Privacy policy

Choco Sync (ABN 58 359 067 847) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and disclose your personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth).
Note: While Choco Sync may be classified as a small business under the Privacy Act and therefore exempt from certain obligations, we have voluntarily adopted this policy to demonstrate our commitment to your privacy and to comply with best practice.


1. What We Collect
We collect personal information that is reasonably necessary for the purposes of processing your orders and providing our services. The types of personal information we may collect include:
•    Your name, email address, phone number, and delivery address (collected when you place an order or contact us).
•    Payment information (processed securely by Shopify and our payment providers — we do not store your full credit card details).
•    Order history and preferences.
•    Technical data such as your IP address, browser type, device information, and browsing behaviour on our website (collected automatically via cookies and analytics tools).
•    Communications you send to us (e.g., customer support enquiries).
Providing personal information is voluntary, but if you choose not to provide certain information (such as your delivery address), we may not be able to fulfil your order.


2. How We Use Your Information
We use your personal information for the following purposes:
•    To process, fulfil, and deliver your orders.
•    To communicate with you about your orders, including dispatch and delivery updates.
•    To provide customer support and respond to enquiries.
•    To improve our website, products, and services.
•    To send you marketing communications, promotions, and updates (only with your prior consent — you may opt out at any time).
•    To comply with legal obligations.


3. Consent
By providing your personal information when placing an order or using our website, you consent to our collection and use of that information for the purposes described in this policy.
You may withdraw your consent at any time by contacting us at info@chocosync.com.au. Please note that withdrawing consent may affect our ability to provide certain services to you (e.g., order fulfilment).


4. Shopify Hosting & Payments
Our online store is hosted on the Shopify platform (Shopify Inc.). Shopify provides us with the e-commerce infrastructure to sell our products to you. Your data is stored on Shopify’s secure servers, and payment information is encrypted under PCI-DSS standards.
For more information on how Shopify handles your data, please refer to Shopify’s Privacy Policy at shopify.com/legal/privacy.


5. Third-Party Services
We may share your personal information with the following categories of third-party service providers, solely for the purpose of completing your order or improving our services:
•    Payment providers: To process your payment securely.
•    Delivery and courier partners: To ship your order to you.
•    Google Analytics: To analyse website traffic and usage patterns. Google Analytics collects anonymised data about how visitors use our site, including pages visited, time spent, and referral sources. This data is processed by Google LLC.
We do not sell, rent, or trade your personal information to any third party for marketing purposes.


6. Cross-Border Disclosure
Your personal information may be stored and processed outside of Australia by our service providers, including:
•    Shopify Inc. (servers located in the United States and Canada).
•    Google LLC (servers located in the United States and other jurisdictions globally).
Where your data is transferred overseas, we take reasonable steps to ensure that the overseas recipients handle your information in a manner consistent with the Australian Privacy Principles.


7. Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:
•    Order and transaction records are retained for a minimum of 5 years for accounting and tax compliance purposes.
•    Customer support communications are retained for 2 years after the last interaction.
•    Marketing preferences and consent records are retained until you withdraw consent or request deletion.
•    Website analytics data is retained in accordance with Google Analytics’ data retention settings (currently set to 14 months).
After the applicable retention period, personal information is securely deleted or de-identified.


8. Security
We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Our security measures include:
•    Secure Sockets Layer (SSL) encryption on our website.
•    PCI-DSS compliant payment processing through Shopify.
•    Restricted access to personal information to authorised personnel only.
However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security of your data.


9. Cookies
Our website uses cookies to enhance your browsing experience. Cookies are small text files stored on your device when you visit a website.
We use the following types of cookies:
•    Essential cookies: Required for the website to function properly, including shopping cart and checkout functionality (provided by Shopify).
•    Analytics cookies: Used by Google Analytics to collect anonymised data about website usage, helping us understand how visitors interact with our site.
You may disable or manage cookies through your browser settings. Please note that disabling essential cookies may affect the functionality of our website, including the ability to complete purchases.


10. Your Rights
Under the Australian Privacy Principles, you have the right to:
•    Access: Request access to the personal information we hold about you.
•    Correction: Request correction of any personal information that is inaccurate, out of date, incomplete, or misleading.
•    Deletion: Request deletion of your personal information, subject to our legal obligations to retain certain records.
•    Opt-out: Opt out of receiving marketing communications at any time by using the unsubscribe link in our emails or contacting us directly.
To exercise any of these rights, please contact us at info@chocosync.com.au. We will respond to your request within 30 days.


11. Complaints
If you believe we have breached the Australian Privacy Principles or have a complaint about how we have handled your personal information, please contact us at info@chocosync.com.au. We will investigate your complaint and respond within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
•    Website: www.oaic.gov.au


12. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Updated versions will be posted on this page with a revised effective date. We encourage you to review this policy periodically.
Material changes to this policy will be communicated to you via email or a prominent notice on our website.


13. Contact Us
For any questions, requests, or concerns regarding this Privacy Policy, please contact:
Email: info@chocosync.com.au

By using our website and providing your personal information, you acknowledge that you have read and understood this Privacy Policy.

Choco Sync — crafted with care, shared with intention