null Privacy Policy | Canningvale

Privacy Policy









  1. Our Privacy Commitment

Canningvale Australia Pty Ltd (Canningvale) is committed to protecting the privacy of your personal information. 

If you decide to share your personal information with us, we want to gain and keep your trust.  We will do this by handling your personal information in a transparent and accountable way, and by ensuring that it is held securely. 

We will always collect, store, use and disclose personal information in accordance with all applicable privacy laws, including the Privacy Act 1988 (Cth). When used in this privacy policy, the term ‘personal information’ has the meaning given to it in that Act. In general terms, this is any information that can be used to personally to identify you. This may include your name, address, telephone number, email address and profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information. 

This Privacy Policy applies to Canningvale Australia Pty Ltd (ACN 009 171 715) and our Group which is comprised of Canningvale Australia Ltd, Canningvale International Pty Ltd, Canningvale Limited and their Related Bodies Corporate, as defined in the Corporations Act 2001 (Cth) (Canningvale, we, us or our). Please note that this privacy policy applies to any personal information or data gathered through the use of any websites or other applications that we own and control and that link to this policy. 


Important Note: If you choose to provide your personal information or data to us, you are accepting the terms of this privacy policy and consenting to the handling of your personal information, including the collection, use and disclosure of that information as set out in this policy by us. You should familiarise yourself with our privacy policy before deciding whether you would like to share your personal information with us.





This privacy policy is effective from 15th February, 2022. 


From time to time, our privacy policies and procedures will be reviewed and, if appropriate, updated.  If any changes are made to this policy, these will be posted on our website. 


Please be aware that we are constantly developing and enhancing our use of online technologies and make reasonable efforts to ensure that we keep this Policy and related documents up to date in this regard.  Please check back on a regular basis to ensure you are familiar with our current practices.


  1. What personal information might we collect about you?

We collect personal information that we need for one or more of our business functions or activities.  We will collect personal information about you by lawful and fair means, and will not do so in an unreasonably intrusive manner. 


We have provided details below on the information that we collect in a number of ways, including:

  • -information that you provide directly to us;

  • -other information that we collect about you;

  • -information we collect using third-party automation;

  • -collection of cookies;

  • -collection of personal information via interest-based advertising; and

  • -information we collect via our websites.


You can read more about the types of personal information we may collect and the ways that we may do this in the sections below.


  1. Information that you provide to us


In order to handle your purchases, provide customer service, improve our products, provide in-person experiences or events and send you information about our products, trends and promotions, we may ask you to provide us with your:

  • -name;

  • -mailing/shipping address;

  • -billing address;

  • -e-mail address;

  • -date of birth, age or age range;

  • -gender;

  • -purchase/return/exchange information;

  • -contact telephone numbers;

  • -product reviews;

  • -account or loyalty username/password;

  • -payment information (credit/debit card);

  • -social media names or other details;

  • -identification details (e.g. licence number, student, pensioner card);

  • -testimonials or opinions;

  • -financial/ purchase information (such as credit card details); 

  • -information required for a credit assessment;

  • -records of written or verbal contact with us, including voice recordings of telephone conversations you have had with us; and

  • -preferred activities, including but not limited to lifestyle and other interests.



Where we can, we will allow you to deal with us anonymously or by using a pseudonym.  However, in some circumstances, this may not allow us to provide you with a service you have asked for (such as delivery). If you ask us about this option, we will inform you if it is possible for an interaction to occur on an anonymous basis. Whilst you may opt to not to provide us with your personal information, you should be aware that without this personal information, we may not be able to provide you with some of the services and/or products you are seeking. 


We will not use Australian Government Identifiers, such as Medicare numbers, or a driver’s licence number as its own identifier of individuals.


If you provide us with information about any third-party, you must obtain that third-party's permission to give us the information and inform them that you have given the information to us. If you provide your personal information via a third-party via a link from our website, you should be aware that the information you provide may be collected and managed by those third parties, which may not be related to us. You should familiarise yourself with their privacy policy before deciding whether you want to provide them with your personal information. 


Whilst links to third party websites may be provided on our website, we are not responsible for the content or practices of third party websites. These links are provided for your convenience and are not endorsed by us. No links may be made to our website without our prior written consent.


  1. Other information we collect about you


We may collect information about you or your activities from third parties such as web hosting providers, analytics companies, social media platforms, data companies, and advertising services.  This could include information such as:

  • -demographic information;

  • -shopping preferences; and/or

  • -information about your other interests.


Most of the personal information that we hold about you will be from your direct dealings with us, but we may also collect your personal information from a third party, anyone authorised to act on your behalf, or via social media. We will only do this if we have been advised that you have consented to the collection of your personal information, or if you would reasonably expect us to collect your personal information in that way.  


We may also collect personal information from digital services that have collected your information, or by accessing data from other sources.  We may then analyse that data and match it with the information that we already hold about you, in order to learn more about your preferences and interests. If we receive your personal information from a third-party, and it is not information we need for the purposes of our business activities, we will destroy or de-identify that information (provided it is lawful to do so).


You may be offered the option to join our loyalty program. If you choose to do this, we will collect personal information including your profile information, purchase history and the contents of any online wish list. 


If you interact with any of our chatbots (automated messengers) we will record what you respond to these chatbots, how you interact with them and we will store data related to the device that you use. Depending on the platform for the chatbot and your permissions, the data we collect may include your IP address, social media handle, time zone, country and GPS location. The platform that provides the chatbot may also collect some of this data. For example, if the chatbot is provided on Facebook, this platform will collect your user data as well.





  1. Third party automated information collection 

When you visit any of our websites or applications or access our in-store Wi-Fi, we may automatically collect your:

  • -device ID;

  • -device type;

  • -browser types and version;

  • -geo-location 

  • -IP address;

  • -your network activities when using our Wi-Fi; and/ or

  • -how you use our site (search terms, page views, referring sites, content views).


  1. Collection of Cookies


Cookies are pieces of information that a website transfers to your computer for record-keeping purposes.  Cookies help provide additional functionality to the web site or to help us analyse site usage more accurately. We use information collected from cookies to better understand, customise and improve user experience with our website, services and offerings, as well as to manage our advertising. For instance, our server may set a cookie that keeps you from having to enter a password more than once during a visit to one of our sites. Also, we may use web analytics services that leverage cookies to help us to understand how visitors engage with and navigate our site (e.g., how and when pages in a site are visited and by how many visitors).


There are four main types of cookies that we use:

  • -site functionality cookies – these allow you to navigate the site and use our features, such as ‘Add to Cart’;

  • -site analytics cookies – these cookies allow us to measure and analyse how our customers use the site, to improve both its functionality and customer shopping experience;

  • -customer preference cookies – when you're browsing or shopping on our website(s), these cookies will remember your preferences (like your language or location), so we can make your shopping experience as seamless as possible, and more personal to you; and

  • -targeting or advertising cookies – these are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.


Our use of cookies means we are able to offer our visitors a more customised, relevant experience on our sites by delivering content and functionality based on your preferences and interests. 


We, and any third parties we engage (including our service providers), may collect data using cookies and other device identifying technologies. We use cookies and tracking technologies to collect your IP address, device ID information, ISP provider, browser type, the pages and content you view on our website (s), the search terms you enter on our website, and the actions you take on our website. 


In some cases, the third parties we work with may use cookies and other technologies (such as those described in this policy) to support our digital marketing initiatives. Analytics collects any demographic and interest information available in a cookie. These technologies may be used in connection with activities like surveys, online behavioural advertising, website analytics, and email campaign management. The ‘Help’ section of your browser may tell you how to prevent your browser from accepting cookies.


If you have provided us with personal information (for example, if you join one of our loyalty programs or order a product), we may associate this personal information with information gathered through cookies. This allows us to offer increased personalisation and functionality.


In all cases in which cookies are used, the cookie will not collect personal information except with your permission. Your web browser can be set to allow you to control whether you will accept cookies, reject cookies or to notify you each time a cookie is sent to your browser. If your browser is set to reject cookies, websites that are cookie-enabled will not recognise you when you return to the website, and some website functionality may be lost. 


  1. Collection of information via Interest Based Advertising


We may use third-party advertising companies to display ads that are tailored to you based on how you browse and shop online. This is a practice commonly referred to as ‘interest-based’ or ‘behavioural’ advertising. 


We allow these third parties to collect certain information when you visit our websites or use our applications, including non-personally identifiable information (browser type, subject of advertisements clicks on, session IDs) and personal data (such as static IP address). The information that we obtain about you from social media platforms depends on your account and privacy settings within the platforms and the platforms privacy policies. For example, you can use Ads Settings on your browser to manage the Google ads that you see and to opt out of Ads Personalisation. Please note that you may need to opt-out separately from each service.


The services that we may use from time to time include those offered by Facebook (Custom Audience), Google (including Google Display Network and DoubleClick), Yahoo, Adobe (including Campaign Manager and Analytics), and Microsoft. You can find out more information about these services in the privacy policies for those services, including information on how to opt-out of certain things (for example, Google Analytics Advertising Features which uses agegender, and interests categories to target our ads to you on the Google Display Network). 


If you use a third party authentication service or social account (for example, Google or Facebook) to log into one of our websites, this allows our website to make a request for data about you.  If you if you choose to log in with an authentication service or social account, your data will be shared between those social networks and us. You should therefore stay updated on your social networks' privacy policies, and only use the social log-in for sites you feel comfortable sharing data with.


We may also engage in social listening – which means we monitor our social media channels for any customer feedback or direct mentions of our brands.  We do this by looking out for specific keywords or topics. If you actively communicate about us or our brands on social media, we collect a copy of your communication. For example, if you use #Canningvale in relation to one of the items we sell, we may retain a copy of the tweet or other communication and may use it for our brands awareness.  In order to enable us to do this, we may contract third parties for the provisioning of social listening services. Please note that any information you post or disclose through these services will become public and may be available to other users and the general public. Also, if you disclose any personal information relating to us, other people or to our service providers, you represent that you have the authority to do so and also permit us to use the personal information in accordance with this privacy policy. 


If you choose to connect your social media account to a member account or loyalty program with us (where such a feature is made available), you will share certain personal data from your social media account with us, for example, your name, email address, photo, list of social media contacts, and any other information that may be or you make accessible to us when you connect your social media account to a member account or loyalty program with us. We will engage in these activities to manage our contractual relationship with you, with your consent or where we have a legitimate interest. If you have the option to logon to your account through Facebook, Google, Instagram or other social media accounts, we collect profile information from your social media account including your name and email address. Please note that when accessing your account through a social media platform, the social media provider will be notified of your access to the account. Please refer to the privacy notice of the respective social media provider(s) for more information on how your personal information is stored.


  1. Website Usage

Please note that our website is not directed to individuals under the age of sixteen (16). We ask that you do not provide your personal information to us if you are under that age.  We also ask that you do not share the personal information of anyone else under that age with us, unless this is required by us and you are their parent or guardian, or have the express consent of their parent or guardian to do this.


Your personal information and other data is stored on our secure servers in Australia, the United States of America and Finland. These servers are only accessed by our authorised staff or authorised suppliers.

However, the Internet is not in itself a secure environment and we cannot give an absolute assurance that your personal information will be secure at all times. Transmission of personal information over the Internet is at your own risk and you should only enter, or instruct the entering of, personal information within a secure environment.

If we assess that there is a risk of ‘serious harm’ to you or a related individual, we will advise you at the first reasonable opportunity upon discovering or being advised of a security breach where your personal information is lost, stolen, accessed, used, disclosed, copied, modified or disposed of by any unauthorised persons or in any unauthorised manner (as required by law).

It is your responsibility to keep your login details, password and security questions in respect of our business with you safe and secure. You should notify us as soon as possible if you become aware of any unauthorised use of your login details, password or security questions, and immediately change that security information promptly.

To ensure you are accessing a secure server, check for the unbroken key or closed lock symbol located generally either at the bottom left or top right of your browser window. If it appears, then SSL is active. You can double check this by looking at the URL as well. If SSL is active, then the first characters of that line will read ‘https’ rather than just ‘http’. It is important for you to protect against unauthorised access to your password and to your computer. Ensure you logout when you have finished visiting our websites especially if you accessed them from a shared computer.


  1. How your personal information is HANDLED by Us

We may use your personal information for a number of purposes, including but not limited to:

  • -to identify you and any records relating to you;

  • -to provide you with the products and services you have requested;

  • -to manage your requests for products and services including delivery, processing payments, providing refunds, discounts and incentives;

  • -to develop and improve the products and services we offer;

  • -to maintain and improve customer services and seek your feedback, including conducting product and market research and analysis;

  • -to improve our operational processes, enhance your customer experience and to monitor and review our compliance with relevant regulations and codes of conduct in our dealings with you;

  • -to send you reminders;

  • -to manage your gift card balance 

  • -to market our products and services and any related companies and affiliates;

  • -maintain and improve customer services, including conducting product and market research and analysis;

  • -to collect information from your computer through the use of cookies;

  • -to enable us to undertake a credit assessment (if you have applied for credit or otherwise authorised this);

  • -to facilitate services and appropriate communication between you and our preferred financial services and credit suppliers including Afterpay, Zip, Pay Pal and Klarna to comply with any legal obligations or governance requirements;

  • -to facilitate your interactions with us on our website;

  • -to consider making an offer for employment purposes;

  • -to meet our legal obligations and to notify you of matters that we are required to do so by law (such as product recalls);

  • -to carry out internal functions such as training;

  • -to interact with Regulators or other Government agencies;

  • -to manage and resolve any legal or commercial complaints and issues;

  • -to investigate fraud and to carry out loss prevention activities; and/ or

  • -as part of buying or selling our business.


Use of your information for Direct Marketing

When you provide your personal details to us, you consent to us using your personal information for direct marketing purposes (for an indefinite period). From time to time, we may contact you with information about products and services offered by us and our related brands, entities, business partners, affiliates and digital services, which we think may be of interest to you.  When we contact you it may be by mail, telephone, email, SMS or via social media.  These communications may relate to products and services offered by us and any of our related brands, entities, business partners, affiliates and digital services, and other products that may be of interest to you.


De-identified personal information may also be used to allow corporate reporting within our business and with our related brands, entities, business partners, affiliates and digital services.


Where we use or disclose your personal information for the purpose of direct marketing, we will:

  • -allow you to request not to receive direct marketing communications (also known as ‘opting-out’); and

  • -comply with your request to ‘opt-out’ of receiving further communications within a reasonable timeframe.


If you do not wish to be contacted by us, please click the unsubscribe link at the bottom of any email we send you or e-mail our Privacy Officer -


Using your information for Interest Based Advertising and Social Media Targeting 


Social media and other IT platforms offer us the possibility to connect with you via those platforms and to share content from our website and other advertising with you.  We may therefore use the personal Information that we obtain from you to maintain your personal advertising profile.  


We are only allowed to use personal information or data from customers for social media targeting if they have given us their consent to market to them. If you have given us your consent to use your personal information for marketing, we may use your personal information to create a customer list that we can use to advertise to you, or create a lookalike audience to find new people who share similar behaviours and interests as you. 


For example, to make a ‘Custom Audience’ for our use on Facebook, we would upload information about you which would include an ‘identifier’ (such as email, phone number, address) to Facebook via a CSV or TXT file.  Facebook would then create a Custom Audience or lookalike audience for us to use for marketing purposes. When we upload the customer list to Facebook (that may include your personal information) for the matching process, the information is ‘hashed’ and will be unidentifiable at an individual level. Hashing is a type of cryptographic security method that turns your identifiers into randomised code.


If you do not want your information to be used by us for the purposes of interest based advertising or social media targeting, please e-mail our Privacy Officer -



How your personal information is disclosed or shared by us


In the course of conducting our business and providing our products and services to you, we may disclose or share your personal information. We only disclose personal information for the purposes for which it was given to us, or for purposes which are directly related to one of our functions or activities.  


We do not give it to anyone else unless one of the following applies:

  • -you have consented to the disclosure;

  • -you would reasonably expect, or have been told (for example, by means of this privacy policy), that your information will be disclosed to us, our related brands, entities, business partners, affiliates or digital services; or

  • -it is otherwise required or authorised by law.


-If we engage third party agents or contractors, we will take all reasonable steps to ensure that they do not breach privacy requirements in relation to the information we share with them, before we share your personal information with them.


-We may disclose your personal information to:

  • -our employees, agents or contractors as required;

  • -our business affiliates or related entities;

  • -professional advisers (such as lawyers, accountants, auditors) to the extent that is reasonably required;

  • -advertising, marketing, social media and promotional agencies that we engage;

  • -payment systems operators and financial institutions including but not limited to Afterpay, Zip, Pay Pal and Klarna 

  • -online review platforms including;

  • -debt collectors (where legally allowed);

  • -third-party service providers that provide us with communication (e-mail) or data storage services;

  • -technology services including application, development and technical support, processing, storing, hosting and data analysis;

  • -administrative services, including mailing services, printing, archival and contact management services;

  • -third party agents or contractors with whom we contract in the ordinary course of business;

  • -organisations authorised by us to conduct promotional, research or marketing activities;

  • -where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities;

  • -when we believe in good faith that the law requires disclosure;

  • -upon lawful request from law enforcement agencies or government authorities; and/or

  • -any persons acting on your behalf including those persons nominated by you, executors, trustees and legal representatives.


In all circumstances where your personal information is disclosed, we will take reasonable steps to ensure that those third parties undertake to protect your privacy (for example, putting in place a data sharing agreement where this is reasonable and practicable).


Disclosure to overseas recipients


Your personal information may be disclosed to our related companies and affiliates in Australia and in other overseas countries.  If we do this, we will take reasonable steps to ensure that the overseas recipient does not breach the relevant privacy laws in relation to that information.


Sometimes we use third party platforms and services to process sales, provide web support, send marketing messages, deliver products or otherwise deliver information. 


Our service providers are mainly located in Australia, the United States of America and Finland. However, from time to time we may need to engage service providers in other countries. These services may also involve geographic locations which change from time to time which include data protection and processing efficiency.  Where these services are used by us, it may not be practicable for us to notify you which country your personal information may be located in. We may also be required to report to regulatory authorities, within or outside of Australia.


Your personal information may also be stored in a secure and/or encrypted form overseas (e.g. in data storage and cloud computing facilities operated by us or by third parties on our behalf). By providing us with your personal information, you are agreeing to the disclosure of your personal information to third parties operating outside of Australia. We will take all reasonable steps to ensure that any personal information we disclose overseas is handled in accordance with the law.



Business transfer clause


It is possible, moving forward, that there could be a change in our business ownership or structure (including but not limited to a merger, acquisition or sale of a portion of all or some of our assets, (including our customer databases)), or we may undertake a corporate reorganisation or other action or transfer the personal information we handle between our related brands, entities, business partners, affiliates and digital services.


In the event that this should happen, you should be aware, that when you provide your personal information (by any means, whether verbal, written or electronic) or through your use of our websites at any time, you are consenting to the future transfer of your personal information to a potential or actual new owner or successor entity so that services can be continued to be provided to you. It is possible that our loyalty program information, including your personal information, may be transferred to the new business entity as one of our assets. In such an event, we will update this policy to reflect any change in ownership or control of your personal information.


By agreeing to the terms of this privacy policy, you acknowledge that such transfer of your personal information may occur in the future, and that any new owner or successor entity can continue to handle your personal information as set forth in this privacy policy.



  1. What choices can you make about your personal information?



Customers can access their preference centre to update the number of emails received, and can subscribe and unsubscribe from emails and SMS on this site. 


You can also unsubscribe from general marketing or promotions via the ‘unsubscribe’ or ‘opt out’ button below each email, or by requesting us to do so by sending a message to our Privacy Officer - A request to opt-out may take three to five business days to take effect. 


If you remain a member of any of our loyalty clubs or membership programs, you may still receive communications related to your account, loyalty points or special officers (such as birthday discounts). Also, an opt-out request will also not stop transactional emails related to your purchases. If you would like to cancel your membership of any of our loyalty clubs or membership programs and stop receiving communications related to your account please e-mail our Privacy Officer -


If you no longer wish to receive the text messages that you had consented to previously, you can text “STOP” after receiving a message. 


If you do not want your information to be used by us for the purposes of interest based advertising or social media targeting, please e-mail our Privacy Officer -


Access or correction of your personal information


You can request access to, or correction of, the personal information we hold about you at any time. We will provide you with the information you have requested unless we are prevented by law from giving it to you.  If we are unable to give you access to the information you have requested, or make the correction you require, we will give you reasons for this decision when we respond to your request.


You will not be charged for accessing your information, although we might have to charge the reasonable cost of processing your request.  We will advise you of any fee payable before we process your request. If you believe that your personal information is not accurate, complete or up to date or you wish to request that we delete (or refrain from processing) any of your personal information that we handle, please e-mail our Privacy Officer -


Sale of personal information


We do not share your personal information directly with third parties for their own marketing purposes in exchange for monetary consideration. However, as mentioned in this policy, we do engage in Interest-Based Advertising, where we allow third parties to place cookies, pixels, and trackers on our site to provide you with personalized ads. The ‘Help’ section of your browser may tell you how to prevent your browser from accepting cookies. If you want to opt out of such advertising please advise e-mail our Privacy Officer -


  1. How we protect your personal information

We hold customer personal information, at our premises in Australia and with the assistance of our service providers.  We have a number of security controls in place, and we take all reasonable steps to ensure that your personal information is stored securely and is protected from misuse and loss or unauthorised access, modification or disclosure.


Our computer systems may be operated by us or by our service providers.  In all cases, we have rigorous information security requirements aimed at eliminating risks of unauthorised access to, and loss, misuse or wrongful alteration of, the personal information that we handle.  


Examples of these measures include:

  • -control of access to personal information through access and identity management systems (such as passwords); and

  • -our personnel are bound by and trained on internal information security policies and are required to keep personal information secure at all times.


-We have measures in place to protect your personal information including credit card information. Your credit card details are not held or processed on our website or systems and all transactions are processed through a secure payment service provider. 


-We use Eway to process local and international transactions. All transactions are processed using encrypted methods. Your credit card details are not held by us and cannot be accessed by any of our staff members. However, they may be held by our secure payment service provider.


-Data Retention Policy


-We will only keep your personal information for as long as we require it for the purposes of operating our business. However, we may also be required to keep some of your personal information for specified periods of time, for example under certain laws relating to companies, money laundering and financial reporting legislation.


  1. Privacy Officer Contact

-You can request access to the personal information we hold about you at any time, and we will provide you with that information unless we are prevented by law from giving it to you.


-If we are unable to give you access to the information you have requested, we will give you reasons for this decision when we respond to your request. You will not be charged for accessing your information, although we might have to charge the reasonable cost of processing your request, including photocopying, administration and postage. We will advise you of any fee payable before we process your request.


-If you have any queries, concerns or complaints about the manner in which your personal information has been collected or handled by us or would like to request access to or correction of the personal information we hold about you please contact e-mail our Privacy Officer -