Privacy policy

1. Introduction / Overview
Cora Island Wear (“we”, “us”, “our”) is committed to protecting the privacy and security of the personal information we handle. This Privacy Policy explains how we collect, use, disclose, store, secure, and manage your personal information when you visit or purchase from coraislandwear.com, subscribe to our emails, or otherwise interact with us.

We adopt practices consistent with Australia’s Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We also follow Shopify’s data handling requirements and industry best practices for e-commerce.

By using our website, shopping with us, or providing us with your personal information, you consent to the practices described in this policy (as amended from time to time).

If you do not agree with our practices, please do not use our site or provide us with your personal information.

2. Scope / Applicability
This Policy applies to all individuals whose personal information we collect, including customers, visitors, subscribers, and users of our website or services. It covers all personal information collected or processed by us and our service providers / partners, including Shopify and other third party apps or integrations we use.

If you are located outside Australia, be aware that your data may be transferred to or processed in Australia or other countries (see section “Cross-Border Transfers” below).

3. What personal information we collect
We may collect, hold, use and disclose the following kinds of personal information:

  • Identity and contact information: name, email address, billing address, shipping address, phone number, company name (if applicable), username, password.

  • Order and transaction data: purchase history, order number, products purchased, payment method metadata (but not full payment card details, which are handled by payment processors).

  • Account information: login credentials, profile settings, preferences.

  • Communications and support data: records of your communications with us (e.g. emails, chats, feedback, complaints).

  • Technical and usage data: IP address, browser type and version, device type, operating system, pages viewed, referral source, analytics data, cookies, clickstream data, and other interactions with our site.

  • Marketing data: whether you opened or clicked emails, your preferences for marketing communications, any survey or feedback you provide.

  • Third party data: where you permit or elect to log in via social media (e.g. Facebook, Google), or use third‐party services, we may receive information from those providers (e.g. your name, email, profile picture, friend lists) subject to their permissions and your authorisations.

We do not intentionally collect sensitive information (e.g. racial or ethnic origin, political views, health data) unless required and you explicitly consent (and to the extent permitted by law).

4. How we collect personal information
We collect personal information by various means, including:

  • When you place an order, register for an account, or enter your details at checkout.

  • When you subscribe to our newsletter, mailing list, or other marketing communications.

  • When you contact us for support or inquiries.

  • When you browse our website and through the use of cookies, web beacons, analytics tools, pixels, and other tracking technologies.

  • When you interact with us on social media or via third party integrations (e.g. “login with Google/Facebook”).

  • From third parties or public sources (for example, fraud checking services, credit agencies, or social media) to the extent permitted by law.

5. Purpose of collection / Use of personal information
We collect, hold, use and disclose personal information for the following purposes:

  • To provide, process, and fulfill your orders (including shipping, delivery, returns, refunds).

  • To manage your account and provide you with a personalized experience (e.g. remembering preferences).

  • To communicate with you: for order confirmations, status updates, customer service, support, and follow ups.

  • To send you marketing communications, promotional offers, newsletters, subject to your marketing preferences and consent.

  • To improve our website, customer experience, products, and services (e.g. through analytics).

  • To detect, prevent or investigate fraud, security breaches, or other prohibited or illegal activity.

  • To comply with legal obligations (e.g. taxation, consumer protection laws).

  • For internal record keeping and administrative purposes.

  • To integrate with third party services, apps, or tools (e.g. shipping partners, analytics providers, email marketing systems).

We will not use your personal information for purposes materially different from those disclosed to you without obtaining your consent, unless required or authorized by law.

6. Disclosure of personal information / Third parties
We may disclose your personal information (in whole or part) to:

  • Service providers and contractors: those who assist in operating our business (e.g. payment processors, shipping and logistics providers, email / marketing platforms, customer service providers, hosting, analytics).

  • Shopify: as the platform that hosts our store, Shopify collects, processes and stores customer data for the purposes of providing its services. (You should include a statement that your store is hosted on Shopify and that Shopify will have access to customer data.)

  • Third party apps and integrations: any apps, plugins, or integrations you consent to or that we utilize (for example, review apps, loyalty systems, social media marketing, adverts).

  • Affiliated companies: in the event of business transfers, acquisitions, or mergers, your data may be transferred (with appropriate safeguards).

  • Legal and regulatory authorities: where required or permitted by law (e.g. subpoenas, law enforcement, tax authorities).

  • Other recipients: with your consent or direction, or as otherwise permitted under applicable law.

We will take reasonable steps (e.g. contractual protections, encryption, security audits) to ensure third parties safeguard your information in accordance with this Privacy Policy and the law.

7. Cross-border transfers / International disclosure
Because we use global services (for example Shopify, cloud hosting, analytics, email marketing), your personal information may be transferred to, stored in, or processed in countries outside Australia (for example, the United States, Europe, etc.).

When we do this, we will:

  • only transfer where there are adequate safeguards (such as contractual clauses, data processing agreements, or recognised frameworks).

  • ensure that such transfers are lawful under the APPs, and that those overseas recipients are bound to privacy protections no less stringent than under Australian law.

  • notify you of the possible overseas disclosure.

You acknowledge that you are providing your personal data with the knowledge that it may be processed or stored abroad consistent with this Policy and applicable law.

8. Data security, storage, retention
We maintain reasonable administrative, physical and technical safeguards to protect against unauthorized access, disclosure, alteration, or destruction of personal information. These include encryption (in transit and at rest as appropriate), access controls, secure servers, network firewalls, backups, and audits of security.

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you accept that any submission of personal information is at your own risk.

We will retain your personal information for as long as necessary to fulfill the purposes described in this Policy, or as required by law. When no longer needed, we will de-identify, securely destroy, or delete it, unless retention is required for record keeping under applicable law (e.g. for taxation, legal obligation).

9. Use of cookies and tracking / Analytics / Advertising
We use cookies, web beacons, tracking pixels, and similar technologies to collect usage, browsing, and demographic data to improve our site, provide functionality, measure performance, and deliver tailored advertising.

You may manage or disable cookies via your browser settings, or through cookie banners or preference centers we provide. However, disabling certain cookies may limit the functionality of our site (for example, remembering your login, cart, or preferences).

We also use third party analytics tools (e.g. Google Analytics, Facebook Pixel) and advertising networks, which may collect information about your browsing activity across sites. These third parties may set their own cookies, track user behavior, or handle usage data under their own privacy policies.

We will endeavour to provide you with options (opt outs) to limit behavioural or targeted advertising where legally required or where third parties permit.

10. Your rights / Access, correction, deletion, complaints
Under the Privacy Act 1988 / APPs, you have the following rights (to the extent applicable):

  • Access: You can request access to the personal information we hold about you, subject to permitted exceptions.

  • Correction: You may request correction of your personal information if you believe it is inaccurate, out of date, incomplete, or misleading.

  • Deletion / Erasure: You may request that we delete or de-identify your personal information under certain circumstances, subject to legal or legitimate business reasons to retain.

  • Object / Opt-out: You may object to or withdraw consent to certain processing (e.g. marketing communications), subject to notice and by providing a reasonable opportunity for effecting the withdrawal.

  • Complaint: You may complain to us about how we handle your personal information. We will respond to your complaint within a reasonable period. If you are not satisfied, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

To exercise any of these rights or make a request, please contact us (details below). We may require you to verify your identity before fulfilling your request.

We reserve the right to refuse requests in certain cases (for example, where prohibited by law or where the request is frivolous or vexatious). If we refuse, we will provide you reasons as required by law.

11. Children / Minors
Our products and services are not intended for children under 16 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected personal information from a child under 16 without verified parental consent, we will take steps to delete it as soon as possible.

12. Changes to this Privacy Policy
We may update or amend this Privacy Policy from time to time to reflect changes in laws, business practices, or the services we provide. We will publish the updated version on our website with the “Last Updated” date, and, where appropriate, notify you (e.g. via email) of material changes.

Your continued use of our services after such changes constitutes acceptance of the updated policy.

13. Contact us
If you have any questions, concerns, or requests regarding your personal information or this Privacy Policy, please contact us:

Cora Island Wear
41 Sooning Street, Nelly Bay 4819 QLD
Email: coraislandwear@gmail.com

Alternatively, you may direct your inquiries to our Data Privacy Officer or designated privacy contact (if applicable).

14. Miscellaneous / Other legal notices

  • Links to third party sites: Our site may contain links to external websites (for example, payment gateways, social media platforms). This policy does not apply to those websites. We encourage you to review the privacy policies of those sites before providing your personal information.

  • Availability: This policy is available in English (or other languages if necessary).

  • Severability: If any provision of this Privacy Policy is held invalid, it shall be severable and not affect the remainder.

  • No waiver: Our failure to enforce any right under this Privacy Policy does not constitute a waiver of that right.