Privacy Policy

This Privacy Policy outlines how Her New Favourite Cosmetics (referred to as “we,” “our,” or “the Site”) collects, handles, and shares your personal information when you browse or make purchases through our website. We take your privacy seriously and comply with all applicable laws, including the Australian Privacy Act 1988 (and the Australian Privacy Principles), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other regional data protection laws.

1. Information We Collect

We collect personal data necessary to operate our business, provide our services, improve user experience, and satisfy legal requirements.

Device Information

  • Examples: browser details, IP address, time zone, cookies, site navigation patterns, search queries, interactions
  • Purpose: maintain platform functionality, conduct analytics, tailor user experience, and detect potential risks or fraud
  • Source: collected automatically through browser technologies (e.g. cookies, pixels, and log files)
  • Disclosure: shared with analytics and hosting partners such as Shopify, Google Analytics, and Meta Pixel (if applicable)

Order Information

  • Examples: name, billing/shipping addresses, email, phone number, and payment details (card data is managed by secure third-party gateways)
  • Purpose: process transactions, fulfil orders, generate invoices, send notifications, manage returns, and conduct marketing (where consented)
  • Source: provided by you during checkout
  • Disclosure: shared with Shopify, payment processors, logistics and customs partners

Customer Service Interactions

  • Examples: support messages, complaint history, reviews, and contact details
  • Purpose: resolve queries, enhance support services, improve product offerings
  • Source: provided directly by you
  • Disclosure: may be stored on our CRM or helpdesk systems

International Shipping Details

  • Examples: shipping destination, declared value, product classification codes (HS codes)
  • Purpose: satisfy import/export regulations, duties, and tax compliance (e.g., GST, VAT)
  • Source: collected during the ordering process
  • Disclosure: provided to customs, carriers, and relevant authorities as required by international shipping laws

Marketing Data

  • Examples: newsletter sign-ups, ad click data, product interests, purchase behaviour
  • Purpose: deliver targeted marketing campaigns, promotions, and abandoned cart reminders
  • Source: collected via consent-based forms, cookies, or pixels
  • Disclosure: shared with email providers (e.g. Klaviyo) and advertising platforms (e.g. Facebook Ads, Google Ads)

2. How We Use Your Data

We process personal information to:

  • Provide and deliver products and services
  • Process payments and manage shipping logistics
  • Communicate updates, confirmations, offers, and promotions (where permitted)
  • Comply with taxation (e.g. GST, VAT), customs, and legal obligations
  • Perform risk assessments and detect fraudulent activities
  • Monitor site performance, conduct research, and improve our offerings

Legal Grounds for Processing

We rely on:

  • Contractual necessity – to fulfil orders and provide services
  • Legal compliance – to meet obligations under tax, consumer, and commercial laws
  • Legitimate interests – to run and grow our business responsibly
  • Consent – for sending promotional materials and managing cookies where legally required

We do not engage in automated decision-making that has a legal or similarly significant effect.

3. Sharing of Personal Information

We share your personal information with trusted third parties when necessary to:

  • Operate and maintain our website and apps (Shopify, third-party plugins)
  • Process payments (Afterpay, Shop Pay etc)
  • Deliver orders and manage returns (Australia Post, DHL, other logistics firms)
  • Handle analytics, marketing, and re-targeting (Google Analytics, Facebook Ads, Klaviyo)
  • Fulfil legal requests, court orders, or government regulations

In the event of a business sale, merger, or acquisition, your data may be part of the transferred assets under strict confidentiality.

We do not sell your personal data under any circumstances.

Third-Party Information

If you provide us with another person’s personal data (e.g. for gifting), you must have their consent to do so.

4. International Transfers

Your data may be processed or stored in jurisdictions outside your own, including Australia, the United States, Canada, the European Union, the United Kingdom, and New Zealand.

We ensure appropriate safeguards are in place for cross-border data transfers, such as:

  • Standard Contractual Clauses (EU)
  • Adequacy decisions (UK, Canada, New Zealand)
  • Binding Corporate Rules or contractual terms with our partners

Contact us if you have concerns about your data being transferred internationally.

5. Cookies and Tracking

We use cookies, web beacons, and other tracking technologies to:

  • Maintain essential website functions (cart, login, session management)
  • Measure marketing campaign performance
  • Personalise your shopping experience

You may disable cookies via browser settings, but this may affect functionality. Visit our Cookie Policy for full details.

6. Your Privacy Rights

Your rights vary by jurisdiction and may include:

  • Accessing your personal information
  • Correcting or updating your information
  • Requesting deletion (in some cases)
  • Objecting to processing (e.g. for marketing)
  • Data portability (where applicable)
  • Withdrawing previously given consent

Australian Residents

You may request access or correction under the Privacy Act 1988. You may also file a complaint with the OAIC if you believe your privacy rights have been violated.

EU/UK Residents

You have rights under the GDPR to access, correct, delete, or object to processing of your personal data.

US Residents (CCPA/CPRA)

You may opt-out of the “sale” or “sharing” of personal information (as defined by law), request a copy of the data held, or request deletion.

We respond to verified requests within the timeframes required by law and will never penalize you for exercising your rights.

7. Data Retention

We retain your personal data:

  • As long as needed for business purposes or legal compliance
  • Until you withdraw consent (where applicable)
  • According to minimum retention periods set by tax or commercial laws

When no longer required, we securely delete, anonymise, or archive your data.

8. Children's Privacy

Our site is not directed to children under the age of 16. If we learn that we have collected data from a minor without proper consent, we will promptly delete it. If you become aware of such collection, please contact us.

9. Policy Changes

We may update this policy to reflect changes in technology, legal requirements, or business practices. Significant changes will be noted on this page. Continued use of the site indicates your acceptance of the revised policy.

10. Contact Us

To exercise your privacy rights or if you have concerns about our data practices, contact us via the Contact tab on our site.

Last updated: 22 July 2025