1. Introduction
Scody Pty Ltd (ABN 66 105 438 113) of 2A Staple St, Seventeen Mile Rocks QLD 4073 ("we", "our", "us") is committed to protecting the privacy of individuals and ensuring that personal information is handled in a secure, transparent, and lawful manner.
This Privacy Policy outlines how we collect, use, disclose, store, and manage personal information in connection with our website, products, and services.
We comply with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Spam Act 2003 (Cth).
2. Scope
This Privacy Policy applies to all personal information collected by Scody through its website and associated services, including customer interactions, transactions, and communications.
3. Types of Personal Information Collected
We may collect and hold the following categories of personal information:
- Identification information (e.g. name)
- Contact information (e.g. email address, phone number)
- Billing and shipping information
- Transaction and order history
- Account credentials (securely stored and encrypted)
- Technical data (e.g. IP address, browser type, device information)
- Usage data (e.g. interaction with website and services)
4. Methods of Collection
Personal information is collected through lawful and fair means, including:
- Directly from individuals when they:
- Create an account
- Place an order
- Submit enquiries or communications
- Automatically through the use of cookies and tracking technologies
- Through interactions with our systems and services
5. Purpose of Collection and Use
Personal information is collected and used for purposes including:
- Processing and fulfilling orders
- Managing customer accounts
- Providing customer service and support
- Delivering communications (transactional and, where consent is provided, marketing)
- Improving system performance and user experience
- Detecting, preventing, and responding to fraud, security incidents, or unlawful activity
- Complying with legal and regulatory obligations
6. Disclosure of Personal Information
We may disclose personal information to third parties where reasonably necessary for the purposes outlined above, including:
- Payment processors
- Hosting and infrastructure providers
- Email and communication service providers
- Shipping and logistics providers
- Security and fraud prevention services
We do not sell personal information to third parties.
All disclosures are conducted in accordance with applicable privacy laws.
7. Sub-Processors and Third-Party Service Providers
We engage third-party service providers ("sub-processors") to support the delivery of our services. These providers may process personal information on our behalf in accordance with contractual and legal obligations.
Sub-Processor Details
| Provider | Purpose | Data Shared | Location | Privacy Policy |
|---|---|---|---|---|
| DigitalOcean | Hosting infrastructure | Customer data, application data | Australia (Sydney) | View Policy |
| Cloudflare | CDN & security | IP address, request metadata | Global (incl. USA) | View Policy |
| Sucuri | Website security & monitoring | IP address, traffic data | USA | View Policy |
| Stripe | Payment processing | Payment & transaction data | Global | View Policy |
| PayPal | Payment processing | Payment data | Global | View Policy |
| Afterpay | Payment processing | Transaction data | Australia / Global | View Policy |
| Microsoft (Microsoft 365) | Email services | Email content, contact data | Global | View Policy |
| Mailchimp | Marketing communications | Email address, engagement data | USA | View Policy |
Lawful Basis for Processing
Personal data is processed based on:
- Contractual necessity (e.g. order fulfilment)
- User consent (e.g. marketing communications)
- Legitimate business interests (e.g. security, analytics, service improvement)
8. Cross-Border Disclosure of Personal Information
Personal information may be transferred to and processed in jurisdictions outside the country in which the individual resides, including:
- Australia
- United States
- Other jurisdictions where our service providers operate
We take reasonable steps to ensure that overseas recipients handle personal information in accordance with applicable privacy and data protection requirements.
9. Data Security
We implement appropriate technical and organisational security measures designed to protect personal information against loss, misuse, unauthorised access, modification, or disclosure.
These measures include, but are not limited to:
- Encryption of data in transit (e.g. TLS/HTTPS)
- Secure hosting infrastructure
- Access control and authentication mechanisms
- Network security controls and monitoring
10. Data Retention
Personal information is retained only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable laws and regulatory obligations.
11. Access and Correction
Individuals have the right to:
- Request access to personal information held about them
- Request correction of inaccurate, incomplete, or outdated information
Requests should be submitted to: [email protected]
We will respond within a reasonable timeframe and in accordance with applicable legal requirements.
12. Complaints Handling
If an individual believes that their personal information has been mishandled or that a breach of privacy has occurred, they may submit a complaint by contacting: [email protected]
All complaints will be investigated and responded to in a timely manner in accordance with applicable privacy laws and regulations.
13. Cookies and Tracking Technologies
We use cookies and similar technologies to:
- Facilitate website functionality
- Analyse usage patterns
- Improve user experience
- Support marketing activities
Users may manage cookie preferences through their browser settings.
14. Marketing Communications
Where permitted by law or where consent has been obtained, we may send marketing communications.
Individuals may opt out at any time by:
- Using unsubscribe links provided in communications
- Contacting us directly
15. Updates to this Privacy Policy
We reserve the right to amend this Privacy Policy at any time.
Any updates will be published on this page. Where appropriate, users may be notified of material changes.
16. Contact Information
For all privacy-related enquiries, requests, or complaints: