Privacy Policy

Privacy practices for customers in Australia and New Zealand.

What we collect

• Identity and contact details (name, email, billing and shipping addresses, phone)
• Order data (items purchased, value, payment method — we do not store full card numbers)
• Marketing preferences if you opt in
• Technical data (IP address, browser type, pages viewed, cookies)

Why we collect it

To process your order, deliver your purchase, provide customer service, comply with tax and consumer protection law, prevent fraud, and — with your consent — send marketing.

Who we share with

We do not sell or rent your data. We share only with carefully selected processors who help us operate the business: our e-commerce platform, payment processors, shipping providers, our email service provider, our reviews platform, and analytics tools (aggregated, anonymised). We share with authorities only if legally required. All processors are bound by data protection contracts.

Cookies

We use cookies for site functionality, security, analytics, and — with consent — personalised marketing. You can manage preferences via the consent banner or your browser settings.

Your rights

Under the Australian Privacy Principles you may access, correct, or request deletion of your personal information at any time. If you believe we have mishandled your data, you may complain to the Office of the Australian Information Commissioner (oaic.gov.au). To exercise these rights email info@oralua.com.au. We respond within 30 days.

Security

We use industry-standard encryption, access controls, and vetted processors. No system is 100% secure; we will notify you of any breach affecting your rights.

Retention

Order data is kept for the period required by tax law. Marketing data is kept until you unsubscribe or for 3 years of inactivity. Analytics data is kept for up to 26 months.

Children

Our site is not directed at children under 16.

Contact

For any privacy enquiry: info@oralua.com.au

Privacy practices for customers in the European Union. Data controller: Oralua, info@oralua.com.au.

Who we are

Oralua is a small business designing leather bags and jewellery for customers across the European Union. For data protection enquiries: info@oralua.com.au.

What data we collect

• Identity and contact: name, email, billing and shipping addresses, phone
• Order data: items purchased, value, payment method (full card numbers handled by PCI-compliant processors, not us)
• Marketing preferences if you opt in
• Technical data: IP, browser, device, pages visited, cookies
• Behavioural data: products viewed, cart additions, session time

Lawful basis under GDPR

• Contractual necessity — to process your order and provide service
• Legal obligation — tax, accounting, consumer protection, anti-fraud
• Legitimate interests — site improvement, fraud prevention, aggregated analytics (you can object)
• Consent — marketing emails and non-essential cookies (revocable at any time)

Who we share with

We never sell or rent your data. We share only with carefully selected processors who help us operate the business: our e-commerce platform, payment processors, shipping providers, our email service provider, our reviews platform, and analytics tools (aggregated, anonymised). We share with authorities only if legally required. All processors are bound by data protection contracts.

International transfers

Some of our processors are based outside the EU/EEA. When data is transferred outside the EU/EEA we rely on Standard Contractual Clauses approved by the European Commission, adequacy decisions where applicable, or other safeguards under GDPR Articles 45–49. Copies available on request.

Retention

• Order data: 10 years (tax law)
• Marketing data: until unsubscribe or 3 years of inactivity
• Analytics: up to 26 months
• Customer service correspondence: 3 years from last interaction

Your rights (GDPR)

• Access a copy of your data (Art. 15)
• Rectification of inaccurate data (Art. 16)
• Erasure — "right to be forgotten," subject to legal retention (Art. 17)
• Restriction of processing (Art. 18)
• Portability in machine-readable format (Art. 20)
• Objection to processing based on legitimate interests (Art. 21)
• Withdraw consent at any time (Art. 7)
• Lodge a complaint with your national Data Protection Authority

To exercise these rights: info@oralua.com.au. We respond within 30 days.

Cookies

We use cookies for site functionality, security, analytics, and — with consent — personalised marketing. Manage via the consent banner or browser settings.

Children

Our site is not directed at children under 16.

Security

We use TLS encryption, encrypted storage, access controls, and vetted processors. In the event of a personal data breach affecting your rights, we will notify you and the relevant authority per GDPR Articles 33–34.

Changes

We may update this policy. Material changes will be notified by email or site notice.