Privacy Policy
Privacy Policy
Last updated: Jul 2026
jjeatsonline pty ltd ABN 68609289447 (“we”, “us”, “our”) operates the
[APP/PLATFORM NAME] online food ordering platform (the “Platform”). This Privacy Policy
explains how we collect, use, disclose, and protect your personal information in accordance
with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
If you are located outside Australia, we also aim to handle your information consistently with
applicable local laws (e.g. the GDPR for EU/UK users, or the CCPA/CPRA for California
residents), noted where relevant below.
1. Who We Are
jjeatsonline pty ltd ABN 68609289447, is the entity responsible for handling
your personal information collected through the Platform (“we”, “us”, “the Provider”).
Privacy contact: [CONTACT EMAIL]
2. What Personal Information We Collect
Depending on how you use the Platform, we may collect:
Identity and contact data: name, email address, phone number, delivery address(es).
Order data: order history, items purchased, order value, special instructions, dietary
preferences.
Payment data: payment is processed by our third-party payment processor; we do not
store full card numbers. We may retain limited transaction metadata (e.g. last 4 digits,
transaction ID) for reconciliation and fraud prevention.
Location data: approximate or precise (geo)location, if you enable this, to show nearby
Merchants and enable accurate delivery.
Technical data: IP address, device type, browser type, and cookie data (see clause 8).
Communications data: records of your correspondence with us or with Merchants via
the Platform.3. How and Why We Use Your Information
We collect and use your personal information for the following purposes:
Purpose Legal basis (APP 3 / 6)
Creating and managing your account Necessary to provide our
service
Processing and fulfilling your orders, including sharing
relevant details with the Merchant
Necessary to provide our
service
Processing payments securely via our payment processor Necessary to provide our
service
Sending order-related notifications (confirmation, rejection,
delay, delivery updates)
Necessary to provide our
service
Locating nearby Merchants using your location data With your consent (where
location sharing is optional)
Investigating suspected fraud or fake/duplicate orders (using
IP address)
Legitimate business
interest
Direct marketing via email/SMS about our offers and
promotions
Consent / legitimate
interest, subject to your
right to opt out at any time
Uploading hashed contact details to advertising platforms
(Google Ads Customer Match, Meta Custom Audiences)
for personalised advertising
Your explicit, separate
consent
Loyalty program participation and rewards Necessary to provide the
service you signed up for
Improving the Platform and understanding usage trends
Legitimate business
interest
(aggregated/anonymised
where possible)
4. Marketing and Advertising — Your Consent
We take a “clear consent” approach to marketing:
We will only send you direct marketing communications (email/SMS) if you have optedin, or where permitted under the Spam Act 2003 (Cth) because of an existing customer
relationship with similar products/services. Every marketing message includes a clear
unsubscribe option.
We will only upload your hashed email address and/or phone number to third-party
advertising platforms (such as Google Ads Customer Match or Meta Custom
Audiences) if you have given separate, explicit consent for this specific purpose. This
data is hashed (irreversibly encrypted) before upload and is used solely to match you (or
find people with similar characteristics to you) for advertising purposes — the
advertising platform does not receive your raw contact details from us.
You can withdraw either type of consent at any time via: the unsubscribe link in any
email; your account settings; or by emailing [CONTACT EMAIL]. We will action opt-out
requests within the timeframe required by law.
5. Who We Share Your Information With
We disclose personal information to the following categories of recipients, only as
necessary to provide the Platform and fulfil your orders:
Merchants — to fulfil and deliver your order.
Email service providers (e.g. SendGrid, Customer.io, Amazon SES) — to send order
notifications and marketing emails.
SMS service providers (e.g. Twilio) — to send order notifications and marketing SMS.
Payment processors (e.g. Spreedly or equivalent PCI-DSS compliant processor) — to
process your payment securely.
Cloud storage/hosting providers (e.g. Amazon Web Services) — to store data
securely.
Advertising platforms (Google Ads, Meta) — only where you have given explicit
consent, and only in hashed form, as described in clause 4.
Professional advisers, regulators, or law enforcement — where required by law.
We do not sell your personal information to third parties.
6. Overseas Disclosure
Some of the service providers listed above (e.g. US-based email, SMS, and cloud storage
providers) may store or process your data outside Australia, including in the United States.
Where we disclose personal information overseas, we take reasonable steps to ensure theoverseas recipient handles your information consistently with the Australian Privacy
Principles, including through contractual protections, except where you have consented to
the disclosure or an exception under APP 8.2 applies.
If a data breach occurs overseas involving your data, we remain accountable to you under
the Privacy Act 1988 (Cth) unless an exception applies.
7. Data Storage and Retention
We retain your personal information for as long as your account is active and as necessary
to fulfil the purposes described above, including any period required by Australian tax,
corporate, or consumer law record-keeping obligations. Email addresses and phone
numbers retained for marketing purposes are kept until you withdraw consent or request
deletion.
8. Cookies
Our website and app may use cookies and similar technologies:
Strictly necessary cookies — required for core functionality (e.g. cart, checkout).
Performance cookies — e.g. Google Analytics, to understand aggregated usage; you
may opt out via the Google Analytics opt-out browser add-on.
Functionality cookies — to remember preferences such as language or recent orders,
for a smoother reordering experience.
Advertising/targeting cookies — only used where you have consented to advertising
as described in clause 4; not enabled by default.
You can control or disable cookies through your browser settings; disabling some cookies
may limit certain Platform features.
9. Your Rights
Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right
to:
Request access to the personal information we hold about you;
Request correction of inaccurate or outdated information;
Request deletion of your personal information, subject to our legal retention obligations;
Withdraw consent for marketing or advertising uses at any time;Make a complaint about how we have handled your personal information.
To exercise any of these rights, contact us at [CONTACT EMAIL]. We will respond within a
reasonable timeframe, generally within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the
Australian Information Commissioner (OAIC) at www.oaic.gov.au.
(If you are located in the EU/UK or California, you may have additional rights under the
GDPR or CCPA/CPRA respectively, including data portability and the right to object to
profiling — contact us for details specific to your jurisdiction.)
10. Data Security
We take reasonable technical and organisational steps to protect your personal information
from misuse, interference, loss, unauthorised access, modification, or disclosure, including
encryption of payment data (via PCI-DSS compliant processors) and access controls on
internal systems. No method of transmission or storage is 100% secure, and we cannot
guarantee absolute security.
11. Children
The Platform is not directed at children, and we require users to be at least 18 years old (see
our Terms and Conditions). We do not knowingly collect personal information from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or
legal obligations. Material changes will be notified via email or an in-app notice. The “Last
updated” date at the top of this page reflects the most recent revision.
13. Additional Rights if You Are Located Outside Australia
If you access the Platform from outside Australia, you may have additional privacy rights
under the laws of your location, which apply alongside this Policy. See the region-specific
appendices below.
Appendix A — Additional Rights for California Residents (CCPA/CPRA)
If you are a California resident, you additionally have the right to:
Know what personal information we have collected, used, disclosed, or sold (we do notsell personal information as defined under the CCPA/CPRA);
Request deletion of your personal information, subject to legal exceptions;
Request correction of inaccurate personal information;
Opt out of “sharing” of personal information for cross-context behavioural advertising
(this includes the hashed-data upload to Google Ads/Meta described in clause 4 —
California residents will see a “Do Not Sell or Share My Personal Information” control
in their account settings/cookie banner);
Limit the use of sensitive personal information;
Not be discriminated against for exercising any of these rights.
To exercise these rights, contact [CONTACT EMAIL] or use the in-app privacy control
centre. We will verify your request using the identity information on your account before
processing it.
Appendix B — Additional Rights for EU/UK Users (GDPR)
If you are located in the European Economic Area or the United Kingdom, the following
applies in addition to this Policy:
Our processing of your personal information relies on the legal bases set out in Article 6
GDPR, principally: performance of a contract (order fulfilment), consent (marketing and
advertising uploads), and legitimate interests (fraud prevention, service improvement).
You have the right to access, rectify, erase, restrict, or port your personal information,
and to object to processing (including profiling) carried out on the basis of legitimate
interests, as described in clauses 9–10.
Where we transfer your data to service providers located outside the EEA/UK (e.g. US-
based providers listed in clause 5), we rely on Standard Contractual Clauses or another
valid transfer mechanism to protect your data.
You have the right to lodge a complaint with your local supervisory authority (e.g. the
ICO in the UK, or your national Data Protection Authority in the EU).
Consent to advertising uploads (Google Ads Customer Match / Meta Custom Audiences)
must be given by clear affirmative opt-in — pre-ticked boxes are not used for EU/UK
users.
Appendix C — Other Jurisdictions
As we expand to new markets, we will add jurisdiction-specific appendices here (e.g. for
Canada’s PIPEDA, or other applicable regimes) reflecting any additional rights available tousers in those regions. Our core commitments to transparency, consent for advertising
uploads, and the right to access/delete your data apply globally regardless of jurisdiction-
specific appendices.
14. Contact Us / Complaints
jjeatsonline pty ltd ABN 68609289447Privacy contact:
[email protected]
For unresolved complaints: Office of the Australian Information Commissioner (OAIC) —
www.oaic.gov.au
Disclaimer: This document is a template drafted for general guidance and is not a substitute
for independent legal advice. Please have it reviewed by an Australian solicitor experienced
in privacy law before publishing, and confirm the exact list of current third-party processors, ABN, and entity details.