Skip to main content

Privacy Policy

Last updated: 5 February 2026

Who's On First ABN 70 662 050 713 ("we", "us", "our") is committed to protecting your privacy in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains how we collect, use, disclose, and safeguard your personal information when you visit whosonfirst.com.au or interact with our services in-store and online.

1. Information We Collect

Information You Provide

We collect personal information when you:

  • Make a purchase — name, email, phone, billing and shipping address, payment details
  • Create an account — name, email, password (managed via our authentication provider)
  • Subscribe to our newsletter — email address and preferences
  • Contact us — name, email, phone, and the content of your message
  • Enter a promotion or competition — name, email, and any required entry details

Information Collected Automatically

When you visit our website, we may automatically collect:

  • IP address and approximate location
  • Browser type, device type, and operating system
  • Pages visited, time spent, and navigation paths
  • Referring website or search terms
  • Cookies and similar tracking technologies (see our cookie notice)

2. How We Use Your Information

We use your personal information to:

  • Process orders — fulfil purchases, process payments, arrange shipping
  • Communicate with you — send order confirmations, shipping updates, and respond to enquiries
  • Improve our services — analyse website usage, optimise product offerings, and enhance the shopping experience
  • Marketing — send newsletters and promotional offers (only with your consent; you can opt out at any time)
  • Prevent fraud — detect and prevent fraudulent transactions and unauthorised access
  • Legal compliance — meet our obligations under Australian law

3. Information Sharing

We do not sell your personal information. We may share it with trusted third parties who assist us in operating our business:

  • Payment processors — Square processes payments securely; we do not store your full card details
  • Shipping carriers — Australia Post and courier services receive your name and delivery address
  • Email service providers — to send order confirmations and marketing communications
  • Analytics providers — to understand website usage patterns (data is aggregated)
  • Authentication providers — Clerk manages account security and login

We may also disclose personal information where required by law, regulation, or court order, or to protect the rights and safety of our business and customers.

Overseas Disclosure (APP 8)

Some of the third-party services we use may store or process your personal information outside Australia, including in the United States. These include our payment processor (Square), authentication provider (Clerk), hosting infrastructure (Vercel, Render), and image storage (Cloudflare). Before disclosing personal information overseas, we take reasonable steps to ensure the overseas recipient handles your information in accordance with the Australian Privacy Principles.

4. Data Security

We take reasonable steps to protect your personal information, including:

  • SSL/TLS encryption for all data transmitted between your browser and our servers
  • PCI-DSS compliant payment processing through Square
  • Secure hosting infrastructure with regular security updates
  • Access controls limiting who can view personal information
  • Regular review of our data handling practices

While we strive to protect your personal information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

5. Cookies

Our website uses cookies and similar technologies to enhance your browsing experience. These include:

  • Essential cookies — required for the website to function (e.g., shopping cart, authentication)
  • Analytics cookies — help us understand how visitors use our site
  • Preference cookies — remember your settings and choices

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect website functionality.

6. Your Rights

Under the Australian Privacy Act, you have the right to:

  • Access — request a copy of the personal information we hold about you
  • Correction — ask us to correct any inaccurate or out-of-date information
  • Deletion — request deletion of your personal information (subject to legal retention requirements)
  • Opt out — unsubscribe from marketing communications at any time via the link in each email
  • Complain — lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

To exercise any of these rights, please contact us using the details below.

7. Data Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, accounting, and reporting requirements. Order records are retained for a minimum of 7 years as required by Australian tax law.

8. Notifiable Data Breaches

In accordance with Part IIIC of the Privacy Act 1988 (the Notifiable Data Breaches scheme), if we become aware of an eligible data breach that is likely to result in serious harm to any individual whose personal information is involved, we will:

  • Promptly notify the affected individuals
  • Notify the Office of the Australian Information Commissioner (OAIC)
  • Include in our notification the type of information involved, what happened, and recommended steps you can take

9. Children's Privacy

Our website is not directed at children under 16. We do not knowingly collect personal information from children without parental consent. If you believe we have collected information from a child, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

You can also contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by phone on 1300 363 992.