PRIVACY POLICY
Criteria Coffee
Last Updated: 25 June 2026
Criteria Coffee Pty Ltd, ACN 624 079 063 (hereinafter referred to as “Criteria Coffee”) Privacy Policy
Criteria Coffee (referred to as “we”, “us”, or “our”) is committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, hold, and disclose your personal information when you visit and use our website at criteriacoffee.com (the “Site”), which is operated via WordPress and WooCommerce.
We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) contained in Schedule 1 of that Act. These principles govern how Australian businesses must handle personal information. By using our Site, you agree to the collection and use of your information as described in this Policy.
1. What Personal Information We Collect
We only collect personal information that is reasonably necessary for our business functions. This includes:
1.1 Information You Provide Directly
- Contact details: full name, email address, phone number, billing address, and shipping address.
- Account details: username and encrypted password if you register an account.
- Payment details: credit or debit card information — collected and processed securely by our payment gateway, Stripe. We do not store card numbers on our servers.
- Communications: messages or enquiries you send us via contact forms, email, or social media.
- Marketing preferences: your email address, phone number and name if you subscribe to our newsletter via Mailchimp.
1.2 Information Collected Automatically
- Technical data: your IP address, browser type and version, device type, operating system, and referral URLs.
- Browsing behaviour: pages you visit, products you view, items added to your cart, and session duration.
- Cookie data: small data files placed on your device by WooCommerce and Google Analytics. See Section 8 for more detail.
1.3 Information from Third Parties
We may receive limited information from third-party platforms such as social media channels if you interact with our content or contact us through those platforms.
2. How We Collect Personal Information
We collect your information through the following means:
- Directly from you, when you browse our Site, create an account, place an order, complete checkout, submit a contact form, or subscribe to our marketing newsletter.
- Automatically, through cookies and web analytics tools as you navigate our Site.
- From third-party platforms, when you contact us via social media or use social login features.
We will only collect personal information by lawful and fair means, and not in an unreasonably intrusive way, as required under Australian Privacy Principle 3 (APP 3).
3. Why We Collect and Use Your Information
We collect and use your personal information for the following primary purposes:
3.1 Order Fulfilment and Customer Service
- Processing and confirming your online orders and payments.
- Arranging and tracking the shipment and delivery of your purchases.
- Sending order confirmations, invoices, shipping notifications, and delivery updates.
- Handling returns, exchanges, refunds, and customer support enquiries.
3.2 Account Management
- Creating and maintaining your customer account.
- Enabling you to view your order history and manage your preferences.
3.3 Business Operations and Security
- Screening orders to detect and prevent fraud or other unlawful activity.
- Improving our website, product range, and overall customer experience.
- Complying with our legal and regulatory obligations under Australian law.
3.4 Marketing Communications
- Sending you promotional emails, product news, special offers, and our newsletter — but only if you have explicitly opted in to receive such communications.
- Our Mailchimp subscriber list may include individuals located outside Australia who have opted in to our newsletter. We do not sell to international customers via our website, however we do not restrict newsletter sign-ups by location. All subscribers, regardless of location, can unsubscribe at any time.
- You may opt out of marketing emails at any time using the “Unsubscribe” link at the bottom of any email we send, or by contacting us directly.
We will not use your personal information for purposes other than those described above without first obtaining your consent, unless we are required or authorised to do so by law (APP 6).
4. How We Share and Disclose Your Information
We do not sell, rent, or trade your personal information to third parties. We only disclose your information to trusted third-party service providers who assist us in operating our business, and only to the extent necessary for those services. These providers include:
- WooCommerce & WordPress — The e-commerce and content management platform used to operate our online store. Order data is stored within our WooCommerce database.
- Stripe — Our payment processing provider. Stripe securely handles all credit and debit card transactions. We do not store your card details on our servers. Stripe complies with the Payment Card Industry Data Security Standard (PCI-DSS). See Stripe’s privacy policy at stripe.com/au/privacy.
- Mailchimp (Intuit Inc.) — Our email marketing platform. If you opt in to marketing, your name and email address are transferred to Mailchimp to manage our subscriber list and send campaigns. See Mailchimp’s privacy policy at mailchimp.com/legal/privacy.
- Shipping and Logistics Providers — Your name and delivery address are shared with our courier partners (e.g., Australia Post, Sendle, or other carriers) solely for the purpose of fulfilling your delivery.
- Google Analytics — We use Google Analytics to understand how visitors use our Site. This involves the collection of anonymised usage data. See Google’s privacy policy at policies.google.com/privacy.
- Legal and Regulatory Disclosure — We may disclose your information if required to do so by Australian law, court order, or enforceable government request. We will notify you of such a requirement where we are lawfully permitted to do so.
All third-party providers are required to handle your personal information securely and only for the purposes for which it was disclosed.
5. Overseas Disclosure of Personal Information
Criteria Coffee sells exclusively to customers within Australia via our website. However, some of the third-party technology platforms we use to operate our business are headquartered or host data outside of Australia. This means your personal information may be transferred to and processed in overseas jurisdictions — not because we sell internationally, but because of where our service providers operate.
The relevant overseas providers and their primary locations are:
- Stripe (United States) — payment processing.
- Mailchimp / Intuit Inc. (United States) — email marketing. Note: our Mailchimp subscriber list may include individuals based outside Australia who have voluntarily subscribed to our newsletter. These subscribers are not customers and have not transacted with us via our website.
- Google LLC (United States) — website analytics via Google Analytics.
Before disclosing your personal information to these overseas recipients, we take reasonable steps to ensure they handle your data in a manner consistent with the Australian Privacy Principles, as required by APP 8. Each of the providers listed above maintains internationally recognised privacy and security standards.
By using our Site and providing your personal information, you acknowledge that your data may be transferred to and processed in countries outside of Australia, including the United States, as described above.
6. How We Protect Your Information
We take the security of your personal information seriously. We implement a range of physical, electronic, and procedural safeguards to protect your data from misuse, interference, loss, unauthorised access, modification, or disclosure (APP 11).
Our security measures include:
- SSL/TLS Encryption — Our website uses Secure Sockets Layer (SSL) technology to encrypt all data transmitted between your browser and our server.
- Payment Security — All payment transactions are processed by Stripe and comply with PCI-DSS standards. We do not store credit card data on our systems.
- Access Controls — Access to customer data within our systems is restricted to authorised personnel only, on a need-to-know basis.
- Password Protection — Customer account passwords are stored in encrypted form and are never accessible to our staff.
- Software and Plugin Security — We maintain our WordPress and WooCommerce installation with regular updates and security patches.
Despite these measures, no method of data transmission or storage is 100% secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.
7. Data Retention
We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, accounting, or reporting obligations.
- Order and transaction records are generally retained for seven (7) years in accordance with Australian taxation law requirements.
- Customer accounts are retained until you request deletion of your account.
- Marketing subscriber data (held in Mailchimp) is retained until you unsubscribe or request removal.
- Website usage data collected via cookies and analytics is subject to the retention periods set by those third-party tools.
When personal information is no longer required, we will take reasonable steps to destroy or de-identify it securely.
8. Cookies and Tracking Technologies
Our Site uses cookies and similar tracking technologies to enhance your shopping experience, analyse traffic, and support our marketing efforts.
8.1 What Are Cookies?
Cookies are small text files placed on your device by your browser when you visit a website. They allow the website to remember your actions and preferences over time.
8.2 Cookies We Use
- Essential Cookies — Required for core functionality, including maintaining your shopping cart (WooCommerce session cookies) and secure login.
- Analytics Cookies — Google Analytics uses cookies to collect anonymised data about how visitors use our Site (e.g., pages visited, session duration, traffic source). This data helps us improve our Site.
- Marketing Cookies — If you have opted into marketing, we may use cookies to track the effectiveness of our email campaigns.
8.3 Managing Cookies
You can control and disable cookies through your browser settings. Please note that disabling essential cookies may prevent you from using key features of our Site, such as the shopping cart. For information on how to manage cookies in your specific browser, refer to your browser’s help documentation.
By continuing to use our Site without changing your cookie settings, you consent to our use of cookies as described in this Policy.
9. Your Rights Under the Australian Privacy Principles
Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the following rights in relation to your personal information:
9.1 Right of Access (APP 12)
You have the right to request access to the personal information we hold about you. We will respond to your access request within a reasonable timeframe (generally within 30 days). We will not charge you for making a request, though we may charge a reasonable fee for providing access in certain circumstances.
9.2 Right to Correction (APP 13)
If you believe that any personal information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request that we correct it. We will take reasonable steps to correct the information as quickly as possible.
9.3 Right to Withdraw Consent (Marketing)
You may unsubscribe from our marketing communications at any time by clicking the “Unsubscribe” link at the bottom of any email or by contacting us directly. We will action your request promptly.
9.4 Right to Anonymity (APP 2)
Where practicable and lawful, you have the option to interact with us anonymously or by using a pseudonym. However, please note that some services (such as placing an order) require us to collect your personal information to fulfil our obligations to you.
To exercise any of the above rights, please contact our Privacy Officer using the details in Section 11.
10. Privacy Complaints
If you believe that we have breached your privacy or failed to comply with the Australian Privacy Principles, we encourage you to contact us in the first instance so that we can attempt to resolve the matter.
To lodge a complaint, please contact our Privacy Officer in writing (see Section 11). We will:
- Acknowledge your complaint within 5 business days.
- Investigate your complaint thoroughly and in good faith.
- Provide you with a written response setting out our findings and proposed resolution within 30 days.
If you are not satisfied with our response, or if we fail to respond within the required timeframe, you may lodge a formal complaint with the Office of the Australian Information Commissioner (OAIC):
Office of the Australian Information Commissioner (www.oaic.gov.au)
Phone: 1300 363 992
11. Contact Our Privacy Officer
For any questions, concerns, access requests, or complaints relating to this Privacy Policy or our handling of your personal information, please contact us:
- Business Name: Criteria Coffee
- Website: criteriacoffee.com
- Email: info@criteriacoffee.com
- ABN: 46 115 641 410
- Postal Address: 37 Wirraway Drive. Port Melbourne, VIC 3207.
We will aim to respond to all enquiries within 5 business days.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes, we will update the “Last Updated” date at the top of this document and publish the revised Policy on our website.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Site following any changes constitutes your acceptance of the updated Policy.