Privacy Policy

1. About This Policy

Party Munchies (ABN 90 566 712 064) ("we", "us", "our") is an Australian catering business operating at 20 Binya Avenue, Tweed Heads NSW 2485. We are committed to protecting the privacy of individuals whose personal information we handle.

This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and your rights under Australian law. It is written in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using our website or engaging our services, you acknowledge this policy. If you have any questions, please contact us at [email protected].

2. What Personal Information We Collect

Via the website contact form (enquiries):

• Full name
• Email address
• Phone number (optional)
• Preferred event date (optional)
• Message content

Via Invoice Ninja (invoicing & payment):

When we issue invoices or process payments through our self-hosted invoicing system, we collect:

• Full name
• Email address
• Phone number / mobile
• Postal address
• Business name
• Bank account details (where direct bank transfer is used)

Automatically collected information:

• Website analytics (Google Analytics 4): When you visit our website, Google Analytics collects your IP address (anonymised by default), browser type, device type, pages visited, time spent on pages, and approximate geographic location. This data is aggregated and used to understand how our website is used. See Section 5 for details.
• Security (Cloudflare Turnstile): Our contact form uses Cloudflare Turnstile to prevent automated spam. Cloudflare may process your IP address and browser signals as part of this verification. No personal profile is created.

3. Why We Collect Your Personal Information (APP 3 & 5)

We collect personal information only for the following purposes:

• Responding to enquiries: To reply to catering enquiries submitted through our contact form or received by email/phone.
• Providing catering services: To arrange, confirm, and deliver catering orders and events.
• Invoicing and payment: To issue tax invoices, record payments, and fulfil our legal obligations under Australian tax law.
• Website improvement: To understand how our website is used (via aggregated analytics) so we can improve it.
• Security: To protect our website contact form from spam and automated abuse.

We do not collect personal information we do not need. We will not use your personal information for direct marketing without your explicit consent.

4. How We Use and Disclose Your Information (APP 6)

We use your personal information only for the purposes for which it was collected (see Section 3), or for a directly related secondary purpose that you would reasonably expect.

We do not:

• Sell, rent, or trade your personal information to third parties
• Use your information for unsolicited marketing
• Share your information with unrelated businesses

We may disclose your personal information where required or authorised by law (e.g. to the Australian Taxation Office).

5. Third-Party Services (APP 6 & 8)

Google Analytics 4 (cross-border disclosure)

• Data collected: Anonymised IP address, pages visited, session duration, browser and device type, approximate location (country/city level)
• Purpose: Website performance and user experience improvement
• Cookies set: _ga and _ga_XLVDH54S6Z — both expire after 2 years
• Google's privacy policy: policies.google.com/privacy
• Opt-out: You can install the Google Analytics Opt-out Browser Add-on or use your browser's privacy or "do not track" settings.

Cloudflare Turnstile (contact form security)

• Purpose: Spam and bot prevention for our contact form
• Data processed: IP address and browser signals during form submission
• Cloudflare's privacy policy: cloudflare.com/privacypolicy

Self-hosted systems (Invoice Ninja)

Our invoicing system runs on our own server located in Australia. Your financial and contact details entered for invoicing are not shared with any third party by this system.

Fonts and icons

All website fonts (Poppins) and icons (Font Awesome) are served directly from our own server. No data is sent to Google Fonts or any font CDN when you visit our website.

6. Storage and Security of Your Information (APP 11)

Your personal information is stored on our server located in Australia. We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These measures include:

• Hosting on a secured server with restricted access
• Use of HTTPS encryption for data in transit
• Regular review of our data handling practices

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

6a. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by Australian law (including taxation, accounting, and consumer protection legislation).

Our standard retention periods are:

• Contact form enquiries (name, email, phone, message): retained for up to 24 months after the last interaction, then securely deleted.
• Customer invoicing records (name, address, contact details, transaction details): retained for 7 years as required by the Australian Taxation Office and the Corporations Act.
• Email correspondence: retained for up to 24 months after the last reply, unless linked to an active booking or invoice.
• Website analytics data (Google Analytics): retained for 14 months, then automatically deleted by Google.
• Server access logs: retained for up to 30 days for security and troubleshooting purposes.

When personal information is no longer required and we are not legally obliged to retain it, we will take reasonable steps to destroy or de-identify it in accordance with APP 11.2. You may request earlier deletion at any time — see Section 7 below.

7. Your Rights — Access, Correction and Deletion (APP 12 & 13)

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you (APP 12)
• Correct personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading (APP 13)
• Request deletion of your personal information where we are no longer required to keep it for legal, accounting, or contractual reasons
• Withdraw consent for any future processing at any time

How to submit a data access request, correction request, or deletion request

To submit a data access request, data correction request, or data deletion request, follow these steps:

1. Email our Privacy Officer at [email protected] with the subject line "Data Access Request", "Data Correction Request" or "Data Deletion Request".
2. State clearly whether you are requesting access, correction, or deletion, and describe the information concerned.
3. Provide enough detail (e.g. the email address or phone number you used) so we can locate your records and verify your identity.

Response time: We will acknowledge your data access request within 7 days and provide a substantive response within 30 days of receipt, in line with OAIC guidelines.

Fees: Access to your personal information is provided free of charge. We do not charge a fee for making a data access, correction, or deletion request, nor for providing access. If a request is unusually complex, we may discuss any reasonable cost-recovery charges with you in advance — but never an application fee.

If we refuse a request, we will provide written reasons and information on how to lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Notification of third parties: Where we have disclosed corrected information to a third party, we will, on request and where practicable, notify that third party of the correction.

8. Cookies

Our website uses the following cookies:

• Google Analytics cookies (_ga, _ga_XLVDH54S6Z): Set by Google Analytics to distinguish unique users and track sessions. Expire after 2 years. See the opt-out information in Section 5.

We do not use cookies for advertising, profiling, or any purpose beyond website analytics and security. You can manage or disable cookies through your browser settings; however, disabling cookies may affect some website functionality.

9. Links to Other Websites

Our website contains links to our social media pages (Facebook, Instagram) and messaging services (WhatsApp). These external services have their own privacy policies, which we encourage you to review. We are not responsible for the privacy practices of external websites.

10. Complaints (APP 1)

If you believe we have mishandled your personal information or breached an Australian Privacy Principle, please contact us first:

• Email: [email protected]

We will acknowledge your complaint promptly and aim to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: oaic.gov.au/privacy/privacy-complaints
• Phone: 1300 363 992

11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated policy on this page with a revised effective date. We encourage you to review this policy periodically.

12. Privacy Officer & Contact Us

Party Munchies has designated a Privacy Officer as the privacy contact responsible for handling privacy enquiries, access requests, correction requests, deletion requests, and complaints under the Privacy Act 1988 (Cth).

• Privacy Officer: Party Munchies Privacy Officer
• Business name: Party Munchies (ABN 90 566 712 064)
• Privacy email: [email protected]
• Phone / WhatsApp: (61) 0401 173 694
• Postal address: 20 Binya Avenue, Tweed Heads NSW 2485, Australia

We aim to acknowledge all privacy requests within 7 days and respond substantively within 30 days.