Privacy Policy
1. About This Policy
Your privacy matters to us. This policy explains what personal information we collect, why we collect it, and what we do with it. We have tried to keep it clear.
This Privacy Policy applies to Koh Australia Pty Ltd ABN 12 139 768 219 ("Koh", "us", "we", "our") and covers personal information we collect through our website at koh.com ("Site"), our customer service channels, and any other interactions with us.
We comply with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the New Zealand Privacy Act 2020 (including the Information Privacy Principles).
By using our Site or purchasing our products, you acknowledge that we collect and use your personal information in accordance with this policy.
1.1 What Is Personal Information?
Personal information is information about an identified individual, or an individual who is reasonably identifiable. It includes information such as your name, email address, postal address, phone number, and payment details.
2. What We Collect
2.1 Information You Give Us
We collect personal information that you provide directly, including:
- name, email address, postal address, and phone number (when you create an account or place an order);
- payment details (processed securely by our payment providers; we do not store full card details);
- date of birth (if you provide it);
- product preferences and order history;
- communications with us (emails, live chat, phone calls, social media messages);
- survey responses and feedback;
- gift card recipient details — name, email address, and any personalised message you include — when you purchase a gift card on behalf of someone else; and
- referral recipient details — name and email address of the person you refer — when you use our refer-a-friend programme. This information is used solely to send the referral communication and is not retained for other purposes.
2.2 Information We Collect Automatically
When you visit our Site, we automatically collect certain information, including:
- your IP address, browser type and version, operating system, and device information;
- pages you visit, time spent on pages, and navigation patterns;
- referring website or source that directed you to our Site;
- information collected through cookies and similar technologies (see Section 8 below); and
- location information derived from your IP address.
This information may constitute personal information where it can be linked to you as an identifiable individual (for example, where your IP address is combined with account information).
2.3 Information from Third Parties
We may receive information about you from third parties, including:
- analytics providers (such as Google Analytics);
- advertising platforms (such as Meta);
- payment processors; and
- fraud prevention services.
If we combine third-party information with your personal information, we treat the combined information as personal information in accordance with this policy.
3. Why We Collect Your Information
We collect and use your personal information for the following purposes:
|
Purpose |
What This Includes |
Legal Basis (APP Reference) |
|
Fulfilling orders |
Processing, shipping, and delivering your orders; managing payments and refunds |
Necessary for our contract with you (APP 3, APP 6) |
|
Managing your account |
Account registration, authentication, and preferences |
Necessary for our contract with you (APP 3, APP 6) |
|
Customer service |
Responding to enquiries, complaints, and feedback |
Necessary for our contract / our legitimate business function (APP 6) |
|
Marketing |
Sending you information about products, offers, and news (with your consent) |
Your consent (APP 6, APP 7) |
|
Improving our Site |
Analysing how you use our Site to improve content and functionality |
Our legitimate business function (APP 6) |
|
Fraud prevention |
Detecting, preventing, and investigating fraud and security threats |
Our legitimate business function / legal obligation (APP 6) |
|
Legal compliance |
Complying with legal obligations, including tax, consumer law, and regulatory requirements |
Legal obligation (APP 6) |
|
Subscription management |
Managing recurring orders, billing, and subscription preferences |
Necessary for our contract with you (APP 3, APP 6) |
We will not use your personal information for a purpose that is materially different from the purposes listed above without first obtaining your consent, unless we are permitted or required to do so by law.
3.1 AI and Automated Systems
We use artificial intelligence and automated tools to assist with certain aspects of our operations:
- Gorgias AI — assists our customer service team in drafting responses to support tickets. AI-generated responses are reviewed and approved by a team member before being sent to you.
- Third-party AI tools (including ChatGPT and Claude) — assist our team in drafting social media responses. All AI-generated content is reviewed, edited, and approved by a team member before posting.
AI tools are used to support our team, not to replace human judgment. No decision that materially affects you is made solely by automated means without human oversight.
4. Who We Share Your Information With
We may share your personal information with the following categories of recipients:
4.1 Service Providers
We use third-party service providers to help us operate our business. The table below lists the main providers who may process your personal information, together with links to their own privacy policies.
|
Provider |
Location |
Purpose |
Privacy Policy |
|
Shopify |
Canada |
E-commerce platform and order management |
|
|
Klaviyo |
United States |
Email marketing and customer communications |
|
|
Gorgias |
United States |
Customer service platform |
|
|
|
United States |
Analytics (Google Analytics) and workspace tools |
|
|
Meta |
United States |
Advertising and analytics (Meta Pixel) |
|
|
Cin7 |
New Zealand |
Inventory and order management |
|
|
Skio |
United States |
Subscription billing and management |
|
|
Rebuy |
United States |
Personalisation engine and product recommendations |
|
|
Fairing |
United States |
Post-purchase surveys |
|
|
Reviews.io |
United Kingdom |
Product reviews and ratings |
|
|
Linktech |
Australia |
Affiliate and referral programme management |
|
|
Bespoke Shipping |
Australia |
Logistics and shipping management |
|
|
Rewind |
Canada |
Shopify data backup (includes order and customer data) |
|
|
Intelligems |
United States |
A/B testing and conversion optimisation |
|
|
Geolocation (Orbe) |
United States |
Storefront geolocation and routing |
|
|
Typeform |
Spain |
Customer forms and surveys |
|
|
Xero |
New Zealand |
Accounting and financial records |
|
|
Docusign |
United States |
Electronic document execution |
|
|
Cookie Script |
Lithuania |
Cookie consent management |
|
|
Payment processors |
Various |
See individual provider policies |
Payment processing (Visa, Mastercard, PayPal) |
4.2 Related Companies
We may share your information with companies in the Koh group, including Koh Europe Ltd (UK Company Number 11333689), for the purposes described in this policy.
4.3 Professional Advisers
We may share information with our lawyers, accountants, auditors, and insurers where necessary for their professional services.
4.4 Law Enforcement and Regulators
We may disclose your information where required by law, regulation, court order, or to protect our rights and safety.
4.5 Business Transfers
If Koh is acquired by, merges with, or sells assets to a third party, your personal information may be included in the transferred assets. We will notify you of any such transfer.
4.6 With Your Consent
We will not share your personal information with any third party for their own marketing purposes without your explicit opt-in consent.
5. Overseas Disclosure
Some of our service providers are located outside Australia and New Zealand. Your personal information may be transferred to, stored in, and processed in other countries, including the United States, Canada, the United Kingdom, and the European Union.
Before disclosing your personal information overseas, we take reasonable steps to ensure the overseas recipient handles your information in a manner consistent with the APPs and the NZ Privacy Act 2020, including by:
- entering into contractual arrangements that require the recipient to protect your information; and
- satisfying ourselves that the recipient is subject to equivalent privacy protections.
Under APP 8, we remain accountable for the handling of your information by overseas recipients.
6. How We Store and Protect Your Information
We take the security of your personal information seriously. We use appropriate technical and organisational measures to protect it from unauthorised access, loss, misuse, or destruction, including:
- encryption of data in transit and at rest;
- access controls and authentication measures;
- regular security reviews and monitoring; and
- contractual data protection obligations on our service providers.
No system is completely secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security.
6.1 Data Retention
We retain your personal information only for as long as it is needed for the purposes described in this policy, or as required by law. Specifically:
- Order and transaction records: 7 years (for tax and accounting purposes).
- Account information: for the life of your account, plus a reasonable period after closure.
- Marketing preferences: until you withdraw consent or we no longer need the information.
- Website analytics data: retained for the default period set by our analytics platform (Google Analytics). This data is anonymised and aggregated and does not identify individual users.
When personal information is no longer needed, we will securely destroy or de-identify it in accordance with APP 11.2 and IPP 9 of the NZ Privacy Act 2020.
7. Your Rights
You have rights over your personal information. Here is what you can do.
7.1 Access
You have the right to request access to the personal information we hold about you (APP 12 / IPP 6). We will provide access within a reasonable period (usually within 30 days). In some circumstances, we may charge a reasonable fee to cover our costs.
7.2 Correction
You have the right to ask us to correct any personal information that is inaccurate, out of date, incomplete, or misleading (APP 13 / IPP 7). We will correct the information within a reasonable time.
7.3 Deletion
You may ask us to delete your personal information where it is no longer needed for the purposes for which it was collected. We will comply unless we are required to retain it by law or for legitimate business purposes (such as fulfilling legal obligations or resolving disputes).
7.4 Withdraw Consent
Where we rely on your consent to process your personal information (for example, for marketing), you can withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing before your withdrawal.
7.5 Opt Out of Marketing
You can opt out of marketing communications at any time by:
- clicking the unsubscribe link in any marketing email;
- texting STOP in reply to any marketing text message;
- contacting us at careau@koh.com; or
- updating your preferences in your account settings.
We will honour any reasonable opt-out request regardless of the method you use.
7.6 How to Exercise Your Rights
To make a request, please contact us at careau@koh.com. We may need to verify your identity before acting on your request. We will respond within a reasonable time (usually within 30 days). If we refuse a request, we will give you reasons in writing.
7.7 Privacy Management
To manage your privacy preferences, contact us at careau@koh.com. We are committed to making it straightforward for you to access, correct, or delete your personal information.
8. Cookies and Similar Technologies
We use cookies and similar technologies (such as pixels and local storage) on our Site. Cookies are small text files stored on your device that help us recognise you and improve your experience.
8.1 Types of Cookies We Use
- Essential cookies: Required for the Site to function (e.g., shopping cart, login sessions). These cannot be disabled.
- Analytics cookies: Help us understand how visitors use our Site (e.g., Google Analytics). These collect anonymised data.
- Marketing cookies: Used to deliver relevant advertising and track campaign effectiveness (e.g., Meta Pixel).
- Functionality cookies: Remember your preferences (e.g., language, region).
8.2 Your Choices
When you first visit our Site, we will ask for your consent before setting non-essential cookies. You can change your cookie preferences at any time through the cookie settings on our Site or through your browser settings.
Disabling certain cookies may affect the functionality of our Site.
To opt out of Google Analytics tracking across all websites, visit tools.google.com/dlpage/gaoptout.
8.3 IP Addresses
We may log IP addresses to analyse trends, administer the Site, and gather demographic information. IP addresses may constitute personal information where they can be linked to an identifiable individual.
8.4 Do Not Track Signals
Our Site does not currently alter its data collection and use practices in response to Do Not Track signals from your browser. This is because there is no industry-standard technology for recognising and implementing Do Not Track signals.
8.5 Targeted Advertising Opt-Outs
We may use third-party advertising platforms to deliver targeted advertising. You can opt out of targeted advertising from the following platforms:
- Facebook: facebook.com/settings/?tab=ads
- Google: google.com/settings/ads/anonymous
- Instagram: help.instagram.com/2885653514995517
You can also opt out via the Digital Advertising Alliance at optout.aboutads.info.
9. Data Breach Notification
In the event of a data breach that is likely to result in serious harm to you, we will notify:
- affected individuals as soon as practicable;
- the Office of the Australian Information Commissioner (OAIC) in accordance with Part IIIC of the Privacy Act 1988; and
- the New Zealand Privacy Commissioner in accordance with sections 114–118 of the NZ Privacy Act 2020 (where NZ customers are affected).
We maintain a data breach response plan and will take all reasonable steps to contain and remediate any breach.
10. Third-Party Links
Our Site may contain links to third-party websites. This Privacy Policy applies only to our Site. We are not responsible for the privacy practices of third-party sites. We encourage you to read their privacy policies before providing any personal information.
11. Children’s Privacy
Our Site and products are not directed at children under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will delete it.
12. Changes to This Policy
We review this Privacy Policy regularly and will post updates on our Site. Where we make material changes, we will notify you by email (if you have an account) or by a prominent notice on our Site.
This Privacy Policy was last updated on 1 April 2026.
13. How to Contact Us
If you have questions about this Privacy Policy or the way we handle your personal information, please contact us:
Email: careau@koh.com
Post: Privacy Officer, Koh Australia Pty Ltd, Level 5, 60 Martin Place, Sydney NSW 2000
14. Complaints
If you believe we have breached your privacy, please contact us using the details above. We will investigate and respond within a reasonable time (usually within 30 days).
If you are not satisfied with our response, you may contact:
- Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au
- Office of the Privacy Commissioner (NZ): www.privacy.org.nz
“Best sustainable cleaning products”
1.5 million customers have made the switch
Fight dirty with Koh
