Privacy policy

Privacy Policy

Last updated: 5 November 2024

This Privacy Policy describes how wallabywellness.com (the “Site”, “we”, “us”, or “our”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.

Contact

If you have questions, need more information about our privacy practices, or wish to make a complaint, please contact us:

Email: [email protected]
Mail:
Unit 15, 14 Loyalty Road
North Rocks NSW
Australia

Collecting Personal Information

When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support.

In this Privacy Policy, we refer to any information about an identifiable individual (including the information below) as “Personal Information”.

Device Information

  • Purpose of collection: To load the Site accurately for you and perform analytics on Site usage to optimize our Site.

  • Source of collection: Automatically collected when you access our Site using cookies, log files, web beacons, tags, or pixels.

  • Disclosure for a business purpose: Shared with our processor, Shopify.

  • Personal Information collected: Version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.

Order Information

  • Purpose of collection: To provide products or services to you to fulfill our contract, process your payment, arrange shipping, provide invoices/order confirmations, communicate with you, screen for potential fraud, and—where permitted—offer you product updates or promotions.

  • Source of collection: Collected directly from you.

  • Disclosure for a business purpose: Shared with our processor, Shopify.

  • Personal Information collected: Name, billing address, shipping address, payment information (including credit card numbers, PayPal), email address, and phone number.

Sharing Personal Information

We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above.

  • Shopify: We use Shopify to power our online store. Read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.

  • Legal compliance: We may share Personal Information to comply with laws and regulations, respond to lawful requests (subpoenas, warrants), or protect our rights.

Behavioural Advertising

We use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you.

For example:

Using Personal Information

We use your Personal Information to:

  • Offer products for sale

  • Process payments

  • Ship and fulfill orders

  • Keep you updated on new products, services, and offers

Lawful Basis (GDPR)

If you are a resident of the European Economic Area (EEA), we process your Personal Information under these lawful bases:

  • Consent

  • Performance of a contract

  • Compliance with legal obligations

  • Protection of vital interests

  • Tasks carried out in the public interest

  • Legitimate interests (that do not override your rights and freedoms)

Retention

We retain order-related Personal Information only as long as necessary to fulfill orders, resolve issues, meet legal/accounting requirements, and satisfy carrier audit obligations.
Records are reviewed and purged within 90 days after shipment unless law requires longer retention. When retention ends, data is securely deleted or irreversibly anonymized.

Automatic Decision-Making

We do not engage in fully automated decision-making that has a legal or significant effect using customer data.
Shopify uses limited automated decision-making to prevent fraud (temporary IP/credit-card blacklists).

Your Rights

GDPR (EEA Residents)

You may access, port, correct, update, or erase your Personal Information by contacting us.
Data is initially processed in Ireland and transferred to Canada/United States for storage and further processing (see Shopify’s GDPR Whitepaper).

CCPA (California Residents)

You have the right to know, access, port, correct, update, or erase your Personal Information. Please contact us to exercise these rights or designate an authorized agent.

Cookies

We use functional, performance, advertising, and social media cookies to enhance your experience.

Most cookies are persistent and expire within 30 minutes to two years.
You can manage cookies via your browser settings or visit www.allaboutcookies.org.
Blocking cookies may affect Site functionality. See “Behavioural Advertising” for details on opting out of targeted ads.

Do Not Track

Because there is no consistent industry standard, we do not alter our data collection or usage practices when detecting “Do Not Track” signals.

Data Security & Access Controls

Encryption & Storage

  • Data stored on secure cloud infrastructure with firewalls, MFA, and continuous monitoring.

  • Encrypted in transit (TLS 1.2+) and at rest (AES-256).

  • Secrets and credentials stored in encrypted vaults and rotated regularly.

Access Control

  • Access limited to trained staff who require it for fulfillment or support.

  • Role-based access via SSO with MFA, logged and reviewed quarterly.

  • Background checks performed on personnel with privileged access.

Network Protection

  • Production systems in isolated VPCs with restricted inbound traffic, VPN/MFA admin access, endpoint protection, and intrusion detection.

Monitoring & Incident Response

  • Security logging, automated alerts, and an incident response plan covering detection, containment, investigation, notification, and remediation.

Testing & Change Management

  • Code changes use non-production environments and anonymized data.

  • Automated vulnerability scans (SAST/DAST) and peer review before release.

  • Security scans and penetration tests performed twice per year.

Credential Protection

  • Administrative credentials stored in encrypted vaults; never in source control.

  • Strong password policies, MFA, and periodic rotation enforced.

Backups & Recovery

  • Encrypted backups taken daily, stored in geographically separate locations, and purged per retention policy.

  • Disaster recovery tested regularly.

Employee Device Controls

  • MDM and endpoint protection prevent copying data to unmanaged devices.

  • USB storage disabled on corporate workstations.

  • DLP tooling alerts security of any policy violations.

Privacy & Data Handling Policy

A copy of our full privacy and data handling policy—including data lifecycle management—is available here:
https://www.wallabywellness.com/policies/privacy-policy
(Update this link once the page is published.)

Changes

We may update this Privacy Policy periodically to reflect changes in our practices.
We will post a prominent notice on the Site and update the “Last updated” date above when changes occur.

About Wallaby Wellness

We are committed to providing quality products and excellent customer service.

[email protected]

22 Stanley Street East, Strathpine QLD 4500, Australia

Quick Links

About Us Visit Us Contact Us FAQs

Customer Care

Refund Policy Privacy Policy Terms of Service Shipping Policy Wholesale

Information Links

Our Story International Shipping UGC Application Form Health and Wellness Tips

© 2026 Wallaby Wellness. All rights reserved.

Login

Forgot your password?

Don't have an account yet?
Create account