Privacy Policy - easesential

Privacy Policy
Last Updated: 19 August 2025

1. Who we are
This Privacy Policy describes how easesential (“easesential,” “we,” “us,” “our”) collects, uses, discloses, and safeguards personal information when you visit our websites, purchase products, or interact with us.

Business Name: easesential
ABN: 99287540221
Contact: support@easesential.com

2. The information we collect

We collect information you provide, information collected automatically, and information from third parties.

A. Information you provide

  • Identity: name, title, date of birth (if necessary), billing and shipping addresses.

  • Contact: email, phone number, social handles (if you message us).

  • Account: login credentials, preferences, saved addresses.

  • Orders & payments: order history, items purchased, payment method details (processed by our payment providers; we do not store full card numbers).

  • Communications: emails, chat messages, reviews, survey responses, warranty or support requests.

  • Health/comfort notes you voluntarily share for product fit (optional).

B. Information collected automatically

  • Device & usage: IP address, browser type, OS, device identifiers, pages viewed, links clicked, referral URLs, session timestamps.

  • Cookies & similar tech: pixels, tags, SDKs used for essential site functions, analytics, performance, personalization, and marketing (see “Cookies & tracking”).

C. Information from third parties

  • Payment processors: transaction status, fraud signals.

  • Logistics & address validators: delivery updates, corrections.

  • Marketing/ads partners and social platforms: campaign performance, audience insights (per their policies and your settings).

  • Where permitted, public databases or service providers for identity verification and fraud prevention.

3. Why we collect your information (purposes and lawful bases)

We process personal information to:

  • Provide the website, products, and services; fulfill orders; manage shipping and returns; provide support.

  • Personalize your experience (recommendations, saved preferences).

  • Communicate with you (order updates, service announcements, customer support).

  • Send marketing with your consent or as permitted by law; you can opt out anytime.

  • Improve and secure our services (analytics, debugging, fraud prevention).

  • Comply with legal obligations (tax, accounting, consumer protection) and enforce our Terms.

If GDPR/UK GDPR applies, our lawful bases include: contract performance, legitimate interests (e.g., security, personalization proportionate to your rights), consent (for certain marketing/cookies), and legal obligations.

4. Cookies & tracking technologies

We use:

  • Essential cookies: cart, checkout, session security.

  • Performance/analytics: site usage metrics, error tracking.

  • Functional: remembering preferences and settings.

  • Advertising/retargeting: to show relevant offers and measure campaigns.
    Manage cookies via our cookie banner and your browser/device settings. Some features may not function without essential cookies. If GDPR/UK GDPR applies, we will not set non‑essential cookies without your consent.

5. Payment processing
Payments are handled by PCI‑DSS compliant providers (e.g., card processors, wallets). We receive limited tokenized details and transaction confirmations. For full payment data handling, refer to the provider’s privacy terms displayed at checkout.

6. Disclosing your information

We may share personal information with:

  • Service providers/contractors: hosting, ecommerce platform, payment processing, fraud tools, email/SMS, analytics, advertising, fulfillment, warehousing, logistics, returns handling, customer support.

  • Business operations: professional advisers (legal, accounting), insurers, auditors.

  • Compliance & safety: to comply with law, court orders, or lawful requests; to protect rights, safety, and security.

  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets (information will remain subject to this policy or a substantially similar policy).
    We do not sell personal information for money. Where required (e.g., some US state laws), we may offer “opt out of targeted advertising” or “Do Not Sell/Share” mechanisms for ad tech sharing.

7. International transfers
We operate in Australia and may process data in other countries. Where required (e.g., GDPR/UK GDPR), we use appropriate safeguards (such as Standard Contractual Clauses, UK IDTA/Addendum) and implement technical/organizational measures. You may contact us for details of transfer mechanisms.

8. Data retention

We keep personal information only as long as necessary for the purposes described, including:

  • Orders and tax/accounting records: typically 5–7 years or as required by law.

  • Accounts: while active and for a reasonable period after closure to manage queries, disputes, or legal obligations.

  • Marketing: until you opt out or your consent is withdrawn, or as required by law.
    When no longer needed, we securely delete, anonymize, or de‑identify data.

9. Security

We use administrative, technical, and physical safeguards appropriate to the nature of the information, including encryption in transit, access controls, and logging. No system is 100% secure; please use a unique, strong password and keep it confidential.

10. Your choices and rights

A. Marketing preferences

  • Opt out of marketing emails via the unsubscribe link or by contacting us.

  • For SMS, reply STOP (or as instructed) to opt out.

B. Cookies

  • Manage via our cookie banner and browser/device settings; block or delete non‑essential cookies as desired.

C. Access, correction, and deletion
Under the Australian Privacy Principles, you may request access to, or correction of, your personal information. Contact us to submit a request. We may ask for verification and may refuse requests where permitted by law (we’ll explain why).

D. GDPR/UK GDPR (if applicable)
You may have rights to:

  • Access, rectification, erasure, restriction, portability, objection to processing based on legitimate interests, and withdrawal of consent.

  • Object to direct marketing at any time.
    To exercise these rights, contact us. You also have the right to lodge a complaint with a supervisory authority.

E. Other regional rights
If local privacy laws apply (e.g., Canada’s PIPEDA, Singapore’s PDPA, certain US state laws), you may have additional rights. We will honor valid requests under applicable law.

11. Children’s privacy

Our services are not directed to children under 16 (or the minimum age required by local law). We do not knowingly collect personal information from children without appropriate consent. If you believe a child has provided personal information, contact us to delete it.

12. User‑generated content (UGC) and reviews
If you submit reviews, photos, or other UGC, the content may be public. Avoid sharing sensitive personal information. We may moderate or remove content that violates our Terms.

13. Social media and third‑party links
Our site may include links or integrations to third‑party websites, apps, or platforms. Their privacy practices are governed by their policies. Review them before sharing information.

14. Do Not Track and Global Privacy Control
Some browsers send “Do Not Track” signals. There is no industry standard we currently respond to, but where required (e.g., Global Privacy Control in some jurisdictions), we will honor legally mandated signals for opt‑out of sale/sharing/targeted advertising.

15. Automated decision‑making and profiling
We may use limited profiling for fraud prevention and personalized recommendations/ads. We do not engage in solely automated decisions that produce legal or similarly significant effects without your explicit consent or as otherwise permitted by law.

16. Complaints
Australia: If you believe we have breached the Australian Privacy Principles, contact us first. We will investigate and respond. If unresolved, you may contact the Office of the Australian Information Commissioner (OAIC): oaic.gov.au.

17. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be posted on our website with an updated “Last Updated” date. Continued use of our services after changes indicates acceptance.

18. Contact us (Privacy)

Email: support@easesential.com

 

Annex A: GDPR/UK GDPR Disclosures

  • Controller: easesential, support@easesential.com

  • Legal bases: contract, legitimate interests (security, analytics, personalization proportionate to your rights), consent (non‑essential cookies/marketing), legal obligations.

  • Data categories: as listed in Section 2.

  • Recipients: service providers, payment processors, logistics, professional advisers, ad/analytics partners as described.

  • International transfers: Standard Contractual Clauses or UK Addendum; copies available upon request (redacted where necessary).

  • Retention: as per Section 8.

  • Rights: access, rectification, erasure, restriction, portability, objection, withdraw consent; lodge complaints with your supervisory authority.

  • Automated decision‑making: not used to make decisions with legal or similarly significant effects without appropriate safeguards.

Annex B: Cookies Summary (example categories; align to your banner)

  • Essential (always on): session ID, cart, checkout, security.

  • Analytics: Google Analytics/other—page views, performance metrics.

  • Functional: language, currency, preferences.

  • Advertising: retargeting pixels, conversion tags (list major partners).
    Provide a link to a granular cookie list and consent settings page.

Annex C: Direct Marketing & Spam (Australia)

  • We comply with the Spam Act 2003 (Cth). We send commercial electronic messages only with consent (express or inferred), include clear sender identification, and provide a functional unsubscribe facility.