Privacy Policy

Privacy Policy

Last updated: 9 May 2026

Supacolour respects your privacy and is bound by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). This policy explains how we collect, use, disclose, and protect your personal information when you use supacolour.com.au.

About us

Supacolour is a New Zealand company that ships heat transfers and equipment to Australian customers. We are registered for Australian GST and treat personal information of Australian customers in accordance with the Australian Privacy Principles.

Personal information we collect

We collect personal information that is reasonably necessary for our business activities. Depending on your interaction with us, this may include:

• Identity and contact information — your name, email address, postal address, phone number
• Account information — your password (stored as a one-way hash), account preferences, login history
• Transaction information — orders placed, the last four digits of your payment method, billing and shipping addresses, customer notes
• Artwork and design files you upload for printing
• Website usage data — IP address, browser type and version, pages visited, device identifiers, cookies, referral source
• Communications between you and our support team
• Information from third-party login providers (such as Google) where you choose to use them to sign in

How we collect personal information

• Directly from you when you create an account, place an order, contact support, or upload artwork
• Automatically through cookies and similar technologies when you use our website (see Cookies, below)
• From payment processors (such as Stripe and Shop Pay) for the purpose of fulfilling your order
• From third parties such as fraud-prevention services when processing high-value or unusual orders

Why we collect, use, and disclose personal information

• To process and fulfil your orders
• To provide customer support
• To send transactional communications (order confirmations, shipping notifications, account notices)
• To send marketing communications where you have consented (see Direct marketing, below)
• To prevent fraud and protect the security of our platform
• To improve our website, products, and services
• To comply with our legal obligations (tax, customs, consumer protection, accounting, etc.)

Disclosure of your personal information

We disclose personal information to:

• Service providers who help us operate (such as payment processors, shipping carriers, email service providers, cloud hosting and analytics providers)
• Our wider corporate group, including related companies in New Zealand and other jurisdictions
• Government and regulatory bodies where required by law
• Professional advisers (lawyers, accountants, auditors) where reasonably needed
• Successors in interest in the event of a corporate transaction (such as a merger or sale of business)

We do not sell or rent your personal information.

Cross-border disclosure to New Zealand and elsewhere

Supacolour is a New Zealand company. Personal information you provide to us is disclosed to and stored on systems operated by our team and service providers in New Zealand for the purposes of order fulfilment, customer support, analytics, and corporate administration.

New Zealand's Privacy Act 2020 provides protections that are substantially similar to the Australian Privacy Principles. We maintain internal arrangements to ensure your personal information is handled in accordance with the APPs once disclosed to a New Zealand recipient (see Australian Privacy Principle 8).

We may also use service providers located in other countries (such as the United States and the United Kingdom) for cloud hosting, analytics, and email delivery. Where we disclose your personal information to overseas recipients, we take reasonable steps to ensure they handle your personal information in accordance with the APPs.

Direct marketing

We may send you marketing communications by email, SMS, or push notification where:

• you have consented (for example by signing up to our newsletter or ticking a marketing opt-in at checkout); or
• you are an existing customer and the marketing relates to products similar to those you have purchased, and you have not opted out.

Every marketing message will identify us as the sender and include a clear, no-cost unsubscribe option that we will action within 5 business days. You can also unsubscribe at any time by contacting us or updating your account preferences.

We do not knowingly send marketing to anyone we know is under 16 without appropriate consent from a parent or guardian.

Cookies and tracking technologies

We use cookies and similar technologies to operate our website, remember your preferences, analyse site usage, and deliver relevant advertising. Categories include:

• Strictly necessary: cart, login, security
• Analytics: Google Analytics and similar measurement
• Advertising: Meta Pixel, Google Ads (where applicable)

You can manage cookie preferences through your browser settings or our cookie banner. Disabling some cookies may affect site functionality.

Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. This includes encryption in transit (TLS) and at rest where appropriate, access controls and authentication for staff, regular security reviews and incident-response procedures, and staff training on privacy obligations.

Notifiable data breaches

If we experience a data breach that is likely to result in serious harm to affected individuals, we will notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable, and notify affected individuals as soon as practicable with a description of the breach, the kinds of personal information involved, and steps you can take.

Children's privacy

Our website is intended for use by adults. We do not knowingly collect personal information from children under 16 without verifiable parental consent. If you believe a child has provided us with personal information, please contact us so we can delete it.

Access and correction

You have the right to:

• request access to the personal information we hold about you;
• request correction of inaccurate or out-of-date information;
• request deletion of your personal information (subject to our legal retention obligations);
• withdraw consent for marketing communications;
• lodge a complaint about our handling of your personal information.

To exercise any of these rights, contact our team. We will respond within 30 days.

Complaints

If you are not satisfied with our response to a privacy concern, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Phone: 1300 363 992
• Online: www.oaic.gov.au/privacy/privacy-complaints
• Post: GPO Box 5288, Sydney NSW 2001

Updates to this policy

We may update this policy from time to time. Material changes will be notified by email or by prominent notice on our website at least 14 days before they take effect.

Contact

To contact our privacy team, please use our contact page.