This Privacy Policy explains how Greenhills Group Pty Ltd (ACN 694 779 818) trading as One Stop Wholesaler, One Stop Cleaning Supplies and One Stop Packaging Supplies (“One Stop”, “we”, “us” or “our”) collects, holds, uses and discloses personal information, and how you can access and correct your personal information or make a complaint.

This Privacy Policy applies to our website and online store operated under One Stop, including onestopwholesaler.com, onestopcleaningsupplies.com and onestoppackagingsupplies.com (the “Website”), and to other interactions you have with us (for example, by email, phone or social media) that relate to One Stop.

We are committed to protecting your privacy and handling personal information in accordance with the Privacy Act 1988 (Cth) (the Privacy Act) and the Australian Privacy Principles (APPs).

Enquiries in relation to this Privacy Policy are to be directed to our Privacy Officer:

Email: sales@onestopwholesaler.com

Post: 55–57 Madden Avenue, Mildura VIC 3500

What is “personal information”?

“Personal information” has the meaning given in the Privacy Act and includes information or an opinion about an identified individual, or an individual who is reasonably identifiable.

What personal information we collect and hold

The types of personal information we may collect and hold include:

• Identity and contact details: name, email address, phone number, delivery address, billing address, and (where relevant) business name and ABN.
• Account information: username, password and other information you add to your account/profile.
• Order and transaction details: items purchased, order history, delivery instructions, tax invoice details, and communications regarding orders, returns or exchanges.
• Payment-related information: limited details necessary to process and reconcile payments (for example, payment status and confirmation). Important: payment details are typically collected and processed by our third-party payment processor(s) (see section 6).
• Customer support information: the content of your communications with us and any information you provide when you contact us.
• Website and device information (collected automatically): IP address, browser type, device identifiers, pages viewed, session data, referring pages, and information collected via cookies and similar technologies.

Sensitive information

We do not seek to collect sensitive information (as defined in the Privacy Act). If we do collect sensitive information, we will do so only where permitted by law, and with your consent.

Retention

We retain personal information only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. When personal information is no longer required for these purposes, and unless we are required by law to retain it, we will take reasonable steps to destroy or permanently de-identify the information.

How do we collect personal information?

We may collect personal information in the following ways:

• Directly from you, when you:create an account;place an order;subscribe to marketing communications;contact us (including by phone, email, contact forms, live chat, or social media);enter promotions or complete surveys; orotherwise provide information to us.
• Automatically, when you use our Website, through cookies and similar tracking technologies (see section 8).
• From third parties, including:our e-commerce platform provider(s) (for example, Shopify, where used);payment processors;delivery and fulfilment providers;analytics and advertising partners; andfraud prevention and security service providers.

Where we collect personal information from third parties, we will handle it in accordance with this Privacy Policy.

Children

Our Website and services are not directed to children under 18 years of age. We do not knowingly collect personal information from individuals under the age of 18 without appropriate parental or guardian consent. If we become aware that we have inadvertently collected personal information from a minor without requisite consent, we will take reasonable steps to delete that information as soon as possible.

Why do we collect, hold, use and disclose personal information?

We collect, hold, use and disclose personal information for purposes connected with operating One Stop, including to:

• provide, operate and improve our Website and services;
• create and administer customer accounts;
• process orders, payments, shipping, returns, exchanges and refunds;
• communicate with you about orders and service-related matters;
• respond to enquiries and provide customer support;
• personalise your experience on our Website;
• conduct business operations, including analytics, research and development, quality assurance and staff training;
• manage and protect the security of our Website and systems, including detecting and preventing fraud, unauthorised access, and other suspicious activity;
• comply with our legal and regulatory obligations; and
• enforce our terms, policies and contractual rights.

Direct marketing

We may use your personal information to send you marketing communications about our products, services, special offers and updates.

You can opt out of marketing communications at any time by:

• using the unsubscribe function in our emails; or
• contacting us using the details in the “Contact us” section below.

We will comply with applicable laws relating to direct marketing, including the Privacy Act and the Spam Act 2003 (Cth).

What happens if you do not provide personal information?

If you do not provide requested personal information, we may not be able to:

• create or administer your account;
• process your order or deliver products;
• provide customer support; or
• provide other services you request.

Payments and third-party payment processors

Purchases made through our Website may be processed securely by third-party payment processors (for example, Stripe and/or other providers we use from time to time).

Unless you expressly consent otherwise, we generally do not see or store your full payment card details. The payment processor will handle your payment information in accordance with its own privacy policy and security practices.

We may receive limited information from the payment processor that is necessary to process your order and manage our business (for example, payment confirmation, transaction reference numbers, and details needed for billing and delivery such as your name, email address and billing/delivery address).

When do we disclose personal information?

We may disclose personal information to third parties where necessary for the purposes set out in this Privacy Policy, including:

• IT and systems providers, including website hosting, cloud storage, cybersecurity, and communications tools.
• E-commerce and platform providers, including providers that power our online store and related functionality (for example, Shopify, where used).
• Payment processors.
• Shipping, fulfilment and logistics providers to deliver your orders.
• Customer support and business administration providers.
• Marketing and analytics providers, including website analytics, advertising and remarketing services.
• Professional advisers, including our accountants, auditors and lawyers.
• Government agencies, regulators and law enforcement, where required or authorised by law (including to respond to lawful requests).
• Fraud prevention and credit risk providers, where appropriate for security, fraud, and risk management.
• Business transaction counterparties, where we are involved in a restructure, sale, acquisition, merger, financing or sale of assets (including trade receivables), and personal information is reasonably necessary for that transaction.

We take reasonable steps to ensure that third parties we disclose personal information to handle that information in a manner consistent with applicable privacy obligations.

Please note that this Privacy Policy does not apply to our handling of ‘employee records’ where such handling is exempt under the Privacy Act.

Cookies, analytics and advertising (including remarketing)

Cookies and similar technologies

We use cookies and similar technologies to operate and improve our Website and to help personalise your experience. Cookies may allow us (and third parties) to:

• remember your preferences;
• keep you signed in (where applicable);
• enable core shopping and checkout functions;
• understand how users interact with the Website; and
• measure and improve marketing performance.

You can manage cookies through your browser settings, including blocking or deleting cookies. Blocking cookies may affect Website functionality.

Third-party cookies

Some cookies may be placed by third parties through our Website, such as analytics and advertising providers (for example, Google Analytics, Google Ads, and Meta/Facebook, where used). These providers may collect information about your device and your use of our Website.

Remarketing

We may use third-party remarketing services (for example, Google Ads and/or Meta/Facebook) to show advertisements to previous visitors to our Website on third-party websites or platforms. These services may use cookies or pixels to serve relevant advertisements.

You can manage some ad preferences through:

• Google Ads Settings (google.com/settings/ads); and
• Meta/Facebook ad preferences in your account settings.

Overseas disclosure of personal information

Some of our service providers (including e-commerce platforms, cloud hosting, analytics, advertising and customer support tools) may store or process personal information outside Australia.

Where we disclose personal information to overseas recipients, we will take reasonable steps to ensure the overseas recipient handles the information in a way that is consistent with the Australian Privacy Principles, unless an exception applies under the Privacy Act.

Security and storage of personal information

We take reasonable steps to protect personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure.

Personal information may be stored in electronic form (including with third-party hosting providers) and, in limited circumstances, in hard copy.

Our security measures may include access controls, passwords, encryption (where appropriate), network security tools, monitoring, and staff training. However, no method of transmission over the internet or method of electronic storage is completely secure.

Data breaches

If we become aware of a data breach involving personal information that is likely to result in serious harm, we will take steps required by the Notifiable Data Breaches scheme under the Privacy Act, which may include notifying affected individuals and the Office of the Australian Information Commissioner (OAIC).

Accessing and correcting your personal information

Access

You may request access to personal information we hold about you. We will respond to access requests in accordance with the Privacy Act and the Australian Privacy Principles.

Correction

If you believe personal information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you may request that we correct it. We will respond in accordance with the Privacy Act.

How to request access or correction

Requests should be made to our Privacy Officer using the contact details in the “Contact us” section below.

We may need to verify your identity before processing a request. In some circumstances, we may refuse access or correction where permitted by law. If we refuse, we will provide reasons (where required) and explain complaint options.

Complaints

If you have a complaint about how we handle your personal information, please contact our Privacy Officer (see the “Contact us” section below). Please provide sufficient details so we can investigate.

We will:

• acknowledge your complaint within a reasonable time; and
• investigate and respond within a reasonable time, and in accordance with our obligations under the Privacy Act.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: oaic.gov.au
• Phone: 1300 363 992
• Address: GPO Box 5218, Sydney NSW 2001

Third-party websites

Our Website may contain links to third-party websites or platforms. We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy policies of any third-party websites you visit.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The updated version will be posted on our Website and will take effect from the date it is published (or as otherwise stated).

Contact Information

If you have any questions about this Privacy Policy please contact us at the following:

• sales@onestopwholesaler.com
• One Stop, 55-57 Madden Avenue, Mildura, Victoria, 3500, Australia 3500. Att: Privacy Compliance
• Fax us on +61 3 5023 8119
• Call us on 1300 131 700

This document is copyright by Greenhills Group Pty Ltd trading as One Stop Wholesaler. All rights reserved.