Privacy Policy

This Privacy Policy applies to all personal information collected by Baazar Pty Ltd (ABN: 92 698 446 650) (“Baazar”, “we”, “our”, “us”) through baazar.com.au and our related applications and services (the “Platform”).

“Personal information” means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether the information is true or not, and whether it is recorded in a material form or not.

We collect personal information in the following ways:

Information you provide directly:

• Account details: name, email address, phone number, and password when you register.
• Delivery addresses: street address, suburb, state, and postcode for order fulfilment.
• Payment information: card details processed securely by Stripe — we do not store full card numbers.
• Order history: details of products you purchase or browse.
• Communications: messages sent to our support team, product reviews, and survey responses.
• Seller information: ABN, business name, bank account details (for sellers applying to the platform).

Information collected automatically:

• Usage data: pages visited, search queries, products viewed, and time spent on the Platform.
• Device information: IP address, browser type, operating system, and device identifiers.
• Cookies and tracking technologies: see Section 5 below.
• Location data: approximate location derived from your IP address for delivery zone estimation.

We use personal information to:

• Process and fulfil your orders, including communicating order status and delivery updates.
• Manage your account, including authentication and security.
• Process payments and prevent fraud.
• Send transactional emails (order confirmations, shipping notifications, password resets).
• Send marketing communications if you have opted in — you can unsubscribe at any time.
• Improve the Platform through analytics, A/B testing, and user research.
• Personalise your experience, including product recommendations and promotions.
• Respond to customer support enquiries and resolve disputes.
• Comply with legal obligations, including tax and financial reporting requirements.
• Detect, investigate, and prevent fraudulent transactions, abuse, and violations of our Terms.

We will only use your personal information for the purpose it was collected, or a directly related secondary purpose, or as you otherwise consent.

We may share your personal information with:

• Sellers: when you place an order, the relevant Seller receives your name, delivery address, and order details to fulfil the order. Sellers are bound by confidentiality obligations and must not use your information for any other purpose.
• Delivery partners: logistics companies and drivers who deliver your orders receive your name, address, and contact number solely for delivery purposes.
• Payment processors: Stripe processes your payment information. Their privacy policy applies to payment data. We do not store full card details.
• Service providers: hosting, email delivery, analytics, and fraud detection providers who process data on our behalf under appropriate data processing agreements.
• Regulatory authorities: government agencies or law enforcement when required by law, court order, or to protect rights and safety.
• Business transfers: in the event of a merger, acquisition, or sale of assets, your information may be transferred — we will notify you before this occurs.

We do not sell your personal information to third parties.

We use cookies and similar technologies (pixels, local storage) to operate the Platform, remember your preferences, and understand how you use our services.

Types of cookies we use:

• Strictly necessary: required for authentication and core Platform functions. Cannot be disabled.
• Functional: remember your language, location, and cart contents.
• Analytics: understand how visitors use the Platform (e.g., page views, click paths).
• Marketing: deliver relevant advertising on Baazar and third-party platforms (only with your consent).

You can control cookies through your browser settings. Disabling strictly necessary cookies may affect Platform functionality.

We retain your personal information for as long as your account is active and for a reasonable period thereafter to provide customer support and meet our legal obligations.

Order records are kept for a minimum of 7 years to comply with Australian taxation and financial record-keeping laws. Anonymised analytics data may be retained indefinitely.

When personal information is no longer required, we securely delete or anonymise it.

We implement industry-standard technical and organisational safeguards to protect your personal information, including:

• TLS/SSL encryption for all data transmitted to and from the Platform.
• Passwords stored as cryptographic hashes — we never store plain-text passwords.
• Payment data handled exclusively by PCI-DSS compliant processor Stripe.
• Role-based access controls limiting employee access to personal information.
• Regular security reviews and vulnerability assessments.

Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. If you suspect your account has been compromised, contact us immediately.

Under the Australian Privacy Act, you have the right to:

• Access: request a copy of the personal information we hold about you.
• Correction: request that we correct inaccurate or outdated information.
• Deletion: request deletion of your account and associated personal data, subject to our legal obligations to retain certain records.
• Opt-out of marketing: unsubscribe from promotional emails via the link in any marketing email, or by contacting us.
• Complaint: lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we have breached the APPs.

To exercise any of these rights, contact us at privacy@baazar.com.au. We will respond within 30 days. We may need to verify your identity before processing requests.

The Platform is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

Baazar is an Australian business and primarily stores data on servers located in Australia. Some of our third-party service providers (including cloud infrastructure and analytics tools) may process data outside Australia. Where this occurs, we take reasonable steps to ensure the receiving party upholds privacy protections comparable to Australian Privacy Law.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the updated policy on this page with a revised “Last Updated” date.

For material changes, we will notify registered users by email at least 14 days before the changes take effect. Your continued use of the Platform after the effective date constitutes acceptance of the updated policy.

For privacy-related enquiries, requests, or complaints, please contact our Privacy Officer:

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).