Privacy Policy

Vendordepartment (“we”, “us”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you visit vendordepartment.world or contact us. We aim to align with the EU General Data Protection Regulation (GDPR), the UK GDPR, the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and comparable frameworks elsewhere.

1. Data controller / APP entity and contact

The data controller for GDPR purposes, and the organisation responsible under the Australian Privacy Principles, is the entity named in our Legal Information page. For privacy requests email business@vendordepartment.world or write to 41 Mcclymonts Rd, Maraylya NSW 2765, Australia.

2. Categories of data we collect

We may process:

  • Identity and contact data you submit (name, email address, message content).
  • Technical data such as browser type, device category, approximate region derived from IP address, and timestamps.
  • Cookie and similar technology data as described in our Cookie Policy.

3. Purposes and legal bases (GDPR / UK GDPR)

We process personal data for:

  • Responding to enquiries and operating the site (contractual necessity or legitimate interests in communicating with readers and securing our services).
  • Compliance with legal obligations (such as record-keeping where required).
  • Analytics or marketing activities only where you have provided consent via our cookie controls or another lawful mechanism.

4. Australian Privacy Principles (APPs)

Where the APPs apply, we take reasonable steps to:

  • Manage personal information openly and transparently (APP 1).
  • Allow anonymity or pseudonymity where lawful and practicable (APP 2).
  • Collect information only by fair means and when reasonably necessary (APPs 3–5).
  • Use and disclose information for primary and related secondary purposes, or with consent or as the Act permits (APP 6).
  • Meet direct marketing, opt-out, and sensitive information rules where relevant (APP 7).
  • Notify you about cross-border disclosures where required (APP 8).
  • Maintain quality and security, and give access and correction pathways (APPs 10–13).

For full text of the APPs, see the OAIC website. Nothing in this list limits your rights under other laws.

5. Disclosure and international transfers

We use infrastructure providers (for example hosting, email delivery, or analytics partners) that may process data in Australia, the European Economic Area, the United Kingdom, or the United States. Where data leaves your region, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms when required.

6. Retention

Contact form messages are retained for up to twenty-four months unless a longer period is needed for unresolved correspondence, legal claims, or compliance. Technical logs may be retained for up to twelve months for security monitoring. Cookie-related records follow the periods stated in the Cookie Policy.

7. Security measures

We apply administrative, technical, and organisational measures including access controls, encrypted transport (HTTPS), vendor due diligence, and staff confidentiality expectations. No online transmission is completely risk-free; please use strong passwords on your own devices.

8. Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict, or object to certain processing, and to data portability. You may withdraw consent where processing is consent-based. EU and UK residents may lodge a complaint with a supervisory authority. In Australia, you may access and correct personal information we hold under APPs 12 and 13, and complain to the Office of the Australian Information Commissioner (OAIC). Consumer-law questions may be directed as described in Consumer information (Australia). We will verify requests to protect against unauthorised disclosure.

9. Children

This site is directed to adults interested in lifestyle topics. We do not knowingly collect personal information from children without parental authority. If you believe a minor has submitted data, contact us to request deletion.

10. Notifiable Data Breaches (Australia)

If we become aware of an eligible data breach under Part IIIC of the Privacy Act 1988 (Cth), we will assess the incident, notify the OAIC and affected individuals when required, and take containment and remediation steps consistent with the OAIC’s guidance.

11. Electronic messages (Spam Act 2003)

We do not send commercial electronic messages from contact form submissions unless you have given express or inferred consent under the Spam Act 2003 (Cth) and each message includes clear sender identification and a functional unsubscribe facility where required.

12. Advertising, analytics, and measurement

We may use platforms such as Google Ads, Google Analytics, or similar services to measure traffic or deliver advertising. Those providers may process technical data subject to their own policies. Where required, we rely on consent managed through our cookie banner for non-essential cookies. Contact form contents are not uploaded to ad platforms for remarketing. If we introduce remarketing lists in future, we will update this Policy and obtain consent where Australian law requires it.

13. Updates

We may revise this Policy to reflect legal or operational changes. Material updates will be posted on this page with a new “Last updated” date.

Cookies and similar technologies help us run this site securely and, if you allow it, understand how pages are used. Australian Privacy Act requirements apply where relevant. See our Cookie Policy.

Strictly necessary

Required for security and basic site operation. Always active.

Analytics

Helps us see aggregate usage patterns.

Marketing

May be used for relevant messaging on partner platforms.