Privacy Policy

1Introduction

This privacy policy explains how poprey.au Limited collects, uses, and protects your personal information. We are the "data controller" for the purposes of the AU General Data Protection Regulation (AU GDPR) and the Data Protection Act 2018. We take your privacy seriously and only use your personal data lawfully, fairly and transparently.

We keep our privacy practices under regular review and may update this notice to reflect changes in law or our business. The latest version will always be available on our website. If the changes are significant, we will notify you by email or via our website.

2What Personal Data We Collect

We collect information from you when you use our site, place an order, or contact us. This may include:

• Account information – your name, email address, social-media usernames and billing address.
• Order details – what you purchased, transaction dates and amounts. Payments are processed by third-party payment processors; we do not store your full card or other payment details.
• Technical data – IP address, browser type, device identifiers, operating system and time-zone settings. We collect this information to manage our site and improve its security. We use these data points, often integrated through Google Tag Manager, to analyse site usage via Google Analytics 4 (GA4) and Microsoft Clarity to optimise our services and user experience, which requires your consent via our cookie banner.
• Usage data – details about how you interact with our site, including clickstream data and page response times. We use cookies and similar technologies for this purpose.
• Communication data – emails, messages and customer support interactions.

Providing this information is voluntary, but if you do not provide the information we need to perform the service you have requested, we may not be able to supply it.

3Legal Bases for Processing

We only process your personal data when we have a valid legal basis under the AU GDPR. The main bases we rely on are:

• Contract – to perform the contract with you (e.g. to deliver your order and handle payments).
• Consent – where you have opted in to receive marketing communications. You can withdraw your consent at any time.
• Legitimate interests – to improve our services, prevent fraud and secure our website. We only rely on this basis where our interests do not override your rights and freedoms.
• Legal obligation – to comply with legal requirements, for example, record-keeping for tax purposes.

4How We Use Your Personal Data

We use your personal data to:

• Deliver our services – process orders, deliver followers/likes/views and manage your account.
• Communicate with you – send order confirmations, customer support messages and service updates.
• Improve our site and services – analyse usage to understand how our customers use our site and to improve functionality.
• Marketing (with consent) – send you promotions or newsletters you have subscribed to. You can unsubscribe at any time.
• Security and fraud prevention – monitor access to detect and prevent fraud or abuse and keep our systems secure.
• Legal compliance – maintain records and cooperate with authorities where required by law.

5Cookies and Analytics

We may use cookies and similar technologies to personalise your experience and analyse how our website is used. Cookies are small text files placed on your device. They help us remember your preferences and understand how visitors navigate our site. You can set your browser to refuse some or all cookies; however, this may affect the functionality of our site.

6Data Sharing and International Transfers

We will never sell your personal data. We may share your information with trusted third parties who provide services on our behalf, such as payment processors, hosting providers and analytics services. These third parties are bound by confidentiality and data-processing agreements to process your data only in accordance with our instructions and applicable law.

Some of our service providers may be located outside UK. Where we transfer your data to countries that have not been deemed to provide an adequate level of protection, we put in place appropriate safeguards, such as the AU International Data Transfer Agreement or Standard Contractual Clauses (IDTA/SCCs), to protect your data.

7Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting or reporting requirements. In general we keep transaction records for three months, in line with tax and accounting laws. When we no longer need your data, we will delete it or anonymise it so that it can no longer be linked to you.

8Security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted connections (SSL), firewalls, access controls and secure data centres. We regularly review these measures and our security procedures to ensure they remain effective.

9Your Data-Subject Rights

Under the AU GDPR, you have the following rights:

• Right to be informed – you have the right to clear information about how we collect and use your data.
• Right of access – you can request a copy of the personal data we hold about you.
• Right to rectification – if your personal data is inaccurate or incomplete, you can ask us to correct it.
• Right to erasure – you can ask us to delete your personal data where there is no good reason for us to continue processing it (the "right to be forgotten"). This right is not absolute and may be limited by legal requirements.
• Right to restrict processing – you can request that we suspend processing of your personal data, for example, while we verify its accuracy.
• Right to data portability – in certain circumstances, you have the right to obtain and reuse your personal data in a machine-readable format.
• Right to object – you can object to the processing of your data where we rely on legitimate interests or for direct marketing.
• Rights related to automated decision-making – you have the right not to be subject to a decision based solely on automated processing if it produces legal or similarly significant effects.

10Children

Our services are not directed at, and should not be used by, individuals under 18 years of age. We do not knowingly collect personal data from children.

11Contact Us

If you have any questions about this privacy policy or our data-processing practices, please get in touch:

• Email: info@poprey.au
• WhatsApp / Phone: +44 7311 122 544