Privacy policy

Privacy Policy

Your privacy is important to us. It is Amazing You's policy to respect your privacy and comply with any applicable law regarding any personal information we may collect about you.

This policy sets out the basis on which we, AMAZING OILS PTY LTD (ABN 86 150 208 576), trading as Amazing You - Health Restored (which we'll just call "Amazing You", "we", "us", or "our"), collect, use, store, and disclose your personal information. We've written it to be as clear and straightforward as possible.

Policy last updated: 4 November 2025

On this page:

1. The Gist & Your Consent
2. Our Policy on Age
3. Our Legal Representatives (EU & UK)
4. What Information We Collect
5. How We Collect Your Information
6. Why We Use Your Information
7. Who We Share Your Information With
8. International Data Transfers
9. How We Store & Secure Your Information
10. How Long We Keep Your Information
11. Cookies & Tracking Technologies
12. Your Rights & Controlling Your Info
13. Links to Other Sites
14. Changes to This Policy
15. How to Contact Us

1. The Gist & Your Consent

By providing personal information to us (like using our website, buying our products, or signing up for our emails), you consent to our collection, use, and disclosure of that information in accordance with this privacy policy.

You are under no obligation to provide any personal information to us. However, if you choose to withhold information, we may not be able to do certain things for you, such as:

Supply our products to you or process your order.
Assist you with enquiries, returns, or refunds.
Allow you to participate in promotions or competitions.
Personalise your experience on our site.

2. Our Policy on Age

By using our website, you represent that you are at least 16 years of age [cite: 465].

We do not knowingly advertise to or collect personal information from any individual under the age of 16. If we become aware that we have collected personal information from you and you are under 16, we will delete your information immediately.

3. Our Legal Representatives (EU & UK)

As we are an Australian company offering goods to people in Europe, we are legally required to appoint Data Protection Representatives in the European Union and the United Kingdom [cite: 415, 501-503].

These representatives are your local point of contact for any questions or concerns about how we handle your data[cite: 509].

EU Representative:
[Placeholder: Insert Name, Address, and Email of your EU Article 27 Representative]

UK Representative:
[Placeholder: Insert Name, Address, and Email of your UK Article 27 Representative]

4. What Information We Collect

"Personal information" is any information that identifies you or could reasonably be used to identify you. We collect it in a few different ways.

Information You Actively Give Us

Checkout Information: Your first and last name, email address, phone number, and your shipping and billing address.
Communications: Any information you provide when you contact us with a question, comment, or return request.

A Special Section: Sensitive Health Information (Our Quiz)

In some situations, we may ask you for information that is considered "sensitive" or "special category data" under privacy laws (such as in Australia [cite: 449], the EU [cite: 447-448], and California [cite: 450]). This is so we can give you the best possible product recommendations.

This includes information you may provide in:

Reviews: You might choose to share your age, gender, or information about the health concerns or ailments our products helped with[cite: 445].
Quizzes: We may offer quizzes to help recommend the right products for you. These may ask for information about your wellness goals or "symptoms of health issues"[cite: 405, 445].

Our legal basis for collecting this data is your explicit consent[cite: 414, 452]. We will only collect this information with your specific, un-ticked consent, which we ask for at the time you take the quiz[cite: 457, 459].

We ask for this consent for two separate purposes [cite: 436-437, 460]:

To provide recommendations (Our service): To analyse your symptoms and recommend the right products for you[cite: 434].
For marketing (Optional): To use this data to personalise marketing emails or help create marketing audiences[cite: 435]. This is completely optional, and you can say no.

Information We Collect Automatically

Log Data: When you visit our website, our servers may automatically log the standard data provided by your web browser, such as your device’s IP address, your browser type, the pages you visit, and the time and date of your visit.
Engagement Data: We use analytics tools like Microsoft Clarity [cite: 417] and Hotjar [cite: 417] to measure and track how you use our site. This can include "session recordings" that show us where you click, scroll, and move your mouse.
Cookie Data: We use cookies to collect information about your activity on our site. (See Section 11 for more on this).

5. How We Collect Your Information

Directly from you: When you buy a product, create an account, fill out a quiz, or contact our customer service team.
Automatically: When you browse our site, our servers and analytics tools (like cookies, Hotjar, and Clarity) collect data about your device and your session[cite: 417].
From third parties: We may collect information from other sources, such as social media platforms (if you mention or tag us) or data aggregators.

6. Why We Use Your Information

We collect, hold, use, and disclose your information for the following purposes:

To fulfil your order: To process your payment and get your products delivered to you.
To communicate with you: To send order confirmations, shipping updates, and answer your customer service questions.
For marketing (with your consent): To send you promotional information about our products, sales, and services that we think you might be interested in. You can opt-out at any time.
To improve our website: To analyse analytics and session recordings to find and fix errors, and to see what parts of our site are (or aren't) working well.
To personalise your experience: To use quiz or review data (with your explicit consent) to recommend products that are genuinely right for you[cite: 434].
For security and fraud prevention: To ensure our site is safe and used in line with our terms of use.

7. Who We Share Your Information With

We do not and will not sell your personal information. We may disclose it to the following trusted third parties who help us run our business:

Our employees, contractors, or related entities.
Our E-commerce Platform (Shopify): Our store is powered by Shopify Inc.[cite: 585].
- As our Processor: Shopify processes your data on our behalf to provide its core e-commerce platform services, including processing your order, managing your account, and handling payments [cite: 586-587].
- As a Separate Controller: In some instances, Shopify processes your information for its own purposes, such as if you use an accelerated checkout service (e.g., Shop Pay) or for its own platform analytics[cite: 588].
- We do not have access to, and do not store, your plain-text account password or your full payment card details[cite: 589]. This information is securely managed by Shopify. For more information, please review Shopify's Consumer Privacy Policy[cite: 590].
Payment & Delivery Partners: Third-party payment gateways (who handle your credit card data) and our delivery/courier partners.
Analytics & Marketing Providers: Service providers for analytics (like Google Analytics, Hotjar, Clarity) and advertisers [cite: 627-628].
Legal Authorities: Courts, tribunals, regulatory authorities, and law enforcement officers, as required by law.
Third parties, including agents or sub-contractors, who assist us in providing information, products, services, or direct marketing to you.

8. International Data Transfers

We are based in Australia, and your personal information is stored and processed here[cite: 513].

However, we use trusted international service providers (like Shopify, Microsoft, and Google) who are based in other countries, primarily the United States[cite: 514, 561].

This means your personal information will be transferred and processed outside of your home country, including outside the European Union, UK, and Canada [cite: 415-416, 561].

We use legally-required safeguards for these transfers[cite: 629]. For data transferred from the EU or UK, we rely on mechanisms like the EU Standard Contractual Clauses (SCCs) [cite: 517-518] and the UK's International Data Transfer Agreement (IDTA) or UK Addendum[cite: 518], and we take reasonable steps to ensure your data is protected to a standard "substantially similar" to your home laws [cite: 564-565].

9. How We Store & Secure Your Information

We take security seriously. We hold your personal information in electronic form and take reasonable steps to protect it from misuse, interference, loss, and unauthorised access, modification, or disclosure.

While we will do our best, we also advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security.

10. How Long We Keep Your Information

We keep your personal information only for as long as we need to. This time period depends on what we are using it for, in accordance with this policy[cite: 543].

For example, we will keep your order history for as long as required for our legal, tax, and accounting obligations. We keep a record of your marketing preferences (e.g., if you unsubscribe) indefinitely so we know not to contact you.

When your personal information is no longer required for any of these purposes, we will delete it or make it anonymous by removing all details that identify you[cite: 543].

11. Cookies & Tracking Technologies

We use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer and accesses each time you visit, so we can understand how you use our site and serve you content based on your preferences.

As mentioned, we use tools like Hotjar and Microsoft Clarity to track user engagement. We may also use server-side tracking (via tools like Stape) to improve data control and security[cite: 600]. This does not change our obligation to get your consent *before* any data is collected [cite: 596-598].

How we manage this depends on your location:

For EU/UK Visitors: Under the ePrivacy Directive, we do not use any non-essential cookies (like for analytics or marketing) without your consent. These trackers are "off" by default until you "Accept" them . You can withdraw your consent at any time.
For California Residents: Using these analytics and marketing tools may be considered "sharing" under California law [cite: 611-612]. You have the right to opt-out of this sharing.

Global Privacy Control (GPC): We recognize and honor the Global Privacy Control (GPC) signal[cite: 554]. If your browser sends this signal, we will automatically treat you as having opted-out of any "sale or sharing" of your personal information[cite: 556].

12. Your Rights & Controlling Your Info

You always retain control of your personal information. Your specific rights depend on where you are located.

Your Rights (European Union & United Kingdom)

If you are in the EU or UK, you have the following rights under the GDPR [cite: 524]:

The Right to be Informed [cite: 525]
The Right of Access [cite: 526]
The Right to Rectification [cite: 527]
The Right to Erasure ("Right to be Forgotten") [cite: 528]
The Right to Restrict Processing [cite: 529]
The Right to Data Portability [cite: 530]
The Right to Object [cite: 531]
Rights in relation to Automated Decision-Making and Profiling [cite: 532]

You also have the right to lodge a complaint with your local data protection authority (Supervisory Authority)[cite: 632].

Your Rights (California, USA)

If you are a California resident, you have the following rights under the CPRA:

Right to Know: The right to know what personal information we collect, use, disclose, and sell/share.
Right to Delete: The right to request we delete your personal information (with some exceptions).
Right to Opt-Out of Sale/Sharing: The right to direct us *not* to "sell" or "share" your personal information (which we may do for analytics and marketing, as described in Section 11)[cite: 547].
Right to Limit SPI: The right to limit our use of your "Sensitive Personal Information" (like our quiz data) to *only* what is necessary to provide the service you requested [cite: 548, 474-475].
Right to Correct: The right to ask us to correct inaccurate information.

How to Exercise These Rights: You can exercise your "Right to Opt-Out of Sale/Sharing" and "Right to Limit the Use of My Sensitive Personal Information" by clicking the "Your Privacy Choices" link in our website footer [cite: 550-551, 633]. For all other rights, please contact us.

Your Rights (Australia & Canada)

If you are in Australia or Canada, you have the right to access the personal information we hold about you and to request that we correct any inaccuracies[cite: 634]. Please contact us to make this request.

13. Links to Other Sites

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites and cannot accept responsibility or liability for their respective privacy practices.

14. Changes to This Policy

At our discretion, we may change our privacy policy to reflect updates to our business processes or legislative changes. If we decide to change this policy, we will post the changes here at the same link you are currently viewing.