1. Introduction & Scope

AMASC Pty Ltd ("we", "us", "our") is committed to protecting your privacy and ensuring your personal information is handled in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy describes how we collect, hold, use, disclose, secure, and allow access to your personal information in Australia.

This policy applies to all personal information collected by us, whether via our website, mobile app, in person, or by other means.

2. Who We Are & Contact Information

  • Business name: AMASC Pty Ltd
  • ABN/ ACN: 592 786 54071
  • Address: 128 Frederick Street, Welland, South Australia, 5007, Australia
  • Email: info@ceaus.com.au
  • Phone: +61 8 82958920
  • Privacy contact / Data Protection Officer: Alberto Costa, acosta@ceaus.com.au, +61 8 82958920

3. What Personal Information We Collect

We may collect (but are not limited to) the following types of personal information:

  • Identity & contact information: name, email, postal address, phone
  • Payment & transaction info: credit card or bank account details (or via third-party payment processors)
  • Usage, technical & analytics data: IP address, browser, device details, operating system, cookies, pages visited, time stamps
  • Location information: if enabled or required by features (e.g. geolocation)

4. How We Collect Personal Information

4.1 Direct collection

We collect information when you:

  • register or create an account
  • place orders or make purchases
  • fill out forms (contact, survey, support)
  • communicate with us (email, chat, phone)
  • subscribe to newsletters, promotions
  • use interactive features (comments, forums, reviews)

4.2 Automated / indirect collection

We use technologies like cookies, web beacons, analytics platforms to collect:

  • data on website/app usage
  • device a n d browser information
  • pages you visit and how you navigate
  • referrer URLs, clickstreams

If you disable or block cookies, certain features of our site may not work properly.

4.3 From third parties

We may receive personal data from:

  • our business partners or affiliates
  • service providers (analytics, marketing, payment processors)
  • publicly available sources
  • social media platforms (if you connect via social login)

5. Purposes of Use & Legal Basis

We use your personal information for purposes including (but not limited to):

  • providing, operating, managing, improving our services
  • processing orders, payments, refunds
  • communicating with you (support, updates, notifications)
  • sending marketing, promotional offers (only where consented or permitted)
  • personalising your experience (recommendations, preferences)
  • security, fraud detection, risk management
  • compliance with legal, regulatory, or contractual obligations
  • aggregation, analytics, research, business insights

We rely on one or more of the following legal bases:

  • your consent
  • performance of a contract
  • our legitimate interests (balanced with your rights)
  • legal obligations

We will not use your personal information for unrelated purposes without your consent (unless permitted by law).

6. Disclosure of Personal Information

We may disclose personal information to:

  • Service providers: (hosting, IT, analytics, marketing, payment gateways)
  • Affiliates & business partners
  • Third-party vendors involved in operations
  • Legal, regulatory or government bodies, courts (where required by law)
  • In the event of sale, merger or reorganisation, to prospective parties

Where third parties are located overseas, we take steps to ensure they provide comparable levels of privacy protection (contracts, standard clauses, oversight).

7. Overseas Transfers

If we transfer your personal information outside Australia (for example, storing data in cloud servers overseas or using overseas service providers), we will:

  • ensure the overseas recipient is subject to privacy protections comparable to the APPs, or
  • use legally recognised safeguards (standard contractual clauses, binding obligations)
  • inform you of likely countries of transfer where practicable

8. Data Quality, Access, Correction & Retention

8.1 Quality & accuracy

We take reasonable steps to ensure your personal data is accurate, complete and up-to-date.

8.2 Access & correction

You may request access to the personal information we hold about you, and ask us to correct or update inaccuracies.

We will respond within a reasonable timeframe (typically 30 days, unless complex) and may require proof of identity.

In some cases, we may refuse a request (for lawful reasons), but will provide you with reasons for refusal.

8.3 Retention & disposal

We keep personal information only as long as needed for the purposes for which it was collected, or as required by law.

Once no longer needed, data will be securely deleted or de-identified.

9. Security

We take reasonable technical, physical, and organisational measures to protect personal information from misuse, interference, loss, unauthorised access, alteration or disclosure.

Examples include:

  • encryption (in transit & at rest)
  • access controls, authentication
  • regular security audits, vulnerability assessments
  • staff training, privacy policies & procedures
  • maintaining an incident / breach response plan

Despite efforts, no system is 100% secure, so we cannot guarantee absolute protection.

10. Cookies & Tracking / Analytics

We use cookies, local storage, tracking pixels, analytics tools to:

  • enable site features & functionality
  • monitor usage & performance
  • personalise content & advertising

You can control or disable cookies via browser settings, though this may impair site features.

We may use third-party analytics (e.g. Google Analytics). Be aware that some data collected may be transferred and stored overseas.

11. Direct Marketing & Your Choices

If you have given consent (or where permitted by law), we may send you marketing communications (emails, SMS, push, etc.).

You can opt out or unsubscribe at any time (by clicking "unsubscribe", or contacting us). Even if you opt out, we may still send you non-marketing (service) communications (e.g. updates, security alerts).

12. Notifiable Data Breach (NDB) Scheme

We comply with Australia's Notifiable Data Breaches scheme. If a data breach occurs and is likely to result in serious harm, we will:

  • notify affected individuals
  • notify the Office of the Australian Information Commissioner (OAIC)
  • take remedial action to mitigate harm

13. Changes to This Policy

We may update this privacy policy from time to time.

The revised policy will include a new "Effective date."

We may notify you (e.g. via email or notice on website) of material changes before they take effect.

14. How to Contact Us & Complaints

If you have questions, want to exercise your rights, or have privacy concerns or complaints, contact us:

AMASC Pty Ltd
Alberto Costa
Email: info@ceaus.com.au
Phone: +61 8 82958920
Address: 128 Frederick Street, Welland, south Australia 5007, Australia

If we cannot resolve your complaint to your satisfaction, you may contact the Office of the Australian Information Commissioner (OAIC) and lodge a complaint.

15. Definitions & Legal References

  • Personal information: information or opinion about an identified individual or an individual who is reasonably identifiable.
  • Sensitive information: a subset of personal information including health, biometric data, racial/ethnic origin, religious beliefs, etc.
  • Australian Privacy Principles (APPs): 13 principles under the Privacy Act 1988 that govern handling of personal information. OAIC+20AIC+2
  • APP entity: organisation or agency to which the APPs apply.
  • Notifiable data breach: a data breach involving personal information that is likely to cause serious harm; must be notified under the NDB scheme.