Privacy Policy

effective Date: 25April 2025

1. Introduction & Commitment to Privacy

Aleeya.au is operated by K&K Aus Pty Ltd (ABN 81 672 227 299), with a registered business address at Cheltenham, Victoria, Australia. This Privacy Policy details our unwavering commitment to protecting the privacy and security of your personal information. We recognise the sensitive nature of personal data and are dedicated to maintaining the highest standards of data protection in full compliance with the Australian Privacy Principles (APPs) outlined in the Privacy Act 1988 (Cth), as amended, and any other applicable privacy legislation. By accessing our website, engaging with our services, or otherwise providing us with your information, you expressly consent to the collection, use, disclosure, and storage of your data as detailed herein. We operate under the principle of data minimisation, collecting only the information necessary to deliver exceptional service and enhance your experience.

 

2. Information We Collect & How We Gather It

To provide and continually improve our services, and to ensure a positive and personalised user experience, we collect several categories of personal information. This information is collected, processed, and stored in accordance with applicable data protection regulations and our commitment to safeguarding your privacy. The types of personal information we collect include, but are not limited to:

  • Identification Data: Your full name, email address, postal address, and phone number, which we collect to identify you as a customer, facilitate communication, and process orders.
  • Payment & Billing Information: Securely collected payment information, such as credit card details or other payment method information, through our PCI DSS-compliant payment gateways. We do not store your complete credit card details on our systems. This information is necessary to process payments, manage subscriptions, and fulfill your orders.
  • Account Information: If you create an account with us, we collect information such as your username, password (stored securely using industry-standard encryption techniques), and any preferences you specify during account creation.
  • Communication Data: Records of your communications with us, including emails, chat logs, and phone calls, which are retained for customer service purposes, dispute resolution, and quality assurance.
  • Website Usage Data: Information about your browsing behaviour on our website, collected through the use of cookies and similar tracking technologies (such as pixel tags and web beacons). This includes details such as pages visited, links clicked, search queries, referring websites, IP address, browser type, device type, and timestamps. This data is collected to analyse website traffic, understand user behaviour, personalise content, improve website functionality, and optimise our marketing efforts.
  • Promotional Preference Data: Information regarding your consent to receive marketing communications, including your preferences for the types of communications you wish to receive.

We collect this information directly from you when you:

  • Submit forms on our website (e.g., contact forms, registration forms).
  • Make purchases or place orders for our products or services.
  • Contact our customer support team via email, phone, or chat.
  • Subscribe to our newsletter or marketing communications.
  • Participate in promotions, contests, or surveys.

We employ robust data validation techniques, including input sanitisation, data type verification, and range checks, to ensure the accuracy, integrity, and security of the information we collect. We also regularly review and update our data collection practices to maintain compliance with applicable privacy regulations and industry best practices.

 

3. How We Use Your Information

The personal information we collect is processed for a range of legitimate business purposes that enable us to provide and enhance our products, services, and customer experience. These purposes include, but are not limited to:

  • Order Fulfilment and Contractual Obligations: Processing and fulfilling your orders, including payment processing, shipping, and managing your account. This also encompasses administering contracts you enter into with us.
  • Customer Support & Communication: Providing responsive and effective customer support, addressing your inquiries, resolving issues, and managing service requests. We may record communications for quality assurance and training purposes.
  • Personalised Experience: Tailoring your website experience, including content recommendations, personalised offers, and displaying relevant product information based on your browsing history and preferences (where you have provided consent for this personalisation).
  • Marketing Communications (with Consent): Sending you promotional emails, newsletters, and other marketing materials regarding our products, services, and special offers, solely where you have provided explicit and freely given consent to receive such communications. You have the right to withdraw this consent at any time.
  • Product & Service Improvement: Analysing how you use our products and services to identify areas for improvement, develop new features, and enhance existing functionalities. This may involve collecting usage data and user feedback.
  • Market Research & Analysis: Conducting market research surveys, analysing industry trends, and understanding customer needs to improve our products, services, and overall business strategy.
  • Legal & Regulatory Compliance: Complying with applicable laws, regulations, legal processes, and responding to lawful requests from government authorities. This may include retaining information to meet legal requirements.
  • Fraud Prevention & Security: Protecting against fraud, misuse of our services, and maintaining the security of our systems and data.

We may also use your information to create anonymised and aggregated data, which does not identify any individual user. This data is used for statistical analysis, business intelligence purposes, and to inform strategic decision-making, contributing to the overall improvement of our business performance. This aggregated data may be shared with third-party partners for industry benchmarking or market research purposes.

We categorically do not sell, rent, or trade your personal information to any third parties for their marketing purposes. We may share your information with trusted service providers who assist us in performing the functions outlined above, but these providers are contractually obligated to protect your information and use it only for the purposes we specify. These include, but are not limited to, payment processors, shipping companies, and data analytics providers. We maintain strict controls and oversight over these service providers to ensure your privacy is protected.

 

4. Data Sharing with Third-Party Service Providers

We may share your information with trusted third-party service providers who assist us in operating our website, processing payments, and providing our services. These service providers are bound by confidentiality obligations and are only authorised to use your information for the specific purposes for which they are engaged. Key service providers include:

  • Google Analytics: We utilise Google Analytics to collect and analyse data about website traffic and user behaviour. This information helps us improve our website’s design, content, and functionality. Google Analytics uses cookies and similar technologies to collect this data. You can find more information about Google Analytics and its privacy practices at https://policies.google.com/privacy . You can also opt-out of Google Analytics tracking by using the Google Analytics opt-out browser add-on (https://tools.google.com/dlpage/gaoptout/ ).

  • Square: We utilise Square for processing payments securely. When you make a purchase on our website, your payment information is processed by Square in accordance with their privacy policy. Square utilises industry-standard security measures to protect your payment information. You can find more information about Square’s privacy practices at https://squareup.com/au/en/legal/general/privacy. We do not store your full credit card details on our systems; this information is handled entirely by Square.

 

5. Cross-Border Data Transfers & Compliance

Some of our service providers may be located outside of Australia. In such cases, we will take reasonable steps to ensure that these overseas entities are subject to equivalent privacy standards and obligations as those required by Australian law. This may involve utilising Standard Contractual Clauses (SCCs) or relying on adequacy decisions issued by the European Commission. We are committed to complying with all applicable data protection laws, including the General Data Protection Regulation (GDPR). We ensure that all cross-border data transfers are conducted lawfully and securely.

 

6. Your Rights & Control Over Your Data

Under applicable data protection legislation, including but not limited to the Australian Privacy Act 1988, the General Data Protection Regulation (GDPR) for individuals located in the European Economic Area, and similar legislation in other jurisdictions, you possess a comprehensive suite of rights concerning your personal information held by KKAUS. These rights are designed to provide you with greater control over your data and ensure its responsible processing.

Specifically, you have the right to:

  • Access: Request confirmation as to whether we are processing your personal information, and to obtain a copy of that information, along with certain details regarding the processing activities.
  • Rectification: Request the correction of inaccurate or incomplete personal information we hold about you. We will take reasonable steps to ensure the accuracy of your data.
  • Erasure (Right to be Forgotten): Request the deletion of your personal information under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or when you have withdrawn your consent (where applicable). Note that certain legal obligations may prevent us from fulfilling this request in full.
  • Restriction of Processing: Request the limitation of our processing of your personal information under specific circumstances, such as when you dispute the accuracy of the data or object to the processing.
  • Data Portability: Request to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit that data to another data controller without impediment, where technically feasible.
  • Object to Processing: Object to the processing of your personal information based on legitimate interests or for direct marketing purposes. We will cease processing your data unless we can demonstrate compelling legitimate grounds that override your rights.

Furthermore, where the processing of your personal information is based on your consent, you have the unequivocal right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please submit a formal request to our dedicated Privacy Officer at privacy@kkaus.co . We will acknowledge receipt of your request within 14 business days and will endeavour to respond fully and comprehensively within 90 calendar days, subject to any legal requirements or complexities involved in fulfilling your request. We are committed to transparency and empowering you with meaningful control over your personal data, and will provide clear explanations regarding our response to your request.

 

7. Cookies & Tracking Technologies

Our website utilises cookies and similar tracking technologies to collect information about your browsing behaviour. These technologies help us analyse website traffic, personalise content, and improve our website’s functionality. You can manage your cookie preferences through your browser settings.

What are Cookies and Similar Technologies?

Cookies are small text files that are stored on your computer or mobile device when you visit a website. They are used to remember information about your visit, such as your language preferences, login details, and browsing behaviour. Similar technologies, such as web beacons (also known as pixel tags) and tracking pixels, perform similar functions. These technologies allow us to collect information about how you interact with our website, helping us improve your user experience and provide you with relevant content.

Types of Cookies We Use

We use the following types of cookies:

  • Essential Cookies: These cookies are strictly necessary for the functioning of our website and enable you to navigate our site and use its features. Without these cookies, certain parts of our website would not work correctly. These cookies do not require your consent. Examples include cookies that:

    • Enable authentication and security.
    • Manage session data.
    • Remember your preferences (e.g., language selection).

  • Performance/Analytics Cookies: These cookies collect information about how visitors use our website, such as the pages they visit, the time they spend on each page, and the links they click. This information helps us improve the performance and usability of our website. We use Google Analytics to collect this data (see details below). These cookies may require your consent depending on your jurisdiction.

  • Functionality Cookies: These cookies allow our website to remember choices you make and provide enhanced features and personalisation. For example, they may remember your login details or preferences for future visits. These cookies may require your consent depending on your jurisdiction.

  • Advertising/Targeting Cookies: These cookies track your browsing habits and may be used to display targeted advertisements that are relevant to your interests. We currently do not use advertising or targeting cookies on our website. However, we may implement them in the future and will update this policy accordingly.

Third-Party Cookies

We use Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses cookies to collect information about your use of our website. This information is used to generate reports about website traffic and user behaviour. Google may also use this information to personalise advertisements that are displayed on other websites.

For more information about Google Analytics cookies, please visit: https://policies.google.com/technologies/cookies

Your Cookie Choices

  • Browser Settings: You can configure your browser to accept or reject cookies. Please refer to your browser’s help documentation for instructions on how to do this.
  • Cookie Consent Banner: When you first visit our website, you will be presented with a cookie consent banner that allows you to choose which types of cookies you would like to accept. You can change your preferences at any time by clicking on the “Cookie Settings” link in the footer of our website.
  • Opt-Out Tools: You can opt-out of Google Analytics by downloading and installing the Google Analytics opt-out browser add-on: https://tools.google.com/dlpage/gaoptout/

Duration of Cookies

We utilise cookies and similar tracking technologies as detailed in this policy. Cookies may be session cookies, which expire when you close your browser, or persistent cookies, which remain on your device for a specified period. The duration of persistent cookies varies depending on their purpose, ranging from a few minutes to several years. This retention period is determined by our operational needs and, importantly, by compliance with applicable legal requirements.

It’s crucial to understand that data protection and privacy regulations governing cookies and tracking technologies differ significantly between countries. For example, regulations within the European Economic Area (EEA) and the United Kingdom (UK) typically require explicit consent for the use of non-essential cookies, with strict limitations on retention periods. Similarly, the California Consumer Privacy Act (CCPA) in the United States grants consumers specific rights regarding the collection and use of their personal data, including the right to opt-out of the sale of their data. Australia’s Privacy Act 1988 also governs the collection, use, and disclosure of personal information, including data collected through cookies.

While we strive to comply with the strictest applicable regulations globally, users should be aware that the specific retention periods and requirements for cookie consent may vary depending on their geographic location. We endeavour to provide mechanisms for users to manage their cookie preferences and exercise their data privacy rights, including the ability to opt-out of certain tracking activities.

Therefore, the duration of cookies set by our website may be adjusted based on the user’s location and applicable laws. We regularly review our cookie practices to ensure ongoing compliance with evolving regulatory requirements and best practices in data privacy.

 

8. Handling of Automated Traffic & Bot Detection

We utilise various technologies and methods to distinguish between human users and automated traffic (e.g., bots, scrapers, automated scripts). This is essential for maintaining the integrity of our website, ensuring a positive user experience for genuine visitors, and protecting our resources. This section details how we collect and use information related to automated traffic.

  • Data Collected for Bot Detection: We may collect the following data to identify and analyse automated traffic:
    • IP Address: Used to identify potential sources of automated activity and check against known malicious IP lists.
    • User Agent String: Analysed to determine the type of browser or application making the request. Unusual or missing user agents can indicate automated activity.
    • Request Rate & Patterns: Monitoring the frequency and patterns of requests from a specific IP address or user. Unusually high request rates or patterns inconsistent with typical human behaviour are flagged for review.
    • JavaScript Challenge Responses: We may employ JavaScript challenges to verify that a request originates from a genuine browser capable of executing JavaScript. Failure to respond correctly to these challenges may indicate automation.
    • Browser Fingerprinting: We may use browser fingerprinting techniques (collecting data about your browser and system configuration) to identify and distinguish between unique browsers, including those used by bots.
    • CAPTCHA/reCAPTCHA: We may use CAPTCHA or reCAPTCHA challenges to differentiate between human users and automated bots, particularly for sensitive actions like form submissions or account creation.
  • How We Use This Data:
    • Identification of Automated Traffic: The collected data is used to identify and categorise traffic as potentially automated.
    • Rate Limiting & Blocking: We may implement rate limiting or block access from IP addresses or user agents identified as sources of malicious or abusive automated traffic.
    • Security Monitoring: Data related to automated traffic is analysed to identify potential security threats and vulnerabilities.
    • Website Performance Improvement: Understanding automated traffic patterns helps us optimise our website and infrastructure for genuine users.
    • Data Anonymisation: Whenever possible, data related to automated traffic is anonymised or aggregated to protect user privacy.
  • Transparency: We aim to be transparent about our use of bot detection technologies. While we don’t specifically identify all methods employed (to avoid circumvention), this policy outlines the general principles and data practices involved.
  • Impact on User Experience: In some cases, legitimate users may be subject to additional security checks (e.g., CAPTCHA) if their browsing behaviour is similar to that of automated traffic. We strive to minimise any inconvenience caused by these measures.

 

9. Automated Decision-Making & Profiling 

We may use automated decision-making processes, including profiling, in relation to the detection and handling of automated traffic. These processes rely on the data collected as outlined in Section 12 and are used to categorise traffic and apply appropriate security measures. You have the right to request information about the logic involved in these automated decisions and to contest any decisions that affect you. Please contact us at privacy@kkaus.co to exercise this right.

 

10. Data Retention

We are committed to retaining your personal information only for as long as is necessary to fulfil the legitimate purposes for which it was collected, and as required by applicable law. Our data retention periods are determined based on the nature of the data, the purpose of processing, and our legal and regulatory obligations.

Specifically, we retain your personal information for the following purposes and durations:

  • Providing Services: We will retain your account information (e.g., name, address, purchase history) for the duration of your active account and for a reasonable period thereafter 5 years following account closure to provide ongoing support, fulfil outstanding obligations, and address any potential issues.
  • Fulfilling Contractual Obligations: We will retain records related to your purchases, subscriptions, and service agreements for the duration of the agreement and for a period of 7 years thereafter to comply with accounting and tax regulations, manage warranties, and resolve any contractual disputes.
  • Legal and Regulatory Compliance: We are subject to various legal and regulatory requirements, including data retention obligations under accounting laws. We will retain your personal information as required by these laws, which may extend beyond the termination of our relationship with you. This may include, but is not limited to, retaining financial transaction records for 7 years as mandated by tax authorities.
  • Resolving Disputes: We will retain personal information necessary to resolve any disputes or claims that may arise between you and us, or with third parties, for a period of 5 years following the resolution of the dispute.
  • Marketing and Communication Preferences: If you have provided consent to receive marketing communications, we will retain your contact information and communication preferences until you withdraw your consent or request to be removed from our mailing lists. We periodically review opt-in data and may remove inactive subscribers.

When your personal information is no longer required for the purposes outlined above, we will ensure it is securely deleted, anonymised, or pseudonymised in accordance with applicable data protection regulations. Secure deletion involves irreversible destruction of the data, making it unrecoverable. Anonymisation involves removing identifying information to prevent re-identification of the data subject. Pseudonymisation involves replacing identifying information with pseudonyms, reducing the risk of identification while still allowing for data analysis.

We implement data retention policies and procedures to ensure that personal information is not retained for longer than necessary and that our data retention practices comply with all applicable laws and regulations. These policies are regularly reviewed and updated to reflect changes in legal requirements and best practices.

 

11. Security of Your Information

We are committed to protecting the confidentiality, integrity, and availability of your personal information. We implement and maintain reasonable and appropriate technical and organisational safeguards designed to protect your information from unauthorised access, use, disclosure, alteration, or destruction. Our security measures are regularly reviewed and updated to address evolving threats and vulnerabilities.

These safeguards include, but are not limited to:

  • Encryption: We utilise industry-standard encryption protocols (e.g., TLS/SSL) to protect the confidentiality of your personal information during transmission over the internet and when stored on our servers.
  • Firewalls and Intrusion Detection/Prevention Systems: We employ robust firewalls and intrusion detection/prevention systems to monitor network traffic, detect malicious activity and prevent unauthorised access to our systems.
  • Access Controls: Access to your personal information is restricted to authorised personnel who have a legitimate business need to access it. We implement strict access control mechanisms, including multi-factor authentication where appropriate, to verify the identity of users. We adhere to the principle of least privilege, granting access only to the minimum amount of data necessary to perform assigned tasks.
  • Secure Server Infrastructure: Our servers are housed in secure data centres with physical security measures in place, including restricted access, surveillance systems and environmental controls. We regularly audit our data centre security practices to ensure compliance with industry standards (e.g., ISO 27001, SOC 2).
  • Regular Security Assessments and Penetration Testing: We conduct regular security assessments and penetration testing to identify and address potential vulnerabilities in our systems and applications. These assessments are conducted by qualified security professionals.
  • Data Backup and Disaster Recovery: We maintain regular backups of our systems and data to ensure business continuity and data recovery in the event of a disaster or system failure. Our disaster recovery plan is regularly tested and updated.
  • Employee Training: We provide regular security awareness training to our employees to educate them about data security best practices and potential threats.
  • Vulnerability Management: We proactively scan our systems for known vulnerabilities and apply security patches and updates promptly.
  • Data Minimisation: We collect only the personal information necessary for the specified purposes and retain it only for as long as required.

Despite our efforts to protect your information, no system of data transmission or storage is completely secure. We cannot guarantee the absolute security of your information. We acknowledge the possibility of security breaches and will take reasonable steps to investigate any such incidents and mitigate any potential harm. In the event of a data breach that involves your personal information, we will notify you and the relevant authorities in accordance with applicable laws and regulations.

We encourage you to take steps to protect your own information, such as using strong passwords, being cautious about sharing personal information online, and keeping your software up to date.

 

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices or legal requirements. We will notify you of any material changes to this Privacy Policy by posting the updated policy on our website.

 

13. Contact Information

If you have any questions or concerns about this Privacy Policy, please contact us at: privacy@kkaus.co.