Privacy Policy

Sienna Byron Bay (ABN 59 923 238 371) and its associated entities (we, us or our) are committed to protecting the privacy of your personal information. Personal information is information that identifies you or information by which your identity can reasonably be ascertained and may include an opinion about you (Personal Information). We collect, use, store, manage and disclose all Personal Information in accordance with this Privacy Policy and otherwise with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act).

This Privacy Policy contains the following sections:

1. About this Privacy Policy

2. What kind of Personal Information do we collect and hold?

2.1. General

2.2. Sensitive Information

3. How do we collect Personal Information?

3.1. Personal Information

3.2. Billing Information

3.3. Choosing not to Disclose Personal Information

3.4. When you Browse our Website

3.5. Cookies

3.6. Other Social Platforms

3.7. Children

4.1. General

4.2. Direct Marketing

4.3. Polls and Surveys

4.4. Rate and Review

5. How your Personal Information may be Disclosed

5.1. Business Associates and Contractors

5.2. Statistical Data

5.3. Permitted Disclosures by Law

5.4. International Disclosure

5.5. Links to Other Sites or Social Platforms

6. Security

7. How to access and amend Personal Information you provide

8. Contact Us

1. About this Privacy Policy

This Privacy Policy explains how we collect, use, manage and disclose Personal Information and how you can contact us if you have queries about our management of your Personal Information.

This Privacy Policy applies to all Personal Information submitted to or collected by us through the use of our website ( or social media sites, or where you otherwise contact or interact with us through other forms of communication.

By submitting personal information to us (including via our website or social media sites or purchasing and using our goods and services), you accept the terms of this Privacy Policy, and consent to our use, collection, disclosure and retention of Personal Information as described in this Privacy Policy.

If you do not agree to any provisions in this Privacy Policy, you should not disclose any Personal information to us.

Please note that this Privacy Policy may be updated or revised from time to time without notice and changes will apply immediately. Changes to this Privacy Policy will be published by posting an updated Privacy Policy on our website. Therefore, you should review our Privacy Policy regularly to ensure you are familiar with any changes.

If you do not agree with the changes to our Privacy Policy, please notify us immediately in writing. Unless we hear from you, or if you continue to use our services, website or social media sites, you are taken to have accepted the changes to our Privacy Policy.

This Privacy Policy was last updated on 14th December 2021.

2. What kind of Personal Information do we collect and hold?

2.1. General

As part of offering our products and services to you, it is likely that we will collect Personal Information about you. This may include:

  • your first and last names;
  • your phone number;
  • your mailing address, billing address, residential address and email address;
  • PayPal, AfterPay, Google Pay, Apple Pay and credit or debit card details;
  • any further information, instructions or comments given by you;
  • details of the products and services you have purchased from us or which you have enquired about, together with any additional information necessary to deliver those products and services and to respond to your enquiries;
  • any additional information relating to you that you provide to us directly or indirectly through our representatives or our website or social media sites, including via transactions, customer surveys or customer feedback; and
  • any other Personal Information you provide to us from time to time.

2.2 Sensitive Information

We do not generally collect “sensitive information” as defined by the Privacy Act (such as information about ethnic origin, religious or political views, health information, tax file numbers etc) from you.

If you voluntarily submit sensitive information to us, you consent to our collection of such sensitive information and we will only use or disclose such information:

  • for the purpose for which it was provided or another directly related purpose; or
  • as allowed by law.

3. How do we collect Personal Information?

3.1 Personal Information

We may collect Personal Information via a variety of avenues, including when you:

  • speak to one of our representatives, either by telephone, email or online communication;
  • create a customer account with us as a registered customer on our website;
  • purchase products and/or services from us;
  • request a refund, repair or return of our products;
  • access or use our website or social media sites;
  • participate in surveys;
  • enter a promotion with us;
  • subscribe to our mailing lists; or
  • submit a job application or accept employment with us.

We may also utilise the services of third parties for the collection of your Personal Information.

3.2 Billing Information

We may use a third-party payment processor (such as PayPal or AfterPay) to collect payments made by you on the website to us. In these situations, we do not have access to the credit card or billing information provided by customers to our third-party payment processor (such as PayPal or AfterPay). If you are directed to our third-party payment processor’s site, you may be subject to terms and conditions governing use of that third party’s service and that third party’s collection and disclosure practices in relation to personal information. Please review such terms and conditions and the third party’s privacy policy before using their services.

3.3 Choosing not to Disclose Personal Information

You have the option of not disclosing Personal Information to us or to use a pseudonym when dealing with us in relation to a particular matter. If you choose to withhold any Personal Information, we may not be able to provide you with part or all of our products or services or resolve a particular matter raised by you.

3.4 When you Browse our Website

When you only browse our website, our internet service provider or we may make a record of your visit and records your email address (if provided by you) and other information such as your server address; your internet protocol address; the pages you accessed and documents downloaded; the previous site you visited; and the type of browser being used. This information assists us to analyse web traffic and improve your site navigation experience.

We do not identify you or your browsing activities except, in the event of an investigation, where a law enforcement agency may exercise a warrant or other such power to inspect the internet service provider’s logs.

3.5 Cookies and tracking pixels

We may also obtain anonymous information from our website or social media sites using technologies such as “cookies” and “tracking pixels”. Cookies are small text files which are transferred to the hard drive of your computer to provide additional functionality to our website and to help us analyse usage of our website or social media sites. Cookies can identify your web browser but not you. If you wish, you can disable your web browser from accepting cookies. If you disable cookies, you will still be able to access our website and social media sites but may not be able to access all of our services. Tracking pixels are used to track user behaviour, site conversions, web traffic, and other metrics similar to a cookie.

3.6 Other Social Platforms

There may also be occasions when we collect Personal Information (to the extent it is available) from publicly available sources, including other social media platforms such as Facebook, Twitter, LinkedIn or Instagram.

If you engage or contact us on one of our social media platforms or otherwise direct us to communicate or engage with you via social media, you agree to allow us to receive information (which may include Personal Information) from our social media platforms. You also allow us to receive information about your visits and interaction with the sites and services of any of our third-party partners that include our cookies and similar technologies unless you opt out.

3.7 Children

We are committed to protecting the privacy needs of children and we encourage parents and guardians to take an active role in their children’s online activities and interests. If we discover that we have inadvertently collected any Personal Information from a child under the age of 15 we will delete that Personal Information as soon as possible. A parent or legal guardian can notify us of an inadvertent collection of Personal Information from a child under the age of 15 and request that we remove such information by sending an email to or by contacting us at the contact information below. Any such request must contain the child’s name and email address so we can locate such child’s Personal Information..

4. How we use your Personal Information

4.1 General

We may use the Personal Information you provide to us for the purposes for which it was initially collected or purposes related to such initial purpose (if such purpose would be within your reasonable expectations). For example, to:.

  • create orders and complete sales transactions;
  • provide you with products and services you have requested from us;
  • deliver or manage any of our loyalty programs or customer relationship management systems;
  • respond to your queries and requests, to resolve complaints and to respond to social media;
  • keep a record of our dealings with you and enable us to contact you when necessary;
  • help us tailor existing, or develop new, products, services or offers;
  • send you information about areas of specific interest if you have subscribed to our mailing lists, or provided your contact details;
  • recruit new staff (where applicable); and
  • achieve other purposes explained at the time of collection or submission.

We may also use your Personal Information for purposes authorised by laws or regulations, such as to prevent or investigate alleged crime or fraud.

4.2 Direct Marketing

By supplying us with your Personal Information, you give us permission to use your Personal Information to contact you to inform you about products and services we think would be of particular interest to you, including from other businesses operated by us. This may include contacting you through direct marketing, events and competitions, public relations and social media. This permission is not limited in time unless you choose to opt out by contacting us using the contact information provided in this Privacy Policy, or by utilising an ‘unsubscribe’ facility on a communication we send to you in which case we will take steps to ensure you do not receive any such direct marketing information in future.

4.3 Polls and Surveys

We or third parties may contact you in relation to your participation in polls and surveys, deliver incentives to you to participate in such surveys or polls, or target advertisements to you based on your answers to the poll. We may share the aggregated demographic information in these polls and surveys with our sponsors, advertisers and partners. If, however, we conduct a poll or survey and wish to disclose your Personal Information to any third party, we will first explicitly seek your consent to do so. If a third party conducts a poll or survey and receives your Personal Information, then your Personal Information will be used and disclosed in accordance with the privacy policy of that third party.

4.4 Rate and Review

If you submit a review, rating, photograph or comments in relation to our products and services, you agree that we may publish part or all of your review, rating, photograph or comments together with your first name and surname initial.

5. How your Personal Information may be Disclosed

We do not sell, rent, lease or provide your Personal Information to other entities unless outlined in this Privacy Policy. We may disclose your Personal Information where you have consented or when disclosure is necessary to achieve the purpose for which it was submitted (as outlined above). In addition, we may receive and disclose Personal Information from or to other businesses operated by us, including our associated entities.

5.1 Business Associates and Contractors

We may disclose your Personal Information to organisations that carry out functions on our behalf, or assist us to deliver our services, such as our business associates, contractors, agents or service providers. These third parties may change from time to time. Some examples include:

  • carefully selected suppliers and other third parties with whom we have commercial relationships, for business, marketing and related purposes;
  • couriers and freight suppliers for delivering relevant products to you;
  • financial services providers, such as our banks or third-party suppliers for securing payment of the products or services we provided to you, such as PayPal, AfterPay and, where applicable, debt collectors;
  • technology service providers, such as internet service providers, database management services, data storage providers, website hosting companies, website developers and digital mail providers who send communications on our behalf;
  • sponsors or organisations that partner with us; and
  • our professional advisers, accountants, lawyers and auditors.

You agree that third parties which receive Personal Information from us may use and disclose the Personal Information subject to their respective privacy policies. We endeavour to take reasonable steps to enter into agreements with third parties that collect, store, disclose and retain Personal Information in accordance with the Australian Privacy Principles, except as otherwise required by law.

5.2 Statistical Data

From time to time, we may provide third parties with information in the form of statistical representations about our customers collectively and for the purpose of statistical analysis. Where we provide such information to third parties for this limited statistical purpose, we will not provide Personal Information in such a way that your identity may be obtained.

5.3 Permitted Disclosures by Law

We may also release your Personal Information under the following circumstances:.

  • when required to do so by a court or under applicable laws or regulation (for example, a subpoena) or where requested by a government agency;
  • where we consider a company or an individual may be engaged in fraudulent activity or other deceptive practices that a governmental agency should be made aware of; or
  • to appropriate persons, where your communication suggests possible harm to others.

5.4 International Disclosure

Personal Information, including Personal Information obtained from our website, may be stored, disclosed, processed in or transferred outside of Australia from time to time, for example where we use third-party cloud storage providers that have servers located outside Australia (including in USA, Ireland and Netherlands) for storage of your Personal Information. The countries in which the Personal Information is received may not have data protection laws equivalent to those in force in Australia.

You acknowledge and agree to such international data and information transfers with respect to Personal Information. Clause 8.1 of the Australian Privacy Principles contained in Schedule 1 of the Privacy Act provides that if we disclose Personal Information about an individual to an overseas recipient, then we must take such steps as are reasonable in the circumstances to ensure the overseas recipient does not breach the Australian Privacy Principles in relation to such information. An exception to this is if we obtain your consent. We intend to rely on this exception in the following way. Unless you notify us in writing to the contrary, you will be taken to have consented to the disclosure by us of Personal Information to overseas recipients on the basis that:

  • clause 8.1 of the Australian Privacy Principles will not apply to such disclosure;
  • if the overseas recipient engages in any act that contravenes the Australian Privacy Principles, you will not be able to seek redress under the Privacy Act;
  • the overseas recipient may not be subject to any privacy obligations or to any principles similar to the Australian Privacy Principles;
  • you may not be able to seek redress in the overseas jurisdiction; and
  • the overseas recipient is subject to a foreign law that could compel the disclosure of personal information to a third party, such as an overseas authority.

5.5 Links to Other Sites or Social Platforms

We may provide links to third party websites within our website and social media sites. These linked sites are not under our control, and we do not accept responsibility for the conduct of companies the websites of which are linked to our website. Before disclosing your Personal Information to any third parties on such websites, we advise you to examine the terms and conditions of using that website and its privacy statement.

6. Security

We consider confidentiality of Personal Information collected from you to be of utmost importance.

To prevent unauthorised access to, disclosure, misuse or loss of, or interference with, your Personal Information, we have implemented a number of procedures to safeguard the security and confidentiality of your information including:

  • instructing our staff and advisers who handle personal information to respect the confidentiality of customer information and the privacy of individuals;
  • implementing procedures and installing equipment to safeguard your information; and
  • continually reviewing privacy procedures and arrangements to ensure we are doing all that we can reasonably and technically feasible at the time.

We store the Personal Information in either electronic or hard copy form or other formats. Unfortunately, since no system is 100% secure or error-free, we cannot guarantee that your Personal Information is totally protected, for example, from hackers or misuse. Except to the extent that liability cannot be excluded or limited due to applicable law, we assume no liability or responsibility for disclosure of your Personal Information due to unauthorised third-party access, errors in transmission or other causes beyond our control.

If you enter or upload Personal Information on our website, you should exercise due care to safeguard any passwords and usernames created by you.

We will take reasonable steps to destroy or permanently de-identify any Personal Information from our records and systems which is no longer required by us. We may retain your Personal Information even after you have completed your transactions with us if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes, prevent fraud or abuse or enforce this Privacy Policy and our terms and conditions. We may retain Personal Information for a limited period of time, if requested by law enforcement.

7. How to access and amend Personal Information you provide

We strive to keep your Personal Information accurate, up to date and complete. Our policy enables you to find out what information we hold about you and correct that information if it is wrong.

If you become aware that any Personal Information we hold about you is incorrect or out of date, please let us know immediately. We will be happy to accept updated Personal Information in writing from the owner of that information at any time. However, in order to protect your privacy and security, we will take reasonable steps to verify your identity before granting you access or enabling you to make corrections of your Personal Information. Except where the Privacy Act provides otherwise, we reserve the right to recover any reasonable costs involved in providing extensive access to Personal Information, for example the cost of supplying information held in archives.

Our objective is to respond to any request to access personal information within a reasonable timeframe and no later than thirty (30) days. We will endeavour to inform you if this timeframe is not achievable.

In some circumstances, we may not be in a position to grant access to your Personal Information, such circumstances include where:

  • providing access is likely to pose a serious threat to the safety of an individual or the public;
  • providing access is likely to unreasonably impact on the privacy of others;
  • the request for access is frivolous or vexatious;
  • providing access would reveal information which relates to existing or anticipated legal proceedings or otherwise impact on any negotiations;
  • providing access is unlawful (including being unlawful as directed by a court or tribunal order) or is likely to impact on actions being taken in relation to alleged unlawful activities relating to our functions and activities; or
  • granting access would impact on a commercially sensitive decision-making process.

8. Contact Us

If you have any questions about our Privacy Policy, or have a problem or complaint, please let us know. We will respond to a complaint as soon as possible, but within 10 working days, to let you know who is responsible for managing your complaint. We will also try to resolve the complaint within 30 days. When this is not possible, we will endeavour to contact you within that time to let you know how long it will take to resolve the complaint.

Our contact details are:

Privacy Officer
Sienna Byron Bay
Address: PO Box 387 Byron Bay NSW 2481 Australia
Phone: +61 2 6680 2743

If you believe we have not adequately dealt with your complaint, you may complain to the Privacy Commissioner, whose contact details are found on their website