Privacy policy

Privacy Policy for Finity Frames

Effective Date: February 5, 2026

Agency Fish Pty Ltd trading as Finity Frames (ABN 67 120 388 794, ACN 120 388 794) (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information in connection with your use of the Finity Frames website at https://finityframes.com (the “Website”), purchases of our display systems and related products, and other interactions with our business.

We are subject to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). For individuals located in the European Union (EU) or European Economic Area (EEA), we also comply with the General Data Protection Regulation (GDPR) (EU) 2016/679 where applicable. This policy is designed to comply with those requirements.

  1. What Personal Information We Collect

We may collect the following types of personal information:

  • Contact and identification information: name, email address, phone number, billing and delivery address.
  • Transaction information: details of products purchased, payment information (processed securely via third-party providers; we do not store full credit card details), order history.
  • Account information: username, password (stored securely), preferences, and any information provided in your account profile.
  • Communication information: messages, inquiries, feedback, or support requests submitted via contact forms, email, or other channels.
  • Technical and usage information: IP address, browser type, device information, pages visited, time and date of visits, referring URLs, and other data collected via cookies, web beacons, and similar technologies.
  • Marketing and preference information: details about your interests, subscription status for newsletters or promotions (if applicable).

We do not collect sensitive information (such as health, racial, or religious information) unless it is reasonably necessary for our functions and you have consented.

  1. How We Collect Personal Information

We collect personal information:

  • Directly from you when you place an order, create an account, subscribe to communications, contact us, or complete forms on the Website.
  • Automatically through your use of the Website (e.g., via cookies and analytics tools).
  • From third parties such as payment processors, shipping carriers, or marketing platforms, where permitted.
  1. Purposes for Which We Collect, Hold, Use, and Disclose Personal Information

We collect, hold, use, and disclose your personal information for the following primary purposes:

  • To process and fulfil orders, including payment processing, shipping, and delivery.
  • To provide customer support and respond to inquiries.
  • To manage and improve our Website, products, and services.
  • To communicate with you about orders, promotions, updates, or other relevant information (you may opt out of marketing communications at any time).
  • To prevent fraud, enforce our Terms of Service, and comply with legal obligations.
  • For internal business purposes such as data analysis, accounting, auditing, and product development.

3.1 Lawful Bases for Processing (GDPR-Specific)

For EU/EEA residents, we process personal data on the following lawful bases under the GDPR:

  • Performance of a contract (Article 6(1)(b)): To fulfil orders, process payments, deliver products, and provide related services.
  • Legitimate interests (Article 6(1)(f)): For fraud prevention, website improvement, analytics, and direct marketing (balanced against your rights and interests).
  • Consent (Article 6(1)(a)): For non-essential cookies, marketing communications, or other optional processing (which you can withdraw at any time).
  • Legal obligation (Article 6(1)(c)): To comply with applicable laws, such as tax or regulatory requirements.

We do not process special categories of data unless based on explicit consent or another applicable basis.

  1. Disclosure of Personal Information

We may disclose your personal information to:

  • Third-party service providers who assist us with payment processing (e.g., Stripe, which acts as a data processor under a Data Processing Agreement aligned with GDPR requirements), shipping and logistics (e.g., Australia Post, international carriers), website hosting, analytics (e.g., Google Analytics), email marketing, or other operational functions.
  • Professional advisors (e.g., lawyers, accountants) where necessary.
  • Law enforcement, regulatory authorities, or courts if required by law.

We may also disclose personal information in the event of a business sale, merger, or acquisition.

  1. Disclosure to Overseas Recipients

We may disclose personal information to overseas recipients, including:

  • Service providers located in the United States, Europe, or other countries (e.g., payment gateways, cloud storage, analytics providers).
  • Shipping carriers or customs authorities in destination countries for international orders.

These recipients may be subject to laws that differ from Australian privacy laws. We take reasonable steps to ensure that overseas recipients handle your information in a manner consistent with the APPs, such as through contractual obligations.

5.1 International Data Transfers (GDPR-Specific)

For EU/EEA residents, personal data may be transferred outside the EEA, including to Australia (our primary location) and the United States (e.g., for providers like Stripe). Australia does not have an adequacy decision from the European Commission. To ensure an adequate level of protection, we use safeguards such as Standard Contractual Clauses (SCCs) in agreements with recipients, or rely on the EU-U.S. Data Privacy Framework (DPF) where applicable (e.g., for Stripe, which participates in the DPF). We assess transfers to ensure compliance with GDPR Chapter V.

  1. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyse usage, and deliver targeted content. You can manage cookie preferences through your browser settings. For more details, refer to our cookie notice (if separate) or contact us. For EU/EEA residents, we obtain consent for non-essential cookies via a consent banner.

  1. Security of Personal Information

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure, including:

  • Secure transmission (e.g., HTTPS).
  • Access controls and encryption where appropriate.
  • Regular security reviews.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

  1. Access and Correction

You have the right to access and correct your personal information held by us, subject to exceptions under the Privacy Act. To request access or correction, contact us using the details below. We may charge a reasonable fee for access requests.

8.1 EU Data Subject Rights (GDPR-Specific)

If you are an EU/EEA resident, you have additional rights under the GDPR:

  • Right of access (Article 15): Obtain confirmation of processing and a copy of your data.
  • Right to rectification (Article 16): Correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) (Article 17): Request deletion where no longer necessary or consent is withdrawn.
  • Right to restriction of processing (Article 18): Limit processing in certain circumstances (e.g., while accuracy is verified).
  • Right to data portability (Article 20): Receive your data in a structured, machine-readable format and transmit it to another controller.
  • Right to object (Article 21): Object to processing based on legitimate interests or for direct marketing.

We will respond to requests without undue delay and within one month (extendable by two months for complex requests). There is no fee unless the request is manifestly unfounded or excessive.

8.2 How to Exercise Rights

To exercise any rights (including GDPR rights), contact us at support@finityframes.com with details of your request. We may require identity verification. For objections or consent withdrawal, specify the processing activity.

  1. Complaints

If you believe we have breached the APPs or this Privacy Policy, please contact us. We will investigate and respond within a reasonable time. If unsatisfied, you may complain to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

For EU/EEA residents, you may also lodge a complaint with your local supervisory authority (e.g., the Data Protection Authority in your member state) or the lead authority if cross-border processing is involved.

  1. Retention

We retain personal information only as long as necessary for the purposes outlined in this policy, or as required by law. After this period, we will securely destroy or de-identify the information.

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on the Website with the updated effective date. Continued use of the Website constitutes acceptance of the updated policy.

  1. Contact Us

For questions, access requests, corrections, or complaints:

Agency Fish Pty Ltd trading as Finity Frames main business location:
PO Box 208, Beechboro WA 6063
Email: support@finityframes.com Website: https://www.finityframes.com

This Privacy Policy is governed by the laws of Western Australia.