Select Page

Privacy Policy

Happy Hearts Australia Inc.
ABN 48 466 194 158

Happy Hearts Australia Inc. (“we“, “us” or “our“) is committed to protecting your privacy and handling personal information in an open and transparent way.

This Privacy Policy explains how we collect, hold, use and disclose personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. The Australian Privacy Principles require organisations covered by the Privacy Act to have a clearly expressed and up-to-date privacy policy explaining how personal information is handled.

By using our website, contacting us, purchasing from us, volunteering with us, or otherwise dealing with us, you agree to the collection, use and disclosure of your personal information as described in this Privacy Policy.

1. What is personal information?

“Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether it is recorded in a material form or not. This reflects the definition used in Australian privacy law.

2. The kinds of personal information we collect

The personal information we collect depends on the nature of your dealings with us, but may include:

  • your name;
  • postal or street address;
  • email address;
  • telephone number;
  • delivery details;
  • payment or transaction details;
  • information about products or services you purchase from us;
  • correspondence or enquiries you send to us;
  • information relevant to employment, volunteer or supplier arrangements.

We only collect personal information that is reasonably necessary for our functions and activities. The categories in your current policy include name, address, gender, contact information and financial information, but you may wish to narrow this list before publishing so it reflects your actual practices.

3. Whose personal information we collect

We may collect personal information about people connected with our activities, including:

  • customers;
  • donors;
  • suppliers;
  • service providers;
  • employees;
  • volunteers;
  • people who contact us with enquiries.

Your current policy already refers to customers, suppliers, service providers, employees and volunteers.

4. How we collect personal information

Where reasonable and practicable, we collect personal information directly from you. For example, we may collect information when:

  • you purchase a product from us;
  • you make a donation;
  • you contact us by email, phone or through our website;
  • you sign up to receive updates or marketing communications;
  • you apply to work or volunteer with us;
  • you interact with us on social media or through other channels.

We may also collect personal information from third parties where appropriate, such as payment processors, delivery providers, contractors, suppliers, recruitment sources or publicly available sources. If we receive your personal information from a third party and it is not obvious that you have consented to that disclosure, we will take reasonable steps to make you aware of the collection where required. This is consistent with the approach described in your current draft.

5. Website usage, analytics and cookies

When you visit our website, we may automatically collect limited technical information such as:

  • your IP address;
  • browser type;
  • device type;
  • pages viewed;
  • how you reached our website;
  • how long you spend on pages; and
  • general website usage information.

We may use cookies, pixels, analytics tools and similar technologies to help us understand website traffic, improve functionality and tailor content. Cookies generally do not identify you personally, although in some circumstances they may be linked with other information we hold.

You can usually adjust your browser settings to refuse cookies or notify you when cookies are being used, although some parts of our website may not function properly if cookies are disabled.

Your current policy already states that cookies may be used and that IP address information may be collected.

6. Why we collect, hold, use and disclose personal information

We may collect, hold, use and disclose your personal information for purposes including:

  • supplying products or services to you;
  • processing payments and arranging delivery;
  • responding to enquiries and providing customer support;
  • managing our relationship with customers, donors, suppliers, volunteers and staff;
  • sending updates, newsletters, marketing or promotional communications where permitted;
  • verifying identity and reducing fraud risk;
  • improving our website, products and services;
  • complying with legal and regulatory obligations; and
  • otherwise carrying out our functions and activities.

Your current policy identifies sales and delivery, marketing and fraud risk mitigation as core purposes.

7. Direct marketing

We may use your personal information to send you information about our products, services, campaigns, events or other updates that may interest you, where permitted by law.

You can opt out of receiving marketing communications from us at any time by:

  • clicking the unsubscribe link in an email;
  • contacting us using the details below; or
  • otherwise asking us to stop sending marketing communications.

Australian privacy guidance addresses direct marketing as a distinct privacy obligation.

8. Who we may disclose personal information to

We may disclose your personal information to third parties where reasonably necessary for our activities, including:

  • payment service providers;
  • delivery and logistics providers;
  • IT service providers, website hosts and cloud storage providers;
  • marketing service providers;
  • professional advisers such as accountants, auditors or lawyers;
  • contractors and service providers who perform services on our behalf;
  • regulatory authorities, government agencies, courts or tribunals where required or authorised by law.

Your current draft refers to contractors, service providers and certain marketing-related disclosures, while also stating you do not sell, trade or otherwise transfer personal information.

We do not sell personal information.

9. Overseas disclosure

Some of our service providers, including cloud or software providers, may store or process personal information outside Australia.

Where we disclose personal information overseas, we will take reasonable steps to ensure the recipient handles that information in a manner consistent with Australian privacy law, unless an exception applies.

10. Storage and security of personal information

We take reasonable steps to protect the personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. This aligns with APP 11, which deals with security of personal information.

The measures we use may include:

  • password-protected systems and databases;
  • restricted access to personal information;
  • secure payment technologies;
  • secure storage arrangements with service providers;
  • staff and contractor confidentiality obligations; and
  • physical security measures for hard copy records.

Your current draft states that electronic records may be stored on password-protected databases, including with cloud or third-party providers, with hard copy records held in secured offices.

No method of transmission over the internet or method of electronic storage is completely secure, so we cannot guarantee absolute security.

11. Payment information

Where payments are made through our website, payment information may be processed through secure third-party payment providers. Your current policy refers to SSL encryption for card details transmitted online.

We do not necessarily store full credit card details ourselves unless required for a legitimate business purpose and permitted by law.

12. How long we keep personal information

We keep personal information only for as long as reasonably necessary for the purpose for which it was collected, to meet legal, accounting or reporting requirements, or as otherwise permitted by law.

When personal information is no longer required, we will take reasonable steps to destroy it or de-identify it.

Your current draft says information may remain on the database indefinitely until removal is requested, unless destroyed or de-identified earlier. That wording is usually better replaced with a more general retention statement like the one above.

13. Access to and correction of personal information

You may request access to the personal information we hold about you, and you may ask us to correct personal information that is inaccurate, out of date, incomplete, irrelevant or misleading.

Australian privacy law gives individuals rights to access and correction, subject to limited exceptions.

We may need to verify your identity before giving access or making corrections. We will respond to access or correction requests within a reasonable period, and generally within 30 days where applicable. Your current draft uses a 30-day timeframe.

In some circumstances, the law allows us to refuse access. If we do so, we will provide written reasons where required and explain the complaint options available to you. Your current policy already lists common refusal grounds.

14. Third-party links

Our website may contain links to third-party websites. Those websites are not operated or controlled by us, and we are not responsible for their privacy practices, content or policies.

You should review the privacy policy of any third-party site you visit. This is consistent with the position stated in your existing policy.

15. Data breaches

If we experience a data breach involving personal information, we will investigate and respond in accordance with our legal obligations.

Under the OAIC’s Notifiable Data Breaches scheme, organisations covered by the Privacy Act must notify affected individuals and the OAIC if an eligible data breach is likely to result in serious harm.

16. Complaints

If you have a question, concern or complaint about how we handle your personal information, please contact us using the details below.

We will consider your complaint and respond within a reasonable time, and generally within 30 days. Your current draft also uses a 30-day response period.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC). The OAIC is the Australian regulator responsible for privacy complaints under the Privacy Act.

17. Contact us

Privacy Officer
Happy Hearts Australia Inc.
2/6 Tango Street
Caboolture QLD 4510
Email: [insert correct privacy email address]

Your current draft lists the address above, but the email addresses appear to use another domain and should be checked before publication.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any updated version will be posted on our website and will take effect from the date of posting.

Your current policy already states that revisions may be made by updating the page.

Last updated: 19th April, 2026

 

 

 

 

FAQ's

Shop

About

Terms & Conditions

Privacy Policy

Cookie Policy

Refund, Returns & Exchanges Policy