Privacy

ROLLIE NATION PTY LTD

Effective Date: 1 January 2025 | Last Updated: 2 June 2026

Rollie Nation Pty Ltd (ABN 158 107 843) (“Rollie”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you visit our website, use our services, or make a purchase from rollienation.com or otherwise communicate with us. For purposes of this Policy, “you” means you as a user of our Services, whether as a customer, website visitor, or another individual whose information we have collected.

This Policy applies to all personal information collected by Rollie, whether through our owned digital platforms, in-store interactions, wholesale and marketplace channels, or from international customers. It should be read together with our Terms and Conditions, available at rollienation.com/terms.

We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where we collect information from customers outside Australia, we also endeavour to comply with applicable local privacy laws to the extent required.

Data controller: For the purpose of applicable data protection laws, and unless explicitly stated otherwise, Rollie Nation Pty Ltd is the data controller of your personal information.

Privacy at a Glance

The table below is a plain-language summary. The full policy follows and governs in all cases.

Topic	Summary
What we collect	Name, email, address, phone, payment details, account credentials, loyalty points, browsing behaviour, device and location data
Why we collect it	To process orders, personalise your experience, improve our services, market to you (where permitted), and meet legal obligations
Who we share it with	Shopify (platform), payment processors, logistics partners, marketing platforms, analytics providers, affiliates — only as needed
Where it’s stored	Australia and, in some cases, servers in the US and EU with adequate protections in place
How long we keep it	For as long as needed to provide our services and meet legal obligations — typically 7 years for transaction data
Your rights	Access, correction, deletion, portability, restriction, opt-out of sale/sharing, and the right to complain to the OAIC or your local authority

1. Information We Collect

1.1 Information You Provide Directly

We collect personal information you give us when you:

• Create an account or register for a Wholesale Account on our Platform;

• Place an order for Products, whether as a direct consumer, Authorised Retailer, or Marketplace Seller;

• Subscribe to our newsletter or marketing communications;

• Contact our customer service team by email, phone, or live chat;

• Submit a product review, comment, or User Content;

• Participate in a competition, promotion, survey, or loyalty programme;

• Apply for a role with Rollie.

The types of information collected in these contexts may include: full name, email address, postal address, phone number, date of birth, payment card details (processed securely via our payment provider), username, password and security questions (for account security purposes), business name and ABN (for wholesale accounts), and shopping information such as items viewed, cart contents, purchases, loyalty points, product reviews, referrals, and gift cards.

1.2 Information Collected Automatically

When you visit our Platform, we and our third-party service providers (including Shopify) automatically collect certain technical and behavioural data, including:

• IP address, browser type and version, operating system, and device identifiers;

• Geolocation data derived from your IP address or, where you consent, GPS or device location;

• Pages viewed, links clicked, time spent on pages, and referring URLs;

• Internet or other similar network activity, including browsing history on our Platform;

• Cookie identifiers and similar tracking technologies (see Section 6);

• Purchase history and browsing behaviour on the Platform.

1.3 Information From Third Parties

We may receive personal information about you from third parties, including:

• Shopify — our ecommerce platform provider, who may share information about your interactions with our store in accordance with their own Privacy Policy and Consumer Privacy Policy;

• Payment processors and fraud prevention services;

• Marketplace platforms (such as Amazon, eBay, or The Iconic) where you purchase Rollie products through an Authorised Retailer;

• Social media platforms, where you interact with our content or connect your account;

• Analytics and advertising partners;

• Wholesale partners and Authorised Retailers, in connection with managing trade accounts.

2. How We Use Your Information

We use the personal information we collect for the following purposes:

2.1 Providing Products and Services

We use your personal information to provide you with our Services in order to perform our contract with you, including to process payments, fulfil orders, send notifications related to your account, purchases, returns and exchanges, create and manage your account, arrange shipping, and facilitate returns and exchanges. We may also enhance your shopping experience by enabling Shopify to match your account with other Shopify services you choose to use. In that case, Shopify processes your information as set forth in its own Privacy Policy.

For EEA residents, the legal basis for this processing is performance of a contract — Art. 6(1)(b) GDPR.

2.2 Account & Wholesale Management

• Creating and managing your customer or wholesale account;

• Processing wholesale applications and managing Authorised Retailer relationships;

• Administering access to trade pricing, ordering tools, and brand assets.

2.3 Marketing & Communications

• Sending you promotional emails, product updates, and special offers where you have opted in or where permitted under applicable law;

• Personalising content, product recommendations, and advertising based on your browsing and purchase history;

• Conducting market research, surveys, and loyalty programmes.

You may opt out of marketing communications at any time by clicking the unsubscribe link in any email or by contacting us at shop@rollienation.com. Opting out of marketing does not affect transactional communications relating to your orders.

For EEA residents, the legal basis for marketing and advertising activities is our legitimate interest in selling our products — Art. 6(1)(f) GDPR.

2.4 Security and Fraud Prevention

We use your personal information to detect, investigate, or take action regarding possible fraudulent, illegal, or malicious activity. If you register an account, you are responsible for keeping your account credentials safe. If you believe your account has been compromised, please contact us immediately.

For EEA residents, the legal basis for security processing is our legitimate interest in keeping our Platform secure — Art. 6(1)(f) GDPR.

2.5 Platform Improvement & Analytics

• Analysing usage patterns to improve the design, functionality, and content of our Platform;

• Monitoring for fraud, security incidents, and unauthorised access;

• Conducting A/B testing and product development research.

For EEA residents, the legal basis for analytics processing is our legitimate interest in improving our services — Art. 6(1)(f) GDPR.

2.6 Legal & Compliance

• Complying with our obligations under applicable laws, including the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), tax, consumer protection, and anti-money laundering legislation;

• Enforcing our Terms and Conditions and other agreements;

• Responding to lawful requests from regulatory authorities and law enforcement;

• Protecting the Intellectual Property Rights and brand integrity of Rollie Nation Pty Ltd.

For EEA residents, the legal basis for compliance processing is compliance with a legal obligation — Art. 6(1)(c) GDPR.

3. Disclosure of Your Information

We do not sell your personal information. We may share your information with third parties only in the following circumstances:

3.1 Service Providers

We engage trusted third-party service providers who process personal information on our behalf, under contractual obligations to protect it. These include:

• Shopify — our ecommerce platform provider. For information about how Shopify handles your data, please see Shopify’s Privacy Policy and Consumer Privacy Policy;

• Payment processors (e.g. Stripe, Afterpay, PayPal) for secure transaction processing;

• Logistics and fulfilment partners for order delivery and returns;

• Email and SMS marketing platforms for communications;

• Cloud hosting and IT infrastructure providers;

• Customer service and live chat platforms;

• Analytics and advertising technology providers.

3.2 Marketplace & Wholesale Partners

Where you purchase Products through an Authorised Retailer or Marketplace, relevant transaction and fulfilment information may be shared with that party to the extent necessary to complete the sale and provide after-sales support. Authorised Retailers and Marketplace Sellers are independently responsible for handling their customers’ personal information in compliance with applicable privacy laws.

3.3 Legal & Regulatory Disclosures

We may disclose your information where required or permitted by law, including in response to a court order, subpoena, regulatory investigation, or law enforcement request. We may also disclose information to enforce our legal rights, protect the safety of any person, or prevent fraud.

3.4 Business Transfers

In the event of a merger, acquisition, asset sale, or restructure involving Rollie, your personal information may be disclosed to prospective or actual purchasers as part of due diligence, subject to confidentiality obligations. If such a transfer occurs, we will take reasonable steps to ensure your information continues to be protected under comparable privacy standards.

3.5 Affiliates

We may share your personal information with our affiliates or otherwise within our corporate group in our legitimate interests to run a successful business. Any affiliate receiving your information will be bound by privacy obligations no less protective than those in this Policy.

3.6 With Your Consent

We may share your information with third parties for other purposes where you have given your explicit consent. With your consent, we may share personal information for the purpose of engaging in advertising and marketing activities, including with business and marketing partners who will use your information in accordance with their own privacy notices.

3.7 Categories of Information Disclosed

In the past 12 months we have disclosed the following categories of personal information for the purposes described above:

Category	Categories of Recipients
Identifiers (name, email, contact details, account information)	Vendors and service providers, business and marketing partners, affiliates
Order and commercial information (purchase history, shopping information)	Vendors and service providers, business and marketing partners, affiliates
Internet or other similar network activity (usage data, browsing behaviour)	Vendors and service providers, analytics and advertising partners
Geolocation data (location derived from IP address or device)	Vendors and service providers, analytics providers
Inferences drawn from the above (preferences, interests)	Business and marketing partners (with consent only)

We do not use or disclose sensitive personal information without your consent or for the purposes of inferring characteristics about you.

4. International Data Transfers

Rollie is headquartered in Australia and primarily stores personal information on servers located in Australia. However, some of our third-party service providers (including Shopify) operate infrastructure in other countries, including the United States and the European Union. When we transfer personal information outside Australia, we take steps to ensure that it receives a level of protection comparable to that required under the Privacy Act 1988 (Cth), including by:

• Entering into data processing agreements that incorporate appropriate contractual protections;

• Transferring data only to countries with adequate privacy frameworks recognised under Australian law;

• Ensuring our service providers are certified under applicable cross-border data transfer mechanisms.

If you are located outside Australia, please be aware that your personal information may be transferred to and processed in Australia or other countries. By using our Platform, you consent to such transfers.

For customers in the European Union or United Kingdom, to the extent the GDPR or UK GDPR applies, we rely on the European Commission’s Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the UK, unless the data transfer is to a country that has been determined to provide an adequate level of protection.

5. Data Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, to provide the Services, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies. Our general retention periods are:

• Transaction and order records: 7 years from the date of transaction, in accordance with Australian tax law requirements;

• Account information: For the duration of your account, plus 2 years following closure;

• Marketing preferences and communications history: Until you opt out, plus a reasonable period thereafter;

• Customer service correspondence: 3 years from the date of the interaction;

• Wholesale account records: For the duration of the Wholesale Agreement, plus 7 years;

• Fraud and security logs: Up to 5 years, or longer where required by law.

When personal information is no longer required, we take reasonable steps to securely destroy or de-identify it.

6. Cookies & Tracking Technologies

6.1 What We Use

Our Platform uses cookies, pixel tags, web beacons, software developer kits, and similar technologies to enhance your experience and collect usage data. Our store is powered by Shopify; for specific information about the cookies that Shopify uses, please see Shopify’s Cookie Policy. The categories of cookies we use include:

• Essential cookies: Required for the Platform to function (e.g. shopping cart, login sessions). Cannot be disabled.

• Analytics cookies: Help us understand how users interact with the Platform (e.g. Google Analytics).

• Marketing & advertising cookies: Used to deliver relevant ads and measure campaign effectiveness (e.g. Meta Pixel, Google Ads).

• Preference cookies: Remember your settings and personalisation choices.

6.2 Managing Cookies

You can control cookies through your browser settings or our cookie consent tool, which is presented when you first visit the Platform. Please note that disabling certain cookies may affect the functionality of the Platform.

6.3 Do Not Track

Some browsers transmit a “Do Not Track” signal to websites. Like many websites, our Platform is not currently designed to respond to such signals. To learn more about Do Not Track, visit www.allaboutdnt.com.

7. Security

We take reasonable technical and organisational measures to protect your personal information from unauthorised access, loss, misuse, disclosure, alteration, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols;

• Encryption of stored payment data, with card details processed exclusively through PCI-DSS compliant payment providers;

• Access controls and authentication requirements for internal systems;

• Regular security assessments and staff training on data handling obligations.

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee complete security. In addition, any information you send to us may not be secure while in transit. We recommend that you do not use insecure channels to communicate sensitive or confidential information to us. If you become aware of any security incident affecting your account, please contact us immediately at shop@rollienation.com.

8. Your Privacy Rights

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. These rights are not absolute, may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law.

• Right to Access / Know: You may request access to the personal information we hold about you, including details of how we use and share it.

• Right to Delete: You may request that we delete personal information we hold about you.

• Right to Correct: You may request that we correct inaccurate or incomplete personal information we hold about you.

• Right of Portability: You may request a copy of your personal information in a portable format and, in certain circumstances, request that we transfer it to a third party.

• Right to Opt Out of Sale, Sharing, or Targeted Advertising: You may direct us not to “sell” or “share” your personal information, or opt out of the processing of your personal information for purposes considered to be “targeted advertising”, as defined in applicable privacy laws.

• Right to Restrict Processing: You may ask us to stop or restrict our processing of your personal information in certain circumstances.

• Right to Withdraw Consent: Where we rely on consent to process your personal information, you may withdraw that consent at any time.

• Right to Appeal: If we decline to process your request, you may have a right to appeal our decision by contacting us directly.

• Managing Communication Preferences: You may opt out of promotional emails at any time using the unsubscribe link in any email. We may still send non-promotional communications such as order updates and account notices.

Non-discrimination: We will not discriminate against you for exercising any of these rights.

Authorised agents: In accordance with applicable laws, you may designate an authorised agent to make requests on your behalf. Before accepting such a request, we will require the agent to provide proof that you have authorised them to act on your behalf, and we may need to verify your identity directly with you.

Global Privacy Control: If you visit our Platform with the Global Privacy Control (GPC) opt-out preference signal enabled, we will, depending on where you are located, automatically treat this as a request to opt out of the “sale” or “sharing” of information for the device and browser you use to visit the Platform.

To exercise any of these rights, please contact us using the details in Section 13, or where indicated on our Platform. We will respond in a timely manner as required under applicable law and may need to verify your identity before processing your request.

8.1 Australian Customers

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, Australian customers have the right to access and seek correction of their personal information, and to make a complaint to the OAIC if they believe we have mishandled their personal information (see Section 11).

8.2 European Union & United Kingdom Customers

If you are located in the EU or UK and the GDPR or UK GDPR applies to our processing of your data, you have the full suite of rights listed above, as well as the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at the European Data Protection Board website.

8.3 New Zealand Customers

Customers in New Zealand have rights under the Privacy Act 2020 (NZ), including the right to access and correct personal information held about them.

9. Children’s Privacy

Our Platform is not intended to be used by children under the age of 13, and we do not knowingly collect personal information from children. If you are the parent or guardian of a child who has provided us with their personal information, please contact us using the details in Section 13 to request that it be deleted.

We do not have actual knowledge that we “sell” or “share” (as those terms are defined in applicable law) personal information of individuals under 16 years of age. If we become aware of any such collection, we will take steps to delete that information promptly.

10. Third-Party Links & Services

Our Platform may contain links to third-party websites, social media platforms, and embedded services. This Privacy Policy applies only to Rollie’s own Platform and activities. We are not responsible for the privacy or security of any third-party sites or services, and we encourage you to review their privacy policies before providing any personal information. Information you share on public or semi-public venues, including third-party social networking platforms, may be viewable by other users without limitation as to its use by us or by a third party.

11. Complaints

If you have a concern about how we have handled your personal information, we encourage you to contact us first so that we can attempt to resolve the matter:

Privacy Officer, Rollie Nation Pty Ltd

Email: privacy@rollienation.com

Website: rollienation.com/privacy

Address: 180 Ferrars Street, Suite 3, South Melbourne VIC 3205, Australia

We will acknowledge your complaint within 5 business days and endeavour to resolve it within 30 days. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

EU and UK customers who are not satisfied with our response may contact their local data protection authority.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the revised Privacy Policy on the Platform, update the “Last Updated” date, and take any other steps required by applicable law. Where appropriate, we will notify you by email or by a prominent notice on the Platform at rollienation.com/privacy. Your continued use of the Platform following any update constitutes your acceptance of the revised Privacy Policy.

13. Contact Us

For any privacy-related questions, requests, or concerns, please contact our Privacy Officer:

Rollie Nation Pty Ltd

Privacy Officer

General enquiries: shop@rollienation.com

Privacy enquiries: privacy@rollienation.com

Legal enquiries: legal@rollienation.com