PRIVACY POLICY

1. Introduction

At PDP One Pty Ltd t/a Elev8t Property, we are committed to protecting your privacy and handling your personal information responsibly. We collect, use, and store personal information in accordance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Privacy and Other Legislation Amendment Act 2024, and, where applicable, the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

This policy explains what personal information we collect, why we collect it, how we use and protect it, your rights regarding your data, and how to contact us with questions or complaints.

This policy applies to all personal information collected through our website [yourwebsite.com.au], our online store, email communications, social media interactions, and any other channels through which you interact with us.

2. Information we collect

2.1 Personal information you provide directly

When you interact with us, we may collect the following personal information:

•       Identity information: full name, date of birth

•       Contact information: email address, telephone number, postal address

•       Business information: company name, ABN, job title

•       Account information: username, password (encrypted), account preferences

•       Transaction information: billing address, shipping address, purchase history

•       Payment information: credit card details (processed securely by our payment provider and not stored on our servers)

•       Communication information: enquiries, support requests, feedback, survey responses

•       Social media information: social media handles, public profile information

•       User-generated content: blog comments, testimonials, reviews

2.2 Information collected automatically

When you visit our website, we automatically collect:

•       Device and browser information: IP address, browser type and version, operating system, device type

•       Usage data: pages visited, time spent on pages, referring website, click patterns

•       Location data: approximate geographic location derived from IP address

•       Cookie and tracking data: see Section 8 (Cookies and tracking technologies) for full details

2.3 Information from third parties

We may receive personal information from third-party sources including analytics providers, advertising networks, payment processors, and publicly available sources. We only use such information in accordance with this policy.

3. Lawful basis for processing

We process your personal information only when we have a lawful basis to do so. Under the APPs and, where applicable, the GDPR, our lawful bases include:

Consent

Marketing communications, non-essential cookies, optional surveys

Contractual necessity

Processing orders, delivering products/services, managing your account

Legal obligation

Tax record-keeping, responding to court orders, mandatory breach reporting

Legitimate interest

Fraud prevention, website security, service improvement, analytics

Where we rely on consent, you may withdraw it at any time by contacting us or using the unsubscribe mechanism provided. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

4. How we use your information

4.1 Primary purposes

•       To process and fulfil your orders and transactions

•       To create and manage your account

•       To provide customer support and respond to enquiries

•       To send transactional communications (order confirmations, shipping updates, receipts)

•       To comply with legal and regulatory obligations

4.2 Secondary purposes

•       To send marketing communications (only with your consent; you may opt out at any time)

•       To personalise your website experience and recommend relevant products or content

•       To conduct analytics and research to improve our services

•       To detect and prevent fraud and security threats

•       To measure customer satisfaction and gather feedback

•       To administer competitions, promotions, or surveys

4.3 Aggregated and anonymised data

We may create aggregated or anonymised datasets from personal information for analytics, reporting, and service improvement. Once anonymised, this data is no longer personal information and is not subject to this policy.

5. Automated decision-making and AI

We do not use automated tools and artificial intelligence (AI) for automated decision-making purposes.

6. Third-party service providers

All our third-party providers are bound by data processing agreements that require them to protect your personal information to the same standard as this policy. We do not sell, rent, or trade your personal information to any third party.

7. When we may disclose your information

In addition to the third-party providers listed above, we may disclose your personal information in the following circumstances:

•       To comply with applicable laws, regulations, court orders, subpoenas, or government requests

•       To enforce our terms and conditions or other agreements

•       To protect the rights, property, or safety of our business, our customers, or the public

•    In connection with a merger, acquisition, sale of assets, or business restructure, where personal information may be transferred to a successor entity under a confidentiality agreement

We will only disclose information in good faith and to the minimum extent necessary for the stated purpose.

8. Cookies and tracking technologies

8.1 What are cookies?

Cookies are small text files placed on your device when you visit our website. They help us understand how you use our site, remember your preferences, and improve your experience. We also use similar technologies such as pixels, web beacons, and local storage.

8.2 Types of cookies we use

Essential

Site functionality, security, shopping cart

No (strictly necessary)

Analytics

Understanding site usage and performance

Yes

Marketing

Serving relevant ads, measuring ad effectiveness

Yes

Preference

Remembering your settings and choices

Yes

8.3 Managing your cookie preferences

When you first visit our website, a cookie consent banner allows you to accept or decline non-essential cookies by category. You can change your preferences at any time by clicking the cookie settings link in our website footer. You may also manage cookies through your browser settings, though disabling certain cookies may affect website functionality.

9. Data storage, security, and retention

9.1 Security measures

We implement appropriate technical and organisational measures to protect your personal information, including:

•       SSL/TLS encryption for all data transmitted between your browser and our servers

•       Encryption of sensitive data at rest

•       Access controls limiting employee access to personal information on a need-to-know basis

•       Regular security assessments and vulnerability testing

•       Secure password hashing and multi-factor authentication where applicable

•       Regular data backups stored in secure, access-controlled environments

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9.2 Data retention periods

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, plus any period required by law.

When personal information is no longer needed, we securely delete or anonymise it.

10. Cross-border data transfers

To deliver our services, your personal information may be transferred to, and processed in, countries outside Australia. This may occur when our third-party service providers operate servers or support teams in other jurisdictions.

Before transferring personal information overseas, we take reasonable steps to ensure the recipient handles information in accordance with the APPs. Our safeguards include:

•       Entering into data processing agreements with overseas recipients that include obligations equivalent to the APPs

•       Assessing whether the recipient country has privacy laws that provide comparable protections

•       Implementing standard contractual clauses where transfers are to countries covered by the GDPR

Countries to which we may transfer data include United States. If you would like further detail about our overseas transfer safeguards, please contact us.

11. Data breach notification

In the event of an eligible data breach (as defined under the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act 1988), we will:

•       Promptly assess whether the breach is likely to result in serious harm to affected individuals

•       Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable, and in any event within 30 days of becoming aware of the breach

•       Notify affected individuals as soon as practicable, including a description of the breach, the types of information involved, and recommended steps to mitigate potential harm

•       Take reasonable steps to contain the breach and reduce the risk of further harm

We maintain a data breach response plan and conduct regular testing to ensure we can respond effectively.

12. Children’s privacy

Our services are not directed at persons under 18 years of age, and we do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided personal information without verified parental consent, we will take steps to delete that information as soon as possible.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately using the details in Section 14.

We are committed to compliance with the forthcoming Children’s Online Privacy Code being developed by the OAIC under the Privacy and Other Legislation Amendment Act 2024, which is expected to be registered by December 2026. We will update this policy to reflect any new obligations once the Code is finalised.

13. Your rights

13.1 Rights under Australian law

Under the Australian Privacy Principles (APP 12 and APP 13), you have the right to:

•       Access the personal information we hold about you

•       Request correction of inaccurate, incomplete, or out-of-date information

•       Make a complaint if you believe we have breached the APPs

13.2 Additional rights for EU/EEA residents (GDPR)

If you are located in the European Union or European Economic Area, you also have the right to:

•       Erasure (‘right to be forgotten’): request deletion of your personal data in certain circumstances

•       Data portability: receive your personal data in a structured, machine-readable format

•       Restriction of processing: request that we limit how we use your data

•       Object to processing: object to processing based on legitimate interests or for direct marketing

•       Withdraw consent: withdraw consent at any time for processing based on consent

•       Lodge a complaint with your local data protection authority

13.3 Additional rights for California residents (CCPA/CPRA)

If you are a California resident, you also have the right to:

•       Know what personal information we collect and how it is used and shared

•       Delete personal information collected from you (subject to certain exceptions)

•       Opt out of the sale or sharing of personal information (we do not sell personal information)

•       Non-discrimination for exercising your privacy rights

To exercise any of these rights, please contact us using the details in Section 14. We will respond within 30 days (or sooner where required by applicable law). We may ask you to verify your identity before processing your request.

14. Contact us

For questions, concerns, or requests regarding this privacy policy or the handling of your personal information, please contact:

Privacy contact: Tarek Attia

Email: [email protected]

Post: 732 Forest Road Peakhurst NSW 2209

Phone: 040 189 06 08

We aim to respond to all enquiries within 48 hours and to resolve complaints within 30 days.

14.1 Complaints

If you are not satisfied with our response to your complaint, you may contact the Office of the Australian Information Commissioner (OAIC):

•       Website: www.oaic.gov.au

•       Phone: 1300 363 992

•       Email: [email protected]

15. Links to other websites

Our website may contain links to third-party websites for your convenience. These links do not imply our endorsement or approval of those sites. We are not responsible for the privacy practices or content of external websites and encourage you to review their privacy policies before providing any personal information.

16. Changes to this privacy policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

•       Update the ‘Last updated’ date at the top of this policy

•       Post a notice on our website for a reasonable period

•       Where practicable, notify you by email if the change materially affects how we handle your information

We encourage you to review this policy periodically. Your continued use of our website after changes are posted constitutes your acknowledgement of the updated policy.