Women Men
Search Account Favourites Bag ()
Snow
Snow Suits
Snow Jackets and Vests
Snow Down Jackets and Vests
Snow Pants and Bibs
Ready to Wear
Down Jackets and Vests
Pants and Shorts
Snow
Snow Suits
Snow Jackets and Vests
Snow Down Jackets and Vests
Snow Pants and Bibs
Ready to Wear
Down Jackets and Vests
Pants and Shorts
Search Account Bag ()
Women
Men
Suggestions:
Puffer Jacket
Leather
Women
Men
Account
Women
Snow
Ready to Wear
Men
Snow
Ready to Wear
Snow
Snow Suits
Snow Jackets and Vests
Snow Down Jackets and Vests
Snow Pants and Bibs
Ready to Wear
Down Jackets and Vests
Pants and Shorts
Snow
Snow Suits
Snow Jackets and Vests
Snow Down Jackets and Vests
Snow Pants and Bibs
Ready to Wear
Down Jackets and Vests
Pants and Shorts

Privacy policy

Templa Pty Ltd Privacy Policy

 

Last updated: April 28, 2025

Templa Pty Ltd (referred to as “Templa”, “we”, “us” or “our”) is committed to protecting your privacy. This Privacy Policy explains what personal information we collect from you, how we use and share it, and your rights and choices. We operate in Australia, the US, EU, and APAC regions, and we strive to comply with all relevant privacy laws, including the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), and the Australian Privacy Act 1988 (Cth). We want you to understand our practices and feel confident that your personal data is safe with us.

By using our website or services, you agree to the practices described in this Privacy Policy. If you do not agree with this Policy, please do not use our services. For any questions or concerns, you can contact us using the information provided in the “Contact Us” section below.

 

Summary of Key Points

For your convenience, here is a brief summary of the key points of our Privacy Policy. However, please read the full Policy for complete details.

  • Information We Collect: We collect personal information that you provide (such as name, contact details, and payment info when you make a purchase), as well as data automatically collected through cookies and similar technologies (such as IP address and browsing behavior). This helps us process orders and improve your experience.
  • How We Use Data: We use your information to fulfill orders and provide services, communicate with you, improve our products and website, send marketing communications (with your consent), and comply with legal obligations. We only use your data for specified, legitimate purposes and with a lawful basis (e.g. your consent, to perform a contract, or our legitimate interests).
  • Sharing with Third Parties: We do not sell your personal information. We share data only with trusted third parties as needed – for example, with our e-commerce platform (Shopify) to host our store, payment processors to complete transactions, delivery companies to ship orders, and analytics or advertising partners to help us understand how our site is used. All such parties only use your data on our behalf for specified purposes.
  • Cookies and Tracking: Our site uses cookies and similar tracking technologies to give you a better browsing experience, remember your preferences, and analyze usage . Some cookies are essential for the site to function, and others help with performance and advertising. You can control or disable cookies through your browser settings, though this may affect site functionality.
  • Your Rights and Choices: You have rights regarding your personal information. You can access, correct, or delete your data, or ask us to stop certain processing. You can opt out of marketing emails at any time. If you are in California, you can opt out of any “sale or sharing” of your data – we will honor browser signals such as the Global Privacy Control (GPC) as a valid opt-out request . We will not discriminate against you for exercising your rights.
  • Data Security and Retention: We protect your data with industry-standard security measures and store it only as long as necessary for the purposes described or as required by law. While no system is 100% secure, we take reasonable steps to safeguard your information from unauthorized access.
  • International Transfers: We may transfer and store your information outside your home country (e.g., in the United States or other locations) when necessary. In doing so, we ensure appropriate safeguards are in place to protect your data, such as Standard Contractual Clauses for transfers from the EU.
  • Contact & Complaints: If you have any questions, concerns, or complaints about your privacy, you can contact us at the details provided in the Contact Us section. We will do our best to resolve any issue. If you’re not satisfied, you can also contact your local data protection authority (for example, the Office of the Australian Information Commissioner in Australia).

Please read on for more details about each of these points.

 

1. Information We Collect

We only collect personal information that is necessary for us to provide our products and services to you and to manage our relationship with you. This includes information you actively provide to us, information we automatically collect when you use our website, and information from third parties as needed.

a) Information You Provide to Us: When you interact with Templa, you may choose to give us certain personal information. This typically includes:

  • Contact Details: Your name, email address, phone number, and postal/shipping address – for example, when you create an account, make a purchase, or subscribe to our newsletter.
  • Account Information: If our site allows account registration, we may collect login credentials (such as username and password). For your security, passwords are stored in encrypted form.
  • Order and Transaction Information: When you purchase our products, we collect details related to the transaction. This includes the items you ordered, payment method, billing and shipping address, and any information needed to fulfill your order and provide customer support (such as order confirmations and delivery tracking numbers).
  • Payment Information: If you make a purchase, you provide payment details (e.g. credit card number, PayPal or other payment account information). Important: We do not store full credit card numbers or payment account credentials on our servers. Payments on our website are processed by secure third-party payment processors (such as Shopify Payments or other payment gateways). These processors are PCI-DSS compliant and handle your payment data securely . We only receive limited information necessary to confirm payment (such as a payment confirmation and the last few digits of your card for reference).
  • Communications: If you contact us (for example, via customer support email or online chat), or if you respond to surveys, or enter information on our site (such as product reviews or form submissions), we will collect the information you provide. This may include the content of your messages, your contact details, and any other information you choose to share.

We will make it clear when we request personal information, whether the information is mandatory or optional for the relevant service (for example, we need your address to deliver products, but you may optionally provide a phone number for delivery updates).

b) Information We Collect Automatically: When you visit our website or interact with our emails or online ads, we (and authorized third parties) automatically collect certain information about your device and usage of our site through cookies, pixels, and other tracking technologies. This information helps us understand how our site is being used and enables us to improve your experience. It includes:

  • Device and Technical Information: This may include your IP address, browser type and version, operating system, device type (e.g., mobile or desktop), device identifiers, and region or language settings. We use this information to optimize how our site displays and to diagnose technical issues.
  • Usage Data: We collect data about your activity on our site, such as the pages or products you view, the time and date of your visits, the referrer page that led you to our site, search terms you enter on the site, and features you use. We may also log clicks, scrolling, and other interactions. This helps us analyze what content is most popular and improve site navigation.
  • Cookies and Similar Technologies: We and our partners use cookies, web beacons, pixels, and similar tracking technologies to collect some of the above information. Cookies are small data files stored on your browser that remember your preferences and actions on websites. They help with functions like keeping you logged in, storing items in your shopping cart, and understanding whether you are a new or returning visitor. For more details on cookies and how we use them, see the Cookies and Tracking section below.

c) Information from Third Parties: In some cases, we may receive personal information about you from third-party sources, but only where we have verified that those third parties either have your consent or are otherwise legally permitted to share your information. For example:

  • Service Providers: We might obtain updated delivery or contact information from our shipping carriers or payment processors if needed to complete your transaction or address delivery issues.
  • Social Media or Single Sign-On: If our site offers a feature to log in or sign up using a social media or third-party account (such as “Login with Facebook” or “Sign in with Google”), and you choose to use it, we will receive certain profile information from that third party (like your name and email) to help create your account. We will ask your permission before doing so. You can unlink such accounts at any time in your account settings.
  • Marketing Partners: We may receive leads or referrals from marketing partners or platforms. For instance, if you click an advertisement for Templa on a third-party site and come to us, the advertiser might provide info like which campaign or keyword led you to us. This helps us measure the effectiveness of our ads.
  • Public Sources: We might also use public databases or social media platforms to verify information (for example, to verify a shipping address or to prevent fraud).

We treat any information from third parties according to this Privacy Policy and any additional restrictions imposed by the source. We do not collect any categories of personal information from third parties beyond what is outlined above.

d) Sensitive Information: We do not actively seek to collect sensitive personal information (such as data about health, religion, biometric data, etc.) from customers, as our services are not intended to process such data. The main sensitive detail that may be processed is payment card information, which, as noted, is handled securely by third-party payment processors and not stored by Templa after the transaction is complete. If you nevertheless choose to provide any sensitive information to us for some reason, it will be handled with high security and only used for the purpose for which you provided it.

e) Children’s Privacy: Our website and services are not directed to children under the age of 13 (or applicable minimum age in certain jurisdictions). We do not knowingly collect personal information from children. If you are under 13, please do not use our site or provide any information. If we learn that we have inadvertently collected personal data from a child, we will delete such information as soon as possible. Parents or guardians who believe their child may have provided us personal information can contact us to request deletion.

 

2. How We Use Your Information

We use the personal information we collect for the following purposes:

  • To Process Orders and Provide Services: We use your information to process and fulfill your orders, transactions, and requests. This includes confirming your purchases, processing payments, shipping your products to you, and providing you with related customer service (such as order confirmations, delivery updates, and handling returns or exchanges).
  • Account Management: If you create an account, we use your information to maintain and secure your account, including verifying your identity when you log in, and to facilitate account features (like wishlists, saved preferences, and order history).
  • Communication: We may use your contact details (email, phone number) to communicate with you about your orders and our services. This includes sending service-related messages such as purchase confirmations, invoices, updates about your order status or shipping, and responding to your inquiries or support requests. We may also notify you about important changes to our terms or this Privacy Policy or other critical notices.
  • Marketing and Promotional Communications: With your consent (or as otherwise permitted by law), we will use your email address or other contact information to send you newsletters, promotions, or marketing communications about our products, services, and upcoming events. For example, if you sign up for our email newsletter, we will send you product news or special offers. You can opt out of marketing emails at any time (see the Your Rights and Choices section below for how to unsubscribe). We will not send you marketing text messages or call you unless you have expressly agreed to that.
  • Personalization: We may use your information to personalize your experience on our site. For instance, we might use your browsing history or purchase history to recommend products you might like, or to tailor what content or promotions you see. We may also remember certain choices you make (like language or region selection) to make your experience more convenient.
  • Analytics and Improvement: We use data (mostly aggregated or anonymized where possible) to understand how users use our website and services. This helps us troubleshoot issues, perform analytics, and improve the functionality and user-friendliness of our website, products, and services. For example, we analyze which pages or products are most visited, how users navigate the site, and where users might encounter errors. This information guides us in enhancing features, optimizing inventory, and improving our user interface.
  • Advertising and Retargeting: We may work with advertising partners (like Google, Facebook/Meta, or other ad networks) to display ads for our products on other websites you visit. For example, if you visit our site and view certain products, you might see ads for those or similar products later on other sites. This is achieved by using cookies or pixels set by our third-party advertising partners. These technologies allow the partners to recognize your browser and serve ads based on your past visit. Any such advertising use of your data will be in accordance with applicable law (for example, if required, we will obtain consent for the use of advertising cookies). You can opt out of targeted advertising as described in Cookies and in Your Rights and Choices below (see “Opt-Out of Sale/Sharing” for California and cookie controls).
  • Security and Fraud Prevention: We process personal information as necessary to help secure and protect our website, business, and customers. This includes using data to prevent fraud, detect and mitigate security incidents, debug and repair errors, and protect against other malicious or illegal activity. For example, we might use certain technical information (IP address, device info) to detect unusual or suspicious activity on our site, or we might use your transaction information to verify that an order isn’t fraudulent.
  • Legal Compliance: We use and retain personal information to comply with our legal and regulatory obligations. For instance, we may need to keep certain transaction records for financial reporting and tax audit purposes, or to comply with consumer protection laws. If we are involved in a legal dispute or receive a lawful request (such as a subpoena or court order), we may process personal data as necessary to respond.
  • Other Core Business Purposes: We may use your information to enforce our terms and conditions, to protect our rights, privacy, safety or property (and that of our customers and others), and to exercise or defend legal claims. If we were to engage in a business transaction such as a merger, acquisition, or sale of assets, your information may be used in connection with evaluating and completing that transaction (subject to appropriate confidentiality protections).

Legal Bases for Processing (GDPR): If you are in a jurisdiction that requires a legal basis for processing personal data (such as the EU, UK, etc.), we rely on the following legal grounds:

  • Performance of a Contract: We need to process your personal data to fulfill our contract with you — for example, when you place an order, we must use your details to process payment and deliver your items. Likewise, when we provide customer support, that’s part of our contractual service to you.
  • Consent: In certain cases, we rely on your consent. For instance, we only send marketing emails or use non-essential cookies if you have given consent (where required by law). You have the right to withdraw consent at any time (see Your Rights and Choices).
  • Legitimate Interests: We process some data for purposes that are in our legitimate business interests, and which we believe are not overridden by your data-protection rights. For example, improving and securing our services, or showing you products that might interest you, are activities we undertake in our legitimate interests. When we rely on this basis, we ensure we consider and balance any potential impact on you and your rights.
  • Legal Obligation: Some processing is necessary for us to comply with a legal obligation, such as retaining transaction records for tax and accounting laws, or responding to official legal requests.

We will only use your personal information for the purposes we have stated. If we need to use your information for an unrelated purpose, we will notify you and explain the legal basis, or if required, seek your consent.

 

3. Cookies and Tracking Technologies

What Are Cookies: Cookies are small text files placed on your computer or device when you visit a website. They are widely used to make websites work, or work more efficiently, as well as to provide information to the site owners. Similar technologies include web beacons (tiny graphics embedded on pages or emails) and device identifiers (for mobile apps). For simplicity, we refer to all of these as “cookies” in this policy.

How We Use Cookies: We use a number of different cookies on our site, including strictly necessary, functional, performance/analytics, and advertising cookies:

  • Strictly Necessary Cookies: These cookies are essential for the basic functioning of our website and online store. For example, they allow you to navigate the site, add items to your cart, and checkout securely. Without these cookies, the services you have asked for (like adding a product to your cart or logging into your account) cannot be provided. These cookies do not gather information about you for marketing or remembering where you have been on the internet.
  • Functional Cookies: These cookies remember choices you make to improve your experience. For instance, they may remember your region or language selection, keep you logged in, or remember other preferences (such as items you left in your shopping cart). Functional cookies enable enhanced, more personal features. The information these cookies collect may be anonymized and they cannot track your browsing activity on other websites.
  • Performance & Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most often, and if users get error messages on certain pages. They help us understand and improve how our website performs. For example, we might use Google Analytics cookies to see which products are popular or how users navigate through the site. The data collected is generally aggregated and not used to personally identify you. It helps us monitor website traffic patterns and gauge the effectiveness of our content.
  • Advertising & Social Media Cookies: We (and third parties) use cookies to deliver advertisements that may be relevant to you and your interests, both on our site and on other sites, and to measure the effectiveness of ad campaigns. These cookies remember that you’ve visited our site and may help us serve you ads on other websites (often called retargeting). They may be set by advertising networks with our permission. Also, if our site integrates with social media platforms (such as a “like” or “share” button), those platforms may set cookies to enable the sharing or to track engagement. These cookies can track your browser across other sites and build a profile of your interests. If you disable these cookies, you may still see ads, but they will be less relevant to you.

Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection), so you don’t have to re-enter this information each time . For example, cookies enable our site to keep you logged in as you move between pages, or to remember the contents of your cart if you accidentally close your browser. Cookies also provide information on how people use the website – for instance, whether it’s their first time visiting or if they are a returning visitor . This helps us deliver a more personalized, faster experience.

Third-Party Cookies: Some cookies on our site are set by third parties who help us with analytics and advertising. For example, we use Google Analytics, which sets cookies to gather usage data (described above). We may also use Facebook Pixel or other advertising cookies to assist with targeted advertising. Each of these providers has its own privacy policy and use of cookies. We do not have control over third-party cookies, but we do limit what data third parties can collect via our site. We also honor any applicable choices you make regarding these cookies (such as through our cookie consent banner, if available, or your browser settings).

Cookie Consent: When you first visit our site, you may see a banner or popup asking you to consent to non-essential cookies (depending on your location). If so, you can choose to accept or reject certain cookies. Necessary cookies cannot be disabled as they are required for the site to function properly.

How to Control or Opt-Out of Cookies: You have the right to decide whether to accept or reject cookies (aside from those strictly necessary). There are several ways you can manage cookies:

  • Browser Settings: Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or alert you when a cookie is being placed on your device. Check your browser’s “Help” or “Settings” menu for how to change cookie preferences. You can typically remove or block cookies by adjusting the settings in your browser. Note: If you disable or delete cookies, please be aware that some parts of our site might not function properly. For example, you may not be able to maintain a logged-in session or items in your cart might not be saved. Removing or blocking cookies can negatively impact your user experience and some features may become unavailable .
  • Third-Party Opt-Outs: For third-party advertising cookies, many of those companies participate in industry opt-out programs. You can visit websites like the Network Advertising Initiative’s opt-out page or the Digital Advertising Alliance’s Consumer Choice page (for U.S.-based advertising) to opt out of interest-based advertising by participating companies. Users in the EU can visit Your Online Choices (www.youronlinechoices.eu) for similar opt-outs. Keep in mind this does not mean you will not see any ads, only that the ads will not be personalized using cookies.
  • Do Not Track & Global Privacy Control: Your browser may offer a “Do Not Track” setting, which allows you to signal your privacy preferences to websites. Our site’s behavior regarding Do Not Track signals is discussed in the Your Rights and Choices section below (specifically regarding Global Privacy Control signals, which we honor as applicable).

For more information on cookies, including how to see what cookies have been set on your device and how to manage or delete them, you can visit www.allaboutcookies.org. This site provides guidance on how to adjust settings on various browsers.

Cookie Duration: The length of time a cookie stays on your device varies. Some cookies are “session cookies” which exist only while your browser is open and are deleted once you close it. Others are “persistent cookies” which remain saved even after you close your browser, so they can be used again on subsequent visits to the site. Persistent cookies have an expiration date and will be automatically removed when they reach that date. In general, unless you clear them manually, our persistent cookies will typically remain on your device for a period ranging from a few days up to two years maximum, depending on their purpose .

Changes to Cookies: The specific cookies we use may change over time as we update our site and partnerships. We will do our best to update our cookie-related disclosures accordingly. Major changes to how we use cookies will also be reflected in updates to this Privacy Policy or our separate Cookie Policy if we maintain one.

 

4. How We Share Your Information

We understand that your personal information is important, and we are careful about how and with whom we share it. Templa does not sell your personal information to third parties for money. We only share your data in the following circumstances, and always with safeguards to protect your information:

a) Service Providers (Processors): We may share personal information with third-party companies who provide services to help us run our business and the Site, under strict confidentiality and data protection agreements. These companies act on our behalf and must follow our instructions regarding your data. Key service providers include:

  • Shopify (Website Host and E-commerce Platform): Our online store is hosted on Shopify Inc. Shopify provides us with the e-commerce platform that allows us to sell our products and services to you . This means that information you provide through our website (from account details to order information) is stored in Shopify’s databases. Shopify holds your data on secure servers behind a firewall . In effect, Shopify acts as a data processor for us – it powers our storefront, and in doing so, it processes customer information to facilitate site functionality, payments, and order management. Shopify is a reputable provider that complies with high data security standards. (You can read more in Shopify’s own privacy policy if desired.)
  • Payment Processors: As mentioned, when you make payments, those transactions are handled by third-party payment gateways (which might include Shopify Payments, PayPal, Stripe, or credit card processors). These entities process your payment information securely in accordance with the Payment Card Industry Data Security Standard (PCI-DSS) . We share with them the information required to verify and complete the payment (such as the purchase amount, your name, billing info). They may also inform us of the outcome of the transaction. All such payment processors are contractually prohibited from using your personal data for any purpose other than facilitating payments and must comply with applicable data protection laws.
  • Shipping and Logistics Companies: We share necessary details with shipping carriers or postal services that deliver your orders. This includes your name, delivery address, phone/email (for delivery updates), and package content descriptions (only as needed for customs or handling). Examples might include Australia Post, UPS, DHL, FedEx, or other local couriers depending on your location. They use this information solely to deliver your items and may contact you with delivery notifications.
  • Email and Marketing Providers: If you have subscribed to our marketing communications or transactional emails, we use third-party email service providers to send those emails. For instance, we might use an email marketing platform (like Mailchimp, Klaviyo, or similar services) to manage our newsletter list. We provide your email address and perhaps your name or other relevant data (e.g. purchase history for personalized offers) to that service solely to send you emails on our behalf. These providers are not allowed to use your email for their own purposes. Similarly, if we run promotions or surveys, we might use external platforms to manage those – in each case, we’ll share only what is needed for them to perform the service.
  • Analytics and Advertising Partners: We use analytics tools (e.g., Google Analytics) and advertising partners (e.g., Google Ads, Facebook/Instagram, etc.) as described in the Cookies section. These partners may receive certain information about your device or browsing via automated means (cookies/pixels) on our site. For example, Google Analytics may receive info like your IP and activity on our site (which Google may store on servers in the U.S.). We have configured such tools, where possible, to limit data sharing – for instance, by anonymizing IP addresses in Google Analytics. Advertising partners like Facebook may receive hashed identifiers or cookie info to enable ad targeting. Keep in mind, these partners are not given direct personal details like your name or contact info from us; they primarily process online identifiers. We nonetheless treat this as a form of data “sharing” (especially under laws like the CPRA which define targeted advertising as “sharing”). You can opt out of this sharing as discussed in Your Rights and Choices.
  • Other Vendors: We might engage other vendors for specialized services such as fraud prevention services (to detect fraudulent transactions), cloud storage providers or IT support, or customer support ticketing systems. We only share data with these vendors as necessary (for example, a fraud prevention service might get an order’s IP and email to score for fraud risk; a cloud storage might host backups that include personal data). All vendors are bound by contracts to protect your information and use it only for the agreed purpose.

We ensure that service providers who handle personal data on our behalf are contractually obligated to safeguard it and to only use it for the services they are providing us. They are not allowed to use your information for their own unrelated purposes.

b) Within Our Corporate Group / Affiliates: If Templa Pty Ltd has any subsidiaries, parent company, or affiliates (for example, if we expand our corporate family in the future), we may share your information within that corporate group as necessary to provide our services and operate our business. Any such related entities will treat your information in line with this Privacy Policy.

c) Business Transfers: In the event that our company undergoes a business transaction such as a merger, acquisition by another company, sale of all or a portion of assets, or during the negotiation of such events, personal information may be transferred as part of the business assets. If such a transfer occurs, we will ensure the acquiring entity is bound to respect your personal data in a way that is consistent with this Privacy Policy. You would be notified via a notice on our website or other means if a change in ownership or control of your personal information occurs, as it may involve a change in how your data is used.

d) Legal Requirements and Protection of Rights: We may disclose personal information to third parties (such as courts, law enforcement or government agencies, and attorneys) if we determine that such disclosure is necessary to:

  • Comply with a law, regulation, legal process, or lawful governmental request. For example, responding to a subpoena, warrant, or an order from law enforcement or a regulatory authority.
  • Enforce our Terms and Conditions or other agreements with you.
  • Protect the rights, property, or safety of Templa, our customers, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
  • Address emergencies, such as preventing serious harm to an individual.

We will only disclose the information that is necessary and will, to the extent allowed by law, inform you of such disclosure if it involves your personal data (for instance, unless prohibited, we might let you know if law enforcement sought your information).

e) With Your Consent: Apart from the cases listed above, if we ever need to share your information for other purposes, we would do so only with your explicit consent. For instance, if you opt-in to a feature that involves sharing data with a partner, or if you ask us to share your information with a third-party (say, for an integration you enabled), we will do so under your direction.

f) De-identified or Aggregated Data: We may share information that has been aggregated (combined with other data) or de-identified (stripped of personal identifiers) in such a way that it cannot reasonably be used to identify you. For example, we might publish reports or share statistics with partners that show trends about how our site is used (e.g., “30% of our customers are from Europe”), but this information will not include any personal details about individual users.

g) Third-Party Websites and Links: Our website may include links to third-party websites or services that we do not control (for example, links to our pages on Facebook or Instagram, or payment pages hosted by a payment processor). If you click those links, you will be directed away from our site. This Privacy Policy does not apply to the privacy practices of those third-party sites or services. We encourage you to review the privacy policies of any third-party websites you visit or services you use. We are not responsible for the content or privacy practices of external sites .

h) Social Media Features: Our site may include social media features, such as a Facebook “Like” button or Twitter “Tweet” button. These features might collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features either host directly on our site or by the third party. Your interactions with these features are governed by the privacy policy of the company providing them.

In all cases of sharing, we aim to share the minimum information necessary and to ensure that the parties we share with commit to keeping your information secure and confidential.

 

5. International Data Transfers

Templa Pty Ltd is an Australian-based company, but we have customers and operations across multiple regions (including the United States, Europe, and the Asia-Pacific). The personal information we collect from you may be transferred to, and stored at, locations outside your state, province, or country, including in Australia, the United States, Canada, the European Union (EU)/European Economic Area (EEA), or other jurisdictions. It may also be processed by our service providers in various countries. For example:

  • Our website is hosted on Shopify, which is a global platform. While Shopify is a Canadian company (Canada is considered to have adequate data protection by the EU), data may be stored on servers located in the United States or other countries where Shopify or its sub-processors operate.
  • Many of our third-party service providers (such as payment processors, marketing platforms, or analytics providers like Google) are based in the United States or operate servers globally. This means your personal data might be transferred to or accessed from the U.S. or other countries that may not have the same data protection laws as your home country.

Regardless of where your data is processed, we take steps to protect it in line with this Privacy Policy and applicable laws. Our practices regarding international transfers include:

a) Adequacy and Safeguards (for EU/EEA/UK Data): When we transfer personal information from individuals in the EU/EEA or the UK to countries that are not deemed “adequate” by European data protection authorities (meaning the other country’s privacy laws may not be considered equivalent to the EU’s), we ensure one of the following safeguards is in place:

  • We may rely on the European Commission’s Standard Contractual Clauses (SCCs) (or the UK’s International Data Transfer Agreement, as applicable). These are contractual commitments between entities transferring personal data, which bind the recipient to protect the data according to EU privacy standards. We have signed SCCs with our service providers where required.
  • We might rely on an adequacy decision if the data is sent to a country that the European Commission (or UK authorities) has determined offers adequate protection (for example, transfers to Canada for commercial organizations are permitted because Canada’s PIPEDA law is deemed adequate).
  • In some cases, we may ask for your consent for the transfer, especially if none of the other bases are available and the transfer is necessary (you will be informed of any risks).
  • We also consider and implement additional technical and organizational measures as needed (such as encryption in transit and at rest, data minimization, etc.) to ensure that the transferred data remains secure.

b) Australia and Other Regions: For personal information collected in Australia that is transferred overseas, we take reasonable steps as required by the Australian Privacy Principles (APP 8) to ensure the recipient does not breach the Australian Privacy Principles in relation to your information. This often means using similar safeguards as above or ensuring the recipient is subject to a law or binding scheme that offers substantially similar protection as in Australia. By providing us with your information or using our services, you acknowledge that your information may be transferred to our facilities and those third parties with whom we share it as described.

c) Our Locations: Currently, our primary operations are in Australia. However, as a global e-commerce retailer, cross-border data flows are inherent in what we do (for example, a customer in the EU buying from our Australian store). We want to be transparent that your data may cross international borders. If you are located outside of Australia, please note that information we collect (including cookies data, etc.) will be transferred to and processed in Australia and possibly other countries. Similarly, if you are in the EU and we collect data from you, that data will likely be transferred out of the EU (e.g., to Australia or the US) in order to provide you with the service (such as shipping your order from our location).

d) Retention & Access in Other Countries: Personal information transferred to another country may be accessible to law enforcement or government authorities in those countries under local laws. For example, data stored in the United States might be subject to lawful access requests by U.S. authorities. We will disclose data to foreign authorities only if required by applicable law, and we will inform you of such requests when legally permitted.

e) Our Assurance: No matter where your information is processed, we will always handle it in a manner that is consistent with this Privacy Policy. We have internal policies and controls in place to ensure that your data is protected to a high standard globally. This includes limiting access to personal data to those who have a need to know it and ensuring those individuals are subject to confidentiality obligations.

If you have questions about our international data transfers or need more specific information about the safeguards we have in place for transfers out of your jurisdiction, you can contact us (see Contact Us section), and we will be happy to provide more details.

 

6. Data Security

Templa takes the security of your personal information very seriously. We employ a variety of technical, administrative, and physical safeguards designed to protect your information from unauthorized access, use, alteration, and destruction. However, keep in mind that no method of transmission over the Internet or method of electronic storage is completely secure, so while we strive to protect your personal data, we cannot guarantee its absolute security.

Security Measures We Use:

  • Encryption: Whenever we transmit sensitive personal information (such as payment details) over the internet, we protect it through encryption. For example, our checkout process and other data entry forms are secured using Secure Sockets Layer (SSL) technology, which encrypts data in transit. If you provide credit card information, that information is encrypted and transmitted securely; credit card data is further encrypted at rest by our payment processors. We also encourage you to look for the “https” and padlock symbol in your browser address bar when submitting information on our site to ensure the connection is secure.
  • Network and Storage Security: Shopify (our hosting platform) stores your data on secure servers behind firewalls . We and our service providers employ security measures like firewalls, intrusion detection systems, and access controls to prevent unauthorized access to our systems. Data is segmented so that only necessary systems and personnel can access certain information.
  • Access Controls: Personal information within our organization is accessed only by those who need it to perform their job duties. For example, our customer service team may access your order information to assist you, but they would not have access to your payment card details. We limit administrative access to our systems to a small number of authorized personnel. Employees are trained on the importance of privacy and security and are bound by confidentiality obligations.
  • Password Protection: If you have an account on our site, you are required to choose a strong, unique password. We store passwords in a hashed/salted form and never in plain text. It is important that you keep your account password confidential and notify us immediately if you suspect any unauthorized access to your account.
  • PCI Compliance: For payment processing, we follow PCI-DSS (Payment Card Industry Data Security Standard) requirements . This standard is a set of security standards designed to ensure that companies securely process credit card information to reduce fraud. Our payment gateways are PCI-DSS compliant, and our store adheres to PCI-DSS standards as managed by the PCI Security Standards Council.
  • Monitoring and Testing: We monitor our systems for possible vulnerabilities and attacks. We also periodically review our security procedures and consider new technologies and methods as they become available. Security audits and risk assessments are conducted to ensure our safeguards are effective.
  • Physical Security: Personal data (in both digital and any physical formats) is subject to physical security measures too. For instance, servers are located in secure data centers with access controls. If any information is stored in hard copy, it’s kept in secure locations. We also securely destroy or anonymize personal data that we no longer need (for example, shredding paper records or using certified data destruction for electronic media).

Despite all these efforts, it’s important to understand that no e-commerce platform or website can be 100% secure. Cyber threats evolve rapidly, and there’s always some risk inherent in transmitting information online. We therefore urge you to also take precautions: protect your account credentials, use unique passwords, and log out of your account when using shared devices.

In the unlikely event of a data breach that affects your personal information, we will notify you and the relevant authorities as required by law. We have a data breach response plan in place to quickly handle such situations, including identifying and sealing the breach, assessing the impact, and communicating with affected individuals.

By using our services, you acknowledge that you understand these risks and the measures we take. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that your account has been compromised or you receive suspicious communication purporting to be from us), please contact us immediately using the contact information below.

 

7. Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In determining how long we keep personal data, we consider the following criteria:

  • The Purpose of Collection: We keep data for the duration needed to accomplish the purpose it was collected for. For example, we will retain information related to your purchases for as long as you have an account or as needed to provide you with our services, and thereafter for as long as may be required or permitted by law.
  • Legal and Regulatory Obligations: Certain laws require us to retain records for a defined period. For example, for tax and financial reporting, we may keep transaction records (which include personal data like name, contact, and purchase details) for a number of years (often 5-7 years, depending on local regulations) to comply with tax audit requirements or bookkeeping rules. Similarly, under Australian law and other jurisdictions’ laws, we might need to retain information about consumer transactions and communications for a specified period.
  • Disputes and Enforcement: If we are handling a dispute or if we reasonably believe there is a prospect of litigation relating to your data or dealings, we will retain the relevant information until the issue is resolved and for a period thereafter as permitted by law (to ensure we have accurate records in case of legal proceedings).
  • Backups: Please note that residual copies of your personal information might not be immediately removed from our backup systems when you delete your account or when we fulfill an erasure request. These backups are kept securely and are only accessed if needed for disaster recovery. We will overwrite or securely delete backup data in the ordinary course of backup rotation.


Examples of Retention Periods:

  • If you create an account with us but later close it, we will retain your basic account information (like email, name, account creation and closure date) for a certain period in case you decide to re-activate, or for record-keeping purposes, but we will disable access to it. Account-related data is typically retained for a few years after closure, unless you request deletion sooner (and no law requires us to keep it).
  • Information related to purchases (orders, invoices, payment history) is retained for the duration of your account and then as long as required by law (e.g., Australian companies often keep records for 7 years).
  • If you subscribed to our newsletter, we keep your email on our mailing list until you unsubscribe. Once you unsubscribe, we will promptly remove you from the active mailing list (usually immediately or within a few days), but we may keep a record of your request to ensure we don’t accidentally email you again (as part of our “do not contact” list).
  • Web analytics data (like Google Analytics data) is typically retained for a certain period configured in the analytics tool (often 14 months, 26 months, or as configured). After that period, it may be deleted or aggregated. We choose retention settings in analytics services that align with our needs and legal obligations.

When we no longer have an ongoing legitimate business need to process your personal information, we will either delete it or anonymize it. If deletion or anonymization is not immediately feasible (for example, because the data is stored in secure archives), then we will isolate and securely store the data and not process it further until deletion is possible.

If you have any specific questions about our data retention practices for a particular type of data, you can contact us for more information.

 

8. Your Rights and Choices

We believe it’s important that you are able to control your personal information. Depending on your jurisdiction (for example, if you are in the European Union, United Kingdom, California, or Australia), you may have certain legal rights with respect to your personal data. We honor the rights of individuals as required by applicable laws, and in many cases we extend these rights to all our customers, regardless of location, as a courtesy and commitment to privacy.

Your Rights May Include:

  • Right to Access: You have the right to request confirmation of whether we are processing your personal information, and if so, to request a copy of the personal information we hold about you . This is commonly known as a “Data Subject Access Request.” We will provide you with a copy of the data in a commonly used electronic format. For California residents, the “right to know” is similar – you can request to know the categories and specific pieces of personal information we have collected about you in the past 12 months, as well as information about our data practices (such as the categories of sources, purposes for collecting, and categories of third parties with whom we share the data).
  • Right to Rectification (Correction): We want to make sure that your information is accurate and up to date. You have the right to request that we correct or update any personal information that you believe is incorrect or incomplete . For example, if you change your name or email, or you find an error in our records, you can ask us to fix it. Many changes (like updating your contact info) you can do yourself by logging into your account settings, but we’re happy to make the correction if you reach out to us.
  • Right to Deletion: You have the right to request that we delete your personal information, subject to certain exceptions . This is sometimes called the “right to be forgotten.” Upon your request, we will erase your personal data from our records and instruct any service providers to do the same, unless retention is required by law or an exemption applies. For instance, we may need to retain certain information for legal compliance (tax, auditing) or for security (preventing fraud or abuse) – if so, we will inform you.
  • Right to Withdraw Consent: Where we rely on your consent to process your personal information (such as for sending marketing emails or certain cookie use), you have the right to withdraw that consent at any time . Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it will not affect processing of your data under other legal bases (e.g., processing that’s necessary for a contract or required by law). If you withdraw consent for marketing, we will stop sending you marketing communications. If you withdraw consent for cookies, you may need to adjust your browser settings as described in the Cookies section.
  • Right to Object to Processing: In certain situations, you have the right to object to our processing of your personal information. For example, if we are processing your data based on “legitimate interests” (see the How We Use Data section) or for direct marketing purposes, you can object to that processing . If you object to direct marketing, we will cease processing your data for those purposes immediately. If you object to processing based on legitimate interests, we will evaluate your objection and will stop processing the information unless we have compelling legitimate grounds to continue or if it is needed for legal reasons.
  • Right to Data Portability: You have the right to request that we provide your personal information to you (or to a third party you designate) in a structured, commonly used, and machine-readable format. This right applies when you have provided us with personal data, and we are processing it by automated means based on your consent or to perform a contract (for example, data you provided in setting up an account). We will provide the data in a format like CSV or JSON that is easy for other entities to use.
  • Right to Restrict Processing: (Primarily applicable in EU/UK) You can request that we limit the processing of your personal information in certain circumstances – for example, while we verify your data correction request or if you want us to preserve data for you but not process it further, you can ask for restriction. When processing is restricted, we will still store your information, but not use it until the restriction is lifted (unless for legal reasons).
  • Right to Not Be Subject to Automated Decision-Making: Templa does not make any legally significant decisions about you using purely automated processes without human involvement (such as automated profiling that has a big impact on you). If that ever changes, you would have the right to not be subject to a decision based solely on automated processing that significantly affects you.
  • Right to Lodge a Complaint: If you believe we have infringed your privacy rights or violated any privacy laws, you have the right to complain to a supervisory authority. Specifically, if you are in:
  • Australia: You can contact the Office of the Australian Information Commissioner (OAIC) to lodge a complaint. (Website: oaic.gov.au). We encourage you to contact us first, but it’s your right to go to the OAIC if you’re not satisfied with our response.
  • European Union/EEA: You have the right to file a complaint with the data protection authority in the EU country where you reside or work, or where the alleged infringement occurred. For example, if you’re in France, you can complain to the CNIL; in Germany, to the relevant state Data Protection Authority; in the Netherlands, to the Autoriteit Persoonsgegevens, etc.
  • United Kingdom: You can report concerns to the UK Information Commissioner’s Office (ICO).
  • United States (California): While not a “supervisory authority” like in the GDPR sense, California residents can contact the California Attorney General or the California Privacy Protection Agency with concerns about CCPA/CPRA violations. However, these bodies typically encourage trying to resolve with the business first.
  • California Privacy Rights (CCPA/CPRA Specific): If you are a California resident, you have some additional or slightly nuanced rights under California law:
  • Right to Know (Access): You can request that we disclose to you the specific pieces and categories of personal information we have collected about you in the past 12 months, the categories of sources, the business or commercial purpose for collection, and the categories of third parties with whom we shared your personal information.
  • Right to Delete: (As above) you can request deletion of personal information we collected from you, with certain exceptions.
  • Right to Correct: You can request correction of inaccurate personal information we hold about you (CPRA added this right, effective 2023).
  • Right to Opt-Out of Sale or Sharing of Personal Information: California law gives you the right to direct us not to sell your personal information to third parties and not to share your personal information for cross-context behavioral advertising. “Sale” in CCPA is broadly defined to include sharing personal info for valuable consideration (not just selling for money), and “sharing” is defined as disclosing for targeted advertising. While Templa does not sell personal info for money, some of our use of analytics/advertising cookies might be considered a “share” for targeted advertising purposes. You can opt-out of those as described below.
  • Right to Limit Use of Sensitive Personal Information: (CPRA) If we collect “sensitive personal information” (like precise geolocation, financial info, etc.) and use it for purposes beyond what’s necessary to provide the goods or services, you have the right to limit our use of that sensitive information. In our case, we do not use sensitive data in ways that would trigger this right – any sensitive info (e.g., payment card) is used strictly for the service you requested (processing payment).
  • Right of Non-Discrimination: We will not discriminate against you for exercising any of these rights. This means we won’t deny you goods or services, charge you a different price, or provide a different level of quality just because you exercised your privacy choices, unless such difference is permitted by law (for example, if you refuse to provide certain data we need to provide a service, we can’t provide that service; but we won’t punish you with unwarranted penalties for making a data request).

Global Privacy Control (GPC): We honor the Global Privacy Control signal as a valid consumer request to opt out of the sale or sharing of personal information, as required by law . GPC is a browser or device setting that you can enable (via certain browsers or extensions like Mozilla Firefox, DuckDuckGo, Brave, etc.) which broadcasts a “Do Not Sell or Share My Personal Info” signal to websites. If our website detects a GPC signal from your browser, we will treat it the same as if you had clicked a “Do Not Sell or Share” opt-out on our site. In practical terms, this means we will disable any third-party trackers on our site that would be considered a “sale” or “sharing” of your data for behavioral advertising. You do not need to make an additional request— the signal itself suffices, and we will honor it for that browser going forward. (Note: Because GPC works on a browser-level, if you use multiple browsers or devices, you should enable it on each for it to be effective everywhere.)

Exercising Your Rights: To exercise any of the rights above, please contact us using the contact details in Contact Us below. To help protect your security, we will need to verify your identity before fulfilling your request. For example, if you have an account, we may ask you to verify through your account login or by confirming information we already have on file (such as details of your last purchase or providing a piece of identification). For requests made on behalf of someone else (e.g., by an authorized agent or a legal guardian), we will take steps to verify the authority of the requester as well.

  • For access or deletion requests (especially under CCPA), once we receive your request and verify your identity (and authority, if applicable), we will search our systems for relevant data and respond within the timeframe required by law (typically within 30 days for GDPR, and 45 days for CCPA, with possible extension). If we need more time, we will inform you.
  • For opt-out of sale/sharing requests (CCPA), you can simply use our site’s “Do Not Sell or Share My Personal Information” link (if provided in the footer) or use an opt-out preference signal like GPC as noted. You can also email us your opt-out request. We will act on these requests as soon as possible, and at most within the timelines prescribed by law (15 business days under CPRA for opt-outs).
  • For marketing opt-outs, you can always click the “unsubscribe” link at the bottom of our marketing emails, and you will be opted out of future marketing emails. (Note: even if you opt out of marketing, we may still send you transactional or service emails, such as order confirmations or responses to your inquiries, since those aren’t marketing.)
  • For cookie preferences, refer to the Cookies section above. We may provide a cookie consent manager on our site; if not, using browser settings or GPC as described will serve to exercise your choice.

Authorized Agents (California): If you are a California resident, you may designate an authorized agent to make requests on your behalf. If you do so, we will take steps to verify the agent’s authority (for example, we might ask for a written permission from you or proof of the agent’s power of attorney, and we will still ask the agent or you for information to verify identity, as allowed by law).

No Fee Usually Required: You will not have to pay a fee to exercise these rights. However, if a request is manifestly unfounded or excessive (for instance, repetitive requests), we might charge a reasonable fee or refuse to comply as permitted by law, but we will explain why.

Response Time: We aim to respond to all legitimate requests promptly. GDPR requires us to respond within one month (which we can extend by two further months if necessary, but we’ll inform you if so). CCPA/CPRA requires response within 45 days (with a possible 45-day extension). Our goal is to be even faster when possible.

Clarifications: If we cannot fulfill your request in whole or in part, we will explain why. For example, we might not be able to delete data that we are required to keep by law, or we might decline an access request if it adversely affects the rights and freedoms of others (GDPR allows such exceptions). But we will be transparent about any refusals or partial compliance.

Remember, your rights may vary based on your location. We have tried to outline major rights here. If you are unsure about your rights or want to exercise them, please contact us – we’re here to help and will guide you through the process.

 

9. Marketing Communications and Opt-Outs

As mentioned earlier, we may send you marketing communications (such as email newsletters, special offers, or updates about new products) if you have consented to such communications or if you made a purchase and we believe you might be interested in related products (where permissible by law, e.g., the “soft opt-in” for existing customers under some spam laws). However, you have control over how you receive marketing from us:

  • Opting In: If you are not already on our mailing list, you can choose to subscribe by providing your email (for example, via a sign-up form on our site). We will then send you a confirmation or welcome message, and you’ll start receiving our newsletters or promotions.
  • Opting Out of Emails: You can opt out of our marketing emails at any time by clicking the Unsubscribe link included in the footer of every marketing email we send. After you unsubscribe, we will remove you from the marketing list. Please note that it may take a few days to process the opt-out, so you might receive emails already in production during that time. Alternatively, you can opt out by contacting us at our support email and requesting removal.
  • Opting Out of SMS: (If applicable) If you have signed up for any SMS alerts or promotions, you can opt out by following the instructions in the SMS (typically replying “STOP”).
  • Postal Mail or Telemarketing: It’s rare, but if we ever did physical mailers or calls, you could opt out by contacting us. (As of now, our primary marketing channel is email and online ads, not postal mail or phone marketing).
  • Ad Preferences: As described in Cookies, you can control targeted advertising through cookie settings and opt-out tools. While this doesn’t “opt out” of marketing in the same way (you may still see our ads, but they’ll be less tailored), it’s a way to reduce tracking for advertising purposes.
  • Social Media and Other Platforms: If you follow us on social media or are part of our online communities, you’ll have to adjust your preferences on those platforms to control what you see from us (for instance, unfollowing or muting our page if you no longer want to see content).

Please note that even if you opt out of marketing communications, we may still send you transactional or service communications. These include messages like order confirmations, shipping notifications, important account notifications, password resets, or responses to your inquiries – these are not promotional, but rather necessary to service you or to inform you of important matters (e.g., product recall, changes to terms, etc.).

We do not share your email or other contact information with third-party companies for them to market their own products to you without your consent.

If you have any issues with unsubscribing or want to clarify what you’re subscribed to, you can always contact us and we will assist in ensuring your preferences are correctly recorded.

 

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will post the updated Policy on this page and update the “Last Updated” date at the top. If the changes are significant, we may provide a more prominent notice (such as by email to our subscribers or a banner on our website) to inform you of the updates.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If we update the Policy, in some cases we might seek your consent again for material changes (for example, if a change would require new consent under GDPR or if we start processing data for a new purpose that requires consent).

Your continued use of our website or services after any modifications to the Privacy Policy will signify your acceptance of the changes, provided that any changes will not retroactively degrade the privacy of your data without your consent. If you do not agree with any updates to the Policy, you should stop using our services and you may request that we remove your personal data as per your rights outlined above.

For reference, prior versions of our Privacy Policy (if any) may be requested from us if you wish to see how the Policy has evolved.

 

11. Contact Us (Privacy Questions or Complaints)

Your feedback and questions about privacy are very important to us. If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please reach out to us:

Templa Pty Ltd
Email: shop@templaprojects.com

When contacting us with a privacy inquiry or request, please provide enough information for us to verify your identity (if applicable) and understand your request. For example, if you are requesting data access, it helps to do so from the email associated with your account or order and specify the information you seek.

Complaint Resolution: We take all privacy complaints seriously. If you lodge a complaint with us (for instance, you believe we’ve mishandled your data or violated this Policy), we will acknowledge your complaint, investigate it, and respond to you within a reasonable timeframe. In Australia, we aim to respond to privacy complaints in writing within 30 days. We will work with you in good faith to resolve the issue.

If you are not satisfied with our response to a privacy concern or complaint:

  • Australia: You may contact the Office of the Australian Information Commissioner (OAIC) for further guidance or to lodge a complaint. The OAIC can be reached at 1300 363 992 or through their website www.oaic.gov.au. There is a complaint form available on the OAIC site that you can use. The OAIC typically expects you to attempt to resolve with the organization first (which we encourage and are happy to do), but you have the right to escalate if needed.
  • European Union: You have the right to complain to your local Data Protection Authority (DPA). A list of DPAs can be found on the European Data Protection Board website. For example, in Germany you’d contact the state DPA, in France the CNIL, in Ireland the DPC, etc.
  • United Kingdom: You can contact the Information Commissioner’s Office (ICO) on +44 303 123 1113 or via ico.org.uk for advice or to file a concern.
  • Canada: If applicable, the Office of the Privacy Commissioner of Canada (OPC) can address complaints.
  • United States (California): The California Privacy Protection Agency (CPPA) is the body that can handle CCPA/CPRA complaints, or the state Attorney General’s office can accept consumer complaints about privacy. However, currently there isn’t an individual redress mechanism under CCPA like a DPA; enforcement is by the AG or CPPA. Still, you have the right to notify authorities if you believe your rights have been infringed.

We sincerely hope that will never be necessary and that we can resolve any issues directly in a satisfactory manner.