top of page

PRIVACY POLICY

Tropical Retreats Home and Garden

Effective date: 1 October 2025

Tropical Retreats Home and Garden (“we”, “us”, “our”) operates an online store selling home, garden and home décor products via drop shipping. We are located on the Sunshine Coast, QLD, Australia. You can contact us at admin@tropicalretreatshomeandgarden.com.

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit or make a purchase from our website (the “Site”). It is written to meet requirements of the EU/UK GDPR, the California Consumer Privacy Act (as amended by the CPRA), the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles, and other applicable laws. If a local law provides stronger protection, we will follow that law for users in that location.

1. Who we are (Controller)

For individuals in the EU/UK, we are the data controller of your personal data.
Business name: Tropical Retreats Home and Garden
Location: Sunshine Coast, QLD, Australia
Contact: admin@tropicalretreatshomeandgarden.com

If we appoint an EU/UK representative, we will update this notice.

2. Personal information we collect

We collect and process the following categories of data:

  • Identity & contact data: name, billing/shipping address, email, phone.

  • Order & transaction data: products purchased, order value, payment status, shipping status, refund/return history, correspondence about orders.

  • Payment data: last 4 digits of card, card type, transaction IDs, and payment confirmations. Full card details are handled by PayPal and Stripe; we do not store them.

  • Account data (if you create an account): login email, hashed password, saved addresses, preferences, wishlists.

  • Usage & technical data: IP address, device identifiers, browser type, pages viewed, time on site, referring/exit pages, approximate location (city/region), and similar diagnostic data collected via cookies, pixels, and similar technologies.

  • Marketing data: your marketing preferences and interaction with our emails or ads.

  • Customer support data: messages, attachments, and notes from chats/emails.

  • Supplier/partner data: where relevant for order fulfillment and fraud prevention.

We collect information directly from you (checkout, forms, email), automatically (cookies/analytics), and from third parties (payment processors, shipping carriers, fraud-prevention services).
 

3. Why we use your information (purposes & legal bases)

We process personal data only where we have a legal basis (GDPR):

  • To provide our services and fulfil contracts: process and deliver your orders, manage payments, returns and warranties, provide customer support. (Legal bases: Contract; Legitimate interests)

  • To operate, secure, and improve the Site: diagnostics, analytics, load balancing, debugging, and fraud prevention. (Legitimate interests; Consent for non-essential cookies)

  • Marketing and personalisation: send offers and updates (with your consent where required), measure campaign performance, and show relevant content/ads. (Consent; Legitimate interests)

  • Legal compliance: tax/audit obligations, responding to lawful requests. (Legal obligation)

  • Fraud prevention and security: detect and prevent abusive or illegal activity. (Legitimate interests; Legal obligation)

Where we rely on consent, you may withdraw it at any time (see Section 10).
 

4. Cookies and similar technologies

We use cookies, pixels, and local storage to make the Site work and to understand performance.

Types:

  • Strictly Necessary (e.g., session management, checkout, security)

  • Performance/Analytics (e.g., traffic and usage metrics)

  • Functional (e.g., remember settings)

  • Advertising/Retargeting (where enabled and with applicable consent)

Control: You can manage cookies via our on-site cookie banner (Wix) and your browser settings. For EU/UK/EEA visitors, non-essential cookies are set only with consent. Blocking some cookies may impact Site functionality.
 

5. Third-party services (including drop shipping)

To operate our business, we share data with trusted service providers under contracts that require them to protect your information and use it only for our purposes:

  • Website platform & hosting: Wix.com Ltd. (and its affiliates)

  • Payments: PayPal and Stripe (they process your payment data directly)

  • Dropshipping suppliers/fulfillment partners: to prepare, ship, and deliver your order (they receive only what they need, e.g., name, address, items)

  • Shipping & logistics: postal and courier companies, returns handlers

  • Fraud prevention & security: tools that help detect abusive activity

  • Analytics & performance: site analytics, error monitoring

  • Marketing & communications: email service providers, advertising partners (used only where permitted by law and your preferences)

We do not “sell” your personal information for money. For California residents, some sharing for targeted advertising may be considered a “sale” or “sharing” under CPRA—see Section 12 for your rights and opt-out choices.
 

6. Data retention

We retain personal data only as long as necessary for the purposes above:

  • Orders/Transactions: generally 7 years (tax/audit laws may require longer).

  • Customer accounts: until you delete the account or after 24 months of inactivity (we may anonymise).

  • Marketing records: until you unsubscribe or after 24 months of inactivity.

  • Support tickets: typically 3 years after resolution.

  • Cookies/analytics: per cookie/tool settings and legal requirements.

When data is no longer needed, we will delete or irreversibly anonymise it.
 

7. International data transfers

We are based in Australia and use providers that may process data in Australia, the EU/EEA, the United Kingdom, the United States, Israel, and other locations. Where required by law, we use appropriate safeguards for cross-border transfers, such as Standard Contractual Clauses (SCCs), and ensure recipients provide adequate protection. You can request a copy of relevant safeguards by contacting us.
 

8. Security

We use administrative, technical, and physical measures designed to protect personal data (e.g., HTTPS, access controls, encryption in transit where supported, least-privilege access, and secure vendor management). No system is 100% secure; please protect your account credentials and notify us immediately of any suspected compromise.
 

9. Your rights (general)

Depending on where you live, you may have rights to access, correct, delete, or object to certain processing, and to restrict processing or request data portability. You can exercise these rights by emailing admin@tropicalretreatshomeandgarden.com. We may need to verify your identity and will respond within the timeframe required by law.
 

10. GDPR/UK GDPR rights (EU/UK residents)

You have the right to:

  • Access your personal data and obtain a copy;

  • Rectify inaccurate or incomplete data;

  • Erase data (“right to be forgotten”) where permitted;

  • Restrict processing in certain circumstances;

  • Data portability (to receive your data in a structured, commonly used, machine-readable format and transmit it to another controller);

  • Object to processing based on our legitimate interests (including direct marketing);

  • Withdraw consent at any time (without affecting prior processing);

  • Not be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects (we do not engage in such decisions for purchases).

Supervisory authority complaints: You may lodge a complaint with your local data protection authority. We encourage you to contact us first so we can try to resolve your concern.
 

11. Australia rights (Australian residents)

You can request access to and correction of your personal information under the Australian Privacy Principles. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC). We will provide OAIC contact details upon request and list them below (Section 15).
 

12. California privacy rights (California residents)

Under the CCPA/CPRA, California residents have the right to:

  • Know/Access: the categories and specific pieces of personal information we collected, sources, purposes, and categories of third parties with whom we share it.

  • Delete: request deletion of personal information (subject to legal exceptions).

  • Correct: request correction of inaccurate personal information.

  • Opt-Out of Sale/Sharing: opt-out of the sale or sharing of personal information for cross-context behavioral advertising. We do not sell for money; some advertising/analytics may be considered “sharing”.

  • Limit Use/Disclosure of Sensitive Personal Information: we do not use sensitive personal information for purposes requiring this right.

  • Non-discrimination: we will not discriminate against you for exercising your rights.

How to exercise: Email admin@tropicalretreatshomeandgarden.com with “California Privacy Request” and your request type. You may use an authorised agent; we will verify your identity (and the agent’s authority) as required.
Opt-out controls: If we use advertising cookies that constitute “sale”/“sharing,” you can opt out via our cookie banner or by contacting us.
 

13. Children’s privacy

Our Site is not directed to children. We do not knowingly collect personal information from children under 13 (or under 16 in some jurisdictions) without appropriate consent. If you believe a child has provided personal information, contact us to delete it.
 

14. Communications & marketing

With your consent where required, we may send you marketing emails. You can unsubscribe at any time using the link in our emails or by contacting us. We may still send transactional or service messages (e.g., order confirmations, shipping notices).
 

15. How to contact us & lodge a complaint

Controller/Business: Tropical Retreats Home and Garden
Email: admin@tropicalretreatshomeandgarden.com
Address: Sunshine Coast, QLD, Australia (full mailing address available on request)

EU/UK: You may lodge a complaint with your local Data Protection Authority (DPA). Contact details are available on the European Data Protection Board and UK ICO websites.
Australia (OAIC): Office of the Australian Information Commissioner — www.oaic.gov.au, Tel: 1300 363 992.
California: You may contact the California Privacy Protection Agency (CPPA) or California Attorney General.

We aim to resolve all complaints promptly and fairly.
 

16. International drop shipping disclosures

Because we use drop shipping suppliers and global logistics partners, your name, shipping address, contact details, and ordered items may be shared with suppliers or warehouses located outside your country to fulfil your order. We require partners to process data only to provide the service and to safeguard your information appropriately, including through data transfer safeguards described in Section 7.
 

17. Automated decision-making & profiling

We do not make decisions that have legal or similarly significant effects on you based solely on automated processing. We may use limited profiling (e.g., basic segmentation for marketing with consent where required), which you can object to or opt out of (see Sections 9–12).
 

18. Do Not Track (DNT) and Global Privacy Control (GPC)

Our Site may not respond to DNT signals. Where legally required (e.g., California), we will treat a valid GPC signal as a request to opt out of “sale”/“sharing” for that browser.
 

19. Changes to this Policy

We may update this Policy from time to time. The “Effective date” will indicate the latest version. Material changes will be highlighted on the Site or sent to you by email where appropriate.
 

20. Region-specific information (summary)

  • EU/UK: GDPR rights apply; SCCs/other safeguards used for transfers.

  • Australia: APPs apply; complaints may be made to OAIC if unresolved.

  • California: CPRA rights apply; opt-out available for any “sale”/“sharing”.
     

21. Exercising your rights

To make a request or ask a question about this Policy or our practices, email admin@tropicalretreatshomeandgarden.com. Please specify your region (EU/UK, Australia, California/USA, or other), the right you wish to exercise, and enough details to verify your identity and locate your data. We’ll respond within the timelines required by law.
 

Payment processors (additional notice)

When you choose PayPal or Stripe, you are redirected to those providers. Their collection and use of your personal data is governed by their own privacy notices. We receive limited information necessary to confirm payment and fulfil your order.

If you have any questions, we’re here to help: admin@tropicalretreatshomeandgarden.com.

bottom of page