1. Scope & application
This Policy applies to personal information collected by us in Australia and overseas in connection with the Services. It applies to all users, customers, visitors, suppliers and contractors. It supplements any additional privacy notices we provide when collecting personal information (for example, at point of sale, competition entry, or product registration).
2. What personal information we collect
We collect the types of personal information reasonably necessary to provide our Services, manage our business, comply with legal obligations and for marketing/analytics. This may include:
Identity & contact information Full name, email address, postal address, phone number, delivery address.
Account & purchase information Order history, purchase amounts, payment/transaction records (we do not store full card numbers; see Payment below), wishlists, returns/exchange records.
Payment & billing Payment tokens, transaction IDs and billing details processed by our third-party payment providers (e.g., Stripe, PayPal). We do not retain full card numbers on our servers unless explicitly stated; card details are handled by PCI-compliant payment providers.
Device & technical data IP address, browser type, device identifiers, operating system, cookies and similar tracking data, log files, referring/exit pages, clickstreams and performance metrics.
Communications Customer support messages, live chat transcripts, emails, reviews, survey responses.
Marketing preferences Subscription preferences, consents and unsubscribe choices.
Sensitive information We do not generally collect ‘sensitive information’ (as defined in the Privacy Act) such as health or racial data, except where voluntarily provided (e.g., allergy notes). If you provide sensitive information, we will obtain explicit consent and handle it with extra care.
3. How we collect personal information
We collect information directly from you and automatically:
Directly from you When you register an account, place an order, subscribe, contact customer service, participate in surveys, enter competitions, or provide feedback.
Automatically When you visit the Site we collect technical information via cookies and analytics tools.
From third parties From payment processors, delivery partners, aggregated analytics providers, social networks (if you log in via social), or publicly available sources and business partners. We will only combine third-party data with your data where permitted by law.
4. Purposes for collection and use
We use your personal information for the following purposes:
To process and fulfil orders, payment and delivery; manage returns and refunds.
To provide customer service and respond to enquiries.
To manage your account, subscriptions and preferences.
To operate, maintain, personalise and improve our Site and Services.
To send transactional messages (order confirmations, shipping updates).
To send marketing and promotional communications where you have consented (or otherwise permitted by law).
To administer promotions, competitions and surveys.
To detect, investigate and prevent fraudulent or illegal activity and to enforce our Terms & Conditions.
To comply with legal obligations, regulation and lawful requests by authorities.
For other purposes with your consent.
We will not use personal information for unrelated purposes without your consent.
5. Legal basis and consent (Australia)
Under the Privacy Act / APPs, we collect personal information where reasonably necessary to provide our Services, where you have consented, or where otherwise authorised or required by law. For marketing communications we rely on your consent or an applicable exception under the Spam Act 2003. You may withdraw marketing consent at any time (see “Your rights” below).
6. Cookies & similar technologies
We use cookies, web beacons, local storage and similar technologies to operate the Site and analyse use. This includes:
Essential cookies for cart functionality and security.
Performance & analytics cookies (e.g., Google Analytics) to improve the Site.
Functional cookies for remembering preferences.
Advertising/targeting cookies for personalised marketing (subject to consent).
You can manage cookie settings via your browser and our cookie banner. Disabling certain cookies may limit Site functionality.
7. Disclosure of personal information (who we share with)
We may disclose information to:
Service providers & partners (to the extent required):
Payment processors (e.g., Stripe, PayPal), shipping & logistics providers, cloud and hosting services (e.g., AWS), email platforms (e.g., Klaviyo, Mailchimp), CRM systems, analytics providers (e.g., Google), marketing and advertising services, returns/warehousing partners.
We only disclose the information necessary for them to perform services on our behalf and require them to protect personal information consistent with this Policy.
Professional advisors & third parties Legal, accounting, audit, fraud-prevention, and other professional advisors.
Law enforcement & regulators Where required by law, court order, or to protect our legal rights, safety, or property.
Business transactions If we sell, merge, restructure, or transfer part of the business, personal information may be disclosed as part of that transaction. We will require any acquirer to follow this Policy.
8. Cross-border disclosure (overseas transfers)
To operate the Site we may transfer personal information to recipients or servers located outside Australia (for example, in the United States, Europe, or Asia). Countries we commonly transfer to include United States, Singapore, EU member states. Where we do so, we take reasonable steps to ensure equivalent protections (standard contract clauses, vendor contracts, where available). By using the Site you consent to such transfers. If you require further details about transfer locations and safeguards, contact us.
9. Data security & retention
Security measures We use a combination of technical and organisational measures to protect personal information, including encryption (TLS/SSL), firewalls, access controls, secure hosting, and staff training.
Retention We retain personal information only for as long as necessary to fulfil the purposes described (including legal, tax or accounting obligations). Typical retention periods:
Order & transaction data: 7 years (to meet taxation/financial record obligations).
Marketing consent & preferences: until you unsubscribe or request deletion.
Customer support records: 2–7 years depending on nature.
Analytics data: aggregated / anonymised where possible; raw logs retained per vendor settings.
If you request deletion, we will delete or de-identify information unless we are required to retain it by law.
Data breaches We have incident response procedures. Under Australia’s Notifiable Data Breaches (NDB) scheme, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) where a data breach is likely to result in serious harm.
10. Your rights & choices
You have rights in relation to your personal information:
Access & correction You may request access to the personal information we hold about you and ask us to correct inaccuracies. We will respond in accordance with the Privacy Act (usually within 30 days).
Deletion / erasure You may request deletion of your personal information. We will comply where we are not required by law to retain it (e.g., for tax, legal, warranty or safety reasons).
Portability If technically feasible, we will provide a machine-readable copy of your personal information on request.
Marketing & cookies You can opt out of marketing messages at any time via the unsubscribe link or by contacting us. You can control cookies via the cookie banner or your browser.
Complaints If you have concerns about our handling of personal information, contact us (see below). You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
To exercise any of these rights, contact us at the details below. We may request identity verification before taking action.
Contact Us
11. Children’s privacy
Our Site is not intended for children under 13. We do not knowingly collect personal information from children under 13. If a parent/guardian becomes aware their child has provided personal information without consent, contact us and we will delete it.
12. Third-party links & social media
Our Site may link to third-party websites and social media platforms. This Policy does not apply to third parties; we encourage you to review their privacy policies before providing personal information.
13. Automated decision-making & profiling
We may use automated tools (analytics, segmentation, advertising) to personalise content and marketing. These processes do not result in legal or similarly significant effects on individuals. If you wish to opt out of profiling-based marketing, contact us.
15. Changes to this Policy
We may modify this Policy to reflect changes in law, our business, or practices. We will post the revised Policy on the Site with an updated “Last updated” date. Where changes are material, we will take reasonable steps to notify users (e.g., email notices to subscribers).
16. Contact us
For privacy enquiries, access/correction requests, complaints, or to exercise your rights:
Foren
ABN: 97479328069
Address: 81 Mann St, Gosford, NSW, 2250 Australia
Email: privacy@foren.com
Phone: [insert phone number]
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) via oaic.gov.au.
Contact Us
