Privacy policy
Privacy Policy — The Premium Shisha
The Premium Shisha (ABN 822 895 604 14), trading as The Premium Way (“we”, “our”, “us”), is committed to protecting your privacy. This Policy explains how we collect, use, disclose and protect personal information in line with Australian privacy law and the Australian Privacy Principles (APPs).
By using our site and services, you agree to this Policy.
1) Personal information we collect
You provide: name, date of birth, email, phone, billing/shipping address; order details; account credentials; support communications.
Verification data: minimal age/identity verification artefacts (e.g., pass/fail token, method, timestamp, verifier ID; we avoid storing full ID images unless strictly necessary).
Automatically collected: device/browser, IP address, and cookie/analytics data for security, performance and fraud-prevention.
From service providers: payment confirmations, delivery status/scan events, and risk/fraud signals needed to fulfil orders and protect customers.
2) How we use personal information
-
Orders & fulfilment: process payment, pack and deliver in a responsible manner, manage returns/warranty.
-
Eligibility & safety: confirm customers are 18+ and operate responsible-sale controls (including age/identity checks).
-
Service improvement & security: operate, maintain and improve the site; prevent fraud and abuse; ensure platform security.
-
Communications: send transactional updates; marketing only if you opt in (unsubscribe any time).
-
Compliance: keep records required by Australian law and respond to lawful requests.
We do not sell personal information.
3) Legal basis within the APPs
We collect only what is reasonably necessary for the functions described above (APP 3/5), take reasonable steps to keep information accurate and secure (APP 10/11), provide access and correction on request (APP 12/13), and explain overseas handling where relevant (APP 8).
4) Age/identity verification (low-retention approach)
We may use reputable third-party verification providers. They check your details against trusted data sources and return a minimal outcome (e.g., pass/fail). We store only what we need to evidence compliance (token, timestamp, method, outcome) and avoid retaining full ID copies unless strictly necessary. This aligns with APP expectations for necessity, proportionality and security.
5) Direct marketing & SMS/MMS
-
Marketing is opt-in. Emails include an unsubscribe link.
-
SMS/MMS: by opting in, you agree to receive automated or prerecorded messages; message frequency varies; standard rates may apply. Reply STOP to opt out (you may receive one confirmation).
-
We record minimal marketing preference data to respect your choices (APP 7).
6) Disclosures (who we share with)
We disclose personal information only as needed to:
-
Payments & verification: payment processors, verification providers;
-
Logistics & IT: carriers, warehousing/fulfilment, hosting and security services;
-
Advisers/authorities: professional advisers and government agencies where required or authorised by law.
We remain responsible for our service providers’ handling of your information under the APPs.
7) Cross-border handling
Some trusted providers may process data outside Australia (e.g., cloud hosting). Where we disclose personal information overseas, we take reasonable steps to ensure recipients handle it in accordance with the APPs (APP 8).
8) Cookies & analytics
We use cookies and similar technologies to operate the site, keep accounts secure, understand usage and improve performance. You can adjust browser settings to manage cookies (site features may be affected).
9) Data security
We apply administrative, technical and physical safeguards to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure (APP 11). We also periodically review what we hold and destroy or de-identify information when no longer required.
10) Retention
Order, verification and compliance records are kept only as long as needed for legal, operational and fraud-prevention purposes, then securely deleted or de-identified in accordance with the APPs.
11) Access and correction
You may request access to or correction of your personal information at any time. We’ll respond within a reasonable period and may require identity confirmation (APP 12/13).
12) Notifiable Data Breaches
If we become aware of an eligible data breach likely to cause serious harm, we will notify affected individuals and the OAIC and provide recommended steps, as required by the Notifiable Data Breaches (NDB) scheme.
13) Third-party links
Our site may link to third-party services (e.g., payments, delivery). Their privacy practices are their own; please review those policies.
14) Children
Our services are for adults 18+ only. We do not knowingly collect information from minors; if you believe a minor’s data has been provided, contact us and we will delete it.
15) Changes to this Policy
We may update this Policy. We will post the revised version and effective date here.
16) Contact & complaints
Questions or complaints? Please contact us first — we’ll work with you to resolve the issue. If you are not satisfied, you may lodge a privacy complaint with the Office of the Australian Information Commissioner (OAIC).
Email: support@thepremiumshisha.com.au
Phone: 0499 744 742
Postal: Factory 20 / 573 Burwood Highway, Knoxfield VIC 3180, Australia
