Who we are: The Chase Hub Pty Ltd (ACN 690 304 360) is an online-only Australian business focused on trading card games (particularly Pokémon). We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and share your personal information in compliance with the Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). We have drafted this policy in clear, friendly language so you can easily understand our practices.

Scope (online interactions only): This Privacy Policy applies to personal information collected through our website and other online interactions with The Chase Hub. Because we operate exclusively online, we do not collect personal information in person or through any offline means.

What is "personal information"? In this policy, personal information means any information that can identify you as an individual (either on its own or combined with other info). This includes obvious things like your name and contact details, as well as other details that can identify you. For example, even your computer's IP address or purchase history can be personal information if it can be linked to you.

By using our website or providing your personal information to us, you agree to the practices described in this Privacy Policy. We may update this policy from time to time, and we will let you know of any major changes. If you ever have any questions or concerns about your privacy, please contact us (see the Contact Us section at the end). We're here to help.

We only collect personal information that we need for our business and to provide services to you (in line with the "reasonable necessity" principle under Australian privacy law). The types of personal information we collect include:

• Contact Details: Your name, email address, and delivery/postal address. We may also collect your phone number (for example, to assist with delivery or to contact you about your orders).
• Account Information: If our website allows account creation, we would collect login credentials (such as a username and password) and any profile details you provide.
• Order and Payment Information: Details you provide when making a purchase. This includes information needed to process payment (e.g. credit card numbers or PayPal details) and order details (items purchased, special instructions, etc.). Note: For payments, we use trusted third-party payment processors that handle your credit card or payment data securely on our behalf. We do not permanently store full credit card numbers on our own servers for security reasons.
• Delivery Information: The shipping address where you want us to send your orders, and any necessary details for delivery (such as recipient name and contact number for the courier).
• Communications: Copies of communications you send us or we send you. For example, if you email us with a question or interact via our website chat/support, we may keep those messages. This helps us track and resolve any issues and improve our customer service.
• Website Usage Information: When you use our site, we collect some information about your visit automatically. This may include your IP address, browser type, device information, and how you navigated our site (e.g. which pages you viewed, links clicked, and the time you spent on pages). This data is generally collected via cookies and similar tracking technologies (explained below) and helps us understand and improve your online experience.
• Other Information You Choose to Provide: You might provide additional personal details if you take part in optional activities. For example, if we run a promotion, survey, or you post a product review or comment, we would collect whatever information you provide in those contexts. We will always make it clear what information is optional.

We do not collect sensitive information (such as your health, religion, or political beliefs) as we have no need for it in our trading card business. We focus only on the types of personal info listed above, which are necessary for us to operate our website and provide products/services to you.

Directly from you: In most cases, we collect personal information directly from you. You provide information to us when you:

• Create an account or profile on our website.
• Place an order for products (entering your name, address, email, payment info, etc.).
• Fill out any forms on our site (such as a contact form, newsletter sign-up, or contest entry).
• Communicate with us via email, social media, or other channels (for example, if you send us an inquiry or respond to a customer service request).

Whenever we ask for your personal details, we will endeavor to let you know why we need it if it's not obvious. You are free to not provide information, but keep in mind this might affect our ability to do certain things (for instance, we can't ship an order without a delivery address, or we can't respond to your email inquiry if you don't provide a return email address).

Automatically through our website: We also collect some information automatically when you interact with our online services:

• Our website uses cookies and similar technologies (like web beacons or pixels) to collect data about your browsing activities on our site. For example, when you visit The Chase Hub site, our systems (or third-party tools we use) may log your IP address, the date/time of your visit, the pages you looked at, and what link or website brought you to our site.
• We use analytics tools (such as Google Analytics) that use cookies to gather information on how visitors use our site. This gives us aggregated insights (for example, how many people visited a page and what country they are in) but not personal details like your name.
• We may also use advertising pixels (such as the Facebook Pixel) on our site. These pixels help us understand the effectiveness of our Facebook/Instagram ads – for instance, they tell us if someone who clicked an ad later made a purchase on our site. The data from these pixels is provided to us in a way that does not reveal your identity (we don't see your personal Facebook profile information; we just see that "someone" did X after clicking an ad).

From third parties: In general, we do not obtain personal information about you from third-party sources, except via the tracking tools mentioned (which collect data about your site usage) or perhaps in rare cases where a third-party referral is involved (for example, if you participate in a promotion run jointly with a partner and they share info with us – but we would inform you if that happens). The core principle is that you know about and control the personal information you give us.

What are cookies? Cookies are small text files that our website asks your browser to store on your device. Cookies serve various purposes – they can make your experience better by remembering your preferences, and they also help us understand how people use our site. We also use analogous tracking technologies like pixels or web beacons (tiny invisible images or code). These tools work in conjunction with cookies to gather usage information.

How we use cookies/trackers:

• Essential functions: Some cookies are necessary for our website to function properly. For example, if our site has a shopping cart, a cookie remembers the items in your cart as you browse. If you log into an account, cookies may keep you logged in during your session. These cookies ensure basic functionalities work.
• Analytics: We use cookies from third-party analytics providers (like Google Analytics) to collect information about how visitors use our site. This includes data such as the pages visited, how long you stay on each page, what you click on, and general information about your device or location (e.g., IP address and country). We use this information to improve our website's design, to fix navigation issues, and to ensure we're offering content that users find valuable. All analysis is done on aggregated data – e.g., total number of visitors, most popular pages – not on tracking individual users by name.
• Advertising and social media pixels: We may use tools like the Facebook Pixel for advertising purposes. For instance, the Facebook Pixel helps us show you relevant ads on Facebook or Instagram based on your visit to our site, and it lets us measure how effective our ads are. If you're logged into Facebook, the pixel can note that you took an action (like visiting our site or buying something) after seeing our ad, but it does not reveal your personal identity to us. It simply helps us reach people who are interested in our products and measure advertising performance. Similarly, we might use other advertising cookies or pixels for platforms like Google Ads, etc., to show you relevant promotions.

Your choices: When you first visit our site, you might see a notice about cookies. By continuing to use our site, you are taken to consent to our use of cookies as described in this policy (in Australia, explicit opt-in for cookies is generally not required, but we want to inform you). If you prefer, you can disable cookies or clear them using your web browser settings. Most browsers allow you to block or delete cookies. However, please note: If you disable cookies, some features of our website may not work properly. For example, you may not be able to stay logged in, add items to a cart, or use certain interactive features if cookies are turned off. We recommend leaving cookies on for the best experience, but the choice is yours.

We do not use cookies or tracking tools to collect sensitive personal data or to snoop on anything on your computer outside of your interactions with our site. All cookies and tracking activities we employ are intended to improve your experience and our services in line with standard e-commerce practices. For more details on our cookies (or to change your preferences), you can contact us anytime.

We collect your personal information to operate our business and provide services to you. In simpler terms, we use the information we have about you to serve you and to improve your experience. Here are the specific purposes for which The Chase Hub may use your personal information:

• To process and fulfill your orders: We use your details to process transactions and deliver your purchases to you. For example, we use your name and address to ship your Pokémon cards to the right place, and your payment information to collect payment for the order. We'll also use your contact information to send you order confirmations, receipts, shipping updates, or to reach out if there's an issue with your order.
• To communicate with you: We may use your email or phone number to communicate about things you've asked about or that are necessary for our services. This includes responding to inquiries you send us, providing customer support, notifying you of any changes to our services or policies, and sending service-related announcements. We aim to be respectful with communications – we won't spam you. Typically, you'll hear from us when it's important: for example, if you've requested info, if there's a problem with a delivery, or a significant update from our business.
• For marketing (with your consent): If you join our mailing list or otherwise opt in, we will use your contact details to send you newsletters or promotional offers. These might include updates on new trading card products, special deals, or events that we think you'll find interesting. You are fully in control – if at any time you don't want marketing emails, you can easily opt out by clicking the "unsubscribe" link in an email or letting us know to remove you from the list. We will promptly honor all opt-out requests (no questions asked). We may also use information about your past orders or site visits to tailor our marketing (for instance, showing you a new set of Pokémon cards if you've purchased similar items before), but we do so in accordance with privacy laws that allow direct marketing only under certain conditions. We provide simple ways to opt out of any direct marketing at any time.
• To improve our website and services: The usage information we collect (via cookies and analytics) is used to understand what we're doing well and what we could do better. For example, knowing which pages are most popular or where users spend the most time helps us optimize our website layout and content. We might notice, for instance, that many users search for a particular card set – that could tell us to stock more of it or make it easier to find. In short, we analyze user behavior in aggregate to make The Chase Hub more user-friendly, relevant, and enjoyable for our community.
• For security and fraud prevention: We may use personal information to keep our website, business, and users safe. This includes monitoring for fraudulent transactions or unauthorized access. For example, we might use IP address data to detect multiple failed login attempts (as a security precaution) or to verify that an order is not coming from a known fraudulent source.
• To comply with legal obligations: We are required by law to keep certain records and may need to use personal information to fulfill our legal and regulatory obligations. For instance, we maintain transaction records for accounting and taxation purposes. If required, we might use or disclose personal information to comply with a law, regulation, court order, or an official request (e.g., fulfilling obligations under the Privacy Act or assisting in a law enforcement investigation if we receive a lawful request). We will only do so in accordance with the law.

We will only use your personal information for the purposes for which we collected it (the "primary purpose"), or for closely related purposes you'd reasonably expect, or as otherwise permitted by law. If we ever need to use your information for a new purpose that isn't related to the original reason, we'll seek your consent first (unless an exception under privacy law applies).

We understand that sharing your information with others is a big deal. Rest assured, we do not sell or trade your personal information to any third parties for their own marketing or profit – no exceptions. However, like most businesses, we do rely on reputable third-party companies and services to help us run our operations. We may disclose (share) some of your personal information to these trusted partners, but only as necessary for them to perform services on our behalf or to fulfill the purposes described above.

Who we may share information with:

• Payment processors: We use established payment processing companies (for example, credit card gateways or services like PayPal or Stripe) to handle customer payments securely. When you make a purchase, your payment details are transmitted to the payment processor which then charges your card or account. This means the payment processor will receive your payment information and possibly some identifying information (like your name or email to send a receipt). These processors are PCI-DSS compliant and specialize in keeping your financial data safe. (We ourselves do not store your full credit card data.)
• Delivery and logistics partners: In order to deliver your orders, we share necessary details with postal or courier services (such as Australia Post or other delivery companies). This typically includes your name, delivery address, and maybe a contact phone number for delivery purposes. They use this info only to get your package to you.
• Technology and IT service providers: We rely on third-party companies for various tech services. For example, our website might be hosted on a cloud server or web hosting service, we might use cloud storage or database providers to store data, and we could use other software tools (like customer relationship management or inventory management systems). These providers may "hold" or process personal data (e.g., your information might be stored on their servers) as part of the service they offer to us. We only choose providers that have strong security and privacy policies, and we only provide the information necessary for them to do their job. For instance, our cloud storage provider will have our database with your order info so we can run the website.
• Analytics and advertising partners: As mentioned in the Cookies section, we use services like Google Analytics and Facebook Pixel. These third parties collect usage information via cookies/pixels on our site. The information (such as your IP address or device ID and browsing activity) is shared with those companies so that we can receive aggregated reports and so that they can facilitate targeted advertising (like showing our ads to you on other platforms). Importantly, this data does not include your name or direct contact info, and it's generally used in aggregate form. For example, Google Analytics might tell us "200 users visited the product page this week" and allow us to see broad demographic info, but not who each user was. Similarly, Facebook might use the fact you visited our site to show you an ad, but we don't receive a list of names from them. These companies have their own privacy policies to explain how they treat your data; we encourage you to read those if you're interested.
• Marketing communication platforms: If we send out email newsletters or promotions, we may use an email service provider platform (for example, MailChimp, SendGrid, or similar) to manage our mailing list. If you are subscribed, your name and email address would be stored in that platform in order for us to send you emails. Those platforms operate under strict confidentiality and only use your info to send our communications on our behalf. You can unsubscribe at any time as noted above.
• Professional advisors or regulators: This is generally only if necessary. For instance, we have accountants and maybe auditors who might incidentally see transaction records that include personal information (e.g., your name on an invoice) – they are bound by confidentiality. In rare cases, we might need to share info with legal advisors (lawyers) if a situation requires legal advice involving your data (for example, if there's a dispute). Also, if required by law or regulatory requirement, we might have to provide information to government authorities or law enforcement (e.g., to comply with a tax audit or a lawful data request). We will only do so when legally obligated or to protect our rights as allowed under privacy laws.

Our expectations of third parties: Any third-party service providers we engage are required to handle your personal information in accordance with applicable privacy laws and only for the purposes we specify. We choose partners carefully and aim to work with companies that have strong privacy and security standards. For example, our service providers typically have their own privacy policies and agreements that align with the requirements of the Australian Privacy Principles. They are not permitted to use your personal information for anything other than the specific service they are providing to us. We take reasonable steps to ensure these third parties keep your data secure and confidential.

Cross-border disclosure (your data overseas): Some of our service providers or the services we use might be located in, or store data in, countries outside Australia. In particular, many technology companies (like cloud hosting, email, and analytics providers) are based in or have servers in the United States or other countries. This means the personal information we hold about you may be processed or stored on servers located outside Australia. For example, if we use a US-based email service or if our website is hosted on an overseas cloud server, your data might pass through or be stored in those countries.

When we disclose information overseas, we remain committed to protecting your privacy: We will take reasonable steps to ensure any overseas recipient of your personal information handles it in a way that is consistent with Australia's privacy laws and this policy. This might include contractual arrangements to ensure they protect your data. However, it's important to note that if your information is stored in another country, it will be subject to the laws of that country as well. Those laws may differ from Australia's. By using our services and providing your information, you consent to this transfer and understand that (as with any global service usage) different privacy regimes might apply. If you have any questions or specific concerns about overseas data storage, please feel free to contact us for more details. (At this time, the main overseas locations involved in our operations are the US-based services mentioned. We will update this policy if new countries become relevant.)

Apart from the circumstances above, we will not share your personal information with any other third parties unless you have given us your consent to do so, or we are required/permitted by law (for example, in response to a legal subpoena or to prevent a serious threat to life, etc.). We do not give or sell your information to other companies for them to use for their own marketing. Your trust is important to us, and we do not monetize your personal data.

Storage methods: Since The Chase Hub operates online, the personal information we collect is predominantly stored in electronic form. This includes secure cloud-based databases, our website's secure servers, and online service platforms we use (as discussed, some of these may be hosted overseas). We do not keep piles of paper forms or physical files containing your data (in fact, because we collect directly online, almost everything is digital). In the rare case we have any physical documents (e.g., a print-out of an order for packing), we handle and dispose of those securely.

Security measures: We take data security very seriously and implement industry-standard measures to safeguard your personal information from loss, misuse, interference, and unauthorized access or disclosure. Some of the key security practices we follow include:

• Encryption: Our website is encrypted using HTTPS (SSL/TLS). This means that when you enter personal information (like your login or payment details), it's encrypted in transit to prevent eavesdropping. We also encourage you to look for the padlock symbol in your browser address bar when interacting with any part of our site that requires personal data entry.
• Secure payment processing: As mentioned, we use PCI-compliant payment gateways. Your sensitive payment details are handled through secure, encrypted channels by these providers. We do not store full credit card numbers on our systems after the transaction is completed.
• Access controls: Access to personal information within our company is restricted to staff or contractors who need to use that information to perform their duties. For example, our fulfillment team needs your address to ship orders, and our support staff might need your info to assist you. All such persons are bound by confidentiality obligations. Our internal systems and computers are password-protected, and we maintain up-to-date security software (like firewalls, antivirus) to prevent breaches. User accounts on our website (if applicable) are also password-protected – please keep your own password safe and let us know if you suspect any unauthorized access to your account.
• Secure facilities: We maintain physical security measures for any devices or backup drives that might contain personal data. For instance, if personal data is stored on a local computer for some reason, that computer is protected and kept in a secure environment. Additionally, the data centers or cloud services we use have robust security certifications and controls in place (for example, major cloud providers have 24/7 security, surveillance, etc. to protect their servers).
• Regular review and training: We periodically review our data handling and security practices to ensure we maintain a high standard. We also stay informed about best practices and may update our security measures as needed. Our team is trained to handle personal information in line with this policy and Australian privacy requirements.

Despite our best efforts, it's important to understand that no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of data. However, we follow all legal requirements and take reasonable steps to protect your info. In the unlikely event of a data breach that is likely to cause serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner as required by the Notifiable Data Breaches scheme.

Retention (how long we keep data): We will keep your personal information only for as long as it is necessary to fulfill the purposes we collected it for, or as required by law. For example, we may retain your purchase records for a number of years to satisfy accounting and tax obligations. If we no longer need your information for any purpose, we will take reasonable steps to destroy it or de-identify it (make it anonymous) in accordance with our legal obligations. For instance, old customer inquiry emails that are no longer needed may be deleted from our systems as part of routine clean-up. We continually review the personal data we hold and erase or anonymize information that is no longer required.

We want you to have control over your personal information. Under the Privacy Act and Australian Privacy Principles, you have the right to access the personal information we hold about you, and the right to request correction of that information if it is inaccurate, out-of-date, or incomplete. In plain language, this means you can ask us, "What information do you have about me?" and we will provide you with a copy of that information (except in certain unusual circumstances discussed below). Similarly, if you think any information is wrong or outdated (for example, you've moved house and the address we have on file is old, or there's a typo in your name), you can ask us to fix it.

How to request access or correction: It's as simple as contacting us (see Contact Us at the end of this policy). You can send us an email requesting access to your info or specifying what needs correction. For your privacy and security, we will likely need to verify your identity before giving out any information – e.g., we might ask you to confirm some details or provide identification to ensure we're releasing data to the right person. Once verified, we will provide the information in a suitable format (usually electronically, like via email, unless you prefer another method). We will also explain things if it's not obvious (for instance, if codes or abbreviations are used in our internal records, we'll help clarify them).

Timeliness and cost: We will respond to your access or correction request as promptly as possible. In general, we will get back to you with the requested information or the correction outcome within a reasonable time. Usually, this will be within 30 days or sooner. We aim to provide this service free of charge. In some cases, if a request is unusually complex or requires significant resources (e.g., retrieving archived data), we may charge a minimal fee to cover the cost, but we will inform you of any fee in advance. For simple requests, there is no charge – we believe you have a right to know what data we have. And we will not charge just for you asking.

If something can't be corrected or provided: There are a few legal exceptions where we might not be able to give you certain information. For example, if giving you access would unreasonably impact someone else's privacy, if it relates to legal proceedings, or if it's commercially sensitive evaluative information. These cases are uncommon in our context. If we ever have to refuse access or refuse a requested correction, we will provide you with a written explanation of the reasons (except where we're not required to by law) and how you can complain if you're not satisfied. We'd also, where appropriate, discuss alternative ways to meet your needs.

Updating your info: If your personal details change (maybe you registered an account on our site and you move or change email), please feel free to update your information by logging into your account (if that feature exists) or by contacting us. Keeping your information current helps us serve you better (imagine sending a package to an old address – we definitely want to avoid that!). We take reasonable steps to ensure the personal information we hold is accurate and up-to-date, but we appreciate your help to correct it when needed.

Correcting records with third parties: If we have disclosed your personal information to a third party (for example, say we gave your old address to a courier for a shipment) and you then update that information with us, you can ask us to notify the third party of the correction. We will take reasonable steps to do so where possible. In practice, many updates (like a new address) would naturally be used in future dealings (the next shipment would use your new address). For historical transactions, we might not always be able to update info that has already been processed (e.g., an order already delivered), but for ongoing services we'll do our best to propagate corrections to relevant parties.

In summary, we're here to help you exercise your rights. Don't hesitate to reach out if you want to see what data we have about you or need something changed. Your data is yours, and we want to make sure you're comfortable with how it's handled.

Your trust is our priority. If you have any questions about this Privacy Policy or how we handle your personal information, or if you have a concern or complaint about your privacy, we encourage you to contact us. We take all privacy inquiries and complaints seriously, and we'll do our best to resolve any issues and put your mind at ease.

How to contact us: The easiest way to reach us is via email. You can contact our team at support@thechasehub.com.au with any questions or concerns.

Response to complaints: If you're contacting us to complain about a privacy issue (for example, if you believe we've mishandled your data or breached this Privacy Policy or the APPs), we will treat it with priority. Our procedure is generally as follows: We will acknowledge your complaint as soon as possible (usually within a few business days) and start an investigation. We may reach out to you for more details if needed. We will then assess the situation, and where something has gone wrong, we will try to fix it. You will receive a response outlining the outcome of our investigation and any steps we have taken (or will take) to address your concern. We aim to resolve all complaints in a timely and fair manner, typically within 30 days or sooner. We appreciate your patience and will keep you informed throughout the process. Our goal is to find a reasonable solution that satisfies you.

If you're not satisfied: We genuinely hope to resolve any privacy issues directly with you. However, if you feel that your complaint has not been handled adequately or your concerns persist, you have the right to escalate the matter to the Office of the Australian Information Commissioner (OAIC) for an independent review. The OAIC is the regulator that oversees privacy law in Australia. You can contact the OAIC by phone at 1300 363 992 or via their website oaic.gov.au. The OAIC can investigate privacy complaints and has the power to enforce the Privacy Act. We do ask that you please try addressing your concerns with us first, as we are keen to resolve it for you directly if possible. But ultimately, the OAIC is there as an external avenue for you.

Additional resources: For general information about privacy rights and obligations in Australia, the OAIC website (mentioned above) is a helpful resource. You can also find the full text of the Australian Privacy Principles and the Privacy Act 1988 on the OAIC site or through the Australian Government's legislation portal.