Privacy Policy

1. What is our privacy commitment?

In this policy 'we', 'us', 'our' and 'Ecofibre' refers to, and this Privacy Policy applies to, Ecofibre Ltd and its subsidiaries, including Ecofibre Asia Pacific Pty Ltd.

We are required to comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.

Ecofibre –

  • is committed to protecting the privacy of your Personal information
  • is committed to managing your Personal Information in an open and transparent way;
  • will only use your Personal Information when it is necessary for us to deliver you a product or service or perform other necessary business functions; and
  • will not use or disclose your Personal Information for purposes unrelated to our business activities unless we first obtain your consent

2. What information do we collect?

We collect Personal Information, and sometimes (although rarely) we might collect Sensitive Information. Under the APP –

  • "Personal Information" means information or an opinion about an identifiable individual or an individual who is reasonably identifiable, whether true or not, or recorded in a material form or not. For example, it includes your name, phone numbers, email address, residential address, age and gender.
  • "Sensitive information" means information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

The types of Personal Information Ecofibre may collect includes:

  • your name;
  • date of birth;
  • gender;
  • marital status and details of other family members;
  • residential, business and postal address;
  • email address;
  • contact telephone numbers;
  • password for online access;
  • details of the products you have ordered;
  • testimonials or opinions if you provide them;
  • financial information, such as credit card details;
  • written or verbal contact with Ecofibre, including voice recordings of telephone conversations; and
  • details of your access to our website

Whilst you may opt not to provide us with your Personal Information, you should be aware that without it, we may not be able to provide you with the products and services you want.

We generally do not solicit or collect Sensitive Information and we ask that you do not provide us with this type of information. However, if we do obtain Sensitive information from you in any circumstances, it will be used by us only:

  • For the primary purpose for which it was obtained;
  • For a secondary purpose that is directly related to the primary purpose;
  • With your consent; or
  • Where required or authorised by law.

We do not use Government Identifiers, such as tax file numbers or driver's licence number as identifiers of individuals, and we will not ask you for that information.

3. How and when do we collect that information and how is it held?

We will only collect your Personal Information by lawful and fair means, and not in an unreasonably intrusive manner.

Personal Information is obtained about you in many ways. It may be collected directly from you or it may be collected automatically through your interaction with us online. The collection of information can occur in the following ways:

  • by telephone;
  • by email;
  • via our websites, including your participation in any forum;
  • from media, publications and public databases;
  • from other publicly available sources;
  • from cookies;
  • from any forms you complete to become a customer or to order a product or service from us online or in person;
  • when you register with any of our other marketing programs or subscribe to our blogs or newsletters;
  • when you establish an account with us;
  • when you complete an online form on one of our social media channels;
  • when you enter a trade promotion or competition;
  • when you complete and return to us a hard copy form that is provided with one of our products; or
  • when you provide feedback via phone, e-mail, chat or social media.

Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

If we receive information about you from third parties or a publicly available source, then we will only collect that information if you have consented to such collection, or would reasonably expect us to collect your personal information in this way.

If we receive information about you that we do not need for our business activities, then we will destroy or de-identify that information (provided it is lawful to do so). If we receive information in error, then we will act promptly to remove the content.

Where we can, we will allow you to deal with us anonymously or by using a pseudonym. For example, if you wish to review a product or make a comment about our service, then you are able to do this anonymously. However, in some circumstances, Ecofibre may need to collect your Personal Information to provide you with a delivery or other service. In some cases, if you do not provide the required personal information, then we will not be able to provide you with that product or service.

4. For what purpose do we collect, hold and use your personal information?

When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

We collect your Personal Information for the primary purpose of providing our products and services to you. This includes the following activities:

  • shipping products to you;
  • sending you a shopping cart reminder email;
  • answering your inquiries;
  • telling you about other products that we think may be of interest to you;
  • maintaining and improving customer services;
  • managing your gift card balance;
  • managing and resolving any legal or consumer issues;
  • contacting you in relation to any loyalty, survey or marketing programs that we have on offer;
  • carrying out internal functions including training; and
  • conducting marketing research and analysis.

We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.

We will only use or disclose your personal information for direct marketing purposes if you have provided your Personal Information for that purpose (and you would expect us to use the information for that purpose), or if you have provided consent for your information to be used in this way (for example, though a catalogue, email, SMS/TXT message or direct mail permission).

When we contact you for direct marketing purposes, it may be by mail, telephone, email, SMS/text message or social media message. By subscribing to our communications list, you consent to receiving material which promote and market our products and services.

Where we use your Personal Information for the purpose of direct marketing, we will:

  • allow you to request not to receive direct marketing communications (that is, opt-out); and
  • comply with any request to opt-out within a reasonable timeframe.

We use cookies to ensure a good customer experience when they visit our site. Session cookies sent from our sites are explicitly marked as secure to prevent being obtained by active network attackers.

5. Do we share your information with other parties?

Your Personal Information will only be disclosed in the following circumstances:

  • To third parties where you consent to the use or disclosure;
  • Where you would reasonably expect, or have been told (by this Privacy Policy or by other means), that your information is passed to those individuals, businesses or agencies; or
  • Where required or authorised by law.

If we engage third parties, then we will take all reasonable steps to ensure that they do not breach privacy requirements in relation to the Personal Information before we share it with them. Those third parties could be:

  • companies that perform services on our behalf such as printers, post suppliers, delivery companies, data entry service providers, trade promotion or gift card administration, account management providers, IT companies that manage and maintain our database, survey companies acting on our behalf and digital marketing agencies (for the purposes of targeting on social media);
  • professional advisers (such as lawyers or auditors);
  • payment systems operators and financial institutions;
  • organisations authorised by Ecofibre to conduct promotional, research or marketing activities;
  • law enforcement agencies or government authorities; and
  • any persons acting on your behalf with your authority or as a legal requirement.

6. How do we protect your information?

Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure. It is stored on our database servers and filing systems managed by us in Australia.

There is an inherent risk involved in transmitting information via the Internet. However, our websites are professionally hosted and we follow best practice to ensure they operate in a secure environment. We have implemented a number of security measures to ensure your Personal Information is protected from misuse, interference, loss, unauthorised access, modification or disclosure, such as secure storage, encryption, firewalls, virus detection software, password restricted access, and by training our staff to handle Personal Information in accordance with the Privacy Act, the APP and this Privacy Policy.

Below is a summary of the steps that we take to protect the transmission of information through our websites:

  • We never store any credit card information – all processing is performed via PCI compliant vendors
  • All information from our web sites are transmitted in encrypted form and we do not allow connections via unencrypted connections
  • We use DNSSEC on all of our domains - DNSSEC is an extension of the DNS protocol that provides cryptographic assurance of the authenticity and integrity of responses
  • We have configured CAA on all of our domains - CAA (RFC 6844) is a standard that allows us to restrict which CAs are allowed to issue certificates for our domains. This helps reduce the chance of certificate mis-issuance
  • All our mail servers support TLS 1.2 to encrypt messages between external parties and ourselves. We enforce the receipt of mail via supported mail clients with MTA-STS and TLS-RPT
  • We have published SPF and DMARC records and sign our messages with DKIM to ensure the authenticity of messages received from us
  • We have enabled HSTS on our web servers to ensure that browsers connect to our site using modern security features.
  • We have enabled Content Security Policy, Subresource Integrity and secure transport of Mixed Content on our web sites to ensure that the connection encrypts all of the content we deliver via the web site
  • We have no on-premises infrastructure, it is all hosted by external parties who comply with relevant security standards

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify it. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.

7. How can you access the personal information that we hold and seek to access, correct or update it?

It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, then please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

Please note:

  • You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions.. If we are unable to give you access to the information you have requested, we will give you reasons for this decision when we respond to your request.
  • We will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information. We will advise you of any fee payable before we process your request.
  • In order to protect your Personal Information, we may require identification from you before releasing the requested information.
  • If you request for us to do so, then we will note your customer record as 'deleted', which means it will not be used for any purpose (such as marketing). However, your name and number will still remain in our database if it is attached to historical transactions.

If you believe that your Personal Information is not accurate, complete or up to date, then please contact us via email at or address your request to The Privacy Officer, Ecofibre Limited, P O Box 108, Virginia BC, QLD 4014 and we will correct this information.

8. Do we disclose your personal information to overseas entities, and if so, where are those entities located?

Your personal information may be disclosed to business partners and Ecofibre's service providers in Australia and overseas, in accordance with Point 5 above. The countries this information may be disclosed to will vary from time to time, but may include Australia, New Zealand and the United States of America.

If this is the case, then your personal information will be stored in a secure and encrypted form overseas, such as in data storage and cloud computing facilities operated by us or by third parties on Ecofibre's behalf.

9. How can you complain about a breach of the APP and how will we deal with complaints?

Please contact us if you -

  • have any queries or concerns about our Privacy Policy
  • have a complaint or concern about the manner in which your Personal Information has been collected or handled by us; or
  • would like to request access to or correction of the Personal Information we hold about you.

You can contact us by email at or you can write to The Privacy Officer, Ecofibre Limited, P O Box 108, Virginia BC, QLD 4014.

If you consider your privacy concerns have not been resolved satisfactorily by us, or you wish to obtain more information about privacy requirements, then please contact the Office of the Australian Information Commissioner on 1300 363 992 or visit its website at

10. How will we update this policy?

This Privacy Policy may change from time to time. The most current version of the Privacy Policy is on our website. Your use of our website following any changes to the Privacy Policy constitutes your acceptance of the amended policy.

11. How can you contact us?

If you have any questions regarding our Privacy Policy, then please email us at

If you would like Ecofibre to send you a hard copy of this Privacy Policy, then please contact us and we will do so at no charge to you.

You may unsubscribe from our mailing/marketing lists at any time by contacting us by email, in writing or by following the "unsubscribe" link on the message we send to you.