Privacy policy

Your privacy

At The Ellipses Collection Pty Ltd trading as The Ellipses Collection ABN: 63 686 957 997 (we, us, or our), we are committed to protecting your privacy and making sure your personal information is secure to the best of our ability. The Ellipses Collection is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy explains how we collect, use, store and disclose your information to comply with the Privacy Act 1988 (Cth) (Act) and includes recent amendments made to the Act under the Privacy and Other Legislation Amendment Bill 2024 (Cth).

Please read this Privacy Policy carefully.

When you visit our website or social media accounts, interact with us, use our services, and/or purchase products from us, and when you provide us with your information, you agree to the collection of that information and our use of it as set out in this privacy policy.

Types of personal information we collect

The types of personal information we may collect about you include:

  • your name, images and complete contact details;
  • your age and/or date of birth;
  • payment details;
  • any customer survey results and customer service history;
  • website access and usage information;
  • information required for automated decision making processes (including where we use artificial intelligence or other software); and
  • additional personal information that you or a third party provide to us.

Collection and use of personal information

We may collect, hold, use and disclose personal information to:

  • provide access to and use our website and services;
  • communicate with you;
  • conduct administrative activities such as invoicing and record keeping;
  • conduct marketing, analytics and research;
  • fulfill legal obligations and respond to disputes; and
  • consider employment applications.

Disclosure of personal information to third parties

We may disclose personal information to:

  • third party service providers to enable them to provide their services;
  • our employees and contractors;
  • our existing or potential agents or business partners;
  • sponsors or promoters of any competition we run;
  • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
  • credit reporting agencies, courts, tribunals, and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or to establish, exercise, or defend our legal rights;
  • third parties, including agents or sub-contractors, who assist us in providing information, products, services, or direct marketing to you. This may include parties located, or that store data, outside of Australia; and
  • third parties for collection and processing of data, such as Google Analytics or other relevant businesses. This may include parties that store data outside of Australia.

By providing us with personal information, you consent to the disclosure of your information outside of Australia and acknowledge that we are not required to ensure that overseas recipients handle that personal information in compliance with the Privacy Act (Act) and the Australian Privacy Principles (APPs).

Note the Act and the APPs may not regulate third parties overseas. If any third party engages in any act or practice that contravenes the APPs, it would not be held accountable under the Act.

How we treat personal information that is also sensitive information

Information classified as “Sensitive Information” has a higher level of protection under the APPs. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information.

We only collect Sensitive Information with your explicit consent or where required by law. If we need to collect Sensitive Information we will inform you of the specific reason and obtain your consent before doing so.

So long as you consent, your sensitive information (if we hold any) may only be used and disclosed for purposes relating to the primary purpose for which the sensitive information was collected.

Automated decision making & AI transparency

If we use automated systems such as Artificial Intelligence (AI) or algorithms either now or at any time in the future, we will:

  • inform you when a decision affecting you has been made automatically;
  • provide transparency on the criteria used in automated processes; and
  • allow you to request human review of an automated decision where legally required or where decisions significantly impact your rights.

Data security and breach reporting

If a data breach occurs that is likely to result in serious harm, we will:

  • assess the breach within 30 days as required under the Notifiable Data Breaches NDB (NDB) Scheme;
  • notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable; and
  • provide details on the nature of the breach and actions taken to mitigate harm.

Serious invasions of privacy

We acknowledge that individuals have the right to take legal action for the reckless or intentional invasion of their privacy. This applies where personal information is misused knowingly and the invasion causes distress, even if no financial harm occurs.

Doxxing

It is now a criminal offence to publish personal information online with the intent to harass, threaten, or cause harm. We take measures to prevent unauthorised disclosure of personal information online and comply with laws in this regard.

Our security measures include encryption, access controls and regular cybersecurity audits.

Your rights and controlling your personal information

At all times, you have the right to:

  • request access to your personal data;
  • correct inaccurate or outdated information;
  • request deletion of your personal information, subject of course to our legal obligations; and
  • opt out of receiving marketing communications at any time by using the unsubscribe function in our emails or by contacting us directly. We will comply with the Spam Act 2003 (Cth) and will not send marketing communications without your express or inferred consent.

Overseas transfer

Your personal information may be transferred to an overseas jurisdiction with substantially similar data protection laws such as the United States of America, the United Kingdom, or countries within the European Union (EU). These countries have data protection laws, which protect personal information in a way that is at least substantially similar to the APPs, and there will be mechanisms available to you to enforce the protection of your personal information under that overseas law.

We take reasonable steps to ensure overseas recipients handle personal information in accordance with APPs. Where personal information is transferred outside Australia, we will ensure appropriate safeguards, such as contractual obligations or data protection agreements, are in place where required. For individuals in the European Union (EU), data transfers outside the EU will be carried out in compliance with Article 46 of the GDPR, ensuring appropriate safeguards.

GDPR

In some circumstances, the European Union General Data Protection (GDPR) provides additional protection to individuals located in Europe. Where this is the case, there may be additional rights and remedies available to you under the GDPR if your personal information is handled in a manner inconsistent with that law.

Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

We cannot guarantee the security of any information transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that the personal information we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

Cookies, web beacons and Google analytics

We use cookies and tracking technologies to enhance user experience and measure website performance. By using our website and social media accounts, you consent to use of our cookies.

While cookies don’t tell us your email address, they do allow third parties, like Google and Facebook, to track you as part of our retargeting campaigns. If and when you choose to provide our website with personal information, this information may be linked to the data stored in the cookie. You can manage or disable cookies through your web browser settings.

Web beacons monitor the behaviour on our website and collect data about your web page viewing.

We also use Google Analytics to collect and process data from time to time.

Shopify

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside, to provide and improve the Services for you. In addition, to help protect, grow, and improve our business, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our Store, along with other merchants and with Shopify. To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our store, along with other merchants, and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over use of your personal information for these purposes. To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy. Depending on where you live, you may exercise certain rights with respect to your personal information here Shopify Privacy Portal Link.

Links to other websites

We do not have any control over Third Party Websites and we are not responsible for the protection and privacy of any personal information that you provide whilst visiting them. Third Party Websites are not governed by this Privacy Policy, even if you followed a link from our website to the Third Party Website. If you follow links to sites not controlled by us, you should review their privacy and security policies and other terms and conditions. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

Amendments

We may update this privacy policy as laws change. The latest version will always be available on our website.

For any questions or notices, please contact our Privacy Officer at:

The Ellipses Collection Pty Ltd trading as The Ellipses Collection ABN: 63 686 957 997

Email: hello@ellipses.com.au

Last update: 21 July 2025