Privacy policy

Last updated: July 26, 2026

Onya operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience. These are referred to in this Privacy Policy as the "Services".

Onya is powered by Shopify, which enables us to provide the Services to you.

This Privacy Policy describes how we collect, use and disclose your personal information when you visit, use or make a purchase or other transaction using the Services, or otherwise communicate with us.

If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use and disclosure of your information as described in this Privacy Policy.

PERSONAL INFORMATION WE COLLECT OR PROCESS

When we use the term "personal information", we are referring to information that identifies you or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified so that it cannot identify or be reasonably linked to you.

We may collect or process the following categories of personal information, including inferences drawn from this personal information, depending on how you interact with the Services, where you live, and as permitted or required by applicable law:

Contact details including your name, address, billing address, shipping address, phone number and email address.

Financial information including credit card, debit card and financial account numbers, payment card information, financial account information, transaction details, form of payment, payment confirmation and other payment details.

Account information including your username, password, security questions, preferences and settings.

Transaction information including the items you view, put in your cart, add to your wishlist, purchase, return, exchange or cancel, and your past transactions.

Communications with us including the information you include in communications with us, for example when sending a customer support inquiry.

Device information including information about your device, browser or network connection, your IP address and other unique identifiers.

Usage information including information regarding your interaction with the Services, including how and when you interact with or navigate the Services.

PERSONAL INFORMATION SOURCES

We may collect personal information from the following sources:

Directly from you, including when you create an account, visit or use the Services, communicate with us, make a purchase, sign up to marketing, submit a form or otherwise provide us with your personal information.

Automatically through the Services, including from your device when you use our products or services or visit our website, and through the use of cookies, pixels and similar technologies.

From our service providers, including when we engage them to enable certain technology, process payments, fulfil orders, provide customer support, provide analytics, support marketing or otherwise process your personal information on our behalf.

From our partners or other third parties.

WHAT DO WE DO WITH YOUR INFORMATION?

When you purchase something from Onya, as part of the buying and selling process, we collect the personal information you give us such as your name, billing address, shipping address, phone number, email address and payment details.

When you browse our store, we also automatically receive your computer’s internet protocol (IP) address and other technical information in order to provide us with information that helps us learn about your browser, device, operating system and how customers use our website.

Email and SMS marketing, if applicable: With your permission, we may send you emails, SMS messages or other marketing communications about our store, new products, promotions and other updates.

HOW WE USE YOUR PERSONAL INFORMATION

Depending on how you interact with us or which of the Services you use, we may use personal information for the following purposes:

Provide, tailor and improve the Services. We use your personal information to provide you with the Services, including to perform our contract with you, process your payments, fulfil your orders, remember your preferences and items you are interested in, send notifications to you related to your account, process purchases, returns, exchanges or other transactions, create, maintain and otherwise manage your account, arrange for shipping, facilitate returns and exchanges, enable you to post reviews, and create a customised shopping experience for you, such as recommending products related to your purchases. This may include using your personal information to better tailor and improve the Services.

Marketing and advertising. We use your personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, SMS or other channels, and to show you online advertisements for products or services on the Services or other websites, including based on items you have previously purchased, viewed, added to your cart or interacted with on the Services.

Security and fraud prevention. We use your personal information to authenticate your account, provide a secure payment and shopping experience, detect, investigate or take action regarding possible fraudulent, illegal, unsafe or malicious activity, protect public safety and secure our services. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We recommend that you do not share your username, password or other access details with anyone else.

Communicating with you. We use your personal information to provide you with customer support, respond to your inquiries, provide effective services to you and maintain our business relationship with you.

Legal reasons. We use your personal information to comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies, to investigate or participate in civil discovery, potential or actual litigation, or other legal proceedings, and to enforce or investigate potential violations of our terms or policies.

CONSENT

How do you get my consent?

When you provide us with personal information to complete a transaction, verify your payment method, place an order, arrange for a delivery, return or exchange a purchase, we imply that you consent to our collecting it and using it for that specific reason only.

If we ask for your personal information for a secondary reason, such as marketing, we will either ask you directly for your express consent or provide you with an opportunity to say no.

How do I withdraw my consent?

If, after you opt in, you change your mind, you may withdraw your consent for us to contact you or for the continued collection, use or disclosure of your information at any time by contacting us at info@onyaeyewear.com.au.

You may also opt out of receiving promotional emails at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional communications, such as those about your account, orders, shipping, returns or customer service inquiries.

DISCLOSURE

We may disclose your personal information if we are required by law to do so, if you violate our Terms of Service, or where disclosure is reasonably necessary for the operation of our store, order fulfilment, payment processing, fraud prevention, delivery, returns, customer support, marketing, advertising or website analytics.

HOW WE DISCLOSE PERSONAL INFORMATION

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

With Shopify, vendors and other third parties who perform services on our behalf, such as IT management, payment processing, data analytics, customer support, cloud storage, fulfilment, shipping, returns, marketing, advertising, email, SMS, review collection and website analytics.

With business and marketing partners to provide marketing services and advertise to you. For example, we may use Shopify and other third-party services to support personalised advertising based on your online activity with our store and other websites. Our business and marketing partners will use your information in accordance with their own privacy notices.

When you direct us, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship products to you, process your payment, connect with social media platforms or use third-party integrations.

With our affiliates or otherwise within our corporate group.

In connection with a business transaction such as a merger, acquisition, sale of assets, restructure or bankruptcy, to comply with any applicable legal obligations, including to respond to subpoenas, search warrants and similar requests, to enforce any applicable Terms of Service or policies, and to protect or defend the Services, our rights, and the rights of our users or others.

SHOPIFY

Our store is hosted on Shopify Inc. Shopify provides us with the online ecommerce platform that allows us to sell our products and services to you.

Your data may be stored through Shopify’s data storage, databases and the general Shopify application. Shopify stores your data on secure servers behind a firewall.

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you.

Information you submit to the Services may be transmitted to and shared with Shopify, as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services for you.

In addition, to help protect, grow and improve our business, we may use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our store, along with other merchants and with Shopify.

To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our store, along with other merchants and with Shopify. In these circumstances, Shopify may be responsible for the processing of your personal information, including for responding to your requests to exercise your rights over the use of your personal information for these purposes.

To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy and Shopify Privacy Portal.

PAYMENT

If you choose a direct payment gateway to complete your purchase, your payment information is processed securely by Shopify and our payment service providers. Payment information is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS).

Your purchase transaction data is stored only for as long as is necessary to complete your purchase transaction and to meet legal, accounting, fraud prevention and business record keeping requirements. After that, your purchase transaction information is deleted or retained only as required by law or our service providers’ policies.

All direct payment gateways are required to adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which includes brands such as Visa, Mastercard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

THIRD-PARTY SERVICES

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

These providers may include, but are not limited to, payment gateways, payment transaction processors, shipping providers, fulfilment providers, email marketing platforms, SMS marketing platforms, review platforms, analytics providers, advertising platforms, customer support tools and fraud prevention services.

Certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the way your personal information will be handled by them.

In particular, certain providers may be located in, or have facilities located in, a different jurisdiction than either you or us. If you proceed with a transaction that involves the services of a third-party service provider, your information may become subject to the laws of the jurisdiction or jurisdictions in which that service provider or its facilities are located.

Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

THIRD-PARTY WEBSITES AND LINKS

The Services may provide links to websites or other online platforms operated by third parties.

If you follow links to websites not affiliated with or controlled by us, you should review their privacy and security policies and other terms and conditions.

We do not guarantee and are not responsible for the privacy or security of such websites, including the accuracy, completeness or reliability of information found on those websites.

Information you provide on public or semi-public venues, including information you share on third-party social networking platforms, may also be viewable by other users of the Services and users of those third-party platforms without limitation as to its use by us or by a third party.

Our inclusion of links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

SECURITY

To protect your personal information, we take reasonable precautions and follow industry best practices to help make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL). Although no method of transmission over the internet or electronic storage is 100% secure, we follow PCI-DSS requirements and implement additional generally accepted industry standards.

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee perfect security. In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecured channels to communicate sensitive or confidential information to us.

SECURITY AND RETENTION OF YOUR INFORMATION

How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, provide you with the Services, comply with legal obligations, resolve disputes, prevent fraud, keep business records or enforce other applicable contracts and policies.

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

COOKIES

Here is a list of cookies that may be used by our store. We have listed them here so you can choose whether you want to opt out of cookies or not.

_session_id, unique token, sessional, allows Shopify to store information about your session, such as referrer, landing page and other session information.

_shopify_visit, no data held, persistent for 30 minutes from the last visit, used by our website provider’s internal stats tracker to record the number of visits.

_shopify_uniq, no data held, expires midnight relative to the visitor of the next day, counts the number of visits to a store by a single customer.

cart, unique token, persistent for 2 weeks, stores information about the contents of your cart.

_secure_session_id, unique token, sessional.

storefront_digest, unique token, indefinite. If the shop has a password, this is used to determine if the current visitor has access.

We may also use cookies, pixels and similar technologies from third-party services to help us understand website traffic, improve our website, measure marketing performance, personalise content and show relevant advertising.

Depending on where you reside, you may have rights to opt out of certain uses of cookies, targeted advertising or the sale or sharing of personal information as defined by applicable privacy laws.

CHILDREN'S DATA AND AGE OF CONSENT

The Services are not intended to be used by children, and we do not knowingly collect personal information about children under the age of majority in your jurisdiction.

By using this site, you represent that you are at least the age of majority in your state, territory or province of residence, or that you are the age of majority in your state, territory or province of residence and you have given us your consent to allow any of your minor dependants to use this site.

If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.

As of the effective date of this Privacy Policy, we do not have actual knowledge that we share or sell, as those terms are defined in applicable law, personal information of individuals under 16 years of age.

YOUR RIGHTS AND CHOICES

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. These rights are not absolute, may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law.

Right to access or know. You may have a right to request access to personal information that we hold about you.

Right to delete. You may have a right to request that we delete personal information we maintain about you.

Right to correct. You may have a right to request that we correct inaccurate personal information we maintain about you.

Right of portability. You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.

Right to opt out of sale or sharing for targeted advertising. Depending on where you reside, you may have a right to opt out of the sale or sharing of your personal information, or to opt out of the processing of your personal information for purposes considered to be targeted advertising, as defined in applicable privacy laws.

Managing communication preferences. We may send you promotional emails or SMS messages, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails or following the opt-out instructions in our SMS messages. If you opt out, we may still send you non-promotional communications, such as those about your account, orders, shipping, returns or customer service inquiries.

If you reside in the United Kingdom or European Economic Area, and subject to exceptions and limitations provided by local law, you may have the following rights in addition to the rights outlined above:

Objection to processing and restriction of processing. You may have the right to ask us to stop or restrict our processing of personal information for certain purposes.

Withdrawal of consent. Where we rely on consent to process your personal information, you have the right to withdraw this consent. If you withdraw your consent, this will not affect the lawfulness of any processing based on your consent before its withdrawal.

You may exercise any of these rights where indicated on the Services or by contacting us using the contact details provided below.

To learn more about how Shopify uses your personal information and any rights you may have, including rights related to data processed by Shopify, you can visit the Shopify Consumer Privacy Policy and Shopify Privacy Portal.

We will not discriminate against you for exercising any of these rights.

We may need to verify your identity before we can process your request, as permitted or required under applicable law. In accordance with applicable laws, you may designate an authorised agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we may require that the agent provide proof that you have authorised them to act on your behalf, and we may need you to verify your identity directly with us.

We will respond to your request in a timely manner as required under applicable law.

COMPLAINTS

If you have complaints about how we process your personal information, please contact us using the contact details provided below.

Depending on where you live, you may have the right to appeal our decision by contacting us using the contact details set out below, or to lodge your complaint with your local data protection authority.

INTERNATIONAL TRANSFERS

Please note that we may transfer, store and process your personal information outside the country you live in.

If we transfer your personal information out of the European Economic Area or the United Kingdom, we will rely on recognised transfer mechanisms such as the European Commission's Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the United Kingdom, as relevant, unless the data transfer is to a country that has been determined to provide an adequate level of protection.

CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time, so please review it frequently.

Changes and clarifications will take effect immediately upon their posting on the website.

If we make material changes to this policy, we will notify you here that it has been updated so that you are aware of what information we collect, how we use it and under what circumstances, if any, we use or disclose it.

If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.

CONTACT

If you would like to access, correct, amend or delete any personal information we hold about you, exercise any privacy rights available to you, register a complaint, or simply want more information about our privacy practices or this Privacy Policy, please contact us at:

info@onyaeyewear.com.au

For the purpose of applicable data protection laws, Onya is the data controller of your personal information.