1. Introduction / Who We Are

Cumfies (“we”, “us”, “our”) operates the online store at https://cumfies.com.au, selling work clogs and footwear across Australia. We are based on the Sunshine Coast, Queensland, Australia.

We are committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding that information.

By using our website or placing an order, you agree to the practices described in this policy.

2. What Information We Collect

We collect personal information only when it is necessary to provide our products and services to you. This may include:

• Identity and contact details: your name, email address, phone number, and billing or shipping address when you create an account, place an order, or submit a contact form.
• Order and transaction data: details of the products you purchase, order history, and payment confirmation records processed through our WooCommerce store.
• Payment information: we do not store your full card details on our servers. Payment data is processed securely by our third-party payment providers (such as Stripe or PayPal), which operate under their own security and compliance standards.
• Account credentials: if you create a customer account, we store your username and encrypted password.
• Marketing preferences: if you opt in to our email newsletter, we record that consent along with your email address.
• Communications: any messages you send us through our contact form or by email.
• Technical and usage data: your IP address, browser type, device type, pages visited, and time spent on our site, collected automatically via cookies and analytics tools.

We collect this information directly from you when you interact with our website, and automatically through cookies and analytics when you browse.

3. How We Use Your Information

We use your personal information to:

• Process and fulfil your orders, including sending order confirmations and shipping notifications.
• Arrange delivery of your products through our courier and logistics partners.
• Manage your customer account and provide customer support.
• Respond to enquiries submitted via our contact form or by email or phone.
• Send you marketing emails, promotions, or product updates — but only if you have opted in. You can unsubscribe at any time.
• Improve our website, products, and customer experience using aggregated and anonymised analytics data.
• Comply with our legal and tax obligations.
• Detect and prevent fraud or unauthorised activity on our store.

We will not use your information for any purpose that is unrelated to the services you have requested, and we will not sell your personal information to third parties.

4. Analytics and Cookies

Our website uses Google Analytics to help us understand how visitors use our site. Google Analytics collects information such as pages viewed, session duration, and general geographic location via cookies and your IP address. This data is aggregated and does not directly identify you.

We also use functional cookies that are essential for our WooCommerce store to operate — for example, to maintain your shopping cart and login session.

You can control or disable cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our store. For more information about how Google uses data collected through our site, visit https://policies.google.com/privacy.

5. Who We Share Your Information With

We share your personal information only where necessary and only with trusted third parties, including:

• Payment processors (such as Stripe or PayPal) to securely handle payment transactions.
• Courier and shipping providers to deliver your order. We provide them with your name, delivery address, and contact phone number for delivery purposes.
• Email marketing platforms (if you have subscribed) to manage and send marketing communications.
• Google Analytics for website analytics as described above.
• Our website hosting provider (WordPress/WooCommerce infrastructure), which stores data on servers in Australia or as otherwise described in their data policies.
• Law enforcement or regulators if we are required to disclose information by law.

All third parties we work with are required to handle your data securely and in accordance with applicable privacy laws. We do not sell, rent, or trade your personal information.

6. How We Protect Your Data

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These measures include:

• SSL/TLS encryption on our website (HTTPS) to secure data in transit.
• Secure, encrypted storage of customer account passwords.
• Access controls limiting who within our business can view customer data.
• Use of PCI-DSS compliant payment gateways so that card data is never stored on our servers.

While we do our best to protect your information, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes described in this policy, or as required by law. Specifically:

• Order and transaction records are retained for a minimum of 7 years to comply with Australian taxation and financial record-keeping obligations.
• Customer account data is retained for as long as your account remains active. You may request deletion of your account at any time.
• Marketing consent records are retained until you unsubscribe or withdraw consent.
• Contact form enquiries are retained for up to 2 years unless a longer retention period is required by the nature of the enquiry.

When personal information is no longer needed, we take reasonable steps to destroy or de-identify it securely.

8. Your Rights (Australian Privacy Act)

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you by making a written request.
• Correct inaccurate, out-of-date, or incomplete personal information we hold about you.
• Request deletion of your personal information, subject to our legal record-keeping obligations.
• Withdraw consent to marketing communications at any time by clicking “unsubscribe” in any marketing email or contacting us directly.
• Make a complaint if you believe we have mishandled your personal information (see Section 13).

To exercise any of these rights, please contact us using the details in Section 13. We will respond to access and correction requests within 30 days. In some circumstances, we may be unable to provide access — if so, we will explain why.

9. Data Breach Procedures

We take data breaches seriously. In the event of an eligible data breach as defined under the Privacy Act 1988 (Cth) and the Notifiable Data Breaches (NDB) scheme, we will:

• Contain the breach and assess the likely risk of serious harm to affected individuals as quickly as possible.
• Notify the Office of the Australian Information Commissioner (OAIC) within 30 days of becoming aware of an eligible data breach.
• Notify affected individuals as soon as reasonably practicable where the breach is likely to result in serious harm.
• Take steps to prevent further unauthorised access or disclosure.

We maintain internal records of all data breaches, whether notifiable or not, as part of our ongoing security obligations.

10. Third Party Data

Our website may contain links to third-party websites (for example, our payment gateways or social media platforms). These websites have their own privacy policies, and we are not responsible for their content or practices. We encourage you to review the privacy policies of any third-party sites you visit.

We do not knowingly collect personal information from individuals under the age of 18. If you believe a minor has submitted personal information to us, please contact us and we will take steps to remove it.

11. Automated Decision Making

We do not use automated decision-making processes (including profiling) that produce legal or similarly significant effects on you. Our order management, fraud detection, and marketing processes may involve automated tools, but all significant decisions are reviewed by a human where required.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, technology, or legal obligations. When we make changes, we will update the “Last Updated” date at the top of this page and, where appropriate, notify you by email or a notice on our website.

We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes your acceptance of the updated policy.

Last Updated: 30 March 2026

13. Contact Us / Complaints

If you have any questions about this Privacy Policy, wish to access or correct your personal information, or have a complaint about how we have handled your data, please contact us:

• Business name: Cumfies
• Location: Sunshine Coast, QLD, Australia
• Website: https://cumfies.com.au
• Email: cumfies.shoes@gmail.com
• Phone: 0494 650 571

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: https://www.oaic.gov.au
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001