Privacy Policy

FREDDY STORE PRIVACY POLICY

At FREDDY Store, we value your style — and your privacy. This policy explains how we collect, use, store, and protect your personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Spam Act 2003 (Cth).

1. WHAT INFORMATION WE COLLECT

We only collect what is necessary to process your orders and run our store.

Personal Information

  • Name and title

  • Shipping and billing address

  • Email address and phone number

  • Order and purchase history

  • Payment confirmation (we do not see or store your card digits — see Section 3)

Automatically Collected Information

  • IP address, device type, and browser

  • Website activity (pages viewed, products clicked, time spent)

Account Information (if you create an account)

  • Encrypted login credentials

  • Saved preferences and order history

2. HOW WE USE YOUR INFORMATION

We use your data for three purposes: Operation, Communication, and Protection.

  • Fulfilment: Processing and delivering your orders

  • Customer Service: Handling returns, exchanges, and enquiries

  • Security & Fraud Prevention: Detecting fraudulent transactions and protecting against chargebacks

  • Marketing: Only if you have opted in (see Section 4)

  • Website Improvement: Understanding how customers use our site

3. PAYMENT SECURITY (PCI DSS COMPLIANCE)

We operate on a zero-knowledge model regarding your card data.

  • All payments are processed via PCI-DSS compliant providers including Shopify Payments, PayPal, Afterpay, and Klarna

  • We do NOT store or have access to your full credit card number

  • Payment data is encrypted via TLS/SSL and handled directly by certified providers using tokenization

  • We maintain PCI DSS SAQ-A compliance status as an e-commerce merchant

4. CONSENT & MARKETING

Transaction Consent: By placing an order, you consent to us using your information to fulfil that specific transaction, including shipping and customer service communications.

Marketing Opt-In: We only send promotional emails or SMS if you have provided express consent (opted in at checkout or via a sign-up form).

Unsubscribing: Every marketing message includes a working Unsubscribe or STOP option. We process these requests promptly. You may also contact us directly at support@freddystore.com.au.

We comply with the Spam Act 2003 (Cth) for all electronic marketing.

5. DISCLOSURE TO THIRD PARTIES

We do not sell your personal information. We only share it where necessary:

Service Providers — We share data with trusted partners to operate our store:

Provider

Purpose

Shopify

eCommerce platform & data hosting

Shopify Payments / PayPal / Afterpay / Klarna

Payment processing

Shipping carriers (e.g. Australia Post)

Order fulfilment & delivery

Email/SMS marketing platforms

Marketing communications






Each provider only receives data necessary to perform their specific service and is bound by their own privacy policy.

Legal Requirements: We may disclose information if required by law, to prevent fraud, enforce our Terms of Service, or protect the rights of FREDDY Store and our customers.

Business Transfers: If FREDDY Store is acquired or merged, customer data may transfer to the new owners as a business asset. You will be notified of any such change.

6. OVERSEAS DATA TRANSFERS (APP 8)

Some of our service providers store or process data outside Australia, including in the United States, Canada, and Singapore.

  • By using our website and services, you expressly consent to the transfer of your information to these overseas recipients

  • We only partner with providers that maintain enterprise-grade security certifications (e.g. SOC2, PCI DSS, ISO 27001)

  • Your data continues to be handled under the protections set out in this policy

7. DATA RETENTION & DESTRUCTION

We do not keep your data longer than necessary:

Data Type

Retention Period

Financial & transaction records

Up to 7 years (ATO legal requirement)

Customer support records

As needed for service and dispute resolution

Marketing data

Until you unsubscribe or request deletion

Analytics/behavioural data

As per third-party provider settings

When data is no longer required, it is securely deleted or de-identified (stripped of all personal identifiers).

8. DATA SECURITY

We use a defence-in-depth approach to protect your data:

  • Access control: Only authorised staff with a business need can access customer data, protected by Multi-Factor Authentication (MFA)

  • Encryption: Data is encrypted both in transit (TLS/SSL) and at rest (AES-256)

  • Firewalls & secure servers managed by Shopify's infrastructure

  • Activity monitoring: Real-time logging to detect unauthorised access attempts

While no system is 100% secure, we follow industry best practices and continually review our security posture.

9. COOKIES & TRACKING

We use cookies to improve your shopping experience.

Cookie Type

Purpose

Essential

Required for site functionality (e.g. shopping cart, session)

Performance/Analytics

Help us understand how customers use our site

Marketing/Advertising

Used for retargeting and personalised ads (AdRoll, Instant)

You can adjust cookie preferences in your browser settings. You may also opt out of targeted advertising via: Your browser's privacy settings

10. YOUR RIGHTS (ACCESS, CORRECTION & DELETION)

Under the Privacy Act 1988 (APPs 12 & 13), you have the right to:

  1. Access — Request a copy of the personal information we hold about you

  2. Correct — Ask us to fix inaccurate or incomplete information

  3. Delete — Request erasure of your data (subject to legal retention requirements)

How to submit a request: 📧 support@freddystore.com.au

We will verify your identity before processing any request, and aim to respond within 30 days. Access requests are generally provided free of charge; however, in cases requiring significant effort, a reasonable fee may apply — we will advise you in advance.

11. COMPLAINTS

If you believe we have mishandled your personal information:

  1. Contact us at support@freddystore.com.au - we will investigate and respond within 30 days

  2. If you are not satisfied with our response, you may escalate to:

Office of the Australian Information Commissioner (OAIC) 🌐 www.oaic.gov.au 📞 1300 363 992

12. DATA BREACH NOTIFICATION (NDB SCHEME)

In the event of a data breach likely to cause serious harm, we will:

  • Immediately contain and assess the breach (within 30 days as required)

  • Notify affected individuals and the OAIC as required under the Notifiable Data Breaches (NDB) scheme

  • Take steps to prevent recurrence

13. CHILDREN'S PRIVACY

Our website is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with their data, please contact us immediately so we can delete it.

14. CALIFORNIA RESIDENTS

If you are a California resident, you may request information about our disclosure of your personal information to third parties for their direct marketing purposes under California Civil Code Section 1798.83. Please contact us at the address below:

FREDDY AUSTRALIA & NEW ZEALAND

100 GREEN ST, CREMORNE, VIC, 3121

support@freddystore.com.au

___________________________________________________________________________

15. SMS/MMS MOBILE MESSAGING MARKETING PROGRAM

We respect your privacy. We will only use information you provide through the Program to transmit your mobile messages and respond to you, if necessary. This includes, but is not limited to, sharing information with platform providers, phone companies, and other vendors who assist us in the delivery of mobile messages.  WE DO NOT SELL, RENT, LOAN, TRADE, LEASE, OR OTHERWISE TRANSFER FOR PROFIT ANY PHONE NUMBERS OR CUSTOMER INFORMATION COLLECTED THROUGH THE PROGRAM TO ANY THIRD PARTY. Nonetheless, We reserve the right at all times to disclose any information as necessary to satisfy any law, regulation or governmental request, to avoid liability, or to protect Our rights or property. When you complete forms online or otherwise provide Us information in connection with the Program, you agree to provide accurate, complete, and true information. You agree not to use a false or misleading name or a name that you are not authorized to use. If, in Our sole discretion, We believe that any such information is untrue, inaccurate, or incomplete, or you have opted into the Program for an ulterior purpose, We may refuse you access to the Program and pursue any appropriate legal remedies.

California Civil Code Section 1798.83 permits Users of the Program that are California residents to request certain information regarding our disclosure of the information you provide through the Program to third parties for their direct marketing purposes.  To make such a request, please contact us at the following address:

FREDDY AUSTRALIA & NEW ZEALAND

100 GREEN ST, CREMORNE, VIC, 3121

support@freddystore.com.au

This Privacy Policy is strictly limited to the Program and has no effect on any other privacy policy(ies) that may govern the relationship between you and Us in other contexts. ___________________________________________________________________________

16. INSTANT AUDIENCES

We use Instant to help us understand how our customers use our site, and use this information to retarget for marketing purposes. You can read more about how Instant uses your Personal Information here: https://www.instant.one/privacy-policy. You can opt-out by contacting help@instant.one

17. CHANGES TO THIS POLICY

We may update this policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this policy periodically.

___________________________________________________________________________

18. CONTACT US

Privacy Officer 📧 support@freddystore.com.au 📍 100 Green St, Cremorne VIC 3121, Australia