Privacy Policy – That’s Jordyn – Destination Fashion

Effective Date: December 14, 2024 - That’s Jordyn – Destination Fashion (ABN 23 874 337 958) (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose and secure personal information in line with Australia’s Privacy Act 1988 (including the Australian Privacy Principles, or APPs), the Spam Act 2003, and applicable global laws such as the EU General Data Protection Regulation (GDPR). We deliver personal styling and fashion tourism services via our Squarespace-hosted site, email newsletters, and a Patreon membership program. We use analytics (Google Analytics) and advertising tools (Facebook Pixel) to improve our services and outreach. This policy applies to all visitors and clients of our site and services.

1. What Personal Information We Collect

We collect personal information that is necessary for our services. This includes:

Contact details: Your name, email address, phone number, postal address, and any profile or social media handles you provide.

Service-related information: Booking details (e.g. travel dates, destinations, itinerary preferences), wardrobe and style preferences (e.g. sizes, clothing styles, colour preferences), and any images or descriptions you voluntarily share for styling advice.

Demographic information: Basic demographic data (such as age range, gender) if you provide it, to help personalise our styling and travel recommendations.

Payment and financial data: If you become a Patreon subscriber or make payments through Patreon, we receive your patronage details (pledge amount, start date) but not your full payment card information. All actual payment processing is handled by Patreon’s secure systems.

Our privacy policy explicitly lists the kinds of personal information we collect, in accordance with APP guidelines. We do not collect sensitive personal information (e.g. health or religious data) about you unless you expressly provide it. In general, we only collect personal data when you voluntarily provide it (e.g. via forms or Patreon), or automatically through cookies and analytics as described below.

2. How We Collect Personal Information

We gather your personal information through the following methods:

Direct submission: When you fill in our online contact or booking forms on the Squarespace site, sign up for our newsletter, or become a Patreon member, you directly provide information to us. Similarly, if you email us or communicate via Patreon messages, we collect the details you send.

Online tracking (cookies and similar technologies): Our website uses cookies and tracking tools (such as Google Analytics and the Facebook pixel) to monitor site usage. Cookies are small data files stored on your browser. They help us remember your preferences and understand how you navigate the site (e.g. which pages you visit and for how long). We use this data in an aggregated form for analytics and marketing (see Section 5). The APPs and Australian data privacy laws require us to disclose all cookies and trackers that collect personal or usage data.

Third-party sources: If you join our Patreon, Patreon will share basic profile and contact data (name, email, shipping address if provided) with us as part of the membership setup. We may also obtain publicly available information (for example, if you follow our social media or public interactions) to the extent it is relevant to our services.

In all cases, we collect information directly from you or through your device, and we only collect data necessary for the services we provide. As emphasised by OAIC guidance, our policy clearly explains how and where this data is collected.

3. How We Use Your Personal Information

Your information is used only for legitimate purposes related to our services and your relationship with us:

Service delivery: We use your contact and booking details to schedule consultations, plan travel itineraries, make style recommendations, confirm appointments, send necessary documents (e.g. travel plans), and fulfil any services you request. For example, we may email you information about your booking, fashion itinerary suggestions, or updates to your styling session.

Communication: We use your email address or phone number to respond to your inquiries, provide customer support, and send administrative notices (such as changes to bookings or policy updates).

Personalisation: Your style preferences and feedback allow us to tailor our recommendations to you – for example, understanding your favourite colours or brands helps us curate outfits or travel experiences that match your tastes. This makes our personal styling and fashion tourism services more effective and enjoyable for you.

Marketing and newsletters: Only if you opt in, we send you marketing emails or newsletters about fashion tips, destination fashion events, promotions, and updates. We strictly follow the Spam Act 2003 and APPs: we obtain your express consent before sending any promotional message (such as through a checkbox on signup forms), and every email will include a clear unsubscribe option. You can withdraw consent or unsubscribe at any time (see Section 9). We will never send you marketing without permission, nor will we share your contact details with unrelated third parties for marketing.

Platform services: Patreon and Squarespace may use your data to maintain your account, manage subscriptions, and process payments. For instance, Patreon processes your membership payment and shares only the information needed for us to grant you membership benefits. We do not see or store your credit card details.

Security and legal compliance: We use your information to protect your account, prevent fraud, and comply with legal obligations. For example, we may use contact details to verify your identity if you request access to your data, or we may use analytics data to detect unusual activity on our site.

All use of your personal information is aimed at providing and improving our styling and tourism services, communicating with you effectively, and complying with legal requirements. We do not use your data for unrelated purposes (e.g. we will never sell your personal information). As required by law, we retain data only for as long as necessary to fulfil these purposes or as required by regulations, then we securely delete or de-identify it.

4. Data Sharing and Third Parties

We do not sell or trade your personal information. However, we may disclose data to certain trusted third parties to deliver our services:

Service providers: We share data with companies that help provide our services. For example, Squarespace (our website host) may have access to the data you enter on our site and store it on their servers under their privacy policy. Patreon shares your patron profile (name, email, address, pledge details) with us when you sign up. We also use email delivery services (via Squarespace or integrated platforms) to send newsletters. In each case, third parties are contractually bound to keep your information confidential and to use it only for the purposes we specify.

Analytics and advertising partners: We use Google Analytics and Facebook advertising tools. Google Analytics collects aggregated data on site usage (e.g. page views, session duration), which Google may share across its services for analytics. Facebook’s pixel allows Meta to track visits to our site (for example, how many visitors land on certain pages) so we can run targeted ads. These tools may involve third-party tracking: as OAIC notes, online advertising networks can track browsing across many websites. We have configured these tools to respect user privacy and rely on non-sensitive, anonymised data where possible. You can disable cookies if you prefer.

Legal disclosures: We may disclose your personal information if required by law, such as in response to a court order, subpoena, government request, or to prevent fraud or other illegal activity. Any such disclosure will be in accordance with the Privacy Act and Spam Act.

Affiliates and successors: If our business or any part of it is sold or merged, your information may be transferred as part of that transaction, subject to privacy protections and notification to you in advance.

In all cases, we only share information necessary for the third-party service. For example, Patreon’s policy explicitly states that it never sells user information and only shares data with creators and service providers to fulfil transactions. We do not share your personal data with marketers or advertisers beyond what is described above.

5. Cookies and Advertising Tools

Our website uses cookies and similar tracking technologies to improve functionality and marketing. As defined by OAIC, a cookie is a small data file stored in your browser that helps websites remember your visits and preferences. We use:

Essential cookies: These are necessary for basic site functions (e.g. maintaining your session or storing language preferences). Without them, the site may not work properly.

Analytics cookies: We use Google Analytics to understand how visitors use the site (for example, which pages are popular, how users navigate). This information helps us improve our content and services. Google Analytics does not collect your name or personal profile, only aggregated usage data.

Advertising cookies and pixels: We use Facebook Pixel and similar tools to enable targeted advertising. These let us show you relevant fashion and travel ads (for example, on Facebook or Instagram) based on your interests. These tools may track your visits across multiple sites to build a general profile of your interests. The OAIC explains that targeted advertising often relies on third-party cookies that link browsing behavior across sites

By law, we disclose all such cookies and trackers in this policy. You can manage or disable cookies through your browser settings (for example, blocking third-party cookies or setting the browser to notify you before accepting cookies). Disabling cookies may affect site functionality. If you prefer not to be tracked, you can also opt out of targeted ads on Facebook and Google’s ad settings (see Targeted Advertising Opt-Out resources online).

6. International Data Transfers and GDPR

Our clients may reside globally, so we comply with international data protection rules where relevant. Although based in Australia, we follow the EU GDPR standards for any EU resident’s data. Key points:

GDPR transparency: For users in the EU/EEA, we provide the information required by GDPR Articles 13–14 in our notices. This includes our identity and contact details (and our EU representative if applicable), the purposes and legal basis of processing, any legitimate interests we rely on, recipients of your data, retention period, and your full array of rights (access, rectification, erasure, restriction, portability, objection). We also inform you of the right to withdraw consent at any time and to lodge a complaint with an EU supervisory authority. We ensure our privacy notice is “concise, transparent, intelligible and easily accessible” as GDPR requires.

International transfers: Because we use US-based providers (Squarespace, Patreon, Google, Facebook), your data may be stored or processed outside Australia (and, if EU data is involved, outside the EU). When we transfer personal data internationally, we comply with GDPR safeguards. This means relying on countries that the EU has deemed “adequate,” or putting in place appropriate safeguards such as Standard Contractual Clauses or binding corporate rules. If none of those apply, we will obtain your explicit consent to the transfer. In any case, we will ensure your data continues to receive equivalent protection after transfer, as required by the GDPR and APP 8 (Cross-border disclosure).

By acknowledging this policy, you consent to these potential transfers. If you are an EU resident, you can obtain more information on our international data transfers by contacting us (see below).

7. How We Protect Your Data

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure (in line with APP 11 – Security of Personal Information). This includes:

Technical safeguards: Our website uses SSL/TLS encryption for data in transit (you’ll see the padlock icon in your browser). Squarespace and Patreon use industry-standard security measures (firewalls, encryption, secure data centres) to protect the servers storing your information.

Access controls: Only authorised personnel can access your personal data, and they have unique logins and permissions. We train our staff on privacy obligations and limit their access to only the data needed for their role.

Data retention and disposal: We retain personal information only as long as necessary for service delivery or as required by law, then securely delete or anonymise it. For example, we remove data of unsubscribed newsletter subscribers after a reasonable period unless needed for audit purposes.

Third-party obligations: We require our service providers (e.g. Squarespace, Patreon, email platforms) to maintain similar security and confidentiality measures. Their compliance is contractually enforced.

Breach response: In the unlikely event of a data breach, we will promptly assess and contain the incident. If it’s likely to result in serious harm, we will notify affected individuals and the Australian Information Commissioner (under the Notifiable Data Breaches scheme) without undue delay.

No security system is infallible, but we strive to ensure the integrity and confidentiality of your personal information through these measures.

8. Your Privacy Rights

Under Australian law (and the GDPR for EU residents), you have rights regarding your personal information:

Access: You have the right to request access to the personal information we hold about you. For example, you can ask for a copy of your booking details or mailing list information. We will provide this information within a reasonable time and in a clear format.

Correction: If you believe any personal data we hold is inaccurate, incomplete, or out-of-date (for example, a wrong email address or mailing address), you can ask us to correct it. We will promptly make reasonable efforts to ensure your information is accurate.

Erasure: You may request that we delete your personal information when it is no longer needed for the purposes collected, or if you withdraw consent. (Note that under some circumstances, we may be legally obliged to retain certain data, e.g. accounting records.)

Restriction or objection (GDPR): If you are an EU resident, you have the right to restrict or object to certain processing (such as direct marketing or profiling). For example, you can object to your style preference data being used for advertising. If you object, we will no longer process your data for those purposes.

Data portability (GDPR): You can request a copy of the personal data you have provided to us in a structured, commonly used format.

Withdraw consent: Where we rely on your consent (e.g. for marketing emails or certain cookies), you can withdraw that consent at any time (see Section 9).

Complaints: If you are unhappy with how we handle your data, you can lodge a complaint. First, contact us (see below) and we will address your concern. You also have the right to complain to the Office of the Australian Information Commissioner (OAIC) at any time, or to an EU supervisory authority if you are an EU resident.

We have procedures to respond to requests and complaints. We will not charge a fee for access or correction requests, unless permitted by law to recover actual costs. We strive to resolve any issues fairly and quickly. The OAIC notes that a privacy policy must tell individuals how to access or correct their information and how to complain. We follow this guidance.

9. Unsubscribing and Communications

We respect your communication preferences at all times:

Opt-in only: We send marketing communications only if you have expressly opted in. You will never receive promotional emails from us unless you signed up or agreed to receive them.

Unsubscribe: Every marketing email we send contains a clear “unsubscribe” or “opt-out” link, as required by the Spam Act 2003. Clicking this link will promptly remove you from that mailing list. You may also reply to any of our emails with “STOP” or contact us directly to opt out. We honour all opt-out requests without question.

Confirmation of opt-out: When you unsubscribe, we will stop sending marketing emails within a reasonable period (usually immediately or within a few days). We do not send further newsletters or promotions after you opt out. However, we may still send you service-related or transactional messages (for example, confirming your booking) unless you request otherwise.

Mailing list management: We use Squarespace’s built-in email campaign tools (or an equivalent email service) to manage subscriptions. We ensure our mailing processes comply with Australian privacy and spam laws. You can also contact us at any time to update your communication preferences or to be removed from all lists.

Our goal is to communicate only in a manner you welcome. If you ever feel you are receiving unwanted messages from us, please let us know, and we will fix it.

10. Policy Updates

We may update this Privacy Policy from time to time as our practices or applicable laws change. When we do, we will revise the Effective Date at the top and, where appropriate, notify you of significant changes (for example, via email or a notice on the website). As the OAIC advises, we will promptly update and publicise this policy if our information-handling practices change. We encourage you to review this policy periodically. Your continued use of our services after an update indicates your acceptance of the changes.

11. Contact Details

For any questions about this policy or to exercise your privacy rights, please contact:

Jordyn Cumner (Privacy Officer)

That’s Jordyn – Destination Fashion

ABN: 23 874 337 958

Email: info@thatsjordyn.com

Phone: 0401 576 862

If you have a complaint about our handling of your personal information, please contact us first so we can try to resolve it.

You may also contact the Office of the Australian Information Commissioner (OAIC) at any time via https://www.oaic.gov.au for privacy concerns, or an EU data protection authority if you are in the European Economic Area.

Effective Date: December 14, 2024

Policy Review Date: July 20, 2025

References: This policy is informed by official guidelines and laws. In particular, the Australian Information Commissioner’s guidance outlines that a privacy policy should detail what information is collected, how it is used and disclosed, and how individuals can access and correct their data. We also follow guidance on email marketing and spam laws insight.thomsonreuters.com.au , GDPR requirements for transparency and rights, gdpr.eu , and best practices for cookies and analytics, oaic.gov.au , cookiebot.com