GDPR Policy

At Chill Bunny, your privacy is important to us. This GDPR Privacy Policy outlines how we collect, use, and protect personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This policy applies to all visitors, users, and customers located in the European Economic Area (EEA).

1. Who We Are
We are an online retail store offering curated products through chillbunny.com.au. We act as the Data Controller for the personal information collected through our website and services.

2. What Personal Data We Collect
We may collect the following personal data:

Name

Email address

Shipping and billing addresses

Phone number

Payment and transaction details (processed securely via third-party providers)

IP address and browser/device information

Order history

Preferences and interactions with our website (via cookies or analytics tools)

3. Legal Bases for Processing
We process your data under one or more of the following lawful bases:

Contractual necessity: To fulfill your orders and deliver products.

Legitimate interests: To improve our services and customer experience.

Consent: For marketing communications or newsletter sign-ups.

Legal obligation: To comply with applicable laws and tax regulations.

4. How We Use Your Data
We use your personal data to:

Process and fulfill orders

Manage your customer account

Communicate order updates or support inquiries

Send marketing (if you opt-in)

Improve our website and user experience

Detect and prevent fraud

5. Data Sharing & Third Parties
We do not sell your personal data.

We may share data with:

Trusted third-party service providers (e.g., payment processors, shipping companies, analytics platforms)

Government authorities when legally required

All data processors we work with are GDPR-compliant and only process your data for specified purposes under strict confidentiality.

6. Data Retention
We retain your data for as long as necessary to fulfill the purposes described in this policy unless a longer retention period is required or permitted by law (e.g., tax or legal obligations).

7. Your Rights Under GDPR
You have the right to:

Access your personal data

Rectify inaccurate or incomplete data

Erase your data ("right to be forgotten")

Restrict or object to processing

Withdraw consent at any time

Request data portability

To exercise any of these rights, you can contact us via the contact form on our website. We may need to verify your identity before processing the request.

8. Data Security
We implement appropriate technical and organizational measures to protect your personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction.

9. International Data Transfers
Some of our service providers may be located outside the EEA. In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms, to protect your data in accordance with GDPR.

10. Cookies and Tracking Technologies
We use cookies to improve your experience and analyze website traffic. You can manage your cookie preferences through your browser settings or via our cookie banner (where applicable). For more information, see our Cookie Policy.

11. Changes to This Policy
We may update this policy from time to time. Any changes will be posted on this page with the updated effective date.