Privacy policy

ToolDrop Pty Ltd Privacy Policy

Introduction

ToolDrop Pty Ltd (ToolDrop, we, our, or us) is an Australian e-commerce platform serving tradespeople and small businesses. We respect your privacy and are committed to protecting your personal information. Our Privacy Policy is designed to be clear and comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It explains what personal information we collect, how we collect and use it, when we may share it, and how we keep it secure. It also outlines how you can access or correct your information, make a privacy complaint, and how to contact us with any concerns.

This Privacy Policy applies to all users of ToolDrop’s website, online store and services, and to all personal information we handle in the course of our business. By using our services or providing your personal information to us, you agree to the practices described in this Policy.

What Personal Information We Collect

We only collect personal information that is reasonably necessary for our business functions and activities as an e-commerce platform. The types of personal information we may collect include:

  1. Identity and Contact Details: Your name, business or company name (if applicable), email address, postal address, billing address, phone number, and other contact information.

  2. Account Information: If you create an account with us, we collect your login details such as username and password (which is stored in an encrypted form), and any preferences or profile information you save in your account.

  3. Order and Transaction Information: Details of the products or services you have ordered from us, including order dates, items purchased, quantities, special instructions, and any relevant delivery information. We also keep records of your transaction history with ToolDrop.

  4. Payment Information: Payment details you provide when making a purchase. For example, credit or debit card information and billing details. Note: We use secure third-party payment processors (such as Shopify Payments and PayPal) to handle your payments. Your card details or bank account information are transmitted directly to these providers and are not stored by us in full. We may keep a record of the payment method used (e.g. the type of card, last four digits, or a transaction ID) for order reference and security.

  5. Feedback and Communications: Any information you choose to give when you contact us or interact with us. This includes emails, phone calls, or online chat inquiries you send to our customer support, feedback you provide about our products or services, responses to surveys, and content of reviews or testimonials you submit. For example, if you email us a question or provide feedback on a product, we will collect and store that correspondence.

  6. Marketing Preferences: Your preferences regarding marketing communications. For instance, whether you have opted-in to receive newsletters or promotional offers, and your communication preferences (such as via email or SMS). We may also record engagement with our marketing (e.g. if you open an email or click a link) to understand what interests you, as allowed by law.

  7. Website Usage and Analytics Data: When you visit or use our website or online store, we collect some information about your device and browsing actions. This may include your IP address, device type, browser type, browser language, access times, pages viewed, clicks and navigation paths, and the webpage you visited before coming to our site. We may use cookies, pixels, and similar tracking technologies to collect this data (see How We Collect Your Information below). This information is generally not used to identify you personally, but if it can be or is combined with other data to identify you, we treat it as personal information.

  8. Additional Information You Provide: Any other personal information you voluntarily provide to us. For example, this could include your social media handle if you interact with our social media pages, or additional details if you enter a promotion or competition that we run. If you participate in any optional programs (like a loyalty program or refer-a-friend), we will collect any information needed for those programs.

We do not typically collect sensitive information (such as information about your health, ethnicity, political opinions, etc.) in the course of our normal business. We will only collect sensitive information with your consent and if it is necessary for a specific service (which is uncommon for our e-commerce activities).

How We Collect Your Information

We collect personal information in several ways, always by fair and lawful means:

  1. Directly from You: The most common way we collect information is when you provide it to us directly. For example:

  1. When you create an account on our website, you input your name, email, password, and possibly other details.

  2. When you place an order or make a purchase, you provide us with contact and payment details so we can process the transaction and deliver your items.

  3. If you fill out forms on our site (such as a contact form, request a quote, or submit feedback), we collect whatever information you enter into those forms.

  4. When you communicate with us via email, phone, or online chat, or when you provide feedback or reviews, we will collect the information you share. For instance, if you call customer service, we may record details of the conversation for training and record-keeping, and if you email us, we will retain the email content.

  5. If you subscribe to our newsletter or opt-in to marketing, we collect your name and email (and confirmation that you consent to receive marketing).

  1. Automatically through Technology: We use cookies and similar tracking technologies to automatically collect certain information about your interactions with our website:

  1. Cookies: Cookies are small data files stored on your browser. Our website uses cookies to remember your preferences (e.g. keeping you logged in, storing items in your cart) and to gather statistical data about how people use our site (like which pages are visited most). Cookies help us improve your experience (for example, by understanding usage patterns and customising content). You can disable cookies through your browser settings, though some features of our site may not function properly without them.

  2. Analytics Tools: We use third-party analytics services such as Google Analytics. These tools use cookies and scripts to collect usage data (as described in Website Usage and Analytics Data above) and report website trends. This helps us understand things like how many people visit our site, how they find us, and which pages or products are most popular. Google Analytics may collect information like your IP address and combine it with information from other websites you visit as part of their analytics services. The information provided to us by Google Analytics is aggregated and does not identify you personally. However, if you wish to opt out of Google Analytics tracking, Google provides a browser add-on for this purpose.

  3. Advertising Pixels: We use marketing and advertising tools such as the Meta Pixel (Facebook Pixel). This is a piece of code on our site that sends information to Meta (Facebook/Instagram) about your visit. It helps us with remarketing – for example, showing you relevant ToolDrop ads on Facebook or Instagram after you’ve visited our site. The information shared may include that you visited our site or performed certain actions (like adding an item to cart). This information is generally not identifiable to us by name, but it may be linked to your Facebook profile by Meta if you are a Facebook user. You can control how Meta uses your data through your Facebook privacy settings (e.g., you can opt out of seeing targeted ads by adjusting your ad preferences on Facebook).

  4. Log Files: Our servers automatically record certain data when you use our site, such as your IP address, browser type, time of access, and any errors or crashes. We use this data for security monitoring and to troubleshoot and improve our services.

  1. From Third Parties: In some cases, we might receive personal information about you from third parties:

  1. Payment Providers: If you choose a third-party payment option like PayPal, they will send us information necessary to confirm your payment (for example, your name, email and a confirmation that payment was successful). We handle this information according to this Privacy Policy, but note that any information you provide to PayPal (or similar platforms) is also governed by their privacy policy.

  2. Social Media or Connected Services: If our website ever offers an option to log in or register via a third-party account (for instance, Google or Facebook login), and you choose to use it, you will be asked to consent to those providers sharing certain information with us (such as your name and email). We would only receive information that you authorise us to receive. (Note: Currently, ToolDrop’s account system uses direct sign-up with email/password, but if in future we enable social logins, we will collect and handle data from those logins in accordance with this Policy.)

  3. Referrals or Gifts: If someone else provides your personal information to us, for example, by purchasing a ToolDrop product to be sent to you or referring you to our service, we collect that information as provided. Typically, this might include your name, contact details, and the context (e.g., "this is a gift for John, here’s his address"). We assume that when someone provides us with another person’s personal information, they have obtained consent from that person or are otherwise authorised to do so.

  4. Public Sources: We generally do not collect personal data from public sources. However, if we need to verify information or reach a business contact, we might use publicly available information (for instance, we might confirm a business address from a public website if you provided a business name).

If you provide us with personal information about someone else (such as a colleague or friend’s details for a referral, or a recipient’s details for a delivery), you must have their consent or authority to do so. By giving us information about another person, you are confirming that you have the right to do so and that they are aware of this Privacy Policy.

How We Use Your Information

We collect personal information primarily so that we can provide you with our services and products, and to run our business effectively. We will only use your personal information for the purposes for which it was collected, or for related purposes you would reasonably expect, or as permitted or required by law. In particular, ToolDrop may use your personal information for the following purposes:

  1. Providing and Delivering Products and Services: To process your orders and transactions. This includes using your details to fulfill purchases you make: for example, using your name and address to deliver goods, or your email to send order confirmations and receipts. We use payment information to charge you for products you buy. In short, we use your info to complete the transactions you request and provide you with the items or services you expect from us.

  2. Account Management: If you have an account with us, to maintain and administer your account. For example, we use your login credentials to authenticate you, and we may use your contact details to send account-related notifications (such as password reset emails or important account notices). We also use stored preferences (like saved addresses or past order information) to make it easier for you to use our site.

  3. Communication: To communicate with you about your orders and requests. We will use your contact information to send you important updates such as order confirmations, shipping notifications, delivery updates, and any product recall or warranty information if necessary. We also may contact you regarding any customer service issues or to respond to any inquiries you have made. For example, if you reach out with a question about a product or a problem with an order, we'll use your contact info to address it.

  4. Improving Our Website and Services: To analyse, evaluate and improve our offerings. The usage and analytics data we collect help us understand how our website is performing and how users interact with it. We use this information to troubleshoot issues, make the user experience better, and develop new features or products. For instance, we might use browsing data to improve site navigation or layout if we see certain pages are causing users difficulty. We also look at aggregated data (like overall visits, sales trends) to plan our business strategies.

  5. Personalisation: To personalise your experience with ToolDrop. This could include remembering your preferences (so the site can greet you by name or pre-fill your shipping address), recommending products that might interest you based on your browsing or purchase history, or tailoring the content you see on our site or in our emails to be more relevant to you.

  6. Marketing (with Your Consent): To send you marketing communications about our latest products, promotions, or news if you have opted in to receive them. For example, if you subscribe to our email newsletter or agree to receive SMS alerts, we will use your contact details to send those to you. These communications might include special offers, new product announcements, or helpful articles and tips related to our products and services. You can opt out of marketing communications at any time – see Direct Marketing and Opting Out below.

  7. Advertising: To provide you with relevant advertising and remarketing. We may use information about your product interests and site interactions to show you targeted ads on third-party platforms. For example, using Meta Pixel and similar tools, if you looked at certain tool products on our site, we might later show you an ad for those or similar products on Facebook or Google. This usage is subject to the privacy settings you have with those third-party platforms. We do not share information that identifies you by name for third-party marketing without your consent; rather, we use hashed or device information and work with advertising networks to reach audiences with similar interests.

  8. Collecting Feedback: We might use your contact information to request feedback on your experience or to invite you to review a product you purchased. Providing feedback is entirely optional, but if you do, we may use it (with your consent) in our marketing or on our website to help other customers (for example, publishing a product review under your first name).

  9. Legal Compliance and Protection: To comply with our legal obligations, and for safety and security purposes. For instance:

  1. We may use and retain transaction records to fulfill record-keeping requirements (for example, for taxation, accounting, and regulatory compliance).

  2. We may use personal information to prevent fraud or detect security issues. If we suspect fraudulent activity (like a stolen credit card), we might use information to investigate and take action.

  3. If required, we will use or disclose personal information to fulfill laws or regulations, such as responding to a lawful request by a government agency or a court order.

  4. We may use information to enforce our Terms and Conditions, to protect our rights, privacy, safety or property, and/or that of our customers or others.

  1. Other Purposes with Your Consent: If we ever need to use your personal information for a purpose not listed here, we will seek your consent if required. For example, if we plan to use your photograph or personal testimonial in our promotional material, we would ask for your permission. Also, if at the time of collection you were informed of a specific additional purpose (for instance, if you entered a competition and we stated we’d use your details to administer the competition), we will use the information for that purpose as well.

We do not sell or rent your personal information to third parties for their own marketing purposes. We use your information only in ways that you would reasonably expect or as explained to you in this Policy. If at any time you are unsure why we are asking for information, you are welcome to ask us.

Direct Marketing and Opting Out

We will only send you direct marketing communications (such as promotional emails, special offers, or newsletters) if you have given your consent or if you would reasonably expect to receive such communications from us (for example, in the context of a sale or inquiry, as permitted by law). We aim to make opting in or out of marketing clear and simple:

  1. Opting In: Typically, when you provide your email or other contact details to us (for example, when creating an account or completing a purchase), we may ask if you would like to receive marketing messages from ToolDrop. This might be a checkbox saying "Yes, send me updates and offers" or similar. You can choose whether to tick this box. We will only add you to our marketing list if you affirmatively opt in (or in certain situations allowed by law, such as being an existing customer who might reasonably expect communications about similar products – but even then, we will always provide a clear opt-out mechanism in every message).

  2. Content of Marketing: Our marketing communications may include news about new tool products, special promotions or discounts, invitations to give reviews or participate in loyalty programs, or other information about our e-commerce platform that we think may be useful to tradespeople and small business customers.

  3. Unsubscribing: You can unsubscribe or opt out from marketing communications at any time. Every marketing email we send will include an "unsubscribe" link at the bottom. By clicking that link and following the instructions, you will be removed from our mailing list. If we send SMS marketing (texts), those messages will include instructions on how to stop receiving texts (usually replying "STOP" or a provided code will opt you out). You can also opt out by contacting us directly – send us an email at any time at tom@tooldrop.au or call us at 0412 259 254 and let us know you no longer wish to receive marketing communications. We will promptly update your preferences.

  4. Opting Back In: If you change your mind later, you can always subscribe again to our newsletters or marketing emails via our website or by contacting us.

  5. No Fee or Penalty: There is no charge for opting out of marketing, and doing so will not affect any other dealings you have with us. You will still receive transactional or essential communications (for example, we will still send you emails about your orders or any product recall notices if applicable, even if you opt out of marketing, because those are not promotional – they are part of the service you have requested).

  6. Third-Party Marketing: ToolDrop will not provide your personal information to other companies for them to market their products to you without your explicit consent. If our marketing involves a partnership or co-promotion with another organisation, we would either get your direct consent to share information or we would send the communication on behalf of the partner (so your details aren’t disclosed to them unless you engage with that partner directly).

We comply with the Spam Act 2003 (Cth) and other applicable laws, which require that we only send commercial electronic messages with consent and that such messages include a functional unsubscribe mechanism. Our aim is to ensure any marketing we do is welcomed and relevant. If you feel you have received marketing from us that you did not consent to, please contact our Privacy Officer (see Contact Us below) so we can promptly address the issue.

When We Share Your Information

ToolDrop understands that your personal information is important, and we are careful about how and when we share it with others. We do not sell your personal data to third parties. However, in the normal course of running our business, we may disclose (share) your personal information to certain trusted third parties for the purposes outlined in this Privacy Policy. The types of organisations and scenarios in which we might share information are:

  1. Service Providers (Processors): These are companies and contractors who help us operate our business and provide services to you. We only share with them the information that is necessary for them to perform their functions, and we require them to handle your data securely and in accordance with privacy law. Key service providers include:

  1. Shopify: ToolDrop’s website and online store are hosted on the Shopify platform. Shopify Inc. provides the e-commerce infrastructure that allows us to manage our website, shopping cart, and order processing. When you provide personal information to us (such as when creating an account or placing an order), that information is stored in Shopify’s systems. Shopify holds this data on our behalf. They are a major service provider with robust security practices, and they are bound by privacy obligations. (For more on how Shopify handles data, you can refer to Shopify’s own privacy policy available on their website.)

  2. Payment Processors: We use third-party payment services to handle transactions. This includes Shopify Payments (which is the payment gateway integrated with our Shopify store) and PayPal (if you choose to pay via PayPal). These payment providers receive your payment details directly to process payments. For example, when you enter your credit card information at checkout, that data may go straight to Shopify’s payment processing system or to PayPal, and they then confirm to us that the payment was completed. We share necessary information with them such as the purchase amount and order details, and in return they may provide us confirmation and your name/email for receipt purposes. These providers are responsible for securely handling your financial information and are subject to their own stringent privacy and security standards.

  3. Shipping and Logistics Partners: In order to deliver your orders, we work with courier and postal services (e.g., Australia Post, courier companies, or freight providers). We will share the necessary details with these companies so they can deliver the products to you. This typically includes your name, delivery address, contact phone number (so the driver can reach you if needed), and sometimes your email (for tracking updates). These partners are only allowed to use this information for the purpose of delivering your order or arranging delivery times.

  4. Technology and IT Service Providers: We use various other tech providers to support our operations. For instance, we may use cloud data storage or backup services (such as Google Cloud or Amazon Web Services) to store information, or an email service to send out communications (for example, an email service provider to send our newsletters or order confirmations). We ensure any such providers we use have appropriate security measures. These providers may have access to some of our data for storage or technical support, but they are not allowed to use it for any other purpose.

  5. Analytics and Advertising Partners: As noted under How We Collect Your Information, we use third-party analytics and advertising services such as Google Analytics and Meta (Facebook) Pixel. These partners directly collect information through our website via cookies or pixels. We consider this a form of “sharing” because data about your site usage is sent to these partners. We use the aggregated insights they provide (e.g., website traffic reports, ad conversion tracking). In some cases, we might also share limited data with these partners to better target or measure our advertisements – for example, we might upload a list of customer email addresses to an advertising platform like Facebook or Google to create a “custom audience” (only if we have the right to do so, and typically such data is hashed and used solely to match our customers on their platform, not for the platform’s own use). These partners are also bound by their own privacy policies. You can opt out of certain data sharing with these advertising partners by adjusting your privacy settings on those platforms or by contacting us.

  1. Business Partners and Affiliates: Currently, ToolDrop Pty Ltd operates as a single business entity and we do not share data with any parent or affiliate companies for their own use (aside from service providers named above). If in future we were to have related companies (under common ownership) that share data, we would update this policy to reflect that. We would only share info within our corporate group as needed for similar purposes outlined in this policy (for example, if a related company helps provide a service you requested).

  2. Legal and Regulatory Disclosure: We may disclose personal information when required by law or necessary to comply with legal processes. For example:

  1. If we receive a subpoena, court order, or request from a law enforcement agency or regulator (such as the Office of the Australian Information Commissioner), and we are legally compelled to provide certain information, we will do so.

  2. We may share information if we believe it’s necessary to investigate or report unlawful activity, suspected fraud, or a violation of our terms of service. This could involve sharing details with the police or other appropriate authorities.

  3. If necessary to protect the rights, property, or safety of ToolDrop, our customers, or the public, we might share relevant information. For example, if someone is threatening harm or vandalism, we might provide information to law enforcement for safety.

  1. Professional Advisors and Insurance: From time to time, we may need to share certain information with our professional advisors (such as lawyers, accountants, or auditors) or our insurers. This would only be done as needed for those parties to provide services to us (for instance, our accountants might see transaction records that include personal information when preparing financial statements, or our legal counsel might need details of a customer interaction if it relates to a legal claim). These advisors are bound by confidentiality obligations and privacy laws.

  2. Business Transfer or Sale: If ToolDrop ever undergoes a business transition such as a merger, acquisition, or sale of the company or its assets, your personal information may be disclosed to the new owner or the party acquiring the business as part of that process. We would only do this as part of due diligence or transfer arrangements in such a transaction, and we would seek to ensure that any recipient of your information in that context agrees to handle it in a manner consistent with this Privacy Policy. Your personal information would of course remain subject to this Policy (or one of equivalent standards) even after the transfer – the new owner would essentially step into our shoes in terms of respecting your privacy.

  3. With Your Consent or At Your Direction: Aside from the above scenarios, we will disclose your personal information to a third party only if you consent or ask us to do so. For instance, if you specifically request that we share your details with a third-party service provider for your own purposes, or you enter a joint promotion that explicitly states we will share data with the co-sponsor (and you agree by participating), we will do so in accordance with that consent.

In all cases of sharing, we strive to limit the information to only what is necessary for that third party to carry out their function. We also have contracts or agreements in place with many of our service providers to ensure they treat your personal information with confidentiality and security, and use it only for the agreed purpose. If a third party is located overseas, we take additional steps as described in the next section.

Overseas Disclosures

As an online business utilising modern technologies, some of the personal information we collect may be stored, processed, or accessed in countries outside of Australia. This can happen in a few ways:

  1. Our Service Providers Abroad: Key third-party service providers we use might have servers or offices in other countries. For example:

  1. Shopify is a Canadian-based company, and the data for our store may be stored on servers located in the United States, Canada, or other locations where Shopify operates data centres.

  2. Our analytics and advertising partners, such as Google and Meta (Facebook), are headquartered in the United States and operate globally. The information collected through tools like Google Analytics and Meta Pixel will likely be transmitted to and stored on servers in the U.S. (and possibly other countries).

  3. Other tech providers (cloud storage, email services, etc.) may also use global cloud infrastructure, which can span multiple countries (for example, data might be backed up on servers in the European Union, Asia, or the U.S., depending on the provider).

  1. Direct International Transactions: If you are using our services from outside Australia or if we ship goods internationally (if applicable), your information might naturally cross borders to fulfil that service (e.g., providing your address to an overseas courier partner if we deliver outside Australia).

We understand that when personal information is transferred to overseas recipients, those recipients may not be bound by Australian privacy laws (the APPs). However, our policy is to take reasonable steps to ensure that any overseas recipient of personal information will handle it in a manner consistent with the standards that apply here in Australia. These steps may include:

  1. Only use reputable service providers who have robust privacy and security practices. (For instance, companies like Shopify, Google, and Meta have published commitments to user privacy and data protection.)

  2. Contractual arrangements: where possible, we include data protection clauses in our contracts with overseas providers, requiring them to protect the information and use it only for the services they provide to us.

  3. Utilising services that certify to international frameworks or standards (for example, some providers might adhere to EU General Data Protection Regulation (GDPR) standards or other international privacy frameworks, which often align closely with Australian principles).

While we do our best to safeguard your data when it’s sent overseas, it’s important to note that foreign laws (for example, U.S. laws) may allow government or security agencies in those countries to access personal data in certain circumstances. By using our services and providing your information, you acknowledge that your personal information may be transferred to and processed in overseas countries as described.

If you would like to know more about our overseas data practices or specific countries where your data might be stored, you can contact our Privacy Officer (see Contact Us section) and we’ll provide as much detail as we can.

How We Keep Your Information Secure

ToolDrop takes the security of your personal information very seriously. We have implemented a range of measures to protect your data from misuse, interference, loss, and unauthorised access, modification or disclosure. We understand that no system can be 100% secure, but we strive to follow best practices and continually improve our safeguards. Our security measures include:

  1. Secure Data Storage: Personal information you provide to us is stored on secure servers. For our online store and database, we rely on Shopify’s security infrastructure which includes protective measures like firewalls and encryption. Shopify's data centres are highly secured and designed to keep information safe. Additionally, other cloud services we use (for backups or communications) are chosen in part for their strong security reputations.

  2. Encryption: Our website is encrypted using SSL/TLS technology. This means that when you enter personal information on our site (for example, during account registration or checkout), the data is encrypted in transit to our servers. You can usually see a padlock icon in your browser address bar which indicates a secure connection. For payment transactions, sensitive information (like credit card numbers) is transmitted directly to the payment processor over encrypted connections and is not exposed in plain text.

  3. Access Controls: We restrict access to personal information to those employees, contractors, and service providers who need to know that information in order to process it for us. ToolDrop staff and any third-party contractors are subject to confidentiality obligations. All ToolDrop employees are trained on the importance of privacy and security. Internal policies prevent unauthorised access – for example, staff can only access customer data through secure administration portals with individual login credentials, and only if necessary for their role (such as assisting a customer with an order).

  4. Password Protection: If you have an account with us, your password is stored in hashed form (not readable by humans). We urge you to keep your account password confidential and to choose a strong password to help us protect your data. We will never ask you to reveal your password via phone or email. If you forget your password, we provide a secure password reset process via your registered email.

  5. Firewalls and Network Security: Our systems use firewalls and monitoring tools to guard against unauthorised access. We regularly update our software and apply security patches to protect against vulnerabilities. We also use anti-malware and anti-virus solutions to prevent malicious attacks.

  6. Payment Security: As noted, we use PCI-DSS compliant payment processors (Shopify Payments, PayPal). This means the handling of credit card information meets strict industry security standards. ToolDrop itself does not store your full card details on our own servers to minimise risk.

  7. Monitoring and Testing: We monitor our systems for potential vulnerabilities and attacks. Suspicious activities are investigated promptly. We may also perform security testing and audits (directly or via third-party specialists) on our website and systems to identify and address potential weaknesses.

  8. Data Retention and Disposal: We retain personal information only for as long as it is needed for the purposes outlined in this Policy, or as required by law (for example, we might keep invoice records for at least 7 years for tax purposes). When personal information is no longer needed, we take reasonable steps to destroy it or permanently de-identify it. For instance, paper records would be shredded or incinerated, and electronic data might be securely erased or anonymised such that it can no longer be associated with you.

  9. No Guarantee: While we are committed to protecting your data, it’s important to understand that no method of electronic transmission or storage is completely foolproof. We cannot guarantee absolute security of information, especially information transmitted via the internet (for example, emails or web forms can have security limitations beyond our control). However, once we receive your data, we apply the above safeguards to protect it on our systems.

If you believe that your interaction with us or your information might no longer be secure (for example, if you suspect that your ToolDrop account has been compromised or you receive suspicious communication claiming to be from us asking for personal details), please notify us immediately (see Contact Us below) so we can investigate and take appropriate measures.

Access and Correction of Personal Information

Your rights: We want to make sure that the personal information we hold about you is accurate, up-to-date, and complete. Under Australian privacy law, you have the right to access the personal information we hold about you, and to request correction of any information that is inaccurate, out-of-date, or incomplete.

Accessing your information:

  1. If you wish to access the personal information ToolDrop holds about you, the easiest way is often to log into your ToolDrop account (if you have one). In your account dashboard, you may be able to view or download certain information such as your contact details and order history.

  2. For information not directly accessible via your account, or if you don’t have an online account, you can make a formal request to us. Please contact our Privacy Officer (see Contact Us section below) and let us know what information you would like to access. To protect your privacy, we will need to verify your identity before providing access – for example, we might ask you to put your request in writing and provide a copy of a valid ID or at least verify some key account details.

  3. We will respond to access requests within a reasonable timeframe. Our goal is to handle straightforward requests as quickly as possible (often within 30 days). If the request is complex or involves a large volume of information, we will let you know if we need more time.

  4. In normal circumstances, we will grant you access to your information in the manner you request (for example, by providing you with a copy of the records via email or mail). There is no charge for making an access request. However, in some cases, we may charge a reasonable administrative fee to cover the cost of retrieval and supply if, for example, the information is extensive. If a fee is necessary, we will inform you of the likely cost and get your agreement before proceeding.

  5. Exceptions: In a few situations, we might not be able to give you the access you requested. For instance, we may refuse access if:

  1. Providing access would pose a serious threat to the life, health or safety of any individual, or to public health or safety;

  2. Giving access would have an unreasonable impact on the privacy of others (for example, if the information also contains personal data of another person and it’s not possible to separate it);

  3. The request is frivolous or vexatious;

  4. The information relates to existing or anticipated legal proceedings and would not normally be accessible through legal discovery processes;

  5. Giving access would reveal our intentions in negotiations with you in a way that prejudices those negotiations;

  6. Giving access would be unlawful or denying access is required or authorised by law (for example, if a law enforcement agency directs us not to give access due to an ongoing investigation);

  7. Giving access could prejudice the prevention, detection, investigation or prosecution of unlawful activity or serious misconduct;

  8. Or if the information is commercially sensitive evaluative information (for example, in a business decision-making process).

If we refuse access on any of these grounds, we will provide you with a written explanation of the reasons (except to the extent that giving a reason would undermine security or another person’s privacy) and inform you of any steps you can take in response (such as complaining to the OAIC, as outlined below).

Correcting your information:

  1. It’s important to us that your details are correct. If you notice that any personal information we have about you is inaccurate, incomplete, or out-of-date, you have the right to request that we correct it.

  2. Self-service: Many corrections can be made by you directly. If you have an online account, you can log in and update certain details (for example, you can change your contact information or shipping address in your profile settings).

  3. Contact us for corrections: If there’s information you can’t update yourself, or you don’t have an account, please contact our Privacy Officer with details of the information that needs to be corrected and what the correct information is. We may ask for some verification or evidence if necessary (for example, if you claim your date of birth is wrong in our records, we might ask for proof to ensure accuracy).

  4. We will respond to correction requests promptly. If we agree the information is incorrect, we will update it and confirm with you that we have done so. In cases where we made the incorrect information available to others (for instance, if we had provided incorrect info to a third-party service provider during business), upon your request and if practical, we will also notify them of the correction.

  5. If we do not agree that the information is incorrect (in some rare cases, we might have a reason to believe our record is accurate), we will let you know our reasons and note your request. You then have the right to provide a statement (of reasonable length) explaining what you believe is incorrect and why. If you provide us with such a statement, we will attach it to your record so that it is read alongside the information in question.

  6. There is no charge for requesting corrections.

We encourage you to keep your personal information with ToolDrop up to date. Accurate information helps us to serve you better (for example, an updated address ensures your deliveries go to the right place).

Making a Privacy Complaint

Your privacy is very important to us, and we aim to handle personal information in accordance with the law and your expectations. However, if you have a concern or believe we have breached your privacy (for example, if you think we’ve handled your personal information inappropriately or in breach of the APPs or this Privacy Policy), we want to hear about it and address it. Here’s how you can make a complaint and how we will handle it:

  1. Contact Us First: Please send your privacy complaint to our Privacy Officer (see Contact Us section below for contact details). You can put your complaint in writing via email or letter, as this often helps with clarity. Include as much detail as possible about your concern: what happened, what personal information it involves, who you dealt with (if applicable), and what you would like us to do to resolve the issue. If you prefer to discuss by phone initially, you can call our Privacy Officer, but we may still ask for a written summary to ensure we fully understand your concern.

  2. Our Acknowledgment: We will acknowledge receipt of your complaint as soon as possible (generally within a few business days). We may contact you to clarify any details or ask for further information if needed. This step ensures we completely understand the issue from your perspective.

  3. Investigation: We will then conduct an investigation into the matter. The Privacy Officer will work with the relevant ToolDrop personnel (and potentially any affected service providers) to gather facts, review what happened, and determine if there was a breach or mishandling of personal information. We will treat your complaint confidentially and with seriousness.

  4. Outcome and Response: After our investigation, we will provide you with a written response. We aim to do this within 30 days of receiving the complaint. If the matter is complex and we need more time, we will let you know about the delay and the reason. Our response will outline the findings of our investigation and any steps we have taken or will take to address your concern. If we find that we did not comply with our obligations, we will explain how we plan to correct the issue or improve our practices. If there was a misunderstanding or we believe we complied, we will still explain the situation and why we think our actions were appropriate (with reference to this Policy or the law, as relevant).

  5. Taking it further: We genuinely hope to resolve all complaints directly with our customers in a satisfactory manner. However, if you are not happy with our response or how we handled your complaint, you have the right to escalate the matter. In Australia, the supervisory authority for privacy is the Office of the Australian Information Commissioner (OAIC). The OAIC can investigate privacy complaints and has the power to enforce the Privacy Act. You can contact the OAIC to lodge a complaint. Please note that the OAIC generally encourages individuals to attempt to resolve issues with the organisation first (which is why we ask you to contact us before going to the OAIC).

  1. OAIC Contact Details: Website: www.oaic.gov.au (there is an online privacy complaint form available on the OAIC’s site). Phone: 1300 363 992. Mail: GPO Box 5218, Sydney NSW 2001.

  2. If you decide to contact the OAIC, do so as soon as possible after receiving our response to your complaint. The OAIC may ask whether you have raised the issue with us first and what the outcome was.

We appreciate the opportunity to address any complaints and improve our practices. Your feedback helps us ensure we maintain the highest standards of privacy protection.

Policy Updates

This Privacy Policy may be updated or revised from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We reserve the right to modify this Policy at any time, but if we do so, we will post the updated version on our website and change the "Last updated" date (usually found at the top or bottom of the Policy page).

Latest Version: This Policy is current as of the date at the top of this document. Whenever we update the Policy, that date will be revised. We encourage you to check back periodically to review the latest version.

Notification of Changes: If a change is significant, we may also take additional steps to notify you of the update. For example, we might display a notice on our website’s homepage or notify registered users via email or a pop-up notice. This is to ensure you are informed of any important changes in how we handle personal information.

By continuing to use our services or website after any changes to this Privacy Policy take effect, you will be deemed to have accepted the updated Policy. If you do not agree with any aspect of the updated Policy, you should immediately discontinue using our services, and you may contact us if you have specific concerns.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please do not hesitate to contact us. We are here to help and address any issues.

Privacy Officer: Tom Allison
Email: tom@tooldrop.au
Phone: 0412 259 254

You can reach out to our Privacy Officer for any of the following reasons:

  • To ask questions about this Policy or our data practices.

  • To request access to or correction of your personal information.

  • To opt out of marketing communications.

  • To lodge a privacy complaint or provide feedback.

We will do our best to assist you and provide a prompt response. Your privacy matters to us, and we welcome your communication.

Thank you for trusting ToolDrop with your personal information. We value your business and your trust, and we are committed to safeguarding your privacy every step of the way.