Privacy policy

AQUALA Pty Ltd (ABN 32 695 512 933) (“we,” “us,” or “our”) is an Australian company specialising in residential water filtration products. We operate the website aquala.au (the “Website”).

1.2 Our Commitment

We are committed to protecting the privacy of your personal information. This Privacy Policy explains how we collect, use, disclose, and store your personal information in accordance with the Australian Privacy Principles (“APPs”) set out in the Privacy Act 1988 (Cth) (“Privacy Act”).

1.3 Scope

This Privacy Policy applies to personal information collected by us through our Website, in connection with the purchase of our Products, through your interactions with our customer service team, and through any other means by which you provide personal information to us.

1.4 Consent

By using our Website, placing an Order, creating an account, subscribing to our mailing list, or otherwise providing your personal information to us, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

2. INFORMATION WE COLLECT

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us, including:

Category	Examples	When Collected
Identity Information	Full name	Account creation, checkout
Contact Information	Email address, phone number, postal address	Account creation, checkout, enquiries
Transaction Information	Order details, purchase history, payment method type (not full card numbers)	Checkout, order processing
Account Information	Username, password (encrypted), account preferences	Account creation
Subscription Information	Subscription preferences, delivery frequency, Consumable selections	Subscription creation and management
Communication Records	Emails, chat transcripts, phone call records, support tickets	Customer enquiries and support
Warranty and Return Information	Warranty claims, return requests, product fault descriptions, photographs	Warranty claims and returns
User-Generated Content	Product reviews, ratings, testimonials, photographs	When submitted by you

2.2 Information Collected Automatically

When you visit our Website, we automatically collect certain technical information, including:

• IP address and approximate geographic location (city/region level);

• Browser type and version, operating system, and device type;

• Pages visited, time spent on pages, and navigation paths;

• Referring website or search terms that led you to our Website;

• Date, time, and duration of your visit; and

• Cookies and similar tracking technologies (see clause 7).

2.3 Information from Third Parties

We may receive personal information about you from third parties, including:

• Payment processors (transaction confirmation, fraud screening results);

• Delivery carriers (delivery status, delivery confirmation);

• Marketing and advertising platforms (aggregated campaign performance data); and

• Social media platforms (if you interact with our social media accounts or use social login).

2.4 Sensitive Information

We do not intentionally collect sensitive information (as defined in the Privacy Act), such as health information, racial or ethnic origin, political opinions, religious beliefs, or biometric data. If we inadvertently receive sensitive information, we will treat it in accordance with the Privacy Act and delete it if it is not required for a lawful purpose.

3. HOW WE USE YOUR INFORMATION

We use your personal information for the following purposes:

3.1 Order Fulfilment and Service Delivery

• Processing and fulfilling your Orders, Pre-Orders, and Subscriptions;

• Arranging delivery and providing tracking information;

• Processing payments and refunds;

• Managing your account and Subscription preferences;

• Sending transactional communications (order confirmations, dispatch notifications, Subscription renewal reminders); and

• Providing customer support and handling complaints.

3.2 Product Safety and Compliance

• Contacting you in the event of a Product Recall (see clause 17 of our Terms and Conditions);

• Maintaining records required for mandatory product safety reporting to the ACCC;

• Processing warranty claims and returns; and

• Sending filter replacement reminders and maintenance notifications.

3.3 Marketing and Communication

• Sending marketing emails about new Products, promotions, and content (with your consent and in compliance with the Spam Act 2003 (Cth));

• Personalising your experience on our Website; and

• Conducting surveys and requesting feedback.

3.4 Website Improvement and Analytics

• Analysing Website traffic and usage patterns;

• Improving our Website, Products, and Services;

• Detecting and preventing fraud, security threats, and misuse; and

• Ensuring the technical functionality and security of our Website.

3.5 Legal Compliance

• Complying with applicable laws, regulations, and legal obligations;

• Responding to lawful requests from government authorities;

• Establishing, exercising, or defending legal claims; and

• Maintaining records required under taxation, consumer protection, and product safety legislation.

4. HOW WE SHARE YOUR INFORMATION

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We may share your personal information with the following categories of recipients:

Recipient	Purpose	Safeguards
Payment Processors (e.g., Stripe, PayPal, Afterpay)	Processing payments and refunds	PCI DSS compliant; subject to their own privacy policies
Delivery Carriers (e.g., Australia Post, courier partners)	Delivering your orders	Receive only delivery address and contact details
Website Hosting and IT Providers	Hosting our Website and maintaining our IT systems	Contractual confidentiality obligations
Analytics Providers (e.g., Google Analytics)	Analysing Website usage in aggregated form	Data anonymised/aggregated before processing
Email Marketing Platforms	Sending marketing and transactional emails	Contractual data processing agreements
Government Authorities	Complying with legal obligations (ACCC, ATO, courts)	Only when required by law or lawful process
Professional Advisors	Legal, accounting, and insurance services	Professional confidentiality obligations

All third-party service providers are required to handle your personal information in accordance with applicable privacy laws and our instructions. We take reasonable steps to ensure that third parties protect the confidentiality of your personal information.

5. OVERSEAS DISCLOSURE

Some of our third-party service providers (such as cloud hosting providers, payment processors, and analytics services) may store or process your personal information on servers located outside Australia, including in the United States, the European Union, and Singapore.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the recipient does not breach the APPs in relation to that information, in accordance with APP 8. Where we are unable to ensure compliance, we will seek your consent or rely on another exception permitted under the Privacy Act.

6. DATA RETENTION

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are:

Data Type	Retention Period	Legal Basis
Transaction and order records	7 years from date of transaction	Taxation Administration Act 1953; ACL record-keeping
Product safety and recall records	7 years from date of sale	ACL s.131 mandatory reporting
Warranty claim records	7 years from claim resolution	Limitation periods; ACL compliance
Account information	Duration of account plus 2 years	Legitimate business interest
Marketing consent records	Duration of consent plus 2 years	Spam Act 2003 compliance
Website analytics (aggregated)	26 months	Website improvement
Customer support records	3 years from resolution	Service improvement; dispute resolution

When personal information is no longer required, we will take reasonable steps to destroy or de-identify it in accordance with APP 11.2.

7. COOKIES AND TRACKING TECHNOLOGIES

7.1 What Are Cookies?

Cookies are small text files placed on your device by our Website. They help us recognise your device, remember your preferences, and understand how you use our Website.

7.2 Types of Cookies We Use

Cookie Type	Purpose	Duration
Strictly Necessary	Essential for Website functionality (shopping cart, login, checkout)	Session or up to 12 months
Performance / Analytics	Understand how visitors use the Website (page views, navigation paths)	Up to 26 months
Functional	Remember your preferences (language, region, display settings)	Up to 12 months
Marketing / Targeting	Deliver relevant advertisements and measure campaign effectiveness	Up to 12 months

7.3 Third-Party Cookies

We use the following third-party services that may set cookies on your device:

• Google Analytics — website usage analytics (privacy.google.com);

• Google Ads — advertising and remarketing (if applicable);

• Meta (Facebook/Instagram) Pixel — advertising and remarketing (if applicable); and

• Payment processors (Stripe, PayPal) — fraud detection and payment processing.

7.4 Managing Cookies

You can manage or disable cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified before a cookie is set. Please note that disabling cookies may affect the functionality of our Website, including the ability to add items to your cart and complete purchases.

For more information on managing cookies, visit your browser’s help documentation or allaboutcookies.org.

8. YOUR RIGHTS

Under the Australian Privacy Principles, you have the following rights in relation to your personal information:

8.1 Right of Access (APP 12)

You have the right to request access to the personal information we hold about you. We will respond to your request within thirty (30) days and provide access in the manner you request (where reasonable and practicable). We may charge a reasonable fee for providing access if the request requires substantial effort.

8.2 Right of Correction (APP 13)

You have the right to request that we correct any personal information we hold about you that is inaccurate, out-of-date, incomplete, irrelevant, or misleading. We will respond to your request within thirty (30) days. If we refuse to correct information, we will provide written reasons and include a statement with the information noting your disagreement.

8.3 Right to Opt Out of Marketing

You may opt out of receiving marketing communications from us at any time by:

(a) Clicking the “unsubscribe” link in any marketing email;

(b) Updating your communication preferences in your account dashboard; or

Opting out of marketing does not affect transactional communications (such as order confirmations, dispatch notifications, Subscription renewal reminders, and product recall notices), which we are required or permitted to send.

8.4 Right to Request Deletion

You may request that we delete your personal information. We will comply with your request to the extent we are able, subject to our legal obligations to retain certain records (see clause 6). Where we are required by law to retain information (for example, taxation records or product safety records), we will inform you of the retention requirement and the applicable retention period.

8.5 Right to Data Portability

On request, we will provide you with a copy of your personal information in a commonly used, machine-readable format (such as CSV or JSON). This includes your order history, account information, and Subscription details.

9. DATA SECURITY

9.1 Our Security Measures

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure, in accordance with APP 11.1. Our security measures include:

• SSL/TLS encryption for all data transmitted between your browser and our Website;

• PCI DSS-compliant payment processing (we do not store full credit card numbers on our servers);

• Access controls limiting employee access to personal information on a need-to-know basis;

• Regular security assessments and vulnerability testing;

• Encrypted storage of passwords using industry-standard hashing algorithms; and

• Secure disposal of personal information that is no longer required.

9.2 Data Breach Response

In the event of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will:

(d) Take immediate steps to contain the breach and mitigate potential harm;

(e) Assess whether the breach is an “eligible data breach” under Part IIIC of the Privacy Act (Notifiable Data Breaches scheme);

(f) Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable if required; and

(g) Notify affected individuals as soon as practicable, including a description of the breach, the types of information involved, and recommended steps to protect themselves.

9.3 Your Responsibilities

You are responsible for maintaining the security of your account credentials. You should not share your password with anyone. If you become aware of any unauthorised access to your account, please contact us immediately at support@aquala.au.

10. CHILDREN’S PRIVACY

Our Website and Products are not directed at children under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without appropriate parental or guardian consent, we will take steps to delete that information as soon as practicable. If you believe we have collected information from a child under 18, please contact us at support@aquala.au.

11. THIRD-PARTY LINKS

Our Website may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices of third-party websites and encourage you to review their privacy policies before providing any personal information.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

(h) Post the updated policy on our Website with a revised effective date;

(i) Notify you by email if you have an account with us; and

(j) Obtain your consent where required by law.

We encourage you to review this Privacy Policy periodically. Your continued use of our Website and Services after any changes constitutes acceptance of the updated Privacy Policy.

13. COMPLAINTS

If you believe we have breached the APPs or mishandled your personal information, you may lodge a complaint with us by contacting support@aquala.au. We will:

(k) Acknowledge your complaint within five (5) Business Days;

(l) Investigate the complaint and provide a substantive response within thirty (30) days; and

(m) Take appropriate steps to resolve the complaint, including correcting any practices that do not comply with the APPs.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner

Phone: 1300 363 992

Email: enquiries@oaic.gov.au

Website: oaic.gov.au

Online complaint form: oaic.gov.au/privacy/privacy-complaints

14. CONTACT US

For any questions, requests, or concerns about this Privacy Policy or your personal information, please contact us:

Privacy Officer

AQUALA Pty Ltd

ABN: 32 695 512 933

Email: support@aquala.au

Website: aquala.au