This Privacy Policy applies to all personal information collected by SUPPLEMENT SUPERSTORE PTY LTD (ACN 689 411 407) (we, us or our) via the website located at https://supplementsuperstore.com.au/ (Website), and through the related services, accounts and programs we offer, including The Vault loyalty program (The Vault), the Ambassador Program, and the Campus Impact Circle student program (together, our Programs). By using the Website or participating in any of our Programs, you agree to the collection, use and disclosure of your personal information in accordance with this Privacy Policy.

1. What information do we collect

The kind of personal information we collect from you will depend on how you use the Website and which of our Programs you take part in. As an online supplement retailer, the personal information we collect and hold about you may include:

1. your full name, email address, phone number and, where relevant, company name and position;
2. your postal address, delivery address and billing address;
3. your date of birth, where you choose to provide it (for example, to receive birthday rewards);
4. your account login details and communication and marketing preferences;
5. your order history, purchases, subscriptions, product reviews and enquiry details;
6. payment and billing information (which is processed by our payment providers, not stored in full by us);
7. your IP address, device information, and browsing behaviour and Website usage data; and
8. any other information you voluntarily provide through contact forms, account registration, reviews, competitions, or participation in our Programs.

We collect this information to sell and deliver our products, operate your account and our Programs, respond to enquiries, process transactions, improve the Website, send you marketing where permitted, and comply with our legal and regulatory obligations.

2. Information we collect through The Vault loyalty program

Every Supplement Superstore account is automatically enrolled in The Vault. In connection with The Vault, in addition to the information above, we collect and hold:

1. your points balance, annual spend total, tier status (such as Silver, Gold or Platinum) and the history of how your points were earned and maintained;
2. your purchase, subscription and order history used to calculate points and tier progression;
3. product reviews, ratings and feedback you submit to earn points;
4. your date of birth, where provided, so we can award birthday points and rewards;
5. progress photos, images and other content you upload (for example, to earn progress-upload points). These may reveal information about your body, fitness or health and may constitute Sensitive Information, which we collect only with your consent and handle in accordance with clause 4;
6. referral information, including details of friends or other people you refer or sponsor into the Program. You must only provide another person's details where you are authorised to do so and have their consent; and
7. your participation in challenges, missions, giveaways and competitions, including entries and any content you submit as part of them.

3. Information we collect through the Ambassador Program and Campus Impact Circle

If you apply for or participate in our Ambassador Program or the Campus Impact Circle student program, we collect and hold the following additional information:

1. your application details and the information needed to assess your eligibility, which for the Campus Impact Circle may include evidence that you are an enrolled student;
2. your social media handles, profile links, platforms, audience and engagement information, and the promotional content you create about our products;
3. your unique discount code and tracking link, and the sales, clicks, conversions, performance and analytics generated through them;
4. the payment details you provide to receive commission and bonuses, such as your PayPal account or bank account details;
5. your taxation information, including your Australian Business Number (ABN) and any tax invoices, where applicable; and
6. your communications with us in connection with the Program.

4. Types of information

The Privacy Act 1988 (Cth) (Privacy Act) defines types of information, including Personal Information and Sensitive Information.

Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

1. whether the information or opinion is true or not; and
2. whether the information or opinion is recorded in a material form or not.

If the information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as Personal Information and will not be subject to this Privacy Policy.

Sensitive Information is defined in the Privacy Act as including information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information. Progress photos and similar content you upload to our Programs may contain health or body-related information that is Sensitive Information. Sensitive Information will be used by us only:

1. for the primary purpose for which it was obtained;
2. for a secondary purpose that is directly related to the primary purpose; and
3. with your consent or where required or authorised by law.

5. How we collect your Personal Information

1. We may collect Personal Information from you whenever you input such information into the Website, a related app, your account, a Program dashboard, or provide it to us in any other way.
2. We may collect information automatically through cookies, analytics tools, and the discount codes and tracking links used in our Programs, which enable us to recognise you, attribute sales, and customise your experience. As a general rule it is not possible to identify you personally from our use of cookies alone.
3. We may receive information from third parties, such as our loyalty and affiliate platform providers, payment providers, social media platforms, and people who refer you into a Program. Where we receive information about you from a third party, we will take reasonable steps to make you aware of that fact.
4. We generally don't collect Sensitive Information unless you provide it (for example, through progress uploads), and when we do we comply with clause 4.

6. Purpose of collection

1. We collect Personal Information to sell and deliver our products, provide the best possible service experience, operate your account and our Programs, and keep in touch with you about developments in our business.
2. We use Program information to administer The Vault, the Ambassador Program and the Campus Impact Circle, including to calculate and award points and tier status, verify eligibility, track sales and attribution, calculate and pay commission and bonuses, run giveaways and challenges, and provide rewards.
3. We disclose Personal Information to service providers who assist us in operating the Website and our Programs. Your Personal Information may also be exposed from time to time to maintenance and support personnel acting in the normal course of their duties.
4. By using our Website, you consent to the receipt of direct marketing material. We will only use your Personal Information for this purpose where we have collected it directly from you and where it is material of a type you would reasonably expect to receive from us. We do not use Sensitive Information in direct marketing. Our direct marketing material includes a simple means by which you can opt out, such as an unsubscribe link.

7. Disclosure to third parties and service providers

We customarily disclose Personal Information only to service providers who assist us in operating the Website and our Programs. Depending on how you use the Website and our Programs, these may include:

1. our e-commerce, hosting and website platform providers;
2. payment gateway providers (such as Stripe and PayPal) who process payments and ambassador payouts;
3. our loyalty program and affiliate/ambassador tracking platform providers;
4. shipping, fulfilment and logistics providers;
5. analytics, marketing, email and communications providers; and
6. professional advisers, and regulators or authorities where required or authorised by law.

We do not sell your Personal Information. We require our service providers to handle your Personal Information consistently with this Privacy Policy and applicable law.

8. Security, access and correction

1. We store your Personal Information in a way that reasonably protects it from unauthorised access, misuse, modification or disclosure. When we no longer require your Personal Information for the purpose for which we obtained it, we will take reasonable steps to destroy, anonymise or de-identify it. Most Personal Information stored in our customer files and records will be kept for a maximum of 7 years to fulfil our record-keeping obligations.
2. The Australian Privacy Principles permit you to obtain access to the Personal Information we hold about you in certain circumstances (Australian Privacy Principle 12), and allow you to correct inaccurate Personal Information subject to certain exceptions (Australian Privacy Principle 13).
3. Where you would like to obtain such access, please contact us in writing using the contact details set out at the bottom of this Privacy Policy.

9. Cookies and analytics

We use cookies and similar technologies to make the Website work, understand how you use it, personalise what you see, and measure the performance of our Programs and marketing. You can accept all cookies, decline non-essential cookies, or choose which cookies you share, and you can change your choice at any time using the controls in the Website footer. Disabling some cookies may affect how the Website functions.

10. Complaint procedure

If you have a complaint concerning the manner in which we maintain the privacy of your Personal Information, please contact us using the contact details set out at the bottom of this policy. All complaints will be considered by Thomas Corbelli and we may seek further information from you to clarify your concerns. If we agree that your complaint is well founded, we will, in consultation with you, take appropriate steps to rectify the problem. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner.

11. Overseas transfer

Some of our service providers (for example, e-commerce, hosting, payment and analytics providers) may store or process Personal Information outside Australia. Where we disclose Personal Information to an overseas recipient, we will take reasonable steps to ensure it is handled consistently with the Australian Privacy Principles, except to the extent that you expressly request a transfer to an overseas recipient, in which case that recipient may not be required to comply with the Australian Privacy Principles and we will not be liable for any mishandling of your information in those circumstances.

12. GDPR

In some circumstances, the European Union General Data Protection Regulation (GDPR) provides additional protection to individuals located in Europe. The fact that you may be located in Europe does not, however, on its own entitle you to protection under the GDPR. Our Website does not specifically target customers located in the European Union and we do not monitor the behaviour of individuals in the European Union, and accordingly the GDPR does not apply.

13. How to contact us about privacy

If you have any queries, if you seek access to your Personal Information, or if you have a complaint about our privacy practices, you can contact us through: contact@supplementsuperstore.com.au.