Health Hertz
Legal

Privacy Policy

How Health Hertz collects, uses, and protects your personal information.

Effective date: 4 April 2026 · Last updated: 4 April 2026

Note for accountant review: This policy is drafted in good faith based on current Australian Privacy Act 1988 requirements and best practice for e-commerce businesses. It should be reviewed by a qualified Australian privacy or commercial lawyer before the business exceeds AUD $3 million annual turnover, at which point full Privacy Act compliance becomes mandatory.

1. About Us

Health Hertz is an Australian business that sells frequency therapy devices and a digital guide via the website healthhertz.com. References to "we", "us", or "our" in this policy refer to Health Hertz and its operator.

We are committed to handling your personal information responsibly and in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). Although our current annual turnover is below the AUD $3 million threshold that triggers mandatory Privacy Act compliance, we voluntarily adopt these standards as a matter of good practice and customer trust.

2. Information We Collect

We collect personal information that is reasonably necessary to process your orders, deliver products, provide customer support, and improve our website.

Information you provide directly

When you place an order or contact us, we collect:

  • Full name
  • Email address
  • Phone number (required for international shipping)
  • Delivery address (street, city, state/province, postcode, country)
  • Payment information (processed securely by Stripe or PayPal — we do not store card numbers)
  • Any messages or enquiries you send via our contact form

Information collected automatically

When you visit our website, we automatically collect certain technical information through cookies and analytics tools, including:

  • IP address and approximate geographic location
  • Browser type and version
  • Device type and operating system
  • Pages visited, time spent, and navigation paths
  • Referring website or search query

This information is collected via Google Analytics 4 (GA4) and is used solely for understanding how visitors use our site so we can improve it. GA4 data is anonymised and aggregated; we do not use it to identify individual visitors.

3. How We Use Your Information

We use your personal information only for the purposes for which it was collected:

  • Order fulfilment: Processing payments, arranging dispatch, providing tracking numbers, and handling returns or warranty claims.
  • Customer communications: Sending order confirmations, shipping updates, and responding to enquiries. We do not send unsolicited marketing emails.
  • Logistics coordination: Sharing your name, address, and phone number with our fulfilment partner and logistics carrier to arrange international delivery (see Section 5).
  • Legal and regulatory compliance: Maintaining transaction records as required by Australian tax law (GST records, ABN obligations).
  • Website improvement: Analysing aggregated, anonymised traffic data via Google Analytics to understand visitor behaviour and improve our content.

We will not use your personal information for any purpose that is incompatible with the reason it was collected, unless we have your consent or are required to do so by law.

4. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. A cookie is a small text file placed on your device when you visit a website. We use the following types of cookies:

Essential cookies

Required for the website to function correctly — for example, maintaining your shopping cart session and processing secure checkout. These cannot be disabled.

Analytics cookies (Google Analytics 4)

We use Google Analytics 4 to collect anonymised data about how visitors interact with our website. GA4 uses cookies to distinguish unique visitors and track sessions. The data collected is aggregated and does not personally identify you. Google's data processing is governed by Google's Privacy Policy. You can opt out of GA4 tracking by installing the Google Analytics Opt-out Browser Add-on.

Payment processor cookies

When you proceed to checkout, Stripe and/or PayPal may set cookies on your device to facilitate secure payment processing and fraud prevention. These are governed by Stripe's Privacy Policy and PayPal's Privacy Policy.

Most web browsers allow you to control cookies through your browser settings. Disabling cookies may affect the functionality of our checkout process.

5. Disclosure of Personal Information

We only share your personal information with third parties where necessary to fulfil your order or comply with legal obligations. We do not sell, rent, or trade your personal information.

Fulfilment partner (China)

Your name, delivery address, and phone number are shared with our fulfilment partner in Shenzhen, China, who arranges physical dispatch of devices. This involves a cross-border transfer of personal information from Australia to China. We take reasonable steps to ensure our fulfilment partner handles your data securely and uses it only for the purpose of shipping your order.

Logistics carrier (4PX International)

Shipping information is passed to 4PX International Logistics (a Chinese logistics company) and their downstream delivery partners in your country, solely for the purpose of delivering your parcel and providing tracking updates.

Payment processors

Payment transactions are processed by Stripe, Inc. (USA) and/or PayPal Holdings, Inc. (USA). These processors receive the payment details you enter at checkout. We receive only a transaction confirmation and, where applicable, your name and email address. We do not store credit card numbers.

Email service

Order confirmation and tracking emails are sent via Gmail (Google Workspace). Your email address and order details are processed by Google's servers in accordance with Google's Privacy Policy.

Legal requirements

We may disclose your information to law enforcement, regulatory authorities, or courts if required to do so by Australian law, or to protect the rights and safety of Health Hertz or others.

6. International Data Transfers

As an Australian business with suppliers and service providers overseas, your personal information may be transferred to and processed in countries outside Australia, including China (fulfilment and logistics), the United States (Stripe, PayPal, Google), and potentially other countries depending on your delivery destination.

These countries may not have privacy laws equivalent to Australia's Privacy Act 1988. By placing an order with us, you consent to this transfer. We take reasonable steps to ensure that overseas recipients handle your information in a manner consistent with the Australian Privacy Principles.

Under APP 8.1, before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient does not breach the APPs in relation to that information.

7. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including:

  • Order records: Retained for a minimum of 7 years to comply with Australian taxation law (ATO record-keeping requirements for GST and income tax).
  • Customer communications: Retained for up to 3 years after the last interaction, or as required to resolve any disputes.
  • Analytics data: Google Analytics data is retained for 14 months (GA4 default) before automatic deletion.

When personal information is no longer required, we take reasonable steps to destroy or de-identify it securely.

8. Security

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

  • HTTPS encryption for all website traffic
  • Payment processing handled entirely by PCI-DSS compliant providers (Stripe, PayPal) — we never handle raw card data
  • Access to order data restricted to authorised personnel only
  • Regular review of third-party service providers' security practices

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Your Rights

You have the right to:

  • Access the personal information we hold about you, subject to certain exceptions under the Privacy Act.
  • Correct any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading.
  • Request deletion of your personal information, subject to our legal obligations to retain certain records.
  • Complain about how we have handled your personal information.

To exercise any of these rights, please contact us using the details in Section 11. We will respond to access and correction requests within 30 days.

10. Privacy Complaints

If you believe we have breached your privacy rights, please contact us first (see Section 11) so we can attempt to resolve your concern. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

11. Contact Us

For any privacy enquiries, access requests, or complaints, please contact us via our contact form or email us at [email protected].

We will endeavour to respond to all privacy enquiries within 5 business days.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after changes are posted constitutes acceptance of the updated policy.