Privacy Policy

PAR TAPS

Privacy Policy

ABN 45 006 974 947

Effective Date: 10 April 2026  |  Version 2.0

1. INTRODUCTION

Par Taps Pty Ltd (ABN 45 006 974 947) ("we", "us" or the "Company") is committed to privacy protection. This Privacy Policy describes how we manage personal information and safeguard privacy in connection with our website at https://partaps.com.au (which is also accessible via https://partaps.com) ("this site"). If you would like more information, please contact us using the details in Section 14 below.

This Privacy Policy forms part of, and is subject to the provisions of, our Terms of Use. This site also maintains a separate Cookie Policy, accessible at https://partaps.com.au/cookie-policy.

2. THE AUSTRALIAN PRIVACY PRINCIPLES

We will treat all personal information in accordance with any and all obligations that are binding upon us under the Privacy Act 1988 (Cth) ("Privacy Act"), including the 13 Australian Privacy Principles ("APPs"). We are also committed to complying with the Notifiable Data Breaches ("NDB") scheme established under Part IIIC of the Privacy Act.

3. WHAT IS PERSONAL INFORMATION?

• Personal information held by the Company may include your:

• Name and date of birth;

• Residential and business postal addresses, telephone/mobile numbers and email addresses;

Bank account details for agreed billing purposes (e.g., for EFT payments). Note: we do not store, process or have access to your credit or debit card details — all card payment information is handled directly by our payment processor, Stripe, in accordance with the Payment Card Industry

Data Security Standard (PCI DSS);

• Any information provided by you during your account creation process or added to your user profile;

• Preferences and password for using this site, and your computer and connection information; and

• Any information that you otherwise share with us.

4. HOW WE COLLECT YOUR PERSONAL INFORMATION

At this site, we only collect personal information that is necessary for us to conduct our business as one of Australia’s leading manufacturers of high-quality designer tapware, mixers and accessories.

We may collect personal information that you provide to us when you:

• Use this site, including when you create a user account;

• Add information to your user profile;

• Purchase any products and/or services through this site;

• Complete an online contact form to contact us;

• Provide information to us by telephone or through marketing or competition application forms; or

• Send us an email or other communication.

We will never rent, trade or sell your personal information to anyone. We will never publicly display your email address or other personal details that identify you.

5. IP ADDRESSES

This site may collect Internet Protocol (IP) addresses. IP addresses are assigned to computers on the internet to uniquely identify them within the global network. The Company collects and manages IP addresses as part of providing internet session management and for security purposes. We may also collect and use web log, computer and connection information to help prevent and detect any misuse of, or fraudulent activities involving, this site.

6. COOKIES

This site uses cookies to help personalise your online experience. For full details about the cookies we use, including the types of cookies (persistent and session), how to manage cookie settings in your browser, and information about third-party cookies, please refer to our separate Cookie Policy at https://partaps.com.au/cookie-policy.

In some cases, cookies may collect and store personal information about you. We extend the same privacy protections to information gathered via cookies as to information collected through other means.

Please note: This site does not currently display a cookie consent banner. If you continue to use this site, cookies will be placed on your device as described in our Cookie Policy. You can manage cookie preferences through your browser settings at any time.

7. HOW WE USE YOUR PERSONAL INFORMATION

Your personal information may be used to:

• Verify your identity;

• Assist you to place orders through this site;

• Process any purchases of products and/or services, including charging, billing, collecting debts and shipping products to you;

• Make changes to your account;

• Respond to any queries or feedback;

• Conduct appropriate checks for credit-worthiness and for fraud;

• Prevent and detect any misuse of, or fraudulent activities involving, this site;

• Conduct research and development in respect of our products and/or services;

• Gain an understanding of your information and communication needs, or obtain your feedback about our products and/or services in order to improve them; and

• Maintain and develop our business systems and infrastructure, including testing and upgrading of these systems.

From time to time we may email customers with news, information and offers relating to our own products and services. If you would prefer not to receive promotional material from us, please let us know and we will respect your request. You can unsubscribe from such communications at any time.

8. REMARKETING AND TARGETED ADVERTISING

We may use the following third-party remarketing and advertising services to advertise on third-party platforms to previous visitors to this site, based upon their activity on this site:

• Google Ads — advertising may be displayed on Google search results pages or websites in the Google Display Network;

• Facebook (Meta) — advertising may be displayed within the Facebook and Instagram platforms;

• TikTok — advertising may be displayed within the TikTok platform;

• YouTube — advertising may be displayed on YouTube;

• LinkedIn — advertising may be displayed within the LinkedIn platform; and

• Instagram — advertising may be displayed within the Instagram platform (in addition to Facebook/Meta placements).

These services may use cookies, pixel tags and similar technologies to collect de-identified data about your activity on this site. This allows us to tailor our marketing to better suit your needs and to only display advertisements that are relevant to you. Any data collected by these third parties will be used in accordance with their own respective privacy policies. None of your personal information from these platforms is reported to us in an individually identifiable form.

You can manage your advertising preferences through:

• Google Ads Settings: https://www.google.com/settings/ads

• Facebook Ad Preferences: https://www.facebook.com/adpreferences

• TikTok privacy settings within the TikTok app;

• LinkedIn Ad Preferences in your LinkedIn account settings; and

• Your browser’s cookie settings (see our Cookie Policy).

9. WHEN WE MAY DISCLOSE YOUR PERSONAL INFORMATION

In order to deliver the products and services you require, or for the purposes set out above, the Company may disclose your personal information to organisations outside the Company. Your personal information is disclosed to these organisations only in relation to this site, and the Company takes reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations. These organisations may carry out or provide:

• Customer enquiries;

• Mailing and delivery systems;

• Billing and debt-recovery functions;

• Information technology services;

• Marketing and sales services;

• Market research; and

• Website usage analysis.

In addition, we may disclose your personal information to:

• Your authorised representatives or legal advisers (when requested by you to do so);

• Credit-reporting and fraud-checking agencies;

• Credit providers for credit-related purposes such as creditworthiness, credit rating and financing;

• Our professional advisers, including our accountants, auditors and lawyers;

• Government and regulatory authorities and other organisations, as required or authorised by law;

• Organisations that manage our business strategies, including those involved in a transfer or sale of all or part of our assets or business, and those involved in managing our business risk and funding; and

• The police or other appropriate persons where your communication suggests possible illegal activity or harm to others.

10. CROSS-BORDER DISCLOSURE OF PERSONAL INFORMATION

Some of the third-party service providers we use may store or process your personal information on servers located outside Australia. These providers include but are not limited to:

• Google (Analytics, Ads) — servers located in the United States and other jurisdictions;

• Meta/Facebook — servers located in the United States and other jurisdictions;

• Microsoft Azure — servers located in various global data centres;

• Amazon Web Services — servers located in various global data centres;

• Stripe (payment processing) — servers located in the United States and other jurisdictions; and

• Apple — servers located in the United States and other jurisdictions.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the recipient does not breach the APPs in relation to that information. We require all third-party data processors to provide sufficient guarantees and implement appropriate technical and organisational measures to secure your data.

11. NOTIFIABLE DATA BREACHES

In the event of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will:

• Take all reasonable steps to contain the breach and mitigate any potential harm;

• Assess the breach to determine whether it is likely to result in serious harm to any affected individuals;

• If serious harm is likely, notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable; and

• Prepare a statement for the OAIC that includes the nature of the breach, the types of information involved, and recommended steps for affected individuals.

We maintain internal procedures for detecting, assessing, and responding to data breaches in accordance with Part IIIC of the Privacy Act.

12. ACCESS TO AND CORRECTION OF YOUR PERSONAL INFORMATION

In most cases, you may have access to personal information that we hold about you. We will handle requests for access in accordance with the APPs. All requests must be directed to the Privacy Officer using the contact details in Section 14.

We will deal with all requests as quickly as possible. Requests for a large amount of information, or information that is not currently in use, may require further time. We may charge a fee for access where a cost is incurred by us to retrieve your information, but we will never charge a fee for your application for access.

In some cases, we may refuse access. This may include circumstances where giving access would:

• Be unlawful;

• Have an unreasonable impact on another person’s privacy; or

• Prejudice an investigation of unlawful activity.

We may also refuse access where the personal information relates to existing or anticipated legal proceedings, and the information would not be accessible by the process of discovery in those proceedings. If we refuse access, we will provide you with reasons for our decision.

12. Correcting Your Personal Information

We will amend any personal information about you that is held by us and that is inaccurate, incomplete or out of date if you request us to do so. If we disagree with your view about the accuracy, completeness or currency of a record, and you ask us to associate a statement that you have a contrary view, we will take reasonable steps to do so.

13. STORAGE AND SECURITY OF YOUR PERSONAL INFORMATION

We are committed to maintaining the confidentiality of the information that you provide us, and we will take all reasonable precautions to protect your personal information from unauthorised use or alteration. In accordance with the Privacy Act (as amended in 2024), we implement both technical and organisational measures to protect personal information.

Personal information may be stored both electronically (on our computer systems and with our website hosting provider) and in hard-copy form. Firewalls, anti-virus software, email filters and passwords protect all electronic information. We also take all reasonable measures to ensure the security of hard-copy information.

14. CONTACTING US ABOUT PRIVACY

If you would like more information about the way we manage personal information, wish to make an access or correction request, or are concerned that we may have breached your privacy, please contact our Privacy Officer:

Email: privacy@partaps.com.au

Post: Privacy Officer, Par Taps Pty Ltd, 25–27 Bellevue Crescent, Preston VIC 3072

For more information about the Privacy Act and the APPs, visit the OAIC website at https://www.oaic.gov.au/.

15. THIRD-PARTY WEBSITES

You may click through to third-party websites from this site, in which case we recommend that you refer to the privacy policy of those websites. This Privacy Policy applies to this site only, and the Company assumes no responsibility for the content of any third-party websites.

16. GDPR

The Company welcomes the General Data Protection Regulation ("GDPR") of the European Union ("EU") as an important step forward in streamlining data protection globally. Although we do not operate an establishment within the EU and do not target any offering of services towards customers in the EU specifically, we intend to comply with the data handling regime laid out in the GDPR in respect of any personal information of EU data subjects that we may obtain.

GDPR Rights

The requirements of the GDPR are broadly similar to those set out in the Privacy Act and include the following rights:

• You are entitled to request details of the information that we hold about you and how we process it. For EU residents, we will provide this information at no charge;

• You may also have a right to have that information rectified or deleted; restrict our processing of that information; stop unauthorised transfers of your personal information to a third party; in some circumstances, have that information transferred to another organisation; and lodge a complaint with a local supervisory authority; and

• Where we rely upon your consent as our legal basis for collecting and processing your data, you may withdraw that consent at any time.

Legal Bases for Processing

Where the GDPR applies, we process personal information on the following legal bases:

• Consent — where you have given clear consent for us to process your personal information for a specific purpose;

• Contractual necessity — where processing is necessary to fulfil a contract with you (e.g., to process and deliver your order);

• Legal obligation — where processing is necessary to comply with the law; and

• Legitimate interests — where processing is necessary for our legitimate interests (e.g., to analyse how customers use our services, develop our services, and grow our business) and does not materially impact your rights, freedoms or interests.

• If you object to the processing of your personal information, or if you have provided your consent and later choose to withdraw it, we will respect that choice in accordance with our legal obligations. Please be aware that:

• Such objection or withdrawal of consent could mean that we are unable to provide our services to you; and

• Even after you have chosen to withdraw your consent, we may be able to continue to keep and process your personal information to the extent required or otherwise permitted by law — in particular, to pursue our legitimate interests or to exercise and defend our legal rights.

Storage and Processing by Third Parties

Data that we collect about you may be stored or otherwise processed by third-party services with data centres based outside the EU, as described in Section 10 above. We require that all third parties acting as data processors provide sufficient guarantees and implement appropriate technical and organisational measures to secure your data, only process personal data for specified purposes, and have committed themselves to confidentiality.

Data Retention

We will only keep your data for as long as is necessary for the purpose for which it was collected, subject to satisfying any legal, accounting or reporting requirements. As a general guide:

• Transactional data (purchase records, invoices): retained for a minimum of 7 years to meet Australian tax and accounting obligations;

• Account data: retained for the duration of your account and for a reasonable period after closure;

• Marketing data: retained until you unsubscribe or request deletion; and

• Website analytics data: retained in de-identified/aggregated form.

At the end of any retention period, your data will either be deleted completely or anonymised. In some circumstances, you can ask us to delete your data by contacting us using the details in Section 14.

17. CHANGES TO THIS PRIVACY POLICY

From time to time, it may be necessary for us to revise this Privacy Policy. Any changes will be in accordance with any applicable requirements under the Privacy Act and the APPs. We may notify you about changes by posting an updated version on this site. We encourage you to review this Privacy Policy periodically.