Privacy policy

PRIVACY POLICY — KK LIFESTYLE

KK Lifestyle ("we", "us", "our") is an Australian-owned online home furniture and lifestyle retailer operating at kklifestyle.com.au. We are registered in Australia (ABN 31 438 442 099) and based in Melbourne, Victoria.

We are committed to protecting your personal information and handling it in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Privacy and Other Legislation Amendment Act 2024.

Privacy contact: For all privacy-related enquiries, corrections, or complaints, contact us via our Contact page at kklifestyle.com.au/pages/contact.

2. What Personal Information We Collect

We collect personal information that is necessary to process your orders, communicate with you, and improve your experience. We only collect what we need.

Information you provide directly

·       Name, delivery address, billing address, email address, and phone number (collected at checkout)

·       Payment information — we do not store card numbers; these are processed securely by our payment providers

·       Account login details if you create an account (email and password — password is encrypted)

·       Messages and enquiries you send us via our chat widget, contact form, or email

·       Product reviews or feedback you submit

·       Email marketing preferences and subscription status

Information collected automatically

·       Browsing behaviour on our website — pages visited, products viewed, time on page, links clicked

·       Device information — browser type, operating system, device type, screen resolution

·       IP address and approximate geographic location (city/country level)

·       Referral source — how you arrived at our website (e.g. from a Google search, a Meta ad, or a direct link)

·       Shopping behaviour — items added to cart, wishlisted, purchased, or abandoned

·       Cookie identifiers and session data (see Section 8 — Cookies & Tracking)

Information we receive from third parties

·       Order fulfilment and shipping data from our logistics partners

·       Payment verification data from payment processors (Shopify Payments, PayPal, Afterpay, Zip)

·       Advertising audience match data from Meta (Facebook/Instagram) when you interact with our ads

·       Analytics data from Google Analytics and Google Ads about how you interact with our website

·       Customer support conversation data from Gorgias

3. Why We Collect and Use Your Personal Information

We use your personal information only for the purposes for which it was collected or for directly related purposes you would reasonably expect.

Order processing and fulfilment

Processing your purchase, arranging delivery, sending order and dispatch confirmation emails, handling returns and refund requests. This is the primary purpose for which we collect most information.

Customer support

Responding to enquiries, resolving issues, and providing support via chat (Gorgias), email, or phone. Chat transcripts are stored in Gorgias and linked to your customer profile.

Marketing communications (with your consent)

Sending promotional emails, new arrival announcements, and special offers via Omnisend. You may unsubscribe at any time. We will not send marketing emails without your consent, and pre-ticked consent boxes are not used.

Advertising and retargeting

Showing you relevant ads on Meta (Facebook and Instagram) and Google platforms based on your browsing and purchase history. This includes Custom Audiences, Lookalike Audiences, and Google remarketing. See Section 6 for detail on each platform.

Website improvement and analytics

Understanding how visitors use our website in order to improve the shopping experience, fix errors, and make better product decisions.

Fraud prevention and security

Detecting and preventing fraudulent transactions and protecting the security of your account.

Legal and regulatory compliance

Complying with our obligations under Australian law, including the Australian Consumer Law, Privacy Act, Spam Act, and tax laws.

Automated decision-making

Some of our third-party platforms (Meta, Google) use automated processing to determine which advertisements to show you based on your behaviour. We disclose this in Section 6. We do not make automated decisions that have significant legal or similar effects on you without human review. (Disclosure required under the Privacy and Other Legislation Amendment Act 2024, with full automated decision-making disclosure obligations commencing 10 December 2026.)

4. Legal Basis for Processing Your Personal Information

Under the Australian Privacy Principles, we process your personal information on the following grounds:

·       Contract performance — processing necessary to fulfil your order and deliver our services

·       Legitimate interests — operating our business, fraud prevention, improving our website

·       Consent — marketing emails and advertising personalisation (you may withdraw consent at any time)

·       Legal obligation — compliance with Australian law including tax, consumer, and privacy legislation

Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing before withdrawal.

5. Who We Share Your Personal Information With

We do not sell your personal information to any third party. We share your information only with the service providers listed below, and only to the extent necessary to provide our services. Each provider is bound by data processing agreements and applicable privacy law.

5.1 Platform & Infrastructure

Shopify Inc. (Canada/USA (with Australian data processing)) Purpose: Our e-commerce platform. Hosts our store, processes orders, manages customer accounts, payment processing infrastructure, and provides analytics. Data shared: Name, email, address, order history, browsing behaviour, device data, payment data (tokenised) Privacy policy: shopify.com/legal/privacy Opt-out: Shopify's data handling is governed by their Data Processing Addendum. Shopify maintains EU-US Data Privacy Framework certification. Australian customer data may be processed on servers outside Australia — Shopify applies equivalent protections.

 

5.2 Payments

Shopify Payments (Stripe) (USA) Purpose: Primary payment processing for Visa, Mastercard, Amex, and UnionPay transactions. Data shared: Payment card data (tokenised — we never see or store raw card numbers), billing address, transaction amount, IP address Privacy policy: stripe.com/en-au/privacy Opt-out: Stripe does not use your payment data for any purpose other than processing your transaction and fraud prevention.

 

PayPal Australia Pty Ltd (Australia (processing may occur in USA)) Purpose: Payment processing for PayPal and PayPal Pay Later (BNPL) transactions. Data shared: PayPal account details, payment amount, transaction reference, billing details Privacy policy: paypal.com/au/webapps/mpp/ua/privacy-full Opt-out: You can opt out of PayPal personalised offers via your PayPal account settings.

 

Afterpay / Clearpay (Australia (Block Inc, USA parent)) Purpose: Buy Now Pay Later payment processing — 4 interest-free instalments. (If enabled on your store) Data shared: Name, email, mobile number, date of birth, address, bank or card details, credit check data Privacy policy: afterpay.com/en-AU/privacy-policy Opt-out: Afterpay performs a soft credit check. Your data is shared with their credit risk platform.

 

Zip Co Limited (Australia) Purpose: Buy Now Pay Later payment processing. (If enabled on your store) Data shared: Name, email, address, bank or card details, credit assessment data Privacy policy: zip.co/au/privacy Opt-out: Zip performs credit assessments. Data is retained by Zip per their financial services obligations.

 

Apple Pay / Google Pay (USA) Purpose: Express payment via Apple Wallet or Google Wallet. Data shared: Transaction authorisation token — we receive no raw card data. Apple/Google process payment data. Privacy policy: apple.com/au/legal/privacy | policies.google.com/privacy

 

5.3 Advertising & Analytics

Meta Platforms Inc. (Facebook & Instagram) (USA) Purpose: Advertising — running targeted ads on Facebook and Instagram, building Custom Audiences from customer data, creating Lookalike Audiences, and measuring ad conversion performance via the Meta Pixel. Data shared: Email address (hashed), phone number (hashed), browsing behaviour via Meta Pixel (pages viewed, products viewed, cart additions, purchases), IP address, device data, purchase history (for Custom Audience matching) Privacy policy: facebook.com/privacy/policy/ Opt-out: Manage your Meta ad preferences: facebook.com/ads/preferences | Opt out of off-Facebook activity tracking: facebook.com/off_facebook_activity | You can request we remove you from our Custom Audience by contacting us.

 

Meta Pixel disclosure: We use the Meta Pixel on our website. This is a piece of code that allows Meta to track your activity on our site and connect it to your Facebook/Instagram profile (if you have one) to show you relevant ads. Meta's use of this data is governed by Meta's Data Policy, not by this Privacy Policy.

Google LLC (Google Analytics & Google Ads) (USA) Purpose: Google Analytics: measuring website traffic, user behaviour, and content performance. Google Ads: running paid search and shopping ads, tracking ad conversions, remarketing to previous visitors via Google Display Network and YouTube. Data shared: Anonymised browsing data, IP address (anonymised), device and browser data, pages visited, conversion events (purchases, add-to-cart), referral source Privacy policy: policies.google.com/privacy Opt-out: Opt out of Google Analytics: tools.google.com/dlpage/gaoptout | Manage Google ad personalisation: myaccount.google.com/data-and-privacy | IP anonymisation is enabled on our Google Analytics implementation.

 

Google Merchant Center / Google Shopping (USA) Purpose: Listing our products on Google Shopping — a free product listing service that allows your products to appear in Google Search shopping results. Data shared: Product data (titles, prices, images, descriptions) — no personal customer data is shared. Conversion data from Google Ads may be linked to Shopping campaigns. Privacy policy: policies.google.com/privacy

 

5.4 Customer Support

Gorgias Inc. (USA (servers may be in USA or EU)) Purpose: AI-powered customer support chat platform. Manages all chat conversations, support tickets, order enquiries, and customer communication history. Gorgias connects to our Shopify store and can access order details to resolve customer enquiries. Data shared: Full name, email address, order history and status, chat conversation transcripts, device data, IP address, any personal information you share in chat Privacy policy: gorgias.com/privacy-policy Opt-out: Chat conversations are retained by Gorgias for up to 36 months. You may request deletion of your chat history by contacting us. Gorgias operates under a Data Processing Agreement and is GDPR-compliant, providing equivalent protections to Australian customers.

 

5.5 Email Marketing

Omnisend (Lithuania/EU (GDPR-compliant, data may be processed in USA)) Purpose: Email marketing automation platform. Manages our marketing email list, automated flows (abandoned cart, post-purchase, welcome series, review requests), newsletter campaigns, and email performance analytics. Data shared: Email address, first name, last name, purchase history, browsing behaviour (products viewed, cart additions), email engagement (opens, clicks, unsubscribes), customer tags and segments Privacy policy: omnisend.com/privacy/ Opt-out: Unsubscribe from marketing emails at any time using the unsubscribe link in any email we send. Your unsubscribe request will be processed within 5 business days as required by the Australian Spam Act 2003. Transactional emails (order confirmation, dispatch) are not affected by marketing unsubscribes.

 

Spam Act 2003 compliance: All marketing emails sent via Omnisend include our business name (KK Lifestyle), ABN (31 438 442 099), and a functional unsubscribe mechanism. We only send marketing emails to customers who have provided explicit or inferred consent in accordance with the Spam Act 2003.

5.6 Loyalty, Store Credit & Wallet Apps

Store Credit / Loyalty App (e.g. Rise.ai, Smile.io, or equivalent) (USA/Israel) Purpose: Managing store credit balances, loyalty points, referral programs, and customer reward wallet functionality. If you receive store credit or participate in our rewards program, this app processes your balance and transaction history. Data shared: Email address, name, store credit balance, transaction history, referral activity, account activity timestamps Privacy policy: Check the specific app's privacy policy — linked in our store footer. Opt-out: You may request your store credit balance be converted to a refund or your account deleted by contacting us. Note that deleting your account will forfeit any unredeemed store credit.

 

Note: Update the app name in the block above to match your specific store credit app once confirmed. The data categories and purpose described above apply to all major Shopify store credit and loyalty apps.

5.7 Review Platforms

Judge.me (or equivalent review platform) (USA/EU) Purpose: Collecting, displaying, and managing customer product reviews. After your purchase, we may use this platform to send you a review request email. Data shared: Name, email address, order details, product purchased, review content and star rating, any photos you submit with a review Privacy policy: judge.me/privacy Opt-out: You may request removal of your review by contacting us. Note that reviews may be publicly visible on our website.

 

5.8 Shipping & Fulfilment

Logistics & Courier Partners (Australia) Purpose: Delivering your order. We share your delivery details with the courier or logistics partner handling your specific order. Data shared: Full name, delivery address, phone number, order contents (for customs/handling), delivery instructions Privacy policy: See the specific courier's privacy policy — provided in your dispatch confirmation email. Opt-out: Courier data is retained for tracking and proof-of-delivery purposes in line with their operational requirements.

 

6. Overseas Disclosure of Personal Information

Some of the third-party service providers listed in Section 5 are located outside Australia, primarily in the United States and European Union. By using our website and services, you consent to your personal information being transferred to and processed in these countries.

Under the Australian Privacy Principles (APP 8), before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient does not breach the APPs. We do this by:

·       Selecting service providers who are GDPR-compliant (which provides equivalent or greater protections than the APPs)

·       Entering into Data Processing Agreements with each provider

·       Reviewing each provider's data handling practices and security certifications

·       Relying on providers who have obtained ISO 27001 or SOC 2 Type II certification where available

Privacy and Other Legislation Amendment Act 2024: Updated overseas transfer requirements commenced in 2025. We are reviewing and updating our contracts with overseas providers to reflect the new requirements as OAIC guidance is issued. This policy will be updated to reflect any changes.

 

7. How Long We Keep Your Personal Information

Data type	Retention period	Reason
Order records (name, address, items, payment reference)	7 years	Australian tax law (ATO record-keeping requirements)
Customer account data	Duration of account + 3 years after last activity	Customer service and legal compliance
Marketing email list	Until you unsubscribe + 1 year	Spam Act compliance — proof of consent
Chat transcripts (Gorgias)	Up to 36 months	Customer service continuity and dispute resolution
Website analytics data (Google Analytics)	26 months (Google's default, IP anonymised)	Website improvement
Meta Pixel data	As per Meta's data retention policies (generally 180 days for events)	Ad performance measurement
Payment records (transaction reference only — no card data)	7 years	ATO and financial compliance
Review content	Until review is removed	Public product review display
Store credit / loyalty data	Duration of account + 1 year after account closure	Financial reconciliation

 

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. A cookie is a small text file stored on your device when you visit a website. We use them to:

Essential cookies: Required for the website to function — shopping cart, login session, checkout process. Cannot be disabled.

Analytics cookies (Google Analytics): Help us understand how visitors use our site — pages visited, time spent, referral source. IP addresses are anonymised.

Advertising cookies (Meta Pixel, Google Ads): Track conversions from ads and enable us to show you relevant ads on Facebook, Instagram, and Google. These cookies may follow you across websites.

Functional cookies (Shopify, Gorgias): Remember your preferences and enable the chat widget to recognise returning visitors.

Managing cookies: You can control cookies through your browser settings. Disabling advertising cookies will not remove ads but will make them less relevant to you. Disabling essential cookies will prevent our website from functioning correctly. Most browsers allow you to view, delete, and block cookies — see your browser's help section for instructions.

9. Your Rights Regarding Your Personal Information

Under the Australian Privacy Principles, you have the following rights:

Access

You have the right to request access to the personal information we hold about you. We will respond within 30 days. In most cases access is free — we will advise you if any charge applies before proceeding.

Correction

If your personal information is inaccurate, out of date, or incomplete, you have the right to ask us to correct it. We will correct it within 30 days or advise you if we disagree with the correction and why.

Deletion

You may request deletion of your personal information. We will delete information we are not legally required to retain. Note that some data (order records, financial records) must be retained for 7 years under Australian tax law and cannot be deleted on request.

Opt-out of marketing

You may unsubscribe from marketing emails at any time using the unsubscribe link in any email. Processing takes up to 5 business days. Transactional emails (order confirmations, dispatch notifications) are not affected.

Opt-out of advertising personalisation

You may opt out of personalised advertising via your Meta ad settings, Google account settings, or by contacting us to remove you from Custom Audience lists.

Complaints

If you believe we have mishandled your personal information, you may lodge a complaint with us first. If you are not satisfied with our response, you may escalate to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or call 1300 363 992.

Data portability (emerging right)

We will provide your personal information in a structured, commonly used format on request where technically feasible.

To exercise any of these rights, contact us via our Contact page at kklifestyle.com.au/pages/contact. We will verify your identity before processing any access, correction, or deletion request.

10. How We Protect Your Personal Information

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our measures include:

·       SSL/TLS encryption for all data transmitted between your browser and our website (indicated by the padlock icon)

·       Shopify's PCI DSS Level 1 compliant payment infrastructure — the highest level of payment security certification

·       We do not store payment card numbers — all card data is tokenised by our payment providers

·       Access controls limiting which staff members can access customer personal information

·       Regular review of our third-party providers' security practices and certifications

·       Passwords stored using one-way encryption (hashing)

Data breach notification: If we become aware of a data breach that is likely to result in serious harm to any individual, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required under the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act).

11. Children's Privacy

Our website is not directed at children under the age of 15. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly. Australia's Children's Online Privacy Code is being developed and we will update this policy when it comes into effect.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We recommend reviewing the privacy policy of any third-party website you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last updated" date at the top of this page. Significant changes will be communicated to you by email or by a notice on our website. We encourage you to review this policy periodically.

14. Contact Us — Privacy Enquiries & Complaints

For all privacy-related enquiries, access requests, corrections, or complaints:

·       Website: kklifestyle.com.au/pages/contact

·       Business name: KK Lifestyle

·       ABN: 31 438 442 099

·       Location: Melbourne, Victoria, Australia

We will acknowledge your enquiry within 5 business days and aim to resolve all privacy matters within 30 days. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):

·       Website: oaic.gov.au

·       Phone: 1300 363 992

·       Post: GPO Box 5218, Sydney NSW 2001

 

Governing law: This Privacy Policy is governed by the laws of Victoria, Australia. Any disputes arising from this policy will be subject to the jurisdiction of the courts of Victoria, Australia. Related policies: This Privacy Policy should be read alongside our Terms & Conditions and Returns & Refund Policy, all available on our website.

 

Privacy Policy — KK Lifestyle (ABN 31 438 442 099) — Updated and Effective from May 2026