Privacy policy

Arctic Ritual – Privacy Policy

Last updated: 30 November 2025

At Arctic Ritual, we respect your privacy and are committed to protecting your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). This policy explains how we collect, use, disclose, store, and secure your personal information when you visit arcticritual.com, make a purchase, or interact with our services. As a dropshipping business, we work with third-party suppliers, which may involve sharing limited data to fulfill orders.

If you have any questions, contact us at contact@arcticritual.com

1. Types of Personal Information We Collect

We collect personal information that is reasonably necessary for our business functions, such as:

  • Contact details: Name, email address, phone number, and shipping address (required for order processing and delivery).
  • Payment information: Billing details and payment method (processed securely via Shopify or third-party gateways; we do not store full card details).
  • Usage data: IP address, browser type, pages visited, and device information (collected automatically via cookies and analytics tools like Google Analytics).
  • Marketing preferences: If you opt-in to newsletters or promotions.
  • Other: Any information you provide in communications, reviews, or surveys.

We do not collect sensitive information (e.g., health data) unless you voluntarily provide it (e.g., in support queries), in which case we handle it with extra care.

2. How We Collect Personal Information

  • Directly from you: When you place an order, sign up for our newsletter, contact support, or create an account.
  • Automatically: Through website technologies like cookies (see our Cookie Policy for details) or Shopify analytics.
  • From third parties: Such as payment processors, shipping providers, or marketing partners, only where necessary and with appropriate safeguards.

We will notify you at or before the time of collection about the purpose and your rights, unless it is impracticable.

3. Purposes for Collecting, Using, and Disclosing Personal Information

We use your information for primary purposes such as:

  • Processing and fulfilling orders (e.g., sharing name and address with dropshipping suppliers and couriers).
  • Communicating with you about your order, updates, or support.
  • Improving our website and services (e.g., via anonymised analytics).
  • Complying with legal obligations (e.g., tax records).

With your express consent, we may use it for secondary purposes like sending marketing emails. You can withdraw consent at any time by unsubscribing or contacting us.

We disclose information to:

  • Third-party suppliers and service providers (e.g., Shopify, dropshippers possibly located overseas) for order fulfillment.
  • Legal authorities if required by law.
  • Business advisors in case of a sale or merger.

We do not sell your personal information.

4. Overseas Disclosure

Your information may be disclosed to overseas recipients, such as suppliers in [e.g., China/USA], where privacy laws may differ. We take reasonable steps to ensure they comply with the APPs (e.g., via contracts requiring equivalent protections) under APP 8. By using our services, you consent to such transfers, but we will inform you of any risks.

5. Data Security and Retention

We implement reasonable security measures (e.g., encryption, access controls) to protect against unauthorised access, loss, or misuse (APP 11). However, no system is infallible.

We retain information only as long as necessary: e.g., 7 years for financial records, or until you request deletion. After that, it is securely destroyed or anonymised.

In the event of a data breach likely to cause serious harm, we will notify you and the OAIC as required under the Notifiable Data Breaches scheme.

6. Access, Correction, and Erasure

You have the right to:

  • Access your personal information (free, unless unreasonable; respond within 30 days under APP 12).
  • Request corrections if inaccurate (APP 13).
  • Request erasure ("right to be forgotten") where information is no longer needed, consent is withdrawn, or it was unlawfully collected (as per 2025 reforms).

Contact us at contact@arcticritual.com with your request. We may refuse in limited circumstances (e.g., legal requirements) and will explain why.

7. Automated Decision-Making

We may use automated tools (e.g., Shopify algorithms for fraud detection or recommendations). If this significantly affects you, we will provide transparency and, upon request, human review options as required under 2025 reforms.

8. Consent and Children

We require express, informed consent for non-essential uses. For marketing, we use opt-in mechanisms.

Our services are not directed at children under 13. If we collect children's data unknowingly, we will delete it upon notification.

9. Changes

We may update this policy; changes will be posted here with the new date. Continued use constitutes acceptance.