Privacy Policy

Current as at: 8 May 2025

The trustee for the Alandar Family Trust trading as ‘Lighting Collective’ (ACN 485 971 513) of 1/80 Centennial Circuit, Byron Bay, NSW, 2482 (“we”, “us” or “our”) and our operation of the websited at lightingcollective.com.au or lightingcollective.co.nz (“Websites”) is committed to respecting your privacy.

This privacy policy sets out how we collect, use, process, store, share and disclose your Personal Information on our Websites [our product, being luxury lighting, decorated light fittings and accessories and our services, including Lighting Design Consultations] (together the “Services”) (“Privacy Policy”).

You can view our terms and conditions here or contact our customer service team. Please note that if you are an Lighting Collective Customer, when you signed up for services, you entered into an agreement with Lighting Collective Terms and Conditions, which includes obligations in this Privacy Policy.

Protecting Your Privacy

We are committed to protecting your privacy and respecting and upholding your rights under the Australian Privacy Principles (“APPs”) contained in the Privacy Act 1988 (Cth) and the General Data Protection Regulation (EU 2016/679) (the “GDPR”) and any other relevant laws pertaining to privacy of individuals in jurisdictions which our Services are available (collectively, “Privacy Laws”).

We are a data controller for the purposes of the GDPR. We ensure that we will take all necessary and reasonable steps to comply with the relevant Privacy Laws and to deal with inquiries or complaints from individuals about compliance with the relevant Privacy Laws.

For more information about the National Privacy Principles, see the Federal Privacy Commissioner's website.

Personal Information

By accessing and using our Services, you freely and expressly consent to the collection, use, processing, storage and disclosure of Personal Information by us as set out in this Privacy Policy.

1. What information is collected by the Lighting Collective?

Personal information is any information relating, directly or indirectly, to an identified or identifiable natural person (“Personal Information”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

The type of Personal Information we collect from you includes, without limitation, the following:

Identification and contact details: your full name, mailing address, email address, telephone number(s), date of birth, gender, profession, role and place of work.
Billing Information: credit or debit card information and your ABN.
Traffic Information: your device ID, device type, geo-location information, computer and connection information, screen resolution, site usage, session information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information.
Product Information: details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries.
Provided Information: any additional information relating to you that you provide to us directly or indirectly through use of our Services or through other websites or accounts from which you permit us to collect information, such as related social media sites.
User Content: any information which you publicly post to Lighting Collective or social media sites via our Services.
Survey/feedback information: information you provide to us through customer surveys or requests for feedback.
Biographical information: information provided when you inquire about or apply for a position with Lighting Collective; and
any other Personal Information that may be required to facilitate your dealings with us.

2. How Do We Collect Your Personal Information?

We will collect Personal Information only by lawful and fair means and never in an unreasonably intrusive way. Generally, we will collect your Personal Information:

directly from you, where you provide information to us or interact with us;
automatically in the course of using our Services; and
from our business partners or other third-party sources that provide consumer data, such as information about your interests, demographic information, and marketing details.

If you use a pseudonym when dealing with us or you do not provide identifiable information to us, we may not be able to provide you with any or all of our services as requested. If you wish to remain anonymous when you use our Services, do not sign into it or provide any information that might identify you.

We require individuals to provide accurate, up to date and complete Personal Information at the time it is collected.

3. We do not collect senstive Personal Information

We will not collect sensitive Personal Information or special categories of Personal Information (as defined under the relevant Privacy Laws) from you. We ask that you do not send us, or do not disclose, any sensitive personally identifiable information (such as information related to racial or ethnic origin, sex life or sexual orientation, political opinions, religious or other beliefs, genetic or biometric data, health criminal background or trade union membership) on or through our Services. If you do provide any sensitive Personal Information, we will require that you provide express consent to us collecting that information as part of you using our services.

4. Information about Minors

Our Services are not intended for users under the age of 18. We acknowledge that the definition of a “minor” changes between jurisdictions, however we do not knowingly seek or collect Personal Information from any children below the age of 18 years. Any Personal Information found to have been provided by a user under the age of 18 will be removed as soon as possible, cease the use of that information and deactivate any related account.

5. How Your Personal Information is used

We use, process and disclose your Personal Information for the purposes for which the information is collected, or for a directly related purpose, including (but not limited to):

providing our Services to you;
administering, protecting, improving or optimising our Services (including performing data analytics, conducting research and for advertising and marketing purposes);
manage, operate and improve our services and grow our business, including understanding our customer base and the effectiveness of our marketing, events, promotional campaigns and publications, and diagnose or fix technology problems;
creating industry reports from de-identified data;
verifying your age;
billing you for purchasing our products and service;
conducting draws, contests, surveys, rewards and other promotional activities sponsored or managed by us;
informing you about our Services, draws, products, services, rewards, surveys, contests, or other promotional activities or events sponsored or managed by us;
responding to any inquiries or comments that you submit to us;
verifying your identity;
access, recruit and hire staff;
perform any other function that we believe reasonable and necessary to protect the security or proper functioning of our Services;
any other purpose you have consented to; and
any use which is required or authorised by a relevant Privacy Law, including detecting, investigating and preventing conduct which may violate our policies, are fraudulent or illegal and protect the rights of Lighting Collective, you or others.

Where we:

have your express consent (which you may withdraw at any time by contacting us in writing);
have a legal basis; or
are otherwise permitted by relevant Privacy Laws,

We may use and process your Personal Information to send you information about products and services we believe are suited to you and your interests or we may invite you to attend special events.

At any time, you may opt out of receiving direct marketing communications from us. Unless you opt out, your consent to receive direct marketing communications from us and to the handling of your Personal Information as detailed above will continue. You can opt out by following the unsubscribe instructions included in the relevant marketing communication, or by contacting us in writing.

6. Who we may need to Disclose your Personal Information to

We may disclose your Personal Information to:

Service Providers: third-parties we ordinarily engage from time to time to perform functions on our behalf for the above purposes set out in section 5.
Analytics: as a part of providing you with, measuring and improving our service, we engage with analytics providers who collect information utilising tracking technologies on our Website and software to measure visits and traffic on our Website or servers which provide you the Services.
Related Bodies: We may share information with other entities in the Lighting Collective corporate group, for purposes consistent with this Privacy Policy.
Consented Parties: any person or entity to whom you have expressly consented to us disclosing your Personal Information to.
External Advisors: our external business advisors, auditors, lawyers, insurers and financiers.
Payment Providers: our payment processing service provider to enable billing transactions.
Legal: any person or entity to whom we are required or authorised to disclose your Personal Information to in accordance with the relevant Privacy Laws.

Disclosure of your Personal Information to Service Providers

We will only disclose any Personal Information you have provided to any entity outside of the Lighting Collective company if it is necessary and appropriate to facilitate the purpose for which your Personal Information was collected pursuant to this Privacy Policy. This may include, but is not limited to, disclosing information to the following service providers:

Shopify (for Site, online store transactions, etc)
Klaviyo (Email Marketing)
Gorgias (Customer Service Communications)
Slack (Internal Communications).

When entering into a transaction with us you expressly and freely consent to your Personal Information being disclosed or transferred to such Recipients. We will take steps reasonably necessary to ensure your Personal Information is treated securely and in accordance with this Privacy Policy. We use reasonable endeavours to ensure that each Recipient receiving your Personal Information is bound by the relevant Privacy Laws (including the standard contractual clauses approved by the European Commission). The standard contractual clauses are available on the European Commission’s website.

7. How We Store and Protect Your Personal Information

We take all reasonably necessary measures to protect the information we collect through our Services which are stored in electronic copy. We take reasonable steps to protect your Personal Information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your Personal Information.

However, we cannot guarantee the absolute security of any Personal Information transmitted over the internet and therefore you disclose information and Personal Information to us at your own risk. We will not be liable for any unauthorised access, modification or disclosure, or misuse of your Personal Information and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law.

We may disclose your Personal Information to third party recipients such as our payment processing provider Shopify Pay. As at the date of this Privacy Policy, such third-party recipients (“Recipients”) are located in countries including Australia, New Zealand, USA and other countries whose laws may not be recognised by the EU Commission as providing an adequate level of protection to Personal Information.

If we no longer need your Personal Information for any of the purposes set out in this Privacy Policy, or as otherwise required by the relevant Privacy Laws, we will take such steps as are reasonable in the circumstances to destroy your Personal Information or to de-identify it.

8. What is our Legal Basis?

Under the GDPR, we must have a legal basis to process Personal Information collected from individuals residing in the European Union. We rely on several legal bases to process your Personal Information, including:

where it is necessary to provide you with access to, and use of, products, services and websites;
for our legitimate interests to provide, operate and improve our Services;
where you have freely and expressly consented to the processing of your Personal Information by us, which you may withdraw at any time; or
where we are under a legal obligation to process your Personal Information.

9. Cross-Border Disclosure of Personal Information

We may disclose your personal information to third party recipients located in or outside of the jurisdiction in which Personal Information is provided in order to provide our Services to you. As at the date of this Privacy Policy, such third-party recipients are located in Australia, New Zealand and USA. It is possible that additional third parties from other countries may be recipients in the future.

In order to protect your information, we take care where possible to work with subcontractors and service providers who we believe maintain an acceptable standard of data security compliance.

When entering into a transaction with us you consent to your Personal Information being disclosed or transferred to such third-party recipients and you acknowledge and agree that we have no obligation to take such steps as are reasonable in the circumstances to ensure that the information that is transferred or disclosed to the third-party recipients will be treated in a manner that is consistent with the Relevant Laws. You also agree that insofar as the law allows, we have no liability to you or anyone else for any breach by the Recipient of the Relevant Laws.

10. Direct marketing and Communications

Where we:

have your express consent (which you may withdraw at any time by contacting us in writing);
have a legal basis; or
are otherwise permitted by relevant Privacy Laws,

We may use and process your Personal Information to send you information about products and services we believe are suited to you and your interests or we may invite you to attend special events.

11. Cookies

We use cookies, web beacons and similar technologies (collectively “Cookies”) on our Websites. By accessing or using these Websites, you agree that we can store and access Cookies in accordance with this Privacy Policy. You will be able to accept or reject the collection of Cookies by us.

Cookies are small files that can be stored on and accessed from a user’s device when the user accesses a website. They enable authorised web servers to recognise you across different websites, services, devices and browsing sessions.

Cookies can be used to improve your experience whilst shopping (including remembering what was in your cart between visits). A cookie is a small data file that is sent to and shared with your computer. You can control the use of cookies via the settings on your browser.

We may use Cookies to enable users to access and use our Websites and Services, including to:

identify users of our Websites and Services;
process user requests;
improve user experience;
remember user preferences on our Site;
monitor the use of our Site and for analysis of our user base;
facilitate communication with users;
control access to certain content on our Site; and
protect our Site.

You can delete and refuse to accept browser Cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of the Websites. Unless you have adjusted your browser setting so that it will refuse Cookies, our system will issue Cookies when you direct your browser to our Website.

Below is a list of cookies that we use. We’ve listed them here so that you can choose if you want to opt out of cookies or not.

session_id - unique token, allows Shopify to store information about your session (referrer, landing page, etc).
shopify_visit - no data held, persistent for 30 minutes from the last visit and used by our website provider’s internal stats tracker to record the number of visits.
shopify_uniq - no data held, expires midnight (relative to the visitor) of the next day and counts the number of visits to a store by a single customer.
cart - unique token, persistent for 2 weeks and stores information about the contents of your cart.
secure_session_id - unique token, sessional
storefront_digest - unique token, indefinite if the shop has a password and used to determine if the current visitor has access.

13. Notices Specific to Certain Jurisdictions

We are dedicated to ensuring that individuals in certain jurisdictions have access to their privacy rights as provided by the Privacy Laws of your jurisdiction. We have set out details below dependent on your location.

Australia

You have the right to both ask:

for access to Personal Information that we hold about you; and
that we correct Personal Information we hold about you.

If you ask, we must within a reasonable timeframe give you access to your Personal Information and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.

We will notify you in writing and explain our reasons if we refuse to give you access to, or correct, your Personal Information.

European Economic Area

For the purposes of the GDPR, we are a ‘data controller’ of your Personal Information. Under the GDPR, an individual residing in the European Union has enhanced privacy rights, including a right to:

require us to correct any Personal Information held about you that is inaccurate or incomplete;
require the deletion of Personal Information concerning you in certain situations;
data portability for Personal Information you provide to us;
object or withdraw your consent at any time to the processing of your Personal Information;
object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you; or
otherwise restrict our processing of your Personal Information in certain circumstances.

Should we decline you access to your Personal Information, we will provide a written explanation setting out our reasons for doing so. These rights are limited in some situations – for example, we can demonstrate that we have a legal requirement to process your Personal Information. In some instances, this means that we may retain some data even if you withdraw your consent.

We may charge a reasonable fee that is not excessive to cover the charges of retrieving your Personal Information from our customer account database. We will not charge you for making the request.

If you believe that we hold Personal Information about you that is not accurate, complete or up-to-date, then you may request that your Personal Information be amended. We will respond to your request to correct your Personal Information within a reasonable timeframe, and you will not be charged a fee for correcting your Personal Information.

14. Access, Management or Deleting your Personal Information

Under the GDPR, an individual residing in the European Union has enhanced privacy rights, including the right to:

require us to correct any Personal Information held about you that is inaccurate or incomplete;
require the deletion of Personal Information concerning you in certain situations;
data portability for Personal Information you provide to us;
object or withdraw your consent at any time to the processing of your Personal Information;
object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you; or
otherwise restrict our processing of your Personal Information in certain circumstances.

Subject to some exceptions provided by the relevant Privacy Laws, you may request access to your Personal Information in our customer account database, or seek correction of it, by contacting us). Should we decline you access to your Personal Information, we will provide a written explanation setting out our reasons for doing so.

We may charge a reasonable fee that is not excessive to cover the charges of retrieving your Personal Information from our customer account database. We will not charge you for making the request.

If you believe that we hold Personal Information about you that is not accurate, complete, or up to date, then you may request that your Personal Information be amended. We will respond to your request to correct your Personal Information within a reasonable timeframe, and you will not be charged a fee for correcting your Personal Information.

15. Third Party Sites and Services

Our Services may contain links to other third-party websites and services including social media networks. This Privacy Policy applies solely to information collected by us via our Services.

16. Contacting Us

If you require further information regarding our Privacy Policy or wish to make a privacy complaint, please contact contacting us in writing; or send mail to: 1/80 Centennial Circuit, Byron Bay, NSW, 2482.

Questions and Contact Information

For inquiries about privacy or to access, correct, amend, or delete your personal information, contact our Privacy Compliance Officer or mail us at:

Lighting Collective
Re: Privacy Compliance Officer
1/80 Centennial Circuit
Byron Bay, NSW 2481

17. Notices and Revisions

We reserve the right to modify this Privacy Policy in whole or in part from time to time without notice. Non-material changes and clarifications will take immediate effect, and material changes will take effect 30 days after the posting of the amended Privacy Policy on the Website.

18. Enforcement

We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personally identifiable information that cannot be resolved between us and the individual.