Effective date: 1 January 2025
Last updated: 1 January 2025

This Privacy Policy explains how 611 Holdings Pty Ltd trading as Oudism (ABN 74 671 067 726) (collectively, Oudism, we, us, our) collects, uses, discloses and protects your personal information when you visit oudism.com and related subdomains, purchase our products, join our programs, or otherwise interact with us (together, the Services).

We are committed to the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), and—where applicable—to privacy laws in other regions (for example, the EU/UK GDPR and certain US state privacy laws such as the California Consumer Privacy Act as amended by the CPRA (together, US State Privacy Laws)).

If any part of this Policy conflicts with local law that applies to you, we will comply with that local law.

1. Who we are and how to contact us

Controller: 611 Holdings Pty Ltd trading as Oudism
Address for privacy matters: c/o PWC, Level 17, Tower 1, 100 Barangaroo Avenue, Barangaroo NSW 2000, Australia
Email: hello@oudism.com (subject: “Privacy”)
Website: https://www.oudism.com

We may appoint a Privacy Officer to oversee compliance. You can contact us via the above email with any questions or requests.

2. What we collect

The personal information we collect depends on how you interact with us. It may include:

Identity & contact: name, email address, phone number, billing/shipping address, country.
Account & Program data: login credentials, preferences, order history, Honor Circle membership status, points/credits and redemptions.
Order & payment: products purchased, order notes, delivery instructions, currency, payment method (we receive payment confirmations and limited card tokens via our processors; we do not store full card numbers).
User‑generated content (UGC): product reviews, photos, videos, testimonials (including via Loox and our social channels).
Marketing interactions: newsletter opt‑ins/opt‑outs, campaign performance, SMS/email engagement (e.g., via Klaviyo).
Device & usage: IP address, device identifiers, cookie IDs, browser type, language, time zone, referring/exit pages, page views and actions on our site, error logs (e.g., via Shopify, Google Analytics/GA4, Meta Pixel and similar tools).
Provenance verification: when you use NFC or similar features (e.g., Tap to Verify), we may log the tag or item ID, timestamp, device interaction data, approximate location (if enabled on your device), and verification result to help combat fraud and to support customer service.
Support & communications: messages to our team (e.g., via hello@oudism.com), survey responses, dispute correspondence.
Inferences: segments or preferences we derive (e.g., likely interests) to personalise experiences.

We may also collect information from third parties, such as payment providers, logistics partners, anti‑fraud services, affiliate platforms, and social media networks when you interact with our content.

We do not intentionally collect sensitive information (e.g., health, biometric or precise geolocation). Please do not include sensitive information in orders, notes or UGC.

3. Why we use your information (purposes & legal bases)

We use personal information to:

1. Provide the Services: process orders, take payment, arrange shipping, provide customer support, and manage accounts and Honor Circle membership. (Legal bases: contract; legitimate interests; compliance with law.)
2. Personalise & improve the Site and our products, including analytics, A/B testing, troubleshooting and service development. (Legitimate interests; consent where required.)
3. Marketing & advertising: send newsletters and SMS (with your consent where required), show you personalised ads on our site and others, run promotions, and measure campaign performance. (Legitimate interests or consent; you can opt out at any time.)
4. Fraud prevention & security: verify identity, detect suspicious activity, protect our rights and users, and maintain service integrity. (Legitimate interests; compliance with law.)
5. Provenance verification: operate NFC or similar features to confirm authenticity and detect counterfeits. (Legitimate interests.)
6. Legal compliance: taxation, accounting, reporting, and responding to lawful requests. (Legal obligations.)
7. Where we rely on consent, you can withdraw it at any time via settings or by contacting us.

8. 4. Cookies, analytics and targeted ads

9. We use cookies, pixels and similar technologies (collectively, cookies) to operate the Site, remember choices, analyse traffic and deliver ads. This includes Shopify cookies, Google Analytics (GA4), Meta Pixel, Loox review widgets, and Klaviyo email/SMS tracking.
10. Your choices:
11. Use our cookie banner/preferences (where available) to accept or reject non‑essential cookies.
12. Control cookies at the browser level (e.g., block or delete).
13. Opt out of Google Analytics with the browser add‑on and manage ad personalisation in your Google and Meta settings.
14. Some browsers support Global Privacy Control (GPC) signals; where legally required (e.g., California), we treat GPC as a request to opt out of cross‑context behavioural advertising (also called “sale”/“sharing” under US laws).
15. Blocking cookies may reduce site functionality.

5. Disclosing your information

We disclose personal information to:

1. Service providers / processors: e.g., Shopify (commerce platform), Shopify Payments/Apple Pay/Google Pay (payments), carriers and fulfilment partners, email/SMS and CRM tools (e.g., Klaviyo), Loox (reviews/UGC), analytics and advertising partners (e.g., Google, Meta), site/content tools (e.g., Bloggle), cloud hosting and security providers, and customer support tools.
2. Affiliates and loyalty partners: to run referrals, attribution and Honor Circle functionality (if applicable).
3. Authorities and professional advisers: where required by law, to protect our rights, or for dispute resolution.
4. Business transfers: in connection with a merger, acquisition, financing or sale of assets, subject to confidentiality.

We require service providers to use personal information only on our instructions and to protect it appropriately.

6. International transfers

We operate globally and use service providers located outside Australia, including in the United States, Canada, the European Union/EEA, the United Kingdom, Singapore and other locations. When transferring personal information internationally, we take steps to protect it under applicable law, which may include contractual safeguards (e.g., Standard Contractual Clauses), reliance on an adequacy decision, or other lawful mechanisms. Where required, we will provide further details on request.

7. Retention

We keep personal information for as long as necessary to fulfil the purposes above, including to comply with legal, tax and accounting requirements. Typical periods include: order records and invoices for 7 years; marketing preferences while you remain subscribed (and limited suppression records thereafter); device analytics logs for 12–24 months. We will delete or de‑identify information when no longer needed, unless a longer period is required by law or to resolve disputes.

8. Security

We use technical and organisational measures to protect personal information (e.g., encryption in transit, access controls, least‑privilege practices, and monitoring). No method is 100% secure; please use unique, strong passwords and safeguard your account credentials.

9. Your privacy rights

Australia (APPs): You may request access to and correction of your personal information. We will respond within a reasonable time. If we refuse a request (e.g., due to legal restrictions), we will explain why.

EU/UK (GDPR): Depending on the circumstances, you may have rights to access, rectification, erasure, restriction, portability, and objection (including to profiling/marketing), and the right to withdraw consent. You also have the right to lodge a complaint with your local data protection authority.

US State Privacy Laws (including California): Residents may have rights to know/access, correct, delete, opt‑out of the “sale” or “sharing” of personal information and targeted advertising, and to limit use/disclosure of sensitiveinformation (which we do not intentionally collect). We do not discriminate against you for exercising your rights.

Exercising rights: Email hello@oudism.com with the subject “Privacy Request” and specify your region. We may need to verify your identity. You may designate an authorised agent where allowed by law.

Marketing choices: You can unsubscribe from emails via the link in the message or by contacting us. For SMS, reply STOP (or as instructed) or contact us.

10. Children

Our Services are not directed to children and are intended for adults. We do not knowingly collect personal information from persons under 16 (and accounts/purchases are limited to persons of legal majority). If you believe a child has provided us information, contact us and we will take appropriate action.

11. User‑generated content

UGC you submit (e.g., reviews through Loox or posts on our social channels) may be public. Do not include personal information you do not want others to see. We may use UGC in accordance with our Terms of Use.

12. Honor Circle (loyalty program)

If you participate in Honor Circle, we process additional data such as eligibility, tier, benefits, redemptions and communications. We use this data to operate the program, prevent abuse, and personalise offers. You can opt out at any time; doing so may cause benefits to expire or become unavailable. Additional program terms may apply.

13. Provenance verification (Tap to Verify)

Provenance checks are informational tools and not a warranty. When you tap an NFC tag or similar feature, we may collect interaction metadata (see Section 2) to validate authenticity, detect tampering and support customer service and anti‑counterfeit measures.

14. Do we “sell” or “share” personal information?

We do not sell personal information for money. We may allow advertising and analytics partners to collect identifiers and activity information on our Site (via cookies/pixels) to help deliver cross‑context behavioural advertising; this may be considered a “sale” or “sharing” under some US laws. You can opt out via our cookie controls, by enabling GPC, or by emailing us with the subject “Do Not Sell or Share”.

15. How to make a complaint

If you have concerns about how we handle your personal information, please contact us first at hello@oudism.com and we will try to resolve your complaint.

If you are in Australia and remain dissatisfied, you may contact the Office of the Australian Information Commissioner (OAIC) (see oaic.gov.au for current contact details). If you are in the EU/UK or US, you can contact your local authority.

16. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will take reasonable steps to notify you (for example, by posting a notice on the Site). The effective date at the top tells you when it last changed.

17. Additional information

If you need this Policy in another format or language, or have accessibility needs, please let us know at hello@oudism.com.