Privacy Policy

1. About This Policy

Austvita Pty Ltd (ABN 00 000 000 000) (“Austvita”, “we”, “us”, “our”) is committed to protecting the privacy of your personal information. This Privacy Policy explains how we collect, hold, use, and disclose your personal information in accordance with the Privacy Act 1988(Cth) and the Australian Privacy Principles (“APPs”).

By accessing our website at austvita.com.au or purchasing our products, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

We may collect the following types of personal information:

2.1 Information You Provide

• Identity information: full name, date of birth.
• Contact information: email address, phone number, residential or delivery address.
• Account information: username, password (stored in hashed form only), and account preferences.
• Transaction information: billing address, payment method details (processed securely by our payment processor, Stripe — we do not store your full card number), purchase history, and order details.
• Communication information: messages you send via our contact form, live chat, email correspondence, product reviews, and survey responses.
• Child-related information: your child’s age range and dietary requirements (provided voluntarily to help us recommend suitable products). We do not knowingly collect personal information directly from children.

2.2 Information Collected Automatically

• Device and browser information: IP address, browser type and version, operating system, device identifiers.
• Usage data: pages visited, time spent on pages, referring URLs, click patterns, and search queries on our site.
• Cookies and similar technologies: see Section 8 below.
• Location data: approximate geographic location derived from your IP address (used to estimate shipping costs and display relevant content).

2.3 Information from Third Parties

We may receive personal information from third-party services you use to interact with us (e.g., social media platforms if you log in via a social account), payment processors, delivery partners, and analytics providers.

3. How We Use Your Information

We collect and use your personal information for the following purposes:

• Fulfilling orders: processing purchases, arranging delivery, managing returns and refunds, and providing order status updates.
• Account management: creating and managing your account, authenticating your identity, and maintaining your preferences.
• Customer support: responding to your enquiries, complaints, and feedback.
• Product recommendations: suggesting products based on your child’s age range and dietary needs.
• Marketing communications: sending newsletters, promotional offers, and product updates (only with your consent; you can opt out at any time).
• Improving our services: analysing usage patterns, conducting research, and improving our website, products, and customer experience.
• Legal compliance: complying with applicable laws, regulations, and legal processes, including the Therapeutic Goods Act 1989 (Cth) and Australian Consumer Law.
• Security and fraud prevention: detecting, investigating, and preventing fraudulent transactions and unauthorised access to our systems.

4. Legal Basis for Processing

Under the APPs, we process your personal information where:

• It is reasonably necessary for one or more of our functions or activities (APP 3).
• You have consented to the collection and use (e.g., for marketing communications).
• It is required or authorised by or under an Australian law or a court/tribunal order (APP 6).

5. Disclosure of Your Information

We may share your personal information with:

• Service providers: payment processors (Stripe), shipping and logistics partners (Australia Post, courier services), email service providers, cloud hosting providers, and analytics services. These providers are contractually obligated to protect your data and use it only for the services they provide to us.
• Professional advisors: lawyers, accountants, and auditors as necessary for our business operations.
• Regulatory authorities: the Therapeutic Goods Administration (TGA), Food Standards Australia New Zealand (FSANZ), the Australian Competition and Consumer Commission (ACCC), and the Office of the Australian Information Commissioner (OAIC) where required by law.
• Business transfers: in the event of a merger, acquisition, or sale of all or part of our business, your information may be transferred to the acquiring entity.

We will never sell, rent, or trade your personal information to third parties for their own marketing purposes.

6. Overseas Disclosure

Some of our service providers (such as cloud hosting and payment processing) may store data on servers located outside Australia, including in the United States and the European Union. Before disclosing your personal information overseas, we take reasonable steps to ensure the overseas recipient handles your information in accordance with the APPs (APP 8). Where practicable, we use Australian-hosted infrastructure.

7. Data Security

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

• Encryption of data in transit using TLS/SSL (HTTPS).
• Encryption of sensitive data at rest.
• Secure payment processing via Stripe (PCI-DSS compliant) — we never store your full credit card details.
• Password hashing using industry-standard algorithms (bcrypt).
• Regular security assessments and access controls.
• Limiting access to personal information to authorised personnel only.

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:

• Essential cookies: enable core functionality such as shopping cart persistence, user authentication, and security features. These are strictly necessary and cannot be disabled.
• Analytics cookies: help us understand how visitors interact with our website (e.g., Google Analytics). These collect aggregated, anonymised data.
• Preference cookies: remember your settings and preferences (e.g., age range filters, dietary preferences).
• Marketing cookies: used to deliver relevant advertisements and measure campaign effectiveness (only with your consent).

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our website, including the shopping cart and checkout process.

9. Your Rights

Under the Privacy Act and the APPs, you have the right to:

• Access: request access to the personal information we hold about you (APP 12).
• Correction: request correction of any inaccurate, out-of-date, incomplete, irrelevant, or misleading information (APP 13).
• Opt out of marketing: unsubscribe from marketing communications at any time by clicking the “unsubscribe” link in any email, or by contacting us directly.
• Complain: lodge a complaint if you believe we have breached the APPs (see Section 12).
• Delete your account: request deletion of your account and associated personal information, subject to our legal obligations to retain certain records (e.g., transaction records for tax purposes).

To exercise any of these rights, please contact us using the details in Section 12. We will respond to your request within 30 days.

10. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law. Specifically:

• Account information: retained for the duration of your account and for 12 months after account closure.
• Transaction records: retained for a minimum of 7 years to comply with Australian taxation law.
• Marketing preferences: retained until you withdraw consent.
• Communication records: retained for up to 3 years for quality assurance and dispute resolution.

When personal information is no longer required, we will take reasonable steps to securely destroy or de-identify it.

11. Children’s Privacy

Our products are designed for infants, toddlers, and expectant/new mothers, but our website and services are directed at parents and guardians, not children. We do not knowingly collect personal information from individuals under 18 years of age. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly.

12. Contact Us and Complaints

If you have any questions about this Privacy Policy, wish to exercise your rights, or want to make a complaint about how we have handled your personal information, please contact us:

We will acknowledge your complaint within 7 days and aim to resolve it within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website with a revised “Last updated” date. If the changes are significant, we may also notify you via email. Your continued use of our website or services after the updated policy is posted constitutes your acceptance of the changes.

14. Governing Law

This Privacy Policy is governed by the laws of the Commonwealth of Australia, including the Privacy Act 1988 (Cth). Any disputes arising from this policy will be subject to the jurisdiction of the courts of New South Wales, Australia.