Party Source

Privacy Policy

Last updated: July 2026

1. About this policy

This Privacy Policy explains how Party Source Pty Ltd (ABN 62 658 803 420), trading as Party Source (“we”, “our”, “us”), collects, uses, holds, discloses, and protects your personal information. We are committed to handling your personal information in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs).

By using our website, shopping with us in store or online, joining our rewards program, or otherwise providing us with your information, you agree to the handling of your personal information as described in this policy.

2. The personal information we collect

Depending on how you interact with us, we may collect:

  • Identity information: your name, and (if you join our rewards program) your date of birth, which we use for birthday rewards and age-related eligibility.
  • Contact information: email address, phone number, and billing and delivery addresses.
  • Order and transaction information: the products you buy, order history, amounts paid, delivery or pickup details, and messages you add to an order (such as a gift message or event note).
  • Payment information: we do not collect or store full card numbers. Card payments are entered directly into our payment providers’ secure systems, and we retain only a secure token plus limited details such as the card brand and last four digits.
  • Rewards / loyalty information: your membership status, points balance and activity, and your marketing preferences.
  • Communications: records of your enquiries, support requests, reviews and feedback.
  • Technical information: IP address, browser type, device information, and general location, used for security, fraud prevention and improving our website.
  • Online activity: pages you view, searches you run on our site, items added to your cart, and how you arrived at our site (including advertising and campaign identifiers such as UTM tags and Google click IDs).
  • In-store security: if you visit our store, you may be recorded by CCTV (video only) for the safety and security of customers and staff.

We only collect personal information that is reasonably necessary for our business functions and activities. We do not collect sensitive information (such as health, racial or religious information) as part of normal operations.

3. How we collect your information

  • Directly from you — when you place an order, create an account, join our rewards program, buy in store, enter a competition, contact us, or subscribe to marketing.
  • Automatically — through cookies and similar technologies when you use our website (see “Cookies, analytics and tracking” below).
  • From third parties — for example, our payment providers confirm the result of a payment, and our delivery partners provide tracking updates.

4. Dealing with us anonymously

You can browse our website without telling us who you are. However, we generally cannot fulfil an order, deliver goods, process a payment, or operate a rewards account without the personal information needed to do so.

5. How we use your information

  • Process, fulfil and deliver your orders (including click & collect)
  • Communicate with you about your orders (confirmation, pickup and delivery updates)
  • Provide customer support and handle enquiries, returns and refunds
  • Operate our rewards program
  • Send you marketing communications, where you have consented (you can opt out at any time)
  • Understand how our website and store are used, and improve our products and services
  • Detect, prevent and investigate fraud, and keep our systems and store secure
  • Comply with our legal and tax obligations

6. Marketing communications

We send marketing emails and SMS only where you have consented to receive them, and you can withdraw your consent at any time. Every marketing email includes an unsubscribe link, and you can stop marketing SMS by replying STOP. We will action opt-out requests promptly (within 5 business days). You can also update your preferences by contacting us. Opting out of marketing does not stop essential service messages about an order you have placed.

7. Cookies, analytics and tracking

We use cookies and similar technologies that fall into three groups:

  • Essential — required for the site to work (such as your cart and login session). These are always on.
  • Analytics — help us understand how the site is used so we can improve it (for example Google Analytics).
  • Marketing — help us measure and improve our advertising (for example Google Ads).

When you first visit, we ask for your choice through a consent banner, and analytics and marketing technologies are only enabled where you allow them. You can change your choice at any time through the consent controls or your browser settings. Analytics and advertising providers may receive information such as a cookie/analytics identifier, your device and browser type, the pages you view, and campaign identifiers — but not your name or email. We do not knowingly allow sensitive information to be shared with these providers.

8. Who we share your information with

We use reputable third-party service providers to perform functions on our behalf, and we share personal information with them only to the extent needed to provide those functions. We do not sell your personal information. The specific providers we use may change from time to time, and we may engage additional providers to perform similar functions. They fall into the following categories:

  • Payment processing — to take and reconcile payments securely, online and in store (for example Stripe and PayPal).
  • Website hosting and cloud infrastructure — to run our website and store our data.
  • Delivery and logistics — delivery-management software and the carriers it dispatches to, such as Australia Post and couriers, to deliver your order.
  • Email and SMS delivery — to send order and marketing communications.
  • Analytics and advertising — to understand site usage and measure our advertising, subject to your consent choices (for example Google).
  • Site search and related website features — to power product search, address entry and similar features.
  • Error monitoring and security — to detect and fix technical faults and protect our systems (personal identifiers are obfuscated before they are sent).
  • Professional advisers and authorities — our advisers, and law enforcement or regulators, where required or authorised by law or to protect our rights.

9. Overseas disclosure

Some of our service providers are located, or store and process data, outside Australia. This means your personal information may be disclosed to, or handled by, recipients in:

  • The United States — including providers of payment processing, website hosting and infrastructure, email and SMS delivery, analytics and advertising, site features, and error monitoring.
  • New Zealand — our delivery-management software provider.

The specific providers we use may change over time. Our primary customer database is hosted in Australia (Sydney). Before disclosing personal information overseas, we take reasonable steps to ensure that recipients handle it consistently with the Australian Privacy Principles, including through their data-protection and privacy commitments.

10. Data security

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. These include encryption in transit and at rest, access controls and authentication, and limiting staff access to what their role requires. As noted above, we do not store full card numbers — card payments are tokenised by our payment providers. No method of transmission or storage is completely secure, but we work to protect your information and to hold it only as long as we need it.

11. How long we keep your information

In line with APP 11, we keep personal information only as long as it is needed for the purpose it was collected, or as required by law, and then delete or de-identify it. Our standard retention periods are:

  • Abandoned carts: 30 days from last activity, then automatically deleted
  • Email send logs: 90 days from send date, then automatically deleted
  • Search logs: 90 days from search date, then automatically deleted
  • Login sessions: deleted automatically when they expire
  • CCTV footage: retained only for a short period for security purposes, then overwritten, unless needed for an incident
  • Closed customer accounts: soft-deleted immediately on closure; personal information hard-deleted after 2 years (we keep an anonymised order history for tax record-keeping)
  • Marketing consent records: 7 years (to evidence consent under the Spam Act)
  • Order & tax records: 5 years from the end of the relevant financial year (ATO requirement)

You can request earlier deletion by contacting us at the details below.

12. Your rights

Under the Privacy Act 1988, you have the right to:

  • Access the personal information we hold about you (APP 12)
  • Correct information that is inaccurate, out of date or incomplete (APP 13)
  • Request deletion of your personal information (subject to legal retention requirements)
  • Opt out of marketing communications at any time
  • Complain if you believe we have breached the APPs (see below)

To make a request, contact our Privacy Officer using the details below. We will verify your identity and respond within a reasonable time (usually within 30 days). We do not charge for making a request, though a reasonable cost may apply to give access in some cases.

13. Data breaches

We maintain a data-breach response plan. If a data breach occurs that is likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme, and tell you the steps you can take to protect yourself.

14. Children’s privacy

Our website and store are intended for adults. We do not knowingly collect personal information directly from children. Where an order relates to a child’s event (for example a name or age on a personalised item), we treat that information as part of the adult account holder’s order and do not use it for marketing to children.

15. Complaints

If you have a privacy concern or believe we have mishandled your personal information, please contact our Privacy Officer first (details below) so we can try to resolve it. We will acknowledge your complaint and aim to respond within 30 days.

If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC): online at www.oaic.gov.au, by phone on 1300 363 992, or by mail to GPO Box 5218, Sydney NSW 2001.

16. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or the law. The current version is always available on this page, with the “last updated” date shown at the top.

17. Contact us

For privacy enquiries, or to access or correct your information:

  • Email: privacy@partysource.com.au
  • Phone: (08) 6180 3895
  • Mail: Privacy Officer, Party Source, 7/259-261 Bannister Road, Canning Vale WA 6155

Party Source Pty Ltd · ABN 62 658 803 420