Privacy policy

Privacy Policy

Last updated: 2 Jun 2026

1. About this policy

This Privacy Policy explains how always on (ALWAYS ON GROUP PTY LTD, ABN 45 693 935 554) collects, uses, holds, and discloses your personal information when you visit getalwayson.com.au, purchase our products, or otherwise interact with us (the "Services").

We are bound by the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If you reside outside Australia, additional laws may apply to our handling of your personal information, and we will comply with those where they apply.

By using the Services, you agree to the handling of your personal information as described in this policy.

2. The personal information we collect

We collect the following categories of personal information, depending on how you interact with us:

• Contact details: name, email, phone number, shipping and billing address.
• Account information: username, password, account preferences and settings.
• Order and transaction information: items you view, add to cart, purchase, return, exchange, or cancel; subscription status; order history.
• Payment information: credit and debit card details, transaction details, and payment confirmations. We do not store full payment card details — these are processed by Shopify Payments (or other authorised payment processors) on our behalf.
• Communications: the content of any emails, support tickets, reviews, or other messages you send to us.
• Device and technical information: IP address, device identifiers, browser type and version, operating system, and similar identifiers.
• Usage information: how you interact with the Services, including pages visited, items viewed, links clicked, and referral sources.

We also collect information you choose to share through reviews, surveys, social media interactions, or customer service conversations.

3. Sensitive information

Health information is "sensitive information" under the Privacy Act and is given heightened protection. We do not solicit sensitive information from you, and we ask that you avoid sharing health-related details in reviews or general correspondence unless necessary.

If you do share sensitive information with us — for example, in the context of a customer service inquiry — we will handle it only for the specific purpose you provided it, with your consent, and consistent with APP 3.

4. How we collect personal information

We collect personal information:

• Directly from you — when you create an account, place an order, subscribe to our email or SMS lists, submit a review, contact us, or otherwise engage with the Services.
• Automatically — through your device when you visit the Services, including via cookies, pixels, server logs, and similar technologies (see Section 9).
• From our service providers — including Shopify, payment processors, fulfilment partners, and analytics providers who collect or process information on our behalf.
• From our marketing and advertising partners — including Meta, Google, and Klaviyo, which may provide us with aggregated or attributed information about how you interact with our advertising.

5. How we use personal information

We use personal information for the following purposes:

• To provide the Services — processing orders, managing subscriptions, fulfilling shipments, handling returns, providing customer support, and managing your account.
• To improve our products and Services — analysing how customers use the Services and refining features, ranges, or content accordingly.
• For marketing and advertising — sending you electronic marketing communications, retargeting you on third-party platforms, and personalising the content and offers you see, where permitted.
• To communicate with you — responding to enquiries, sending transactional notifications (order confirmations, shipping updates), and sending subscription reminders.
• For security and fraud prevention — authenticating accounts, preventing fraudulent transactions, and protecting the Services and our customers.
• To comply with legal obligations — responding to lawful requests, complying with tax and consumer protection law, and exercising or defending legal claims.

6. How we disclose personal information

We disclose personal information to the following categories of recipients:

• Shopify, which hosts our Services and processes data on our behalf.
• Payment processors, including Shopify Payments, to process transactions.
• Subscription management platform, Recharge, to process subscription orders, recurring billing, and customer self-service.
• Fulfilment and shipping partners, to deliver your orders.
• Email and SMS platforms, including Klaviyo, to send marketing and transactional communications.
• Advertising platforms, including Meta (Facebook and Instagram) and Google, to deliver and measure advertising.
• Reviews platform, currently Judge.me, to collect and display product reviews.
• Analytics providers, to measure and analyse use of the Services.
• Professional advisors, including lawyers, accountants, and auditors, where reasonably required.
• Government bodies, regulators, and law enforcement, where required or authorised by law.
• Acquirers or successors, in the event of a merger, acquisition, or sale of business assets.

We do not sell your personal information.

7. Shopify and cross-merchant features

Our Services are hosted by Shopify, which processes personal information on our behalf and uses certain enhanced features that involve data from your interactions with our store, other Shopify merchants, and Shopify itself. Where Shopify uses your personal information for these enhanced features, Shopify is responsible for that processing, including for responding to requests to exercise your rights over that use.

To learn more, see the Shopify Consumer Privacy Policy at privacy.shopify.com/en. You may also exercise certain rights with respect to data Shopify processes through the Shopify Privacy Portal.

8. Overseas disclosures

Several of our service providers are based outside Australia. As a result, your personal information is likely to be disclosed to overseas recipients, primarily in the United States — including Shopify, Recharge, Klaviyo, Meta, and Google, all of which have US-based infrastructure. Some service providers may also process data in Canada, Ireland, or other jurisdictions in which they operate.

Where we disclose personal information to overseas recipients, we take reasonable steps to ensure they handle it consistently with the APPs, including through contractual protections. Under APP 8.1, we remain accountable for the handling of your personal information by overseas recipients we disclose it to, unless an exception applies.

9. Cookies and tracking technologies

We use cookies, pixels, and similar technologies to operate the Services, understand how customers use them, and deliver relevant advertising. The categories of cookies we use include:

• Strictly necessary — required for the Services to function (e.g. cart, checkout, account login).
• Functional — remember your preferences and settings.
• Analytics — measure and analyse use of the Services.
• Advertising and marketing — deliver and measure advertising on third-party platforms, including the Meta Pixel, Klaviyo web tracking, and Google advertising and conversion tracking.

You can manage cookies through your browser settings, opt out of personalised advertising through industry tools such as the Digital Advertising Alliance of Australia (youronlinechoices.com.au) and the Network Advertising Initiative (optout.networkadvertising.org), and opt out of Google Analytics using Google's opt-out browser add-on.

10. Marketing communications

We may send you marketing communications by email or SMS, in accordance with the Spam Act 2003 (Cth). Every commercial electronic message we send includes a clear unsubscribe option. For SMS, reply STOP to any message to unsubscribe.

We action unsubscribe requests within 5 business days. After you unsubscribe, you may continue to receive transactional messages relating to your orders, subscriptions, or account.

11. Data security

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. These include technical, physical, and administrative measures appropriate to the nature of the information.

No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a data breach that is likely to result in serious harm, we will comply with our obligations under the Notifiable Data Breaches scheme — including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) as required.

12. Data retention

We retain personal information only for as long as necessary for the purposes set out in this policy, or as required by law. Indicative retention periods are:

• Account information — for the duration of your account and 7 years thereafter, to comply with tax and consumer protection obligations.
• Order and transaction records — at least 7 years, in line with ATO record-keeping requirements.
• Marketing data — until you unsubscribe or otherwise opt out, plus a short period to give effect to your request.
• Customer support records — up to 3 years from the date of last contact.
• Cookies and tracking data — varies by cookie type, typically between session expiry and 24 months.

When personal information is no longer required, we securely delete, destroy, or de-identify it.

13. Your rights

Under the Privacy Act, you have the right to:

• Access the personal information we hold about you.
• Correct personal information that is inaccurate, incomplete, or out of date.
• Complain about how we have handled your personal information.

To exercise these rights, contact us using the details in Section 17. We may need to verify your identity before responding — typically by confirming details on file or, where necessary, requesting government-issued identification.

We will respond to your request within a reasonable period, generally within 30 days. There is no fee for making a request, although we may charge a reasonable cost-recovery fee for providing access in certain cases.

If you reside outside Australia, you may have additional rights under your local law (such as deletion, portability, or restriction). We will comply with these where they apply.

14. Complaints

If you believe we have breached the APPs or otherwise mishandled your personal information, please contact us first using the details in Section 17. We take complaints seriously and will respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner:

• Website: oaic.gov.au
• Phone: 1300 363 992
• Mail: GPO Box 5288, Sydney NSW 2001

15. Children's information

The Services are intended for users aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

16. Third-party links and platforms

The Services may contain links to third-party websites, applications, or platforms not operated by us. We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy policies of any third-party services you use.

17. Contact us

For any questions about this Privacy Policy, or to exercise your rights, contact us at:

• Email: support@getalwayson.com.au
• Address: Suite 329/98–100 Elizabeth Street, Melbourne VIC 3000

18. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, where the changes are material, take additional steps to notify you (for example, by email or through a notice on the Services). The most current version always governs how we handle your personal information.