Privacy Policy

Privacy Policy 

Updated November 2022 

Your privacy

Bimby & Roy Pty Ltd (ACN 638 105 478) (we, us, our) designs and manufactures womenswear – namely, bralettes, bottoms and robes. We will protect your privacy and comply with Australian privacy laws.   

This Policy helps you understand how we collect, use, disclose and handle your personal information. 

Our policy covers your ‘personal information’, which in our business means information about an individual customer who is identified or reasonably identifiable.  Examples include your name, address, date of birth and email address. 

What we collect and how we collect it 


The type of personal information that we may collect about you depends on the type of dealings you have with us.  For example, here is a summary of how and when we may collect information, and what information we may collect: 

  • register for an online account with us (or join our mailing list), we may collect details such as your name and email address; 
  • place an order with us, we may collect details such as your name, address, email address, telephone number and payment details.  However, normally, payment details are collected by our payment providers and not by Bimby & Roy; 
  • work for a supplier or stockist, we may collect details such as your name, job title, address, telephone number and email address; 
  • send us an enquiry or provide us with feedback, we may collect your name, contact details, details of your enquiry or feedback and information about our response; 
  • apply for a job with us, we will collect the information you include in your job application, including your cover letter, resume, contact details and referee reports; and 
  • social media, we may collect your name or information about how you interact with our social media accounts on various social media platforms. 

Sensitive information 

‘Sensitive information’ is information afforded a higher level of privacy protection, such as health information.  We don’t collect sensitive information.  

Collection of information other than personal information through our website 

When you visit our website, we collect information about your visit, but not you.  It’s not personal information because it does not reveal your identity.   

Website visit information 

For example, our IT providers would generally have access to information about your visit to our website - such as, pages you visited and when - but we wouldn’t be able to identify you as having made that visit.  

If we access or use that information, it’s only in anonymous, aggregated form, for something like improving how our website works or is designed.    


A cookie is a small string of information that a website transfers to your browser for identification purposes. Again, this information does not identify you, but personalises your visit to our website. You can accept or reject cookies.    

What if you don't provide us with your personal information? 

We will provide individuals with the option of not identifying themselves, or of using a pseudonym, when dealing with us if it is lawful and practicable to do so.  

For example, you can browse our website without creating an online account. 

In some cases, however, if you don't provide us with your personal information when requested, we may not be able to provide you with the product or service that you are seeking.  For example, you must identify yourself to place an order with us via our website. 

Why we collect personal information 


The main purposes for which we collect, hold, use and disclose personal information are set out below: 

  • fulfilling your online orders; 
  • promoting ourselves and our products and services, including through direct marketing; 
  • performing research and statistical analysis, including for customer satisfaction and service improvement purposes; and 
  • answering queries and resolving complaints. 

Direct marketing 

If you join our mailing list, then we may use your personal information to let you know about us and our products and services (including promotions, special offers and events). 

Opting out 

If you join our mailing list, you can opt out at any time, by: 

  • contacting us (details under header "Our contact details' below); and 
  • hitting the ‘unsubscribe’ link in the email. 
     Who we may share your personal information with  

We may share personal information with third parties for the reasons described in this policy.  Third parties include: 

  • e-commerce platform providers, such as Shopify; 
  • financial and other institutions for payment processing; 
  • the person who has control of your account; 
  • referees whose details are provided to us by job applicants; and 
  • our contracted service providers, including:  
  • delivery and shipping providers; 
  • information technology, e-commerce and data storage providers; and 
  • external business advisers (such as consultants, recruitment advisors, accountants, auditors and lawyers). 

In each case, we may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.  

Cross border disclosure of personal information

We may disclose personal information to third parties located overseas including to our third-party e-commerce platform provider, Shopify, located in Canada. 

In each case, we will comply with the requirements of the Privacy Act that apply to cross border disclosures of personal information. 

Data quality and security


We hold personal information in a number of ways, primarily in electronic databases (such as an email contact list).  We take reasonable steps to:  

  • update your personal information when you let us know of any changes;  
  • protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure; and 
  • destroy or permanently de-identify personal information that is no longer needed for any purpose permitted by the Australian Privacy Principles. 


The steps we take to secure the personal information we hold include website protection measures (such as firewalls and anti-virus software), security restrictions on access to our computer systems (such as login and password protection), controlled access to our corporate premises, personnel security (including restricting access to personal information on our systems to staff who need that access to carry out their duties), staff training and workplace policies. 

Online credit card payment security 

Payments on our website are processed using online technologies provided by third parties.  All transactions processed in this way meet industry security standards to ensure payment details are protected.  

Website security 

While we endeavour to protect the personal information and privacy of users of our website, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk.  

Third party websites 

Links to third party websites are only provided for your convenience.  We are not responsible for the privacy or security practices of those websites. 

How you can correct your personal information


Please contact us (details under header "Our contact details' below) if you would like to access or correct your personal information.   We may require you to verify your identity before we allow you to do so.  


We will generally provide you with access to your personal information, if we can verify your identity and confirm that the personal information relates to you.   


We will take reasonable steps to correct your personal information when you ask us to.  

If we correct personal information about you, and we have previously disclosed that information to another agency or organisation that is subject to the Privacy Act, you may ask us to notify that other entity.  If you do, we will take reasonable steps to do so, unless this would be impracticable or unlawful. 

Timeframe for correction requests 

Except in the case of more complicated requests, we will endeavour to respond to access and correction requests within 5 days. 


If you have a complaint about how we have collected or handled your personal information, please contact us (our contact details are under header 'Our Contact details' below). 

In most cases, we expect to investigate written complaints and provide a response within 30 days of receipt.  If the matter is more complex and our investigation may take longer, we will contact you and tell you when we expect to provide our response.  

If you are not satisfied with our response, you can refer your complaint to the Office of the Australian Information Commissioner (see here for further information). 

Our contact details

Please contact us if you have any queries about the personal information that we hold about you or the way we handle that personal information. Our contact details are set out below: 

Mail:  Bimby & Roy – PO Box 148, Byron Bay 2481 

Online:  by clicking the following link: 


Further general information about privacy is available on the website of the Office of the Australian Information Commissioner at or by calling the OAIC's enquiry line at 1300 363 992. 

Changes to this Privacy Policy 

We may amend this Privacy Policy from time to time.  The current version will be posted on our website and a copy may be obtained by contacting us (details under header 'Our contact details' above).