Privacy Policy

Privacy Policy Australia Tasting Room & Buy the Box

  1. Who we are & scope
    1. This Privacy Policy explains how Mullholland Pty Ltd (ABN 13 131 922 008) trading as Australia Tasting Room (ATR) and Buy the Box (BTB) (together, “we”, “us”, “our”) collects, uses, discloses and protects your personal information across our websites, customer accounts, marketing, and customer support channels.
    2. It applies to visitors, customers, gift card purchasers/recipients, producers/vendors and business contacts interacting with ATR and BTB globally.
    3. We comply with the Australian Privacy Act and Australian Privacy Principles (APPs), and where applicable the GDPR/UK GDPR and California CCPA/CPRA.
    4. By using our services, you agree to this policy.
  2. Personal information we collect
    1. Identity & contact: name, email, phone, billing/shipping addresses, country.
    2. Account: login details, preferences, saved addresses, marketing subscriptions.
    3. Order & fulfilment: items purchased, gift messages, order notes, bottle limits, delivery instructions, proof-of-age (where required), customs information and declarations for international shipments.
    4. Payments: payment method, transaction IDs and status from payment providers (we do not store full card numbers).
    5. Producer/vendor: winery contact details, store profiles, product and stock information, fulfilment and settlement history.
    6. Device & usage: IP address, device identifiers, browser/OS, pages viewed, referring URLs, session logs, cookie IDs, advertising IDs.
    7. Communications: emails, chat messages, support cases, survey responses, reviews (including any images you upload).
    8. Special cases: documents needed to comply with import rules in certain countries (e.g., tax IDs, permits). We collect only what is legally required to process your order.
  3. How we collect information
    1. Directly from you: during checkout, account creation, forms, emails, support tickets, reviews and surveys.
    2. Automatically: via cookies, pixels and analytics when you browse our sites.
    3. From third parties: payment processors, fraud-prevention services, logistics partners (e.g., couriers and customs), marketing platforms, social sign-ins where used.
  4. Why we use your information
    1. Provide & improve services: process orders, deliver goods, customer support, returns/credits, site performance and personalisation.
    2. Legal & compliance: age verification, customs and import/export declarations, tax and accounting, fraud and security.
    3. Communications: transactional emails (order/invoice/shipping/credit), service notices, and—if you opt in—newsletters, recommendations and promotions.
    4. Analytics & ads: understand usage, measure campaigns, prevent abuse.
    5. Legal bases (EU/UK): performance of contract, legitimate interests (running and securing our services), consent (marketing/cookies), legal obligation.
  5. Sharing your information
    1. Producers/Vendors: only what’s needed to fulfil your order (items, recipient details, delivery info, gift messages).
    2. Logistics & customs: couriers, consolidators and customs authorities (e.g., Get Freighted for ATR USA consolidations; DHL for Rest of World), including required customs data.
    3. Payments: PCI-compliant processors and anti-fraud providers.
    4. Service providers: IT hosting, email and marketing platforms, analytics and support tools under data processing agreements.
    5. Legal: where required by law, to protect our rights, or for fraud prevention.
    6. We do not sell your personal information.
  6. International transfers
    1. Your data may be processed in Australia and other countries where we or our partners operate (including the US, UK/EU, New Zealand, Singapore, Hong Kong, Japan and others).
    2. Where required, we use approved safeguards (e.g., Standard Contractual Clauses, UK Addendum) and contractual protections.
  7. Retention
    1. Orders, invoices and financial records: kept for statutory periods (typically up to 7 years).
    2. Accounts: for as long as your account remains active or as needed to provide services.
    3. Marketing preferences: until you unsubscribe or your request is actioned.
    4. Support records: retained per our operational/legal requirements.
    5. Cookies: per cookie type and tool, as disclosed in our Cookie section.
  8. Your choices & rights
    1. All users: access/update your details via “My Account”; unsubscribe links in marketing emails; contact us to exercise privacy rights.
    2. Australia (APPs): request access and correction; lodge complaints with the OAIC.
    3. EU/UK (GDPR): rights to access, rectification, erasure, restriction, portability, objection; withdraw consent; complain to your Data Protection Authority.
    4. California (CCPA/CPRA): rights to know/access, correct, delete, and limit use of sensitive personal information; opt-out of “sharing” for cross-context behavioural advertising (we do not “sell” personal information).
    5. We will verify requests and respond within applicable timeframes.
  9. Cookies, analytics & ads
    1. We use essential cookies (site functionality and security) and, with consent where required, performance/analytics and marketing cookies/pixels.
    2. You can manage cookies via your browser settings and, where available, our cookie preferences tools. Blocking some cookies may affect site functionality.
  10. Marketing preferences
    1. You’ll only receive marketing if you opt in or where otherwise permitted by law. You can unsubscribe anytime via the link in our emails or in your account preferences.
    2. Transactional emails related to your orders and account will continue regardless of marketing preferences.
  11. Security
    1. We implement administrative, technical and physical safeguards appropriate to the nature of the data, including encryption in transit, access controls and monitoring.
    2. We notify authorities and/or affected individuals of data breaches as required by applicable law.
  12. Children & age restrictions
    1. Our services are intended for persons of legal drinking age in their jurisdiction. We do not knowingly collect data from minors.
  13. Links to other sites
    1. Our websites may contain links to third-party sites. We are not responsible for their privacy practices. Review their policies before providing personal information.
  14. Changes to this policy
    1. We may update this policy from time to time. The latest version applies. Effective date: August 2025.
  15. Contact & complaints
    1. Data Controller: Mullholland Pty Ltd (Australia Tasting Room & Buy the Box), L2/100 Cubitt St, Cremorne VIC 3121, Australia.
    2. Email: support@australiatastingroom.com (or use the contact form on our websites).
    3. Australia (OAIC): You may lodge a complaint with the Office of the Australian Information Commissioner if you’re unsatisfied with our response: oaic.gov.au/privacy/privacy-complaints.
    4. For EU/UK/California residents, you may also contact your local authority as outlined in “Your choices & rights”.