Privacy Policy

Last Updated: 3/3/25

1. Introduction

1.1 Purpose
This Privacy Policy describes how we (“we,” “us,” or “our”) collect, use, and disclose your Personal Information when you visit or make a purchase from our website (the “Site”) or otherwise interact with our services (collectively, the “Services”).

1.2 Legal Framework
We are committed to complying with the Australian Privacy Act 1988 (Cth) (“Privacy Act”) and, to the extent applicable, the European Union General Data Protection Regulation (GDPR). By using our Site, you consent to the practices described in this Privacy Policy.

1.3 Definitions

  • Personal Information” refers to any information that can identify you, or be reasonably used to identify you, including your name, email address, shipping address, phone number, payment details, and other contact or demographic information.
  • Controller” (under GDPR) means a natural or legal person (in this case, us) that determines the purposes and means of the processing of Personal Information.

2. Personal Information We Collect

2.1 Information You Provide Directly
We collect Personal Information that you voluntarily provide to us when you:

  • Create an account or place an order: This includes your name, billing address, shipping address, payment information (credit card details, PayPal ID), email address, and phone number.
  • Send or receive a gift: If you send a gift to someone else, we collect the recipient’s name, address, and related delivery instructions.
  • Communicate with us: This includes information you provide when you contact us via email, phone, or social media, or when you respond to surveys or marketing communications.

2.2 Information Collected Automatically
When you browse our Site, we automatically receive and collect technical information, including:

  • Device and browser information: IP address, browser type, operating system, referral URLs, time zone settings.
  • Usage data: Pages viewed, links clicked, time spent on pages, and other statistics.
  • Cookies and similar technologies: As described in detail in Section 9 of this Policy.

2.3 Information from Third Parties
We may receive Personal Information from:

  • Shopify: Our e-commerce platform host.
  • Payment processors: For example, details confirming payment or non-payment.
  • Analytics and advertising partners: Such as Google Analytics or Facebook, which provide information about your online interactions and preferences.

3. How We Obtain and Use Consent

3.1 Consent to Collect and Use
By providing us with your Personal Information to complete a transaction, verify your credit card, place an order, or arrange for a delivery, you imply that you consent to our collecting and using it for that specific purpose. If we request Personal Information for a secondary purpose (e.g., marketing), we will either ask you directly for expressed consent or provide an opportunity to opt out.

3.2 Withdrawing Consent
If you change your mind after opting in, you can withdraw your consent for us to contact you, or for the continued collection, use, or disclosure of your information, at any time. Simply contact us using the details in Section 15, or use the “unsubscribe” link in our marketing emails.

4. How We Use Personal Information

We collect, hold, use, and disclose Personal Information for the following purposes:

  1. Fulfilling Orders and Providing Services

    • Processing payments, shipping orders, and sending confirmations or receipts.
    • Managing delivery logistics and customer service inquiries.

  2. Communicating with You

    • Responding to queries, feedback, or complaints.
    • Providing updates about orders, shipping, or changes to our policies.

  3. Marketing and Advertising

    • Sending promotional emails (if you have opted in), news about new products, special offers, or other information we think may interest you.
    • Delivering targeted advertising on our Site or via third-party sites.

  4. Analytics and Improvement

    • Monitoring and analysing usage patterns to improve our Site, products, and services.
    • Performing market research, customer satisfaction analysis, and service development.

  5. Legal and Compliance

    • Complying with applicable laws, regulations, or legal requests.
    • Protecting our rights, property, or safety, and enforcing our Terms of Service or other agreements.

5. Disclosure of Personal Information

We may disclose your Personal Information in the following circumstances:

  1. Shopify
    Our Site is hosted on Shopify Inc. They provide the online e-commerce platform allowing us to sell our products. Your data is stored through Shopify’s data storage, databases, and the general Shopify application. For more details, refer to Shopify’s Privacy Policy.

  2. Third-Party Service Providers
    We engage certain trusted third parties to perform functions and provide services to us, such as:

    • Payment gateways and payment processors (e.g., credit card transaction processing).
    • Shipping and delivery companies.
    • Email marketing and analytics platforms (e.g., Klaviyo, Google Analytics).
    • IT and security service providers.
      These third parties have access to Personal Information only to the extent needed to perform their services, and they are contractually obligated to protect and use it only for the purposes we specify.

  3. Legal Requirements
    We may disclose Personal Information if required by law (e.g., to comply with a subpoena, court order, or legal process) or if you violate our Terms of Service, or to establish or exercise our legal rights or defend against legal claims.

  4. Business Transactions
    In the event of a merger, acquisition, or asset sale, your Personal Information may be transferred to the new entity so that we or they can continue to offer services to you.

  5. Consent
    We may disclose your information to other third parties when we have your explicit consent.

6. Shopify and Payment Details

6.1 Shopify Hosting
As noted, our store is hosted by Shopify Inc., which provides the online e-commerce platform. Your data is stored on secure servers behind a firewall. Shopify adheres to the Payment Card Industry Data Security Standard (PCI-DSS) to ensure credit card details are handled securely.

6.2 Payment Gateways
If you use a direct payment gateway to complete your purchase, Shopify stores your credit card data in encrypted form. Your transaction data is retained only as long as necessary to complete the transaction, after which it is deleted.

6.3 PCI-DSS Compliance
All direct payment gateways comply with the standards set by PCI-DSS as managed by the PCI Security Standards Council—a joint effort of brands such as Visa, MasterCard, American Express, and Discover—to ensure secure handling of credit card information.

7. Third-Party Services and Links

7.1 Scope of Third-Party Services
Certain third-party service providers (such as payment processors) have their own privacy policies governing the information we are required to provide to them for purchase-related transactions. We recommend you review their privacy policies to understand how they handle your Personal Information.

7.2 International Data Transfers
Some third-party providers may be located in, or have facilities located in, a different jurisdiction. In such cases, your Personal Information may become subject to the laws of the jurisdiction(s) in which the provider or its facilities are located.

7.3 Leaving Our Site
Once you leave our store’s website or are redirected to a third-party website or application, this Privacy Policy no longer applies. We are not responsible for the privacy practices of other websites and encourage you to review their privacy policies.

8. Security Measures

8.1 Safeguards
We take reasonable precautions and follow industry best practices to protect your Personal Information from unauthorised access, misuse, alteration, or destruction. This includes:

  • Secure Socket Layer (SSL) encryption for payment transactions.
  • AES-256 encryption for stored credit card information.
  • Restricted access to Personal Information and training for our employees.

8.2 No Absolute Guarantee
While we strive to protect all data transmitted via the Internet or stored in our systems, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your Personal Information.

9. Cookies and Similar Technologies

9.1 What Are Cookies?
Cookies are small text files stored on your device that allow us or a third party to recognise you and optimise your experience. We also use similar technologies like web beacons, tags, or pixels for analytics, marketing, and functionality.

9.2 Types of Cookies We Use

  • Session cookies: Temporary cookies that remain in your browser until you leave our Site.
  • Persistent cookies: Remain on your device for a set period or until you delete them.
  • Analytics cookies: For analysing website usage, e.g., through Google Analytics.
  • Advertising cookies: For delivering relevant ads and marketing campaigns.

9.3 Examples of Cookies

  • _session_id (Shopify): Stores session information (referrer, landing page, etc.).
  • _shopify_visit: Records the number of visits.
  • _shopify_uniq: Counts the number of visits to a store by a single customer.
  • cart: Stores information about the contents of your cart.
  • _secure_session_id: Unique token for secure session handling.
  • storefront_digest: Determines if the current visitor has access to the store.

9.4 Managing Cookies
Most browsers automatically accept cookies, but you can modify your browser settings to decline cookies or alert you before accepting them. However, disabling cookies may affect your ability to use certain features of our Site.

10. Age of Consent

By using this Site, you represent that you are at least the age of majority in your state, province, or country of residence, or that you are the age of majority in your jurisdiction and you have given us your consent to allow any of your minor dependents to use this Site.

11. Your Rights (GDPR and Australian Privacy Principles)

If you are located in Australia, the EU, or certain other jurisdictions, you may have specific legal rights regarding your Personal Information, including:

  1. Access: Request details of Personal Information that we hold about you.
  2. Correction: Correct or update any Personal Information that is inaccurate or incomplete.
  3. Erasure (“Right to be Forgotten”): Request deletion of your Personal Information in certain circumstances.
  4. Restriction of Processing: Request restriction of processing if there is a dispute about the accuracy or processing of your information.
  5. Data Portability: Obtain a copy of your Personal Information in a commonly used and machine-readable format.
  6. Objection to Processing: Object to processing of your Personal Information where we rely on our legitimate interests.
  7. Complaint to Regulators: You have the right to lodge a complaint with a relevant supervisory authority (e.g., the Office of the Australian Information Commissioner).

12. Retention of Personal Information

We retain Personal Information for as long as necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. Once we no longer have a legitimate business need to process your Personal Information, we will either delete or anonymise it.

13. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time, so please review it frequently. Changes will take effect immediately upon posting on the Site. If we make material changes, we will notify you here or via email so you are aware of what information we collect, how we use it, and under what circumstances we disclose it.

If our business is acquired or merged with another company, your information may be transferred to the new owners so we can continue to sell products to you.

14. Violations of Terms of Service

We may disclose your Personal Information if you violate our Terms of Service, to the extent such disclosure is necessary to protect our legal rights, property, or operations, or to ensure the safety and security of our users or others.

15. Questions and Contact Information

If you would like to:

  • Access, correct, amend, or delete any Personal Information we have about you;
  • Register a complaint; or
  • Simply want more information;

please contact our Privacy Compliance Officer at:

Kate Hill Flowers Attn: Privacy Compliance Officer 440 City Road, Southbank, Victoria, Australia Email: privacy@katehillflowers.com.au

You may also contact us by mail at:

Re: Privacy Compliance Officer Kate Hill Flowers, 440 City Road, Southbank, Victoria, Australia


By using our Site, you acknowledge that you have read and understood this Privacy Policy. If you have any questions, please do not hesitate to contact us.