Tinker Blue Privacy Policy

We recognise the importance of protecting privacy. 

 This document explains how and why Tinker Blue ABN 96 541 412 437 (We, Us Tinker Blue) collects, uses, holds and discloses personal information (Privacy Policy). 

 Our privacy obligations 

 Tinker Blue is governed by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).  The APPs regulate how personal information is handled by Tinker Blue, and any other applicable laws in relation to the protection of privacy. 

 ‘Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable. Tinker Blue’s Privacy Policy applies to personal information collected by or held by Tinker Blue. 

 In certain circumstances the APPs may not apply to our activities such as our operations outside of Australia relating to personal information of non-Australians. 

 The types of personal information we collect and hold 

 We collect personal information from customers and clients as part of our routine activities.  We also collect personal information about our staff, contractors and suppliers, as well as the contact details of individuals who work for contractors and suppliers, and other types of professional associates and personal contacts. 

 Sensitive information 

 Tinker Blue does not intentionally collect sensitive information (as defined in the Privacy Act). If we inadvertently receive sensitive information through our website or communications, we will handle that information in accordance with the enhanced protections required by the APPs. 

 How we collect personal information 

 Information that you specifically give us 

We may ask you to provide us with certain types of personal information if you wish to obtain a particular service or product from us.  This might happen through our website (including when you create an account, place an order or subscribe to our mailing list), by calling us on the telephone, filling in an online form, or contacting us via email or social media. 

 You might also provide your personal information to us, without us directly asking for it, for example if you engage with us on social media. 

  Information that we generate ourselves 

 We maintain records of the interactions we have with you, including the products and services we have provided to you, complaints that have been made. We collect limited information about users of our websites, for diagnostic and analytic purposes. 

 ‘Cookies’, Automated technologies or interactions 

 We use cookies, web analytics tools and similar tracking technologies to track the activity on our website and online store, for purposes including customisation, marketing, analytics and improving your shopping experience.  

 Automated decision making 

 Tinker Blue does not use automated decision-making processes to make decisions that have a legal or similarly significant effect on individuals without human oversight. For more information about how we use automated tools, please contact our Privacy Officer. 

 Personal information we collect 

 You may provide us with basic information such as your name, date of birth, phone number, postal address, email address, delivery address, and payment information (such as credit or debit card details). We may also collect information about your order history, product preferences and interactions with our online store. 

 Links to other sites 

 On our website, we may provide links to third-party websites. These linked sites are not under our control, and we cannot accept responsibility for the conduct of companies linked to our website. Before providing your personal information via any other website, we advise you to examine the terms and conditions of using that website and its privacy policy. 

 How we use personal information  

 We may use your personal information for the following purposes: 

  • to process and fulfil your orders, including payment processing, shipping and delivery; 
  • to provide the products, services, information and support you have requested; 
  • to manage your online account and purchase history; 
  • to send you order confirmations, shipping notifications and other transactional communications; 

 When we disclose personal information  

 Our third-party service providers 

 The personal information of users, clients, staff, suppliers and other contacts may be held on our behalf outside Australia, including ‘in the cloud’, by our third-party service providers.  Our third-party service providers are bound by contract to only use your personal information on our behalf, under our instructions. 

 Other disclosures and transfers 

 We may also disclose your personal information to third-parties for the following purposes: 

·  if necessary to provide the product or service you have requested, including to payment processors, shipping and logistics providers, and warehouse or fulfilment partners; 

  • if otherwise permitted or required by law; or 
  • for other purposes with your consent. 

 Third-party devices and services 

 As part of our online store, we may integrate with third-party platforms and services, such as payment gateways, shipping providers, product review platforms and social media tools. These platforms and serviceshave their own terms, privacy settings and privacy policies. We do not control how these third-parties collect, use, or share your personal information. We encourage you to review any applicable third-party privacy policies for more information about how your data is handled when using such devices and associated technology platforms. 

 Use of third-party technology and AI services  

In the course of operating our online store, Tinker Blue may use third-party technology platforms to process data. This may include cloud hosting providers, e-commerce platforms, email marketing services, payment processors and analytics tools. 

 Where we use such services, we take reasonable steps to ensure that: 

  • data is processed under contractual terms that prohibit the third-party provider from using the data for its own purposes, including model training; 
  • the service provider maintains appropriate security and privacy protections; and 
  • we comply with our obligations under the APPs in relation to overseas disclosures. 

 These third-party services may be located overseas, including in the United States. Please refer to the ‘Overseas transfers of personal information’ section below for further details. 

 Overseas transfers of personal information 

 We may store, process or back up your personal information on servers that are located overseas.  

 Information may be processed through third-party service providers located overseas, including in the United States, such as cloud infrastructure and e-commerce hosting providers, payment processing platforms, email marketing services and analytics providers. For more information on third-party service providers, please contact our Privacy Officer. 

 If we are required to provide personal information to third-parties overseas, we will take such steps that are reasonable to ensure that your information is handled and stored in accordance with the APPs. 

 Important Notice: By providing your personal information to us, you expressly consent to the disclosure, transfer, storage or processing of your personal information outside of Australia. In providing this consent, you understand and acknowledge that countries outside of Australia do not always have the same privacy protection obligations as Australia in relation to personal information. We will take reasonable steps to ensure that any overseas recipient handles your information consistently with the APPs, including through contractual protections. Where the Australian Government has recognised a country as providing substantially similar privacy protections, we will take that recognition into account. In some cases, overseas recipients may not be directly bound by the Privacy Act, and the redress options available to you under the Privacy Act may not extend to those recipients. 

 If you do not agree to the transfer of your personal information outside of Australia, please either do not provide us with your personal information or contact us via the details set out at the end of this document. 

 Security of your personal information  

 We will take reasonable steps, including implementing appropriate technical and organisational security measures to protect personal information from loss, unauthorised access, use, modification or disclosure. We will take reasonable steps to ensure personal information is stored securely, not kept longer than necessary and disposed of appropriately.  We use encryption technology to ensure the secure transmission of emails. 

 As a general guide, we retain personal information for the duration of our relationship with you and for a reasonable period thereafter to comply with our legal, regulatory and contractual obligations. Specific retention periods vary depending on the type of information and the purpose for which it was collected. 

 Doxxing 

 Doxxing refers to the publication or disclosure of an individual’s personal information without consent with the intent or effect of causing harm, harassment, intimidation or distress. We will not knowingly collect, publish or facilitate the publication of personal information in a way that could lead to harm or harassment. 

 We strictly prohibit any use of our website or services to dox, expose or maliciously share another person's information. This includes sharing private or identifying information without consent, encouraging others to target a person based on shared data or uploading or linking to content designed to expose someone’s identity against their will. 

We will take all reasonable steps to remove or restrict access to any personal information that is disclosed in breach of this Privacy Policy or the Privacy Act. If you believe your personal information has been doxxed or misused in connection with our services, please contact our Privacy Officer on the details below. We may also report serious doxxing incidents to the Office of the Australian Information Commissioner (OAIC) and law enforcement as appropriate.   

Misuse of personal information 

 Under Schedule 2 of the Privacy Act, individuals have a statutory right to bring legal proceedings for serious invasions of privacy, including intrusion upon seclusion or misuse of personal information. Tinker Blue takes this obligation seriously and has implemented measures to ensure that our collection, use and handling of personal information does not constitute an invasion of privacy. If you believe your privacy has been seriously invaded in connection with our services, please contact our Privacy Officer. 

 Data Breaches 

 If we become aware of a data breach involving personal information that is likely to result in serious harm to any individual, we will comply with our obligations under the Privacy Act, including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) as required. 

 Accessing or correcting your personal information  

 You have the right to request access to the personal information that we hold about you.  Unless an exception applies, we must allow you to see the personal information we hold about you, within a reasonable time period and without unreasonable expense.  

 You also have the right to request the correction of the personal information we hold about you. We will take reasonable steps to make appropriate corrections to personal information so that it is accurate, complete and up to date.  Unless an exception applies, we must update, correct, amend or delete the personal information we hold about you within a reasonable time period.  We do not charge for making corrections. 

 You may also request that we de-identify or delete personal information that we hold about you where it is no longer necessary for the purpose for which it was collected, subject to any legal obligations that require us to retain it. 

 To seek access to, or correction or deletion of, your personal information, please contact our Privacy Officer on the details set out at the end of this Privacy Policy. 

 Updates to this Privacy Policy 

 We will review this policy regularly and we may update it from time to time. We recommend that you visit our website regularly to keep up to date with any changes. 

 To contact our Privacy Officer 

 If you have an enquiry or a complaint about the way we handle your personal information, or to seek to exercise your privacy rights in relation to the personal information we hold about you, you may contact our Privacy Officer as follows: hello@tinkerblue.com.au

 While we endeavour to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Privacy Officer, by email as above.  We will acknowledge your formal complaint within 10 working days. 

 If we do not resolve your privacy complaint to your satisfaction, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by calling them on 1300 363 992, making a complaint online at www.oaic.gov.au, or writing to them at OAIC, GPO Box 5218, Sydney NSW 2001. 

 Last Updated: June 2026 | Version 1.0