Privacy Policy

Oh! This Old Thing?
Last updated: 8 March 2026

1. Introduction

This Privacy Policy explains how Oh! This Old Thing? (“we”, “our”, “us”) collects, holds, uses, and discloses personal information when you visit ohthisoldthing.shop, place an order, contact us, or sign up to hear from us.

We aim to manage personal information in an open and transparent way.

2. What personal information we collect

Depending on how you interact with us, we may collect personal information such as:

  • your name

  • email address

  • phone number

  • billing and shipping address

  • order details and purchase history

  • information you provide when contacting us

  • newsletter or marketing preferences

  • technical information such as IP address, browser type, device information, and cookie-related data

  • any other information you choose to provide to us

We do not store your full credit card details ourselves. Payments are processed by third-party payment providers.

3. How we collect personal information

We may collect personal information:

  • directly from you when you place an order

  • when you contact us by email or through the website

  • when you subscribe to our mailing list

  • when you browse our website

  • through cookies and similar technologies

  • from service providers involved in payment, fraud prevention, shipping, website hosting, analytics, and email marketing

4. Why we collect, hold, use, and disclose personal information

We may collect, hold, use, and disclose personal information so that we can:

  • process and fulfil orders

  • ship products and provide tracking updates

  • communicate with you about your order

  • respond to questions, returns, or customer support requests

  • improve our website, products, and services

  • prevent fraud, misuse, or security issues

  • maintain business and tax records

  • send marketing communications where permitted and where you have opted in or would reasonably expect them

  • comply with legal obligations

These are the kinds of purposes OAIC says an APP privacy policy should describe clearly.

5. Direct marketing

We may send you marketing emails about new arrivals, updates, or promotions if:

  • you have subscribed to receive them

  • you have otherwise consented, or

  • we are permitted to do so under applicable law

You can unsubscribe at any time by using the unsubscribe link in the message or by contacting us.

Australian privacy law and spam rules require a simple opt-out process, and ACMA recommends express consent with clear terms about what marketing is for and how consent can be withdrawn.

6. Cookies and website analytics

We use cookies and similar technologies to help our website function, remember preferences, understand site traffic, and, where enabled, support advertising or remarketing tools.

For more detail, please see our Cookie Policy.

7. Who we may disclose personal information to

We do not sell personal information.

We may disclose personal information to third parties who help us run our business, including:

  • website and ecommerce platform providers, including Squarespace

  • payment processors

  • shipping and delivery providers

  • email marketing providers

  • analytics and advertising providers, where enabled

  • IT, fraud prevention, and security providers

  • professional advisers such as accountants, insurers, or legal advisers

  • regulators, law enforcement, or government bodies where required by law

8. Overseas disclosure and service providers

Some of the service providers we use may store or process personal information outside Australia.

Because our website is hosted on third-party infrastructure and some tools may operate internationally, your personal information may be disclosed to or processed in countries outside Australia, including countries where our service providers or their infrastructure are located.

Where relevant, we rely on the safeguards made available by those providers. Squarespace states that it uses Standard Contractual Clauses for certain GDPR-related transfers.

9. How we hold and protect personal information

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure.

We use third-party platforms and service providers that offer security controls such as encrypted connections, account protections, and access controls. We also limit access to personal information to what is reasonably necessary for operating the business.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

10. Data retention

We keep personal information only for as long as reasonably necessary for the purposes described in this policy, including:

  • completing orders and after-sales support

  • complying with legal, tax, and record-keeping requirements

  • resolving disputes

  • maintaining security and fraud prevention records

When personal information is no longer required, we take reasonable steps to destroy it or de-identify it where appropriate.

11. Access and correction

You may request access to the personal information we hold about you, and you may ask us to correct information that is inaccurate, out of date, incomplete, irrelevant, or misleading.

To make a request, contact us using the details at the end of this policy. We may need to verify your identity before responding.

OAIC says an APP privacy policy should explain how people can access and correct their information and provide contact details for doing so.

12. Complaints

If you believe we have mishandled your personal information or breached applicable privacy laws, please contact us first so we can investigate.

Please include enough detail for us to understand your concern.

We will review your complaint and respond within a reasonable period.

If you are not satisfied with our response and Australian privacy law applies, you may be able to complain to the Office of the Australian Information Commissioner (OAIC).

13. Data breaches

If we become aware of a data breach involving personal information, we will assess it promptly.

If the Privacy Act applies and the breach is likely to result in serious harm, the Notifiable Data Breaches scheme requires affected individuals and the OAIC to be notified.

14. International visitors

If you access our website from outside Australia, your information may be processed in Australia and in other countries where our service providers operate.

If privacy laws in your jurisdiction give you additional rights, you may contact us to make a request and we will consider it in line with applicable law.

Rather than overpromising compliance with every global law by default, this wording is cleaner and safer unless you’ve separately mapped each regime in detail.

15. Children’s privacy

Our website is not directed to children.

We do not knowingly collect personal information from children in a way that is intended to target them. If you believe a child has provided personal information to us, please contact us and we will review the issue.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business, technology, legal obligations, or website features.

The latest version will always be posted on this page with the updated date shown at the top.

17. Contact us

If you have questions, want to access or correct your personal information, or want to make a privacy complaint, contact us at:

Oh! This Old Thing?
Email: info@ohthisoldthing.shop]
Website: ohthisoldthing.shop