Privacy policy

Welcome to SUNNYBOD™. SUNNYBOD™  (ABN 96 784 596 810) trading as SUNNYBOD™ (collectively and individually referred to as “SUNNYBOD™ ”, “we,” “our,” or “us”) respects the privacy rights of our online visitors, clients, customers, suppliers and employees (hereinafter referred to as "you," "your," or "yours"). 

We value your privacy and want you to feel confident and informed about how we handle your personal information. That's why we have developed this Privacy Policy, which outlines our commitment to protecting your privacy and complying with applicable privacy laws, including the Privacy Act 1988 (Cth), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA), and any replacement legislation or regulation or guidelines and standards governing the use, storage or transmission of personal data.

At SUNNYBOD™, we strive to collect, handle, disclose, destroy, store, and use your information in a responsible and transparent manner. This Privacy Policy explains how we do so and provides you with important information about your rights and options regarding your personal information.

It's important to note that this Privacy Policy applies to all the products and services we provide, including our website (www.sunnybod.com), our social media channels, and any other interactions you may have with us. It is an integral part of our Website Terms & Conditions, ensuring that your personal information is handled consistently and in accordance with the highest privacy standards. 

When you visit our website (www.sunnybod.com), you consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy. We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.

We encourage you to read this policy carefully to understand how we collect, handle, and use your information. If you have any questions or concerns, please don't hesitate to reach out to us at hello@sunnybod.com.

 

Minors

The Site is not intended for individuals under the age of 16. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address below to request deletion.  If you are under the age of thirteen, you must ask your parent or guardian for permission to use this website. hello@sunnybod.com.

Our Responsibilities

As we're the providers of the amazing products and services you find on this Site, we take care of deciding how and why your data is processed. We don't sell or rent your details to any thrid parties. Your privacy means a lot to us, and we want to be completely transparent about the information we collect and how we use it.

 

Your Responsibilities

• Please read this Privacy Policy, Terms of Sale, Terms of Use and and and all Website Terms & Conditions.
• If you provide us with any data relating to a third party, you confirm that you have the right to authorise us to process that  data on your behalf in accordance with this Privacy Policy.

What Personal Information Do We Collect From You And How?

At SUNNYBOD™, we collect personal information in various ways to ensure seamless delivery of our products and services. From the moment you visit our Site, we are collecting data. This data may be collected when you place an order, or register for our services, otherwise we might collect the data automatically. 

Personal information includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details. It may also include financial information, including your credit card information.

We may collect the following types of personal information:

• name;
• mailing or street address;
• email address;
• telephone number and other contact details;
• age or date of birth;
• credit card information;
• your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
• details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries;
• any additional information relating to you that you provide to us directly through our website or indirectly through your use of our website or online presence or through other websites or accounts from which you permit us to collect information;
• information you provide to us through customer surveys; or
• any other personal information that may be required in order to facilitate your dealings with us. 

We may collect these types of personal information either directly from you, or from third parties. We may collect this information when you: 

• register on our website or purchase our goods or services;
• communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites;
• interact with our sites, services, content and advertising; or
• invest in our business or enquire as to a potential purchase in our business.
  

In addition, when you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history and relevant records checks) from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract. This Privacy Policy does not apply to acts and practices in relation to employee records of our current and former employees, which are exempt from the Privacy Act.

 

How do we collect, use and disclose personal information?

We may collect, hold, use and disclose your personal information for the following purposes:

• to enable you to access and use our website or goods and services, or to attend an event we conduct;
• to operate, protect, improve and optimise our website, services, products, events, business and our users’ and clients’ experience, such as to perform analytics, conduct research and for advertising and marketing;
• to conduct market research e.g. we may contact you for feedback about our products and services;
• to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
• to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
• to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;
• to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
• to consider your employment application. 

 

We may also disclose your data for the purposes it was collected and also:

• as required by law subject to our obligations;
• with your consent;
• within our business;
• For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred..

As well as this we may disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.

To whom do we disclose your personal information?

We may disclose personal information for the purposes described in this privacy policy to:

• our employees and related bodies corporate;
• our clients to the extent you attend an event we conduct on their behalf or engage with a product or service we manage on their behalf;
• third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you);
• professional advisers, dealers and agents;
• academics and other third parties who we engage to perform analysis on our products and services for the purposes of improving those products and services;
• payment systems operators (eg merchants receiving card payments); 
• our existing or potential agents, business partners or partners;
• our sponsors or promoters of any competition that we conduct via our services;
• anyone to whom our assets or businesses (or any part of them) are transferred;
• specific third parties authorised by you to receive information held by us; and/or
• other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.

Do we use your personal information for direct marketing?

We love staying connected with our valued customers, and that's why we may send you direct marketing communications and information about our fantastic services and products. It's our way of keeping you in the loop and sharing exciting updates, promotions, and special offers.

You may receive these communications through emails, SMS, mail, or other forms of communication, always in accordance with the Spam Act and the Privacy Act. We want to make sure you're in control of what you receive, so if you ever wish to opt out of receiving our marketing materials, simply let us know. You can contact us using the details provided below or make use of the convenient opt-out facilities we offer (e.g an unsubscribe link in our emails).

Text Marketing and notifications:

By entering your phone number in the checkout and initialising a purchase, subscribing via our subscription form or a keyword, you agree that we may send you text notifications (for your order, including abandoned cart reminders) and text marketing offers. Text marketing messages will not exceed 10 a month. You acknowledge that consent is not a condition for any purchase.
If you wish to unsubscribe from receiving text marketing messages and notifications reply with STOP to any mobile message sent from us or use the unsubscribe link we provided you within any of our messages. You understand and agree that alternative methods of opting out, such as using alternative words or requests will not be accounted as a reasonable means of opting out. Message and data rates may apply.

For any questions please text HELP to the number you received the messages from. You can also contact us for more information. If you wish to opt out please follow the procedures above.”

We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above.

• We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
• We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

By consenting to SUNNYBOD™'s SMS/text messaging service, you agree to receive recurring SMS/text messages from and on behalf of SUNNYBOD™ through your wireless provider to the mobile number you provided, even if your mobile number is registered on any state or federal Do Not Call list. Text messages may be sent using an automatic telephone dialing system or other technology. Service-related messages may include updates, alerts, and information (e.g., order updates, account alerts, etc.). Promotional messages may include promotions, specials, and other marketing offers (e.g., cart reminders).

You understand that you do not have to sign up for this program in order to make any purchases, and your consent is not a condition of any purchase. Your participation in this program is completely voluntary.

We do not charge for the Service, but you are responsible for all charges and fees associated with text messaging imposed by your wireless provider. Message frequency varies. Message and data rates may apply. Check your mobile plan and contact your wireless provider for details. You are solely responsible for all charges related to SMS/text messages, including charges from your wireless provider.

You may opt-out of the Service at any time. Text the single keyword command STOP or click the unsubscribe link (where available) in any text message to cancel. You'll receive a one-time opt-out confirmation text message. No further messages will be sent to your mobile device, unless initiated by you. If you have subscribed to other Yabby mobile message programs and wish to cancel, except where applicable law requires otherwise, you will need to opt out separately from those programs by following the instructions provided in their respective mobile terms.

For Service support or assistance,  email hello@sunnybod.com

We may change any short code or telephone number we use to operate the Service at any time and will notify you of these changes. You acknowledge that any messages, including any STOP or HELP requests, you send to a short code or telephone number we have changed may not be received and we will not be responsible for honoring requests made in such messages.

The wireless carriers supported by the Service are not liable for delayed or undelivered messages. You agree to provide us with a valid mobile number. If you get a new mobile number, you will need to sign up for the program with your new number.

To the extent permitted by applicable law, you agree that we will not be liable for failed, delayed, or misdirected delivery of any information sent through the Service, any errors in such information, and/or any action you may or may not take in reliance on the information or Service.

We respect your right to privacy. To see how we collect and use your personal information, please see our Privacy Policy and Terms of Use.

Deidentifying Data

Deidentifying data means removing any information that could identify you personally, ensuring that your privacy is protected. We believe in the power of data to drive meaningful insights and improve our services. You agree, we may compile and deidentify the data we hold (including personal information), and may use such deidentified data for any purpose.

By deidentifying the data, we can use it in an aggregated and anonymous form for various purposes. This allows us to gain valuable insights, perform statistical analysis, and enhance our services. Rest assured that we handle this deidentified data with the utmost care and respect for your privacy.

In all our practices, we will follow the guidelines set forth by the Office of the Australian Information Commissioner (OAIC). These guidelines provide important standards and procedures for deidentifying data, ensuring that your information remains protected and confidential. 

 

Disclosure of personal information outside Australia

DIn some instances, we may need to disclose your personal information to our trusted partners, related bodies corporate, or third-party service providers located outside of Australia. Rest assured, we take your privacy seriously, and we will take reasonable steps to ensure that any overseas recipient treats your personal information in a way that is consistent with the Australian Privacy Principles.

These overseas recipients may include cloud providers or customer management services providers who assist us in delivering our services and improving your experience. We choose our partners carefully, selecting those who share our commitment to privacy and data protection.

By disclosing personal information outside of Australia, we can provide you with a seamless and efficient service, no matter where you are in the world. We want you to feel confident that your information is being handled securely.

Cookies and using our website

We may collect personal information about you when you use and access our website. While we do not use browsing information to identify you personally, the information we may record includes details like which pages you visit, the date and time of your visit, and the internet protocol (IP) address assigned to your computer. These insights help us analyze trends, identify popular content, and enhance our website's functionality

We may also use "cookies" and similar technologies on our website. These small files store information on your device, whether it's a computer, TV, or mobile phone. They help us track your website usage, remember your preferences, and make your browsing experience more personalized. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. 

Cookies also allow us to recognize you across different websites, services, devices, and browsing sessions. They enhance your convenience by remembering your settings and preferences, making your interactions with our website smoother and more tailored to your needs.

We may also use cookies to enable us to collect data that may include personal information. For example, where a cookie is linked to your account, it will be considered personal information under the Privacy Act.  We understand that your privacy is important, and we handle any personal information collected by cookies with the same care as other personal information we collect, as described in this privacy policy. 

By using our website you agree that we can place these types of cookies on your device and access them when you visit the site in the future. If you want to delete any cookies that are already on your computer, please refer to the help and support area on your internet browser for instructions on how to locate the file or directory that stores cookies. Information on deleting or controlling cookies is available at www.AboutCookies.org. 

Please note that by deleting our cookies or disabling future cookies you may not be able to access certain services, areas or features of our site. 

 

Age of consent

By using this Site, you represent that you are at least the age of majority in your State or Territory of residence. Our Site should not be used by anyone under the age of majority and we do not knowingly collect data from anyone under the age of majority.

 

Payments

We may provide paid products and/or services within the Service. In that case, we may use third-party services for payment processing (e.g. payment processors).

We will not store or collect Your payment card details. That information is provided directly to Our third-party payment processors whose use of Your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

PayPal

Their Privacy Policy can be viewed at https://www.paypal.com/webapps/mpp/ua/privacy-full

 

After Pay

Their Privacy Policy can be viewed at https://www.afterpay.com/en-AU/privacy-policy.

Security

We prioritize the security of your personal information. We may hold your personal information in either electronic or hard copy form. Whether it's stored electronically or in hard copy form, we take reasonable steps to protect it from misuse, interference and loss, as well as unauthorised access, modification or disclosure. 

We employ a combination of physical, administrative, personnel, and technical safeguards. For example, restricting access to personal information on a need-to-know basis and implementing secure storage for physical files.

While we implement these measures, it's important you are aware that no method of data transmission or storage is completely fail safe. Despite our best efforts, we cannot guarantee the absolute security of your personal information.

 

Links

Our website may contain links to other websites operated by third parties. It's important to understand that these links are provided for your convenience, but they may not always be up to date or maintained by us. We are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites.

When you click on these links, you will be directed to third party websites that have their own privacy practices. Their privacy policies may be different from ours, so we encourage you to take a moment to read and familiarize yourself with their policies before using those websites.

 

Accessing or correcting your personal information

We want to make sure you have control over your personal information, which is why you have the right to access and correct any information we hold about you. If you would like to access or update your personal information, simply reach out to us using the contact details provided below.

While we strive to provide you with access to all of your personal information, there may be situations where we are unable to fulfill your request. If this happens, we will always explain why and provide you with any necessary information. 

Please understand that in some cases, we may need to verify your identity to ensure the security of your personal information.

We want to ensure that the personal information we hold about you is accurate and up to date. If you believe that any information we have is incorrect or needs to be updated, please let us know, and we will take reasonable steps to make the necessary corrections.

Making a complaint

We take your privacy seriously and strive to handle your personal information with the utmost care. If you believe that we may have breached the Privacy Act or have concerns about how we have handled your personal information, we're here to listen and address your concerns.

To make a complaint, simply reach out to us using the contact details provided below. Please include your name, email address, and telephone number so that we can get back to you promptly. It's important to clearly describe the nature of your complaint, so we can fully understand and address the issue. Once we receive your complaint, we will acknowledge it and make every effort to respond to you within a reasonable time frame. Your satisfaction is important to us, and we are committed to resolving any concerns to the best of our ability.

If, for any reason, you feel that we haven't resolved your complaint satisfactorily, we will provide you with information on the further steps you can take. We believe in open communication and want to ensure that you have the necessary resources to address your concerns effectively.

 

Contact Us

For further information about our Privacy Policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below:

Privacy Officer

PO Box 8220, Kooringal, 

New South wales, 2065.

 

Data Controller for the Facebook Business Page

The Company is the Data Controller of Your Personal Data collected while using the Service. As operator of the Facebook Fan Page https://www.facebook.com/privacypolicies, the Company and the operator of the social network Facebook are Joint Controllers.

The Company has entered into agreements with Facebook that define the terms for use of the Facebook Fan Page, among other things. These terms are mostly based on the Facebook Terms of Service: https://www.facebook.com/terms.php

Visit the Facebook Privacy Policy https://www.facebook.com/policy.php for more information about how Facebook manages Personal data or contact Facebook online, or by mail: Facebook, Inc. ATTN, Privacy Operations, 1601 Willow Road, Menlo Park, CA 94025, United States.

 

Facebook Insights

We use the Facebook Insights function in connection with the operation of the Facebook Business Page and on the basis of the GDPR, in order to obtain anonymized statistical data about Our users.

For this purpose, Facebook places a Cookie on the device of the user visiting Our Facebook business Page. Each Cookie contains a unique identifier code and remains active for a period of two years, except when it is deleted before the end of this period. Facebook receives, records and processes the information stored in the Cookie, especially when the user visits the Facebook services, services that are provided by other members of the Facebook Business Page and services by other companies that use Facebook services.

For more information on the privacy practices of Facebook, please visit Facebook Privacy Policy here: https://www.facebook.com/privacy/explanation

 

Data Controller for the Instagram Business Page

The Company is the Data Controller of Your Personal Data collected while using the Service. As operator of the Instagram Business Fan Page  https://privacycenter.instagram.com, the Company and the operator of the social network Facebook are Joint Controllers.

The Company has entered into agreements with Instagram that define the terms for use of the Instagram business Fan Page, among other things. These terms are mostly based on the Meta Terms of Service: https://www.facebook.com/legal/terms

Visit the instagram (meta) Privacy Policy  https://privacycenter.instagram.com/ for more information about how meta manages Personal data or contact meta online, or by mail: Meta Platforms, Inc. FAO: Privacy Operations. 1601 Willow Road, Menlo Park, CA 94025, US

 

Instagram (Meta) Insights

We use the Meta Insights function in connection with the operation of the Instagram Business Page and on the basis of the GDPR, in order to obtain anonymized statistical data about Our users.

For this purpose, meta places a Cookie on the device of the user visiting Our Instagram business Page. Each Cookie contains a unique identifier code and remains active for a period of two years, except when it is deleted before the end of this period. Meta receives, records and processes the information stored in the Cookie, especially when the user visits the Meta services, services that are provided by other members of the Instagram Business Page and services by other companies that use Meta services.

For more information on the privacy practices of Meta, please visit Meta Privacy Policy here: https://privacycenter.instagram.com/

TikTok 

Data Controller for the TikToK Business Page

The Company is the Data Controller of Your Personal Data collected while using the Service. As operator of the TikTok Business Fan Page  https://www.tiktok.com/legal/page/row/privacy-policy/en, the Company and the operator of the social network TikTok are Joint Controllers.

The Company has entered into agreements with TikTok that define the terms for use of the TikTok business Fan Page, among other things. These terms are mostly based on the TikTok Terms of Service: https://www.tiktok.com/legal/page/row/terms-of-service/en

 

Visit the TikTok Privacy Policy  https://www.tiktok.com/legal/page/row/privacy-policy/en#6FA6A8 for more information about how TikTok manages Personal data or contact meta online, or by mail: If you have questions, comments, complaints or requests regarding this TikTok Privacy Policy, please contact us at: https://www.tiktok.com/legal/report/privacy

TikToK Insights

We use the TikTok Insights function in connection with the operation of the TikTok Business Page and on the basis of the GDPR, in order to obtain anonymized statistical data about Our users.

For this purpose, TikTok places a Cookie on the device of the user visiting Our TikTok business Page. Each Cookie contains a unique identifier code and remains active for a period, except when it is deleted before the end of this period. TikTok receives, records and processes the information stored in the Cookie, especially when the user visits the TikTok services, services that are provided by other members of the TikTok Business Page and services by other companies that use TikTok services.

For more information on the privacy practices of TikTok, please visit TikTok Privacy Policy here: https://www.tiktok.com/legal/page/row/privacy-policy/en

 

Data Controller for the Pinterest Business Page

The Company is the Data Controller of Your Personal Data collected while using the Service. As operator of the Pinterest Business Fan Page  https://policy.pinterest.com/en-gb/privacy-policy, the Company and the operator of the social network Pinterest are Joint Controllers.

The Company has entered into agreements with Pinterest that define the terms for use of the Pinterest business Fan Page, among other things. These terms are mostly based on the Pinterest Terms of Service:https://policy.pinterest.com/en-gb/terms-of-service

Visit the Pinterest Privacy Policy  https://policy.pinterest.com/en-gb/privacy-policy for more information about how Pinterest manages Personal data or contact online, or by mail: Contact Pinterest Inc. at 651 Brannan Street, San Francisco, CA 94107, USA.

Pinterest Insights

We use the Pinterest Insights function in connection with the operation of the Pinterest Business Page and on the basis of the GDPR, in order to obtain anonymized statistical data about Our users.

For this purpose, Pinterest places a Cookie on the device of the user visiting Our Pinterest business Page. Each Cookie contains a unique identifier code and remains active for a period, except when it is deleted before the end of this period. Pinterest receives, records and processes the information stored in the Cookie, especially when the user visits the Pinterest  services, services that are provided by other members of the Pinterest Business Page and services by other companies that use Pinterest services.

For more information on the privacy practices of Pinterest, please visit Pinterest Privacy Policy here:  https://policy.pinterest.com/en-gb/privacy-policy

 

Data Controller for the YouTube/google Business Page

The Company is the Data Controller of Your Personal Data collected while using the Service. As operator of the YouTube  Business Fan Page https://policies.google.com/privacy?hl=en-US, the Company and the operator of the social network YouTube/google are Joint Controllers.

The Company has entered into agreements with YouTube/google that define the terms for use of the YouTube business Fan Page, among other things. These terms are mostly based on the YouTubeTerms of Service: https://www.youtube.com/static?template=terms&gl=AU and Google Terms of Service https://policies.google.com/terms?hl=en-US

Visit the YouTube/google Privacy Policy https://policies.google.com/privacy?hl=en-US for more information about how  YouTube/google manages Personal data or contact online here at https://support.google.com/policies/contact/general_privacy_form?sjid=13512511341342901235-AP

YouTube/google Insights

We use the YouTube/google Insights function in connection with the operation of the YouTube Business Page and on the basis of the GDPR, in order to obtain anonymized statistical data about Our users.

For this purpose, YouTube/google places a Cookie on the device of the user visiting Our YouTube business Page. Each Cookie contains a unique identifier code and remains active for a period, except when it is deleted before the end of this period. YouTube/google receives, records and processes the information stored in the Cookie, especially when the user visits the YouTube/google services, services that are provided by other members of the YouTube Business Page and services by other companies that use YouTube/google services.

For more information on the privacy practices of YouTube/google, please visit google Privacy Policy here: https://policies.google.com/privacy?hl=en-US

 

Shopify 

We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.

 

We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en.You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

 

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.

 

Additional provisions in respect of jurisdictions outside Australia

The following provisions may apply to you depending on the jurisdiction in which you reside. We recommend you review these sections in full to determine whether any of these terms apply to you.

Legal Basis for Processing Personal Information under the General Data Protection Regulation (GDPR)

If you are from the European Economic Area (EEA), our legal basis for collecting and using the personal information described in this Privacy Policy depends on the personal information we collect and the specific context in which we collect it.

We may process your personal information because:

• We need to perform a contract with you
• You have given us permission to do so
• The processing is in our legitimate interests and it is not overridden by your rights
• For payment processing purposes
• To comply with the law

 

Your Data Protection Rights under the General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete or limit the use of your personal information. If you wish to be informed about what personal information we hold about you and if you want it to be removed from our systems, please contact us.

In certain circumstances, you have the following data protection rights:

The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your personal information directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.

The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.

The right to object. You have the right to object to our processing of your personal information.

The right of restriction. You have the right to request that we restrict the processing of your personal information.

The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.

The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.

Please note that we may ask you to verify your identity before responding to such requests.

 

You have the right to complain to a Data Protection Authority about our collection and use of your personal information. For more information, please contact your local data protection authority in the European Economic Area (EEA).

 

Your California Privacy Rights

This section applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this notice.

Categories of Personal Information Collected

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or Device (“Personal Information”).  

The following is a list of categories of personal information which we may collect or may have been collected from California residents within the last twelve (12) months.

Please note that the categories and examples provided in the list below are those defined in the CCPA. This does not mean that all examples of that category of personal information were in fact collected by Us, but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been collected. For example, certain categories of personal information would only be collected if You provided such personal information directly to Us.

• Category A: Identifiers.
  Examples: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver's license number, passport number, or other similar identifiers.
  Collected: Yes.

• Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
  Examples: A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
  Collected: Yes.

• Category C: Protected classification characteristics under California or federal law.
  Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
  Collected: No.

• Category D: Commercial information.
  Examples: Records and history of products or services purchased or considered.
  Collected: Yes.

• Category E: Biometric information.
  Examples: Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
  Collected: No.

• Category F: Internet or other similar network activity.
  Examples: Interaction with our Service or advertisement.
  Collected: Yes.

• Category G: Geolocation data.
  Examples: Approximate physical location.
  Collected: No.

 

• Category H: Sensory data.
  Examples: Audio, electronic, visual, thermal, olfactory, or similar information.
  Collected: No.

• Category I: Professional or employment-related information.
  Examples: Current or past job history or performance evaluations.
  Collected: No.

• Category J: Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
  Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
  Collected: No.

• Category K: Inferences drawn from other personal information.
  Examples: Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
  Collected: No.

Under CCPA, personal information does not include:

• Publicly available information from government records.
• Deidentified or aggregated consumer information.
• Information excluded from the CCPA's scope, such as:
• Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.
• Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

Sources of Personal Information

We obtain the categories of personal information listed above from the following categories of sources:

• Directly from you. For example, from the forms you complete on our Service, preferences you express or provide through our Service, or from your purchases on our Service.
• Indirectly from you. For example, from observing your activity on our Service.
• Automatically from you. For example, through cookies we or our Service Providers set on your Device as you navigate through our Service. Automatically collected information may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies; and
• From third parties. For example, third-party vendors to monitor and analyze the use of our Service, third-party vendors for payment processing, our business partners, or other third-party vendors that we use to provide the Service to you. 

Use of Personal Information for Business Purposes or Commercial Purposes

We may use, sell (as defined in the CCPA), or disclose the personal information we collect for one or more of the following business purposes:

• To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about products or services from one of our partners, we will provide the partner that personal information to respond to your inquiry. 
• To provide, support, personalize, and develop our Website, products, and services.
• To create, maintain, customize, and secure your account with us.
• To process your requests.
• To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
• To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
• To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
• For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• As described to you when collecting your personal information or as otherwise set forth in the CCPA.
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Website users is among the assets transferred.

Please note that the examples provided above are illustrative and not intended to be exhaustive. For more details on how we use this information, please refer to the "How do we collect, use and disclose personal information?" section.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice. If we decide to collect additional categories we will update this Privacy Policy. 

Sale of Personal Information of Minors Under 16 Years of Age

We do not knowingly collect personal information from minors under the age of 16 through our Service, although certain third party websites that we link to may do so. These third-party websites have their own terms of use and privacy policies and we encourage parents and legal guardians to monitor their children's Internet usage and instruct their children to never provide information on other websites without their permission.

We do not sell the personal information of Consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the "right to opt-in") from either the Consumer who is between 13 and 16 years of age, or the parent or guardian of a Consumer less than 13 years of age. Consumers who opt-in to the sale of personal information may opt-out of future sales at any time. 

To exercise the right to opt-out, You (or Your authorized representative) may submit a request to us by contacting us using the “Contact Us” information below.

If You have reason to believe that a child under the age of 13 (or 16) has provided us with personal information, please contact us with sufficient detail to enable us to delete that information.     

 

Your Rights under the CCPA

The CCPA provides California residents with specific rights regarding their personal information. 

If You are a resident of California, You have the following rights:

• The right to notice. You have the right to be notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.

• The right to request. Under CCPA, You have the right to request that We disclose information to You about Our collection, use, sale, disclosure for business purposes and share of personal information. Once We receive and confirm Your request, We will disclose to You:
• The categories of personal information We collected about you.
• The categories of sources for the personal information We collected about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• The specific pieces of personal information We collected about You.
• If we sold Your personal information or disclosed Your personal information for a business purpose, We will disclose to You:
• The categories of personal information categories sold
• The categories of personal information categories disclosed.

• The right to say no to the sale of Personal Data (opt-out). You have the right to direct Us to not sell Your personal information. To submit an opt-out request please Contact Us.
• The right to delete Personal Data. You have the right to request the deletion of Your Personal Data, subject to certain exceptions. Once We receive and confirm Your request, We will delete (and direct Our Service Providers to delete) Your personal information from our records, unless an exception applies. 

We may deny Your deletion request if retaining the information is necessary for Us or Our Service Providers to:

1. Complete the transaction for which We collected the personal information, provide a good or service that You requested, take actions reasonably anticipated within the context of our ongoing business relationship with You, or otherwise perform our contract with You.
   
2. Provide you with notices about your account, including expiration and renewal notices.
3. Carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
4. Fulfill any other purpose for which you provided it.
5. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
6. Debug products to identify and repair errors that impair existing intended functionality.
7. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
8. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
9. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if You previously provided informed consent.
10. Enable solely internal uses that are reasonably aligned with consumer expectations based on Your relationship with Us.
11. Comply with a legal obligationand any relevant laws, regulations, ordinances, rules, directives, or statutes.
12. Make other internal and lawful uses of that information that are compatible with the context in which You provided it.
13. The right not to be discriminated against. 

You have the right not to be discriminated against for exercising any of Your consumer's rights, including by: 

• Denying goods or services to you.
• Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties.
• Providing a different level or quality of goods or services to You.
• Suggesting that You will receive a different price or rate for goods or services or a different level or quality of goods or services .

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by emailing your request to hello@sunnybod.com.

What We May Need From You

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

• Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.   

                            

Response Timing and Format

We endeavour to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 additional days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. 

The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

Fees

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Personal Information Sales Opt-Out and Opt-In Rights

If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”). We do not sell (as defined in the CCPA) the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time.

To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by emailing hello@sunnybod.com. Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by emailing your request to hello@sunnybod.com.

You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services;
• Charge you, or suggest you may be charged, for services;
• Impose penalties;
• Provide you a different level or quality of services.

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to hello@sunnybod.com.

CONTACT US

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at hello@sunnybod.com or by mail using the details provided below: 

PRIVACY OFFICER

PO Box 8220, Kooringal, 

New South Wales, 2650.

Effective: 13th of August  2023