sensitive data to us.

2) Why we collect your information (purposes)

  • To provide and fulfil orders: process payments, shipping, returns, customer support

  • To operate and improve our site: troubleshooting, analytics, fraud prevention, security

  • To personalise your experience: remember preferences, recommend products

  • To market (with consent or as permitted): newsletters, offers, product updates

  • To meet legal obligations: tax, record-keeping, regulatory compliance

Legal bases (where GDPR/UK GDPR applies): performance of a contract, legitimate interests (site security, improvement, basic marketing), consent (email/SMS marketing, cookies), and compliance with legal obligations.

3) Shopify and other service providers

Our store is hosted on Shopify. Shopify provides the e-commerce platform and may process your personal information as our service provider. Your data may be stored or processed outside Australia (including the US, Canada, EU or other locations) depending on where Shopify and our integrated apps operate.

We also use trusted providers for:

  • Payments: e.g., Shopify Payments, PayPal, Afterpay (they process your card/bank data directly)

  • Shipping & logistics: e.g., Australia Post, DHL

  • Marketing & analytics: e.g., email platforms, social media, analytics tools

  • IT & security: hosting, backup, content delivery, fraud prevention

We require providers to handle personal information in line with applicable laws and reasonable security standards.

4) Payments

When you complete a purchase, payment details (card numbers, etc.) are collected and processed by the payment gateway, not stored in our systems. We receive limited information (e.g., last 4 digits, payment status) to verify and fulfil your order.

5) Sharing your information

We may share personal information with:

  • Service providers listed in §3 (only as needed to perform their services)

  • Professional advisers (accountants, auditors, legal)

  • Authorities, regulators or law enforcement where required or permitted by law

  • A successor entity in connection with a merger, acquisition or sale of assets (subject to confidentiality)

We do not sell your personal information.

6) Cookies & tracking technologies

We use cookies, pixels and similar tools to operate the site, remember your preferences, measure performance, and deliver relevant ads.

Types:

  • Essential: required for checkout, security, and core functions

  • Analytics: help us understand site usage and improve performance

  • Marketing: measure campaigns and show relevant ads

Your choices:

  • Adjust browser settings to block/clear cookies (essential cookies may be required for checkout)

  • Use opt-out features provided by some analytics/ads providers

  • Unsubscribe from marketing emails at any time (see §8)

7) Retention

We keep personal information only as long as necessary for the purposes described in this policy, to comply with legal/financial record-keeping, resolve disputes, and enforce agreements. When no longer needed, we take reasonable steps to de-identify or securely destroy it.

8) Marketing communications

With your consent (or as otherwise permitted), we may send emails or SMS about products, launches and events. You can opt out at any time by:

Transactional messages (e.g., order confirmations, shipping updates) are not marketing and will still be sent.

9) Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you

  • Correct inaccurate or incomplete information

  • Delete your personal information (subject to legal requirements)

  • Object or restrict certain processing, including direct marketing

  • Withdraw consent where processing is based on consent

  • Data portability (receive a copy in a machine-readable format, where applicable)

To make a request, contact [hello@yourdomain.com]. We may need to verify your identity before actioning your request. We will respond within timeframes required by law.

10) Children

Our site is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us information, please contact us to delete it.

11) Security

We implement reasonable administrative, technical and physical safeguards designed to protect personal information against unauthorised access, alteration, disclosure or destruction. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

12) Overseas disclosures

Some service providers may store or process your information outside Australia. Where we disclose personal information overseas, we take reasonable steps to ensure recipients protect it in accordance with the APPs or an equivalent standard.

13) Links to other sites

Our site may contain links to third-party websites and services we do not control. Their privacy practices are not covered by this policy. Review their privacy policies before providing personal information.

14) Changes to this Policy

We may update this Privacy Policy from time to time. The updated version will be posted on our website with a new effective date. Your continued use of the site after changes means you accept the updated policy.

15) Contact & complaints

Questions, access requests, or privacy complaints:
Email: [info@theheritageroomaus.com]

We’ll respond as soon as reasonably possible. If you’re not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) to lodge a complaint.