Privacy policy

Privacy Policy (Australia)

Last updated: 11 October 2025
Business: Ember Specialty Coffee (ABN 59 384 647 431)
Contact: contact@emberoaster.com

We are committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose and store your personal information when you visit our website, purchase from our online store, contact us, or otherwise use our Services. Our store is hosted by Shopify, which provides the e-commerce platform we use.

By using the Services, you acknowledge this Policy and our handling of your personal information as described below. If you do not agree, please do not use the Services.

 

1) Personal Information We Collect

We collect the following categories of personal information when reasonably necessary for our functions or activities: - Identity & contact: name, email, billing and shipping addresses. - Account: username, password and preferences (if you create an account). - Transactions: items purchased/returned/exchanged, order history, payment status. - Payment: payment method details processed via our payment providers (we do not store full card numbers). - Device & usage: IP address, device and browser type, pages viewed, interactions, referring/exit pages, timestamps, cookies. - Communications: messages you send us (e.g., support requests, product reviews).

We collect personal information directly from you, automatically via cookies and similar technologies, and from service providers (e.g., Shopify, payment gateways, analytics, fulfilment partners) where permitted by law.

2) Why We Collect & How We Use Personal Information

We use personal information to: - Provide & operate the Services (process orders, payments, shipping, returns, account management). - Customer support and responding to enquiries. - Personalise your experience (e.g., product recommendations, remembering preferences). - Marketing communications (with your consent where required) and online advertising (including retargeting). You can opt out of email marketing via the unsubscribe link; service emails (e.g., order updates) will still be sent. - Security & fraud prevention (authentication, detecting suspicious activity). - Compliance with laws, responding to lawful requests, and enforcing our terms.

3) Direct Marketing

We may send you marketing about our products and events. You may opt out at any time by using the unsubscribe link or contacting us. We comply with the Spam Act 2003 (Cth).

4) Disclosure to Third Parties

We disclose personal information to: - Shopify (store hosting, checkout, payments, analytics). See Shopify’s policy: https://www.shopify.com/legal/privacy - Service providers (payment processors, warehouses/fulfilment, couriers, email/SMS platforms, analytics, IT/security) who process information on our behalf under contractual safeguards. - Authorities or advisors as required by law or to protect our legal rights. - Business transferees in connection with a sale or reorganisation of our business. We do not sell personal information.

5) Cross-Border Disclosure (APP 8)

Because we use Shopify and other providers, your personal information may be disclosed to recipients outside Australia (including Canada, the United States and other countries). Where we disclose personal information overseas, we take reasonable steps to ensure recipients protect it in a way that is substantially similar to the APPs (e.g., contractual protections and reputable vendors).

6) Cookies & Analytics

We use cookies and similar technologies for core site functionality, performance, and marketing. You can control cookies via your browser settings; disabling some cookies may impact site functionality.

7) Access & Correction (APP 12 & 13)

You may request access to the personal information we hold about you and ask us to correct it if it is inaccurate, out-of-date, incomplete, irrelevant or misleading. We will respond within a reasonable period (usually within 30 days). Identification may be required.

8) Security (APP 11)

We take reasonable steps to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure. Measures include encryption in transit, secure servers, role-based access and staff training. No method is 100% secure; if a data breach is likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme.

9) Retention

We retain personal information only for as long as needed for the purposes described or as required by law (e.g., tax and accounting). When no longer required, we take reasonable steps to de-identify or securely destroy it.

10) Children

Our Services are not intended for persons under 18. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us to request deletion.

11) Third-Party Links

Our Services may link to third-party sites. Their privacy practices are not covered by this Policy. Review their policies before providing personal information.

12) Changes to this Policy

We may update this Policy by posting a new version with the “Last updated” date above. Material changes will be notified where required by law.

13) Contact & Complaints (APP 1.4(f))

Questions, requests or complaints about privacy:

Email: contact@emberoaster.com

We will respond promptly. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):
Website: https://www.oaic.gov.au | Phone: 1300 363 992 | Mail: GPO Box 5218, Sydney NSW 2001