Our Commitment

Grow Sunny is committed to protecting any personal information about you that we hold. This Privacy Policy sets out how we manage your personal information and safeguard your privacy, in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

About This Policy

Grow Sunny (ABN: 95231968343) operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the "Services"). Grow Sunny is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Personal Information We Collect or Process

When we use the term "personal information," we are referring to information that identifies you or could reasonably identify you, as defined under the Privacy Act 1988 (Cth). We may collect or process the following categories of personal information depending on how you interact with the Services:

•       Contact details including your name, address, billing address, shipping address, phone number, and email address.

•       Financial information including credit card, debit card, and financial account numbers, payment card information, transaction details, form of payment, payment confirmation and other payment details.

•       Account information including your username, password, security questions, preferences and settings.

•       Transaction information including the items you view, put in your cart, add to your wishlist, or purchase, return, exchange or cancel, and your past transactions.

•       Communications with us including the information you include in communications with us, for example, when sending a customer support inquiry.

•       Device information including information about your device, browser, or network connection, your IP address, and other unique identifiers.

•       Usage information including information regarding your interaction with the Services, including how and when you interact with or navigate the Services, and information collected via cookies and similar tracking technologies.

•       Your interests in our products, services or events, and any other information which we may need to promote our goods or services.

If you give us information about another person, you should make sure that you are authorised to do so. You must also inform that person of who we are and that we may use and disclose their personal information in accordance with this Privacy Policy.

Personal Information Sources

We collect personal information only by lawful and fair means, in accordance with APP 3. We may collect personal information from the following sources:

•       Directly from you, including when you create an account, visit or use the Services, make a purchase, subscribe to our communications, complete an online form, accept an invitation from us, send us an email, or otherwise voluntarily provide us with your personal information;

•       Automatically through the Services, including from your device when you use our products or services or visit our website, and through the use of cookies and similar technologies;

•       From our service providers, including when we engage them to enable certain technology and when they collect or process your personal information on our behalf;

•       From our partners or other third parties.

Where it is lawful and practicable to do so, you may interact with us anonymously or using a pseudonym (APP 2). However, please note that some Services — such as processing an order — require us to collect identifiable information to function properly.

How We Use Your Personal Information

We collect and use your personal information only for purposes that are directly related to our business functions, or as otherwise permitted or required by law (APP 6). We may use personal information for the following purposes:

•       Provide, Tailor, and Improve the Services. We use your personal information to provide you with the Services, including to process your payments, fulfil your orders, remember your preferences, send account-related notifications, process purchases, returns and exchanges, manage your account, arrange shipping, facilitate returns and exchanges, enable product reviews, and create a customised shopping experience.

•       Marketing and Advertising. We may use your personal information to send marketing, advertising and promotional communications by email, text message or post, and to show you online advertisements, including based on your activity on the Services. We may also provide you with information about ideas, events, or other products or services — including those offered by carefully selected third parties — that we think may interest you. Where required by law (including the Spam Act 2003 (Cth)), we will obtain your consent before sending direct marketing and provide a clear and easy way for you to opt out at any time. If you would prefer not to receive this information, please contact us.

•       Security and Fraud Prevention. We use your personal information to authenticate your account, provide a secure payment and shopping experience, detect and investigate possible fraudulent, illegal, unsafe, or malicious activity, protect public safety, and secure our services.

•       Communicating with You. We use your personal information to provide customer support, respond to your enquiries, and maintain our business relationship with you.

•       Legal Reasons. We use your personal information to comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies, to investigate or participate in civil discovery or litigation, and to enforce or investigate potential violations of our terms or policies.

How We Disclose Personal Information

We will not disclose your personal information to any third parties without your consent, unless we are required to by law or to the extent, we use third parties to capture or manage your personal information on our behalf. Where we do disclose personal information, we do so for legitimate purposes in accordance with APP 6. Such circumstances may include:

•       With Shopify, vendors and other third parties who perform services on our behalf (e.g. IT management, payment processing, data analytics, customer support, cloud storage, fulfilment and shipping). These parties are required to handle your personal information in accordance with our instructions and applicable privacy laws.

•       With business and marketing partners to provide marketing services and advertise to you. Our business and marketing partners will use your information in accordance with their own privacy notices. You may opt out of targeted advertising at any time by contacting us.

•       When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations.

•       With our affiliates or otherwise within our corporate group.

•       In connection with a business transaction such as a merger or bankruptcy, to comply with applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service or policies, and to protect or defend the Services, our rights, and the rights of our users or others.

We do not sell your personal information to third parties.

Third Party Companies Using Website Cookies

The following companies may collect personal information when you interact with our website and digital properties, including IP addresses, digital identifiers, information about your web browsing and app usage, and how you interact with our properties and ads. This information may be used for purposes such as personalisation of offers or advertisements, analytics, and other commercial purposes. For more information about the collection, use and disclosure of your personal data and your rights, please refer to the links below:

•       Google: https://policies.google.com/privacy

•       Facebook / Meta: https://www.facebook.com/privacy/policy/

•       Digital Advertising Alliance’s Opt-Out Portal: https://optout.aboutads.info/

You can manage your cookie preferences at any time through your browser settings or our cookie preference tool on the website.

Overseas Disclosure of Personal Information

In the course of providing our Services, we may disclose your personal information to recipients located outside Australia, including to Shopify (headquartered in Canada) and other service providers who may be located in countries such as the United States and other jurisdictions. In accordance with APP 8, before disclosing your personal information overseas we take reasonable steps to ensure that overseas recipients handle your information in a way that is consistent with the Australian Privacy Principles.

By using our Services, you acknowledge that your personal information may be transferred to and stored in countries outside Australia. We will take reasonable steps to ensure any overseas recipient provides appropriate privacy protections comparable to those required under Australian law.

Relationship with Shopify

The Services are hosted by Shopify, Inc., which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside. To learn more about how Shopify uses your personal information and your rights in this regard, you can visit the Shopify Consumer Privacy Policy at https://www.shopify.com/legal/privacy. You may also exercise your privacy rights via the Shopify Privacy Portal.

Cookies and Tracking Technologies

When you visit our website, it may store information on your browser, mostly in the form of cookies. Cookies are small pieces of data sent from a website and saved on your browser or device. They can be placed by us (first party cookies) or by other companies (third party cookies).

The information we collect might be about you, your preferences or your device, and is mostly used to make the site work as you expect it to. It does not usually directly identify you, but it can give you a more personalised web experience. We allow some of our carefully chosen partners to place cookies on our site to help us understand how visitors use our website so we can improve your experience.

We use the following types of cookies:

•       Essential cookies: required for the website and checkout to function correctly.

•       Analytics cookies: help us understand how visitors interact with our website (e.g. Google Analytics).

•       Marketing cookies: used to deliver relevant advertisements and track the effectiveness of our marketing campaigns.

By continuing to use our website, you consent to our use of cookies as described in this Policy. You can manage and edit your cookie preferences at any time through your browser settings.

Text Message (SMS) Marketing

By subscribing to Grow Sunny's text message notifications, you agree to receive automated marketing text messages from us about our products and services at the phone number you provided when you subscribed. Message frequency is recurring. Your consent to receive text messages is not a condition of purchase. Message and data rates may apply.

To opt out at any time, reply STOP, END, CANCEL, UNSUBSCRIBE or QUIT to any message. Reply HELP for customer support. You may receive an additional text message confirming your decision to opt out. Please note that attempting to opt out by any means other than texting the opt-out commands above may not be effective.

By subscribing, you confirm that you are the account holder or have the account holder's permission to subscribe using the provided phone number.

Third Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on those sites. Our inclusion of such links does not imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

Your Rights: Access and Correction of Personal Information

Under APP 12 and APP 13, you have the right to request access to, and correction of, personal information we hold about you. To make a request, please email us at the address set out in the Contact section below. We will deal with all requests for access to personal information as quickly as possible and will respond within a reasonable time (generally within 30 days).

We may need to verify your identity before processing your request. If we refuse access or correction, we will provide you with written reasons and information about how you may complain about that decision. We reserve the right to charge a reasonable fee where access is provided to large volumes of information, but will not charge you simply for making a request.

Children's Data

The Services are not intended to be used by children under the age of 18, and we do not knowingly collect personal information about children. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the details set out below to request that it be deleted. As of the effective date of this Privacy Policy, we do not have actual knowledge that we share or sell personal information of individuals under 16 years of age.

Information Security and Retention

We take reasonable steps to protect all personal information we hold from misuse, interference, loss, and unauthorised access, modification or disclosure, in accordance with APP 11. We hold information securely in both electronic and physical form, and engage service providers who maintain appropriate security standards.

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee the absolute security of your information. We recommend that you do not use unsecured channels to communicate sensitive or confidential information to us, and that you keep your account credentials secure.

How long we retain your personal information depends on factors such as whether we need the information to maintain your account, provide you with Services, comply with legal obligations, resolve disputes, or enforce applicable contracts and policies. When personal information is no longer needed, we take reasonable steps to destroy or de-identify it.

Notifiable Data Breaches

We are committed to responding promptly to any data breach involving your personal information. In the event of an eligible data breach under the Notifiable Data Breaches (NDB) scheme (Part IIIC of the Privacy Act 1988 (Cth)) that is likely to result in serious harm to you, we will:

•       Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable;

•       Notify affected individuals directly, including a description of the breach, the types of information involved, and recommended steps you can take; and

•       Take immediate remedial action to contain the breach and prevent further harm.

Complaints

If you have a complaint about how we have handled your personal information, or believe we have breached the Australian Privacy Principles, we encourage you to contact us first using the details set out below. We will acknowledge your complaint promptly and endeavour to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

•       Website: www.oaic.gov.au

•       Phone: 1300 363 992

•       Post: GPO Box 5218, Sydney NSW 2001

Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We may notify you of changes by posting an updated version on our website with a revised effective date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of your rights under the Privacy Act 1988 (Cth), please contact us:

•       Email: customercare@growsunny.com

•       Postal address: 888 Brunswick Street, New Farm, QLD, 4005, Australia

Effective Date: 1^st July, 2026