Age Verification & Responsible Sales Policy

Your Privacy & Safety Matter

Age Verification & Responsible Sales Policy

The Premium Shisha · JAI SAMADHI PTY LTD (ABN: 56 693 253 940)

Effective 4 March 2026 · Version 2.1

Shop The Premium Shisha → Visit Our Store
💡

Why do we ask for your ID? Australian law requires us to verify that customers purchasing age-restricted products are 18 or over. We only ask for ID when you order shisha flavours (our age-restricted category) or when your payment is flagged for additional security review. Everything else in our store can be purchased without verification. We take your privacy seriously — here’s exactly how the process works.

🔐

When Is ID Verification Triggered?

We sell two categories of products: shisha flavours (age-restricted) and everything else (accessories, charcoal, etc. — no ID required). ID verification is automatically triggered when:

  • Your order contains shisha flavours (our age-restricted product category)
  • Your payment processor flags the order as medium or high risk for fraud review

If you’re only ordering non-restricted products (accessories, charcoal, etc.), you won’t be asked for ID unless a fraud flag is raised.

🔐

How ID Verification Works

The process is quick, secure, and you only need to do it once:

1
Upload Your ID
Take a photo of your driver licence, passport, or proof-of-age card.
2
Instant Secure Check
Our verified partner (Real ID by Verdict) confirms you’re 18+ — not us directly.
3
Verified For Good
Your account is marked as verified. Future orders won’t require ID again.
🔄

One-time verification: Once your account (email address) is verified, you won’t need to verify again on future orders. Your verification status stays linked to your account.

📄

Can I Use an Expired ID?

Yes. We accept expired identification documents. Our verification is solely to confirm your date of birth and that you are over 18 — we are not verifying whether your ID is currently valid for other purposes. So if your licence or passport has recently expired, it will still be accepted.

👁️

What We See vs. What We Don’t

Your actual ID photo and personal details are not stored on our website or Shopify store. Here’s the breakdown:

  • We see: a pass or fail verification status
  • We see: a secure token reference (not your ID details)
  • We see: your name and date of birth for order processing only
  • We do NOT store your ID photo on our systems
  • We do NOT see your licence number, address from your ID, or other sensitive fields
  • We do NOT sell, rent, or share your data with advertisers or third parties
☁️

Where Is My Data Stored?

Your ID image and extracted details are handled by Real ID (Verdict), a trusted third-party verification provider. They store data on Amazon Web Services (AWS) with bank-grade security:

  • Encrypted in transit using TLS (the same technology banks use)
  • Encrypted at rest using AES-256 (military-grade encryption)
  • Stored in Real ID’s secure cloud — never on our Shopify store
  • Automatically deleted based on a configurable retention period
🌏

Cross-border notice: Real ID hosts data on AWS servers located in the United States (us-east-1 / us-east-2 regions). By completing the verification process, your identification data may be processed and stored overseas. This disclosure is made in accordance with Australian Privacy Principle 8 (cross-border disclosure of personal information). Real ID’s security standards meet or exceed Australian requirements.

Your Rights

You are in control of your personal information. Under Australian privacy law, you can:

  • Request to see what personal information we hold about you
  • Ask us to correct anything that’s wrong
  • Request deletion of your verification data at any time
  • Withdraw consent for future data processing (this may affect your ability to purchase age-restricted products)
  • Lodge a complaint if you’re not happy with how we handle your data

Just email us at support@thepremiumshisha.com.au, call 0499 SHISHA (0499 744 742), or chat on WhatsApp.

🔒

What Happens If There’s a Data Breach?

In the unlikely event of a data breach that is likely to result in serious harm, we are required under the Notifiable Data Breaches (NDB) scheme (Part IIIC of the Privacy Act 1988) to:

  • Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable
  • Notify affected individuals, including what information was involved and steps they can take
  • Take reasonable steps to contain and remediate the breach

We also require our third-party verification provider (Real ID) to notify us promptly of any breach affecting customer data held on their systems.

🤝

Why We Take This Seriously

We’re a licensed, compliant Victorian retailer. We go through this process because:

  • It’s the law — we must verify age for restricted products
  • We hold a Victorian tobacco licence and are subject to inspection
  • We want to protect young people and do the right thing
  • We believe earning your trust starts with transparency

Common Questions

If your order contains shisha flavours (our age-restricted category), you’ll need to verify your age before dispatch. Orders for non-restricted products like accessories and charcoal don’t require ID. If we can’t confirm you’re 18+, we’ll cancel and refund the order.
No. Verification is a one-time process linked to your account (email address). Once verified, you can place future orders for shisha flavours without being asked for ID again.
Yes. We accept expired identification. We’re only verifying your date of birth to confirm you’re over 18 — not whether your ID is currently valid for other purposes.
We accept an Australian driver licence, passport, or any government-issued proof-of-age / photo ID card.
Real ID provides configurable retention periods from 1 day up to 5 years, with automatic deletion after the configured period. You can also request deletion at any time by contacting us.
No. We do not sell, supply, or distribute e-cigarettes, vapes, or vaping products. Since 1 July 2024, only pharmacies can legally sell these products in Australia.
We cannot supply age-restricted products if we suspect a purchase is being made on behalf of someone under 18 (proxy purchasing). We may cancel and refund such orders.
If your ID cannot be verified automatically, contact us and we’ll work with you to resolve it. Common issues include blurry photos or glare on the ID. You can resubmit or contact our support team for manual review. If verification cannot be completed, we will cancel and fully refund your order.
Yes. Click & Collect is available from our Knoxfield store. For age-restricted products, our staff will verify your age in person using photo ID at the time of collection. You must be 18+ to collect orders containing shisha flavours.
Email us at support@thepremiumshisha.com.au, call 0499 744 742, or chat with us on WhatsApp. If you’re not satisfied with our response, you can escalate through the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au, or contact Consumer Affairs Victoria at consumer.vic.gov.au.
Full Regulatory Compliance Policy — This section sets out the complete operational policy of JAI SAMADHI PTY LTD (trading as The Premium Shisha) for the responsible sale of age-restricted products. It is intended for regulators, licensing inspectors, law enforcement, and internal compliance use.

1. Purpose

JAI SAMADHI PTY LTD trading as The Premium Shisha is committed to responsible retail practices and compliance with Australian laws governing the supply of age-restricted products.

This policy sets out the operational controls we use to ensure age-restricted products are supplied only to persons who meet legal age requirements, and that identity verification, order processing, fraud controls, privacy protections, and delivery controls are conducted securely and consistently.

2. Scope and Definitions

Age-Restricted Products refers to products that are legally restricted to adults in Australia. For the purposes of this policy, our age-restricted product category is shisha flavours (tobacco and non-tobacco smoking products). All other product categories we sell (including but not limited to accessories, charcoal, hoses, and equipment) are not age-restricted and do not trigger identity verification unless a fraud or compliance review is initiated.

Exclusion – E-Cigarettes and Vaping Products: We do not sell, supply, or distribute e-cigarettes, vapes, or vaping products of any kind. Since 1 July 2024, it has been illegal for non-pharmacy retailers in Australia to sell any type of vape or vape product. References to “non-tobacco smoking products” in this policy do not include e-cigarettes or vaping products.

This policy applies to purchases made via our website, physical retail location, and any authorised sales channel operated by JAI SAMADHI PTY LTD.

3. Legal Compliance Framework

We operate in accordance with applicable Australian laws and regulatory obligations relating to consumer protection, privacy, tobacco control, and responsible sales practices, including but not limited to:

  • Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs), including the Notifiable Data Breaches (NDB) scheme (Part IIIC)
  • Australian Consumer Law (ACL)
  • Public Health (Tobacco and Other Products) Act 2023 (Cth) and associated regulations, including product standards, packaging, labelling, and ingredient requirements that came into full effect on 1 July 2025
  • Tobacco Act 1987 (Vic), including Part 3AA (Tobacco Retailer and Wholesaler Licensing Scheme)
  • Applicable state and territory laws relating to age-restricted products, tobacco display, signage, and retail obligations
  • Spam Act 2003 (Cth) in relation to commercial electronic messages

Where we sell tobacco products in Victoria, we hold (or have applied for and are operating under) a Victorian tobacco licence administered by Tobacco Licensing Victoria under the Tobacco Amendment (Tobacco Retailer and Wholesaler Licensing Scheme) Act 2024. We comply with all licence conditions including licence display requirements, annual renewal obligations, and cooperation with licensing inspectors.

4. Minimum Age Requirement (18+)

All Age-Restricted Products are supplied to adults only. Customers must be 18 years of age or older to purchase Age-Restricted Products from:

  • our website
  • our physical retail location
  • any authorised sales channel operated by JAI SAMADHI PTY LTD

We may refuse service, cancel transactions, or decline orders where age requirements cannot be verified or where we reasonably suspect non-compliant purchasing.

5. Prohibited Purchases (No Proxy Purchasing)

We do not supply Age-Restricted Products to persons under 18.

We may refuse or cancel an order if we reasonably suspect the purchase is being made on behalf of a person under 18 (proxy purchasing), or where circumstances indicate the intended recipient may be underage.

6. Online Age Verification Procedures

We operate an automated identity and age verification process integrated into our online order workflow. Verification is triggered when either of the following conditions is met:

  • the order contains one or more Age-Restricted Products (shisha flavours); or
  • the order is assessed as medium or high risk by our payment processor’s fraud screening system.

Orders that contain only non-restricted products (accessories, charcoal, equipment, etc.) are not subject to age verification unless flagged by the fraud screening system.

One-Time Verification: Verification is performed once per customer account (identified by email address). Once a customer has been successfully verified, their account is recorded as age-verified and subsequent orders placed under the same account do not require further verification. This reduces friction for returning customers while maintaining compliance.

Accepted Identification: Customers may be required to provide government-issued identification to confirm their date of birth. Accepted forms include:

  • Australian driver licence
  • Passport
  • Government-issued proof-of-age / photo ID

Expired Identification: We accept expired identification documents for the purpose of age verification. The sole purpose of verification is to confirm the customer’s date of birth and that they are 18 years of age or older. The current validity of the identification document for other purposes (such as driving or travel) is not relevant to this determination.

Verification Failure: If the automated verification process fails (for example, due to image quality issues), the customer may be invited to resubmit or contact our support team for a manual review. If age cannot be confirmed through any available means, we will cancel and fully refund the order.

Orders may be placed on hold pending successful verification. If age cannot be confirmed, we may cancel and refund the order.

7. Third-Party Identity Verification (Real ID / Verdict)

To support privacy and security, we use authorised third-party identity verification technology such as Verdict (Real ID) or equivalent providers.

Real ID states that customer ID photos and extracted ID details are stored in Real ID’s secure cloud and not on our Shopify store; our Shopify store retains only the ID-check status and a token reference.

Real ID states it hosts customer data and images on AWS in the us-east-1 / us-east-2 regions and uses encryption in transit (TLS) and at rest (AES-256). Accordingly, identity verification data may be processed and stored overseas by our verification provider for the purpose of confirming age, preventing fraud, and maintaining compliance records.

This cross-border disclosure is made in accordance with Australian Privacy Principle 8 (APP 8). We take reasonable steps to ensure that Real ID handles personal information in a manner consistent with the APPs.

8. Data Minimisation and Use Limitation

Personal information collected for identity verification and transaction processing may include:

  • name
  • date of birth
  • ID verification results and identifiers
  • order and transaction data necessary for fraud prevention and compliance

We use this information only for:

  • confirming legal purchasing age
  • fraud prevention and transaction security
  • regulatory compliance and internal audit
  • order processing and customer support

We do not sell, rent, or trade personal identification data. We do not use identification data for marketing or profiling purposes.

9. Consent

By submitting identification for age verification, the customer consents to the collection, use, and disclosure of their personal information for the purposes set out in this policy, including cross-border disclosure to our verification provider (see Section 7).

Consent may be withdrawn by contacting us. However, withdrawal of consent may affect our ability to process orders for Age-Restricted Products, as age verification is a legal requirement.

10. Retention and Deletion

We retain only what is reasonably necessary for compliance, fraud prevention, and dispute handling.

Where Real ID is used, Real ID provides merchant-configurable retention controls (from 1 day up to 5 years) with automated deletion based on the configured retention policy. Customers may request access or deletion of their Real ID verification data through our support channel and/or Real ID’s published contact pathway.

If Real ID is uninstalled, Real ID states merchant and customer data will be deleted within 30 business days.

Compliance records (including records of refused sales) are retained for a minimum of 7 years to meet audit, regulatory, and legal obligations, unless a longer period is required by law.

11. Notifiable Data Breaches

In the event of an eligible data breach (as defined under Part IIIC of the Privacy Act 1988), we will:

  • take reasonable steps to contain the breach and assess its severity
  • notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable where the breach is likely to result in serious harm
  • notify affected individuals, including a description of the breach, the kinds of information involved, and recommended steps

We require our third-party verification provider to notify us promptly of any breach affecting customer data held on their systems, and we maintain an internal data breach response plan.

12. Access Controls (Internal)

Access to verification data is restricted to authorised personnel who require access to perform compliance review, fraud review, dispute handling, or customer support. Real ID also supports limiting staff permissions to restrict who can view ID-check data.

13. Physical Store & Click & Collect Age Verification

In-store purchases: Staff may request valid photo ID where they cannot reasonably determine a customer is over 18. As a responsible retail practice, staff are trained to apply a conservative “challenge” approach (for example, requesting ID where a customer appears under 25).

Click & Collect: For Click & Collect orders containing Age-Restricted Products, staff will verify the customer’s age using photo ID at the time of collection. The collecting person must be 18 years of age or older.

Staff are authorised to refuse service where legal age requirements cannot be confirmed.

Where required by applicable law (including for tobacco sales in Victoria), we maintain required signage at point of sale and comply with relevant licensing display obligations. No tobacco products or advertisements are displayed in a manner visible to the public inside or outside our premises, in accordance with the Tobacco Act 1987 (Vic).

14. Tobacco Product Standards Compliance

All tobacco products we sell comply with the requirements of the Public Health (Tobacco and Other Products) Act 2023 (Cth) and associated regulations, including but not limited to:

  • standardised product sizes and packaging requirements
  • plain packaging and health warning obligations
  • prohibited flavours, ingredients, and accessories (including menthol, crush balls, and other banned additives)
  • removal of misleading descriptors from product names

We do not sell tobacco products that fail to meet current Commonwealth product standards.

15. Online Advertising and Promotion Restrictions

We comply with advertising restrictions relating to tobacco and smoking products under Commonwealth and Victorian law. We do not:

  • publish tobacco advertisements or promotions prohibited under applicable law
  • use product imagery, branding, or descriptors in a manner that contravenes plain packaging or health warning requirements
  • make health claims or misleading representations about tobacco or smoking products
  • target advertising of age-restricted products to persons under 18

16. Staff Training and Records

We provide staff training and written operational instructions covering:

  • age verification steps and acceptable ID
  • refusal of service and escalation procedures
  • suspected proxy purchasing indicators
  • handling suspicious or fraudulent IDs
  • privacy and confidentiality obligations
  • tobacco display and signage requirements under Victorian law
  • Victorian tobacco licence conditions and cooperation with licensing inspectors
  • data breach identification and escalation procedures

We maintain internal records of staff induction and refreshers as part of our compliance controls (where required by law and as a responsible practice). Records of refused sales are kept for internal audit purposes.

17. Order Processing & Compliance Controls

Orders may be reviewed, delayed, cancelled, or refused where:

  • age verification cannot be completed
  • ID appears fraudulent, invalid, or inconsistent
  • verification information is not provided within a reasonable timeframe
  • transactions trigger fraud or compliance review
  • the order or delivery details suggest potential proxy purchasing or supply to a minor

Where an order is cancelled for compliance reasons, a full refund will be issued to the original payment method.

18. Delivery and Fulfilment Controls

Where applicable, we apply delivery controls designed to reduce the risk of supply to minors, which may include:

  • signature on delivery
  • requiring collection using identification at carrier locations where available (for example, post office/depot collection processes)
  • delivery instructions requiring the recipient to be 18+
  • Authority to Leave (ATL) restrictions for orders containing Age-Restricted Products, where operationally feasible

Delivery controls reduce risk but cannot guarantee that a parcel will never be accepted by a person misrepresenting their age.

19. Fraud Prevention and Reporting

We use fraud detection and transaction monitoring systems. Where we suspect fraudulent ID use or unlawful activity, we may cancel the order and may report the matter to relevant authorities where required by law.

20. Regulatory Cooperation

We cooperate with lawful requests from regulators, licensing inspectors, and authorities including Tobacco Licensing Victoria, Environmental Health Officers (EHOs), Victoria Police, and the Australian Border Force (including the Illicit Tobacco and E-cigarette Commissioner). Where legally required, we may provide relevant compliance records in accordance with Australian law.

21. Privacy Requests, Complaints, and Escalation

For questions about this policy, or to request access, correction, or deletion of personal information (including verification-related information), contact:

📧 support@thepremiumshisha.com.au
📞 0499 SHISHA (0499 744 742)
💬 Chat on WhatsApp
📍 20/573 Burwood Highway, Knoxfield VIC 3180

We will respond within 30 days in accordance with APP 12. If a customer is not satisfied with our response, they may escalate the matter to:

  • the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au
  • Consumer Affairs Victoria at consumer.vic.gov.au
  • other relevant regulatory complaint pathways

22. Policy Review and Updates

We review this policy at least annually and update it as needed to maintain compliance with changing legal and regulatory requirements and to reflect updates to our verification processes or service providers. Material changes will be reflected by an updated version number and effective date at the top of this document. Customers will be notified of material changes via our website.

© 2026 JAI SAMADHI PTY LTD trading as The Premium Shisha · ABN 56 693 253 940

Version 2.1 · Effective 4 March 2026

0499 SHISHA  •  WhatsApp  •  Find Us