Privacy policy

PRIVACY POLICY

Last Updated: 24 June 2026

100% Collective Foundation Ltd ("100% Collective", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, hold, and disclose your personal information when you visit our website, utilize our online store, interact with our social media channels, or engage with our services (collectively, the "Services").

We manage your personal information in strict accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and applicable state privacy legislations.

1. Personal Information We Collect

We collect information that can uniquely identify an individual ("Personal Information"). This includes:

• Order & Contact Information: Your name, billing address, shipping address, email address, and phone number provided during a purchase or inquiry.
• Device & Interaction Information: Automatically collected data including your IP address, web browser version, time zone, search terms, cookie data, and how you interact with our website.
• Payment Information: Credit card or direct gateway details. Note: Payment data is securely encrypted and processed by third-party processors; we do not store full credit card numbers on our servers.
• Customer Support & Communications: Any details, feedback, or survey responses you provide during direct communications or support inquiries.

We collect this information directly from you when you interact with our store, and automatically via cookies, log files, web beacons, tags, or pixels as you navigate the site.

2. How We Use Your Information

We use your Personal Information to deliver our social enterprise services and optimize your experience. This includes:

• Fulfilling, shipping, and tracking your product orders.
• Processing secure payments and providing invoices or order confirmations.
• Screening orders for potential risk or fraud to protect our community.
• Communicating with you regarding customer support, updates, or account inquiries.
• With your explicit consent, sending you marketing materials, promotional updates, or information regarding our charitable impact.
• Conducting website analytics to improve functionality, business development, and user experience.

3. Disclosure of Personal Information

In general, we only disclose your information to third parties to the extent necessary to perform their specific services for us. We share your information with:

• E-commerce & Logistics Providers: Platforms powering our store (such as Shopify), payment gateways, and freight/fulfillment partners required to deliver your orders.
• Analytics & Marketing Partners: Tools like Google Analytics and social media advertising channels (e.g., Facebook) to understand site traffic and deliver relevant communications.
• Legal Requirements: Courts, regulators, or government authorities where required by law or to protect our legal rights.

Cross-Border Disclosures: Some third-party service providers (such as Shopify or global payment processors) operate or store data outside Australia. By completing a transaction, you acknowledge that your information may become subject to the jurisdiction and laws of the regions where those service providers or their facilities are located.

4. Shopify Platform & Security

Our store is hosted on Shopify Inc., which provides the online e-commerce platform allowing us to sell our products to you.

• Data Storage: Your data is stored through Shopify’s secure data storage, databases, and general applications behind a firewall.
• Payment Security: Direct payment gateways adhere to the standards set by the Payment Card Industry Data Security Standard (PCI-DSS). Credit card data is encrypted using Secure Sockets Layer technology (SSL) and stored with AES-256 encryption. Transaction data is only retained as long as necessary to complete the purchase.
• Automated Decision-Making: Shopify uses limited automated decision-making (such as temporarily denylisting IP addresses or credit cards associated with repeated failed transactions) strictly to prevent fraud. This does not have a legal or significant effect on legitimate customers.

5. Cookies & Behavioural Advertising

We use cookies, pixel tags, and web beacons to enhance your browsing experience, remember your preferences, and tailor our marketing.

Essential Shopify Cookies

• _session_id / _secure_session_id: Sessional tokens to handle navigation and store browsing sessions.
• cart / cart_sig / cart_ts / checkout_token: Persistent tokens to store cart contents and manage checkout.
• storefront_digest: Unique token used to manage customer login and storefront access restrictions.

Analytics & Marketing Cookies

• _shopify_visit / _shopify_uniq / _s / _y: Used by internal analytics to track visit counts and session behaviors.
• PREF / _tracking_consent: Set by Google and Shopify to map traffic sources and record tracking consent choices.

Managing Your Preferences

You can control, block, or delete cookies through your web browser controls (usually under "Tools" or "Preferences"). Please note that disabling cookies may impact your user experience and prevent certain parts of our checkout from functioning correctly.

To opt-out of targeted advertising or analytics tracking, you can visit the following management portals:

• Google Analytics Opt-Out: tools.google.com/dlpage/gaoptout
• Facebook Ad Settings: facebook.com/settings/?tab=ads
• Digital Advertising Alliance Portal: optout.aboutads.info

Because there is no consistent industry framework, we do not alter our data collection practices upon detecting a browser-based "Do Not Track" signal.

6. Data Retention, Security & Minors

• Retention: We retain your order information for our operational and financial records unless and until you ask us to delete this information.
• Security: We follow industry best practices and implement physical, electronic, and administrative safeguards to prevent the loss, misuse, or alteration of your personal data. However, no transmission over the internet is 100% secure, and information provided online is transmitted at your own risk.
• Minors: We do not intentionally collect Personal Information from individuals under the age of eighteen. If you are a parent or guardian and believe your child has provided us with Personal Information, please contact us immediately to request deletion.

7. Your Rights and Choices

Under Australian Privacy Law, you have specific rights regarding your personal data:

• Access & Correction: You have the right to request a copy of the personal information we hold about you, or to ask us to correct or amend inaccurate details.
• Marketing Opt-Out: You can withdraw your consent or opt out of receiving promotional emails at any time by clicking the "unsubscribe" link in our emails or contacting us directly.
• Erasure: You may request that we delete or restrict your personal data, subject to our ongoing legal, tax, or regulatory bookkeeping requirements.

8. Changes to This Policy

We reserve the right to modify this privacy policy at any time to reflect operational, legal, or regulatory changes. Changes will take effect immediately upon being posted to our website. Your continued use of our Services after updates are published indicates your acceptance of the revised policy.

9. Contact & Complaints

If you would like to access, correct, or delete your personal information, register a privacy complaint, or ask a question regarding our privacy practices, please contact our Privacy Officer:

• Entity: 100% Collective Foundation Ltd
• Email: gday@100lc.org.au

If you lodge a complaint, we will investigate and respond to you in writing within a reasonable timeframe. If you remain unsatisfied with our response, you have the right to escalate your complaint to the Office of the Australian Information Commissioner (OAIC) via www.oaic.gov.au