Free AU shipping over $99 · Buy any 3 candles, save 15% · Afterpay
§ Privacy Policy

Your information, held lightly.

We collect the minimum we need to process your order, send it to you, and keep the tax office happy. We don't sell your data, and we don't email you unless you ask us to.

Last updated · April 2026
Section 01

Who we are

This Privacy Policy applies to Susa Australia (ABN 57 201 086 625), a small candle-making business operating from 117 Manns Road, Darawank NSW 2428, Australia. Susa Australia is the sole operator, and handles any personal information you share with us.

When we say "we", "us" or "our" throughout this page, we mean Susa Australia. When we say "you", we mean you — whether you're a customer, a wholesale enquirer, or just someone browsing the site.

We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). If you're in the UK or EU, we also honour reasonable requests under GDPR even though we're not required to.

Section 02

What we collect, and why

We only ask for what we genuinely need. Here's the full list:

When you place an order

  • Name, email, phone, shipping and billing address — so we can ship the order and email you when it's on its way.
  • Order details — what you bought, when, and for how much. Kept for tax and warranty purposes.
  • Payment details — processed entirely by Stripe. We never see or store your full card number; we only get back a confirmation that payment succeeded.

When you send a contact message or wholesale enquiry

  • Whatever you put in the form — name, business, email, location, the message itself.

Automatically, when you browse the site

  • Standard web log data — your IP address, browser type, pages visited, referring page, time of visit. Used to spot bugs, detect fraud, and understand which pages people find useful.
Section 03

Cookies & analytics

We use a small number of cookies and similar technologies. Each has a specific job:

  • Essential cookies — remember your cart, keep you logged in as a wholesale stockist, and make checkout work. Can't be turned off without breaking the site.
  • Analytics cookiesGoogle Analytics 4, configured with IP anonymisation. Used to count page visits in aggregate. We do not run ad retargeting and we do not build profiles on visitors.

You can block cookies in your browser settings at any time. The site will still work, but your cart won't persist between visits.

Section 04

Who we share with

We share your information with a small number of service providers who help us run the business. Each one is contractually bound to keep your information secure and only use it for the purpose we engage them for.

  • Stripe — payment processing (card, Apple/Google Pay, Afterpay). See stripe.com/au/privacy.
  • Afterpay — when you choose Afterpay at checkout, your details are passed to Afterpay to run their own eligibility check. See afterpay.com privacy policy.
  • Australia Post — shipping carrier. They get your name, shipping address, phone number (for delivery notifications), and the package weight.
  • Our hosting and email providersVercel (website hosting), Resend (contact form email delivery).
  • The Australian Taxation Office — if compelled by law (tax returns, audit).

We do not sell your personal information. Ever.

Section 05

How long we keep things

  • Order records — 7 years (Australian tax law requires this).
  • Wholesale enquiries — kept on file while the business relationship is active, plus 2 years after the last interaction.
  • Contact form messages — kept for as long as we need to resolve the matter, then archived for 2 years.
  • Analytics data — anonymised and aggregated; individual session data rolled up after 90 days.
Section 06

Your rights

You have the right to:

  • Access a copy of the personal information we hold about you;
  • Correct any information you believe is inaccurate;
  • Delete your information, subject to any legal retention obligations (e.g. we can't delete tax records);
  • Complain to the Office of the Australian Information Commissioner (oaic.gov.au) if you believe we've mishandled your information.

To exercise any of these rights, email us at infosusaaustralia@gmail.com with the subject line "Privacy request". We aim to reply within 7 days.

Section 07

Security

We take reasonable steps to protect your information. The site runs over HTTPS with a valid SSL certificate. Payment is handled by Stripe, who are PCI-DSS compliant. Administrative accounts use strong, unique passwords and two-factor authentication.

That said — no system is perfectly secure. If a breach ever affects your information, we'll notify you and the Office of the Australian Information Commissioner within the timeframes required by the Notifiable Data Breaches scheme.

Section 08

Changes to this policy

If we change how we handle your information in a meaningful way, we'll update this page and bump the "Last updated" date at the top. If the change is significant — for example, introducing a new third-party processor or a new data category — we'll flag it on the site before it takes effect.

Old versions are kept on request; email us if you want to see one.

§ Got a question?

Plain English always beats
fine print.

If anything on this page is unclear, email us. We'll answer honestly, and update this page if the answer is useful to other people too.

Email Susa Australia
infosusaaustralia@gmail.com
Susa Australia
117 Manns Road, Darawank NSW 2428
ABN 57 201 086 625