Free shipping on all orders over $50 ・ Use cods15 at checkout to get 15% off

Fairyfae

Privacy Policy

Bloodweb Pty Ltd
Last Updated: 14-2-2025

This Privacy Policy (“Policy”) sets forth the principles, obligations, and legal framework governing the collection, processing, storage, and dissemination of personal data and information by Bloodweb Pty Ltd (“Company,” “we,” “us,” or “our”) in compliance with the Privacy Act 1988 (Cth), the Australian Consumer Law (ACL), the General Data Protection Regulation (GDPR) where applicable, and other relevant statutory enactments, subordinate legislation, and binding regulatory guidelines.

1. Scope and Applicability

This Policy applies to all users (“User,” “you,” “your”) accessing our website, purchasing goods, interacting with customer support, or otherwise engaging with any of our digital services. By continuing to access, browse, or use our website, you consent to the terms stipulated herein.

This Policy further applies irrespective of the medium through which the User accesses the website, including but not limited to: mobile devices, desktop browsers, APIs, third-party integrations, and automated software tools.

2. Information Collection and Processing

2.1. Personal Information

We collect personal data that includes, but is not limited to:

  • Full name, email address, phone number, and residential or business address.
  • Billing and payment details, including credit/debit card information (processed via PCI-DSS compliant third-party gateways).
  • Order history, transactional records, and customer support interactions.
  • User-generated content, feedback, survey responses, and product reviews.
  • IP address, device identifiers, browser type, operating system, and geolocation data.

2.2. Automated Data Collection

We may deploy cookies, tracking pixels, beacons, and third-party analytics tools (e.g., Google Analytics, Meta Pixel) to monitor browsing patterns, assess engagement, and optimize service delivery. By using our platform, you consent to such automated data collection mechanisms.

2.3. Sensitive Information

We do not solicit, process, or retain sensitive information (as defined under the Privacy Act 1988) unless legally mandated or explicitly provided by the User with written consent.

3. Legal Basis for Processing

We process personal data under the following legal bases:

  • Contractual Necessity: Processing required for order fulfillment, transaction execution, and service delivery.
  • Legitimate Interests: To improve website functionality, enforce security measures, prevent fraud, and enhance customer experience.
  • Legal Obligations: Compliance with applicable laws, regulatory reporting, and judicial disclosures.
  • Consent: Where explicit consent is obtained for marketing communications, analytics tracking, or non-essential data processing.

4. Data Retention and Security

4.1. Data Retention

We retain personal data for the duration necessary to fulfill contractual, legal, and operational purposes. Retention periods are as follows:

  • Transactional records: Retained for seven (7) years per tax and accounting regulations.
  • Marketing opt-in records: Retained until revocation of consent.
  • Customer support inquiries: Retained for three (3) years post-resolution.
  • Website analytics: Retained for two (2) years, unless anonymized.

4.2. Security Measures

We implement industry-standard security protocols, including but not limited to:

  • AES-256 encryption for payment transactions.
  • Secure Socket Layer (SSL) certificates for data transmissions.
  • Role-based access controls (RBAC) and multi-factor authentication (MFA) for internal data management.
  • Regular penetration testing and vulnerability assessments.

5. Third-Party Disclosure

We may share personal information with:

  • Payment Processors: Stripe, PayPal, Afterpay, and other authorized payment gateways.
  • Logistics Partners: Australia Post, DHL, FedEx, and courier services for order fulfillment.
  • Regulatory Authorities: As required by law, court orders, or governmental requests.
  • Marketing and Analytics Providers: Google Ads, Facebook, and email marketing services, subject to user consent.

6. International Data Transfers

Where applicable, personal data may be transferred outside Australia to jurisdictions with equivalent or adequate data protection frameworks, subject to binding corporate rules (BCRs) or standard contractual clauses (SCCs). Users within the European Economic Area (EEA) acknowledge that data may be processed in non-EEA territories where local legal safeguards differ.

7. User Rights and Control

7.1. Your Rights

Under applicable laws, Users may:

  • Request access to their stored personal data.
  • Seek rectification or erasure of inaccurate or obsolete data.
  • Withdraw consent for direct marketing at any time.
  • Request data portability where technically feasible.
  • Lodge complaints with regulatory bodies such as the Office of the Australian Information Commissioner (OAIC).

7.2. Exercising Rights

Requests to exercise these rights should be directed to [Insert Contact Email] with appropriate verification steps to ensure the integrity of identity verification.

8. Changes to This Policy

We reserve the right to modify, amend, or update this Policy at our sole discretion, with or without prior notification, to reflect legal, regulatory, or operational changes. Continued use of our website constitutes acceptance of such amendments.

9. Contact Information

For privacy-related inquiries, data access requests, or complaints, please contact:

Privacy Officer
Bloodweb Pty Ltd
legal@bloodweb.net
+61479000429

By using our website and services, you acknowledge that you have read, understood, and agreed to this Privacy Policy in its entirety.