Who we are: Bicycle Centre (“we”, “us”, “our”) operates bicyclecentrebendigo.com.au and sells cycling products and accessories online to customers in Australia.

Scope

This Privacy Policy explains how we collect, use, disclose, and protect personal information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).  

The information we collect

We collect personal information that you provide or that is generated through your use of our services, including:

• Identity & contact: name, email, phone, billing and delivery address.
  
  
• Order & payment details: items purchased, order history, payment method (tokenised by provider), partial card details as permitted (we do not store full card numbers).
  
  
• Account & support: usernames, passwords, support requests and communications.
  
  
• Device & usage: IP address, device identifiers, browser type, pages viewed, and interactions with our emails and ads (via cookies and pixels).
  
  
• Marketing preferences: your newsletter/marketing opt-ins and unsubscribes.
  
  

Where reasonably necessary for certain products or services (e.g., bike fitting or health-related accessories you ask about), we may collect limited sensitive information you choose to provide (e.g., height/inseam for bike fit). We only collect sensitive information with your consent or as otherwise permitted by law.  

How we collect information

• Directly from you (checkout, account creation, contact forms, competitions, reviews).
  
  
• Automatically via cookies/SDKs/analytics and advertising pixels when you use the site or our emails.
  
  
• From third parties when you allow them to share information with us (e.g., payment gateways, courier partners, customer review platforms). We take reasonable steps to ensure you’ve been made aware of these collections as required by APP 5. 
  
  
  

Why we collect and use information

We use your information to:

• Process and deliver orders, provide customer support, manage returns/warranty.
  
  
• Create and manage your account.
  
  
• Improve our website, products and services (analytics, debugging, fraud prevention).
  
  
• Personalise your experience (saved carts, preferences).
  
  
• Direct marketing (emails/SMS/ads) where permitted and subject to opt-out.
  
  
• Comply with legal obligations (tax, record-keeping) and enforce our terms.
  Use and disclosure for direct marketing follows APP 7 and the Spam Act 2003 (consent, sender identification, and unsubscribe in each message). 
  
  
  

When we share information

We may share personal information with:

• Service providers: hosting, ecommerce platform, payment gateways (e.g., card processors), fraud and security tools, email/SMS platforms, analytics and advertising partners (e.g., Google Analytics/Ads, Meta) and logistics/courier partners to deliver your order.
  
  
• Professional advisers and regulators where required.
  
  
• Business transfers: if we restructure, merge or sell assets, in which case we’ll ensure protections continue.
  
  

Some recipients may be overseas (e.g., cloud hosting or analytics providers). We take reasonable steps to ensure overseas recipients protect your information consistently with the APPs.  

Cookies, pixels and online tracking

We use cookies and similar technologies for site functionality, analytics, and advertising (including third-party pixels). We aim to be transparent about this, provide controls, and respect your settings. See our Cookie Policy for details and how to manage preferences. The   has issued guidance on tracking pixels and transparency.  

Direct marketing & your choices

You can opt out of marketing at any time by using the unsubscribe link in our emails/SMS or by contacting us. Commercial electronic messages comply with the Spam Act (consent, identification, functional unsubscribe). Some service emails (order updates, account notices, warranty) are transactional and not marketing.  

Access and correction

You can request access to, or correction of, the personal information we hold about you. We’ll respond within a reasonable time and in accordance with APP 12/13. If we refuse access or correction, we’ll tell you why and how to complain.  

Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure (including encryption in transit, access controls, and staff training). However, no method is 100% secure.

Data retention

We retain personal information only as long as needed for the purposes set out above, to comply with legal/accounting obligations, or to resolve disputes. We then de-identify or securely delete it.

Children

Our website is directed to customers aged 16+. If you are a parent/guardian and believe a child has provided us personal information, please contact us to delete it.

Links to other sites

Our site may link to third-party sites we do not operate. Their privacy practices and notices apply to their handling of your information.

Notifiable Data Breaches

If a data breach is likely to result in serious harm, we will assess and, where required, notify affected individuals and the   under the Notifiable Data Breaches (NDB) scheme. See our Data Breach Notification Policy for more information.  

How to contact us

Bicycle Centre
Email: privacy@bicyclecentrebendigo.com.au

2) Privacy Collection Notice (for forms & checkout)

Use this short notice near every form (account, checkout, contact, newsletter), linking to the full Privacy Policy.

Who collects your information? Bicycle Centre.
What we collect and why? We collect your personal information (such as name, contact and delivery details, and order information) to process your purchase, deliver products, provide support, and (if you opt in) send marketing updates.
What happens if you don’t provide it? We may be unable to fulfil your order or respond to your request.
Who do we share it with? Service providers (hosting, ecommerce, payment, analytics/advertising, couriers) and as otherwise described in our Privacy Policy. Some recipients may be overseas.
Marketing: We’ll only send you marketing with your consent and you can unsubscribe anytime.
More information / your rights: See our Privacy Policy for how to access/correct your information or make a complaint.
This notice is provided under APP 5.  

3) Cookie Policy 

What are cookies? Cookies and similar technologies (like pixels and SDKs) store or access information on your device to make our site work, measure performance, and personalise content and ads.

How we use cookies

• Essential (required): for core site functions such as cart, checkout, security, and preferences.
  
  
• Analytics & performance: to understand site usage and improve the experience.
  
  
• Advertising & social media: to deliver and measure ads, and to build audiences (e.g., Google/Meta pixels). We do not combine cookie data with directly identifying information unless permitted and disclosed.
  
  

Your controls

• Cookie banner & preferences: On your first visit we show a banner and provide controls to manage preferences (accept/reject non-essential cookies).
  
  
• Browser settings: You can block or delete cookies through your browser.
  
  
• Ad settings: Manage Google Ads settings and social media ad preferences in your platform accounts.
  
  

Transparency around cookies and pixels forms part of open and transparent management of personal information under the APPs;   has issued guidance on tracking pixels and direct marketing obligations (Spam Act) that we follow.  

Third-party cookies

Some cookies are set by third parties (e.g., analytics, ad partners). Their privacy policies apply to their handling of data.

Retention

Cookies persist for varying periods; you can clear them at any time via your browser.

4) Data Breach Notification Policy (Public-facing)

Purpose
Explains how we respond to, and communicate about, data breaches involving personal information.

What is a data breach?
Unauthorised access to, disclosure of, or loss of personal information. Examples include a lost device containing customer details, unauthorised access to our systems, or sending personal information to the wrong recipient.  

Assessment and notification

• We promptly assess suspected breaches.
  
  
• If we have reasonable grounds to believe an eligible data breach has occurred and it is likely to result in serious harm, we will:
  
  
  • Notify affected individuals with recommended steps they should take, and
    
    
  • Notify the   as required by the NDB scheme.
    If individual notification is not practicable, we will publish a public statement and take reasonable steps to publicise it.
    
    

What we’ll tell you

• A description of the incident, the types of information involved, steps we’ve taken, and how you can protect yourself.
  
  
• Our contact details for further assistance.
  
  

Prevention and review
We maintain reasonable security controls, conduct reviews after incidents, and enhance measures as needed.

5) Direct Marketing Statement (optional separate page)

We may use your personal information for direct marketing (email, SMS, digital ads) where permitted by APP 7 and the Spam Act 2003. We will:

• obtain consent where required;
  
  
• clearly identify ourselves and provide contact details;
  
  
• include a functional unsubscribe in every message; and
  
  
• action unsubscribe requests promptly.
  You can opt out at any time. 
  
  

Implementation tips

• Put Privacy Policy and Cookie Policy in your site footer.
  
  
• Add the Privacy Collection Notice beneath checkout/account/newsletter forms with links to the full policy. This satisfies APP 5 notification. 
  
  
• If you use analytics/ads pixels, keep a record of the vendors and purposes (helps with transparency and   tracking-pixel guidance). 
  
  

Ensure email/SMS tools have a visible unsubscribe link and accurate sender details to meet Spam Act rules.