Store Opening Hours: Mon - Fri, 9.30am - 5pm
Weekends by Appointment
CCD Logo
Log In
Register
$0.00 0

Cart

No products in the cart.

Home > Privacy Policy

Privacy policy

Our privacy policy

Privacy Policy for Coffs Coast Drones (Project Z Pty Ltd)

Introduction
This Privacy Policy sets out how Coffs Coast Drones, operated by Project Z Pty Ltd (ABN: [insert ABN]), of 92-96 Industrial Drive, North Boambee Valley NSW 2450, Australia (“we”, “us”, “our” or “Coffs Coast Drones”), manages personal information collected through its website and related online services. We are committed to protecting the privacy of our customers and website visitors, and to complying with all applicable privacy laws and regulations in Australia, including the Privacy Act 1988 (Cth) (“Privacy Act”), the Australian Privacy Principles (“APPs”), and relevant guidance from the Office of the Australian Information Commissioner (“OAIC”). This Policy also reflects best practices and incorporates protective language to shield the company from legal risks and misuse.
By using our website or services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree with any part of this Policy, please do not use our website or provide your personal information.

1. Scope and Application
This Privacy Policy applies to all personal information collected, held, used, and disclosed by Coffs Coast Drones via its website, online forms, communications, and related digital services. It covers information collected from customers, prospective customers, website visitors, and other individuals interacting with our online presence.
While Project Z Pty Ltd is a proprietary limited company based in New South Wales (NSW), Australia, this Policy is designed to comply with:
• The Privacy Act 1988 (Cth), including all amendments effective as of June 2025;
• The Australian Privacy Principles (APPs) as set out in Schedule 1 of the Privacy Act;
• The Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act;
• The statutory tort for serious invasions of privacy (effective from June 2025);
• Relevant NSW state privacy laws, including the Privacy and Personal Information Protection Act 1998 (NSW) (“PPIP Act”), to the extent applicable;
• OAIC guidance and best practice recommendations;
• Any other applicable Commonwealth or State laws and codes of practice.

2. Key Definitions
• Personal Information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not.
• Sensitive Information: Includes information about an individual’s racial or ethnic origin, political opinions, religious beliefs, sexual orientation, health information, and biometric data.
• APP Entity: An organisation or agency subject to the Australian Privacy Principles.
• Overseas Recipient: A person or entity outside Australia to whom personal information is disclosed.
• Eligible Data Breach: A data breach likely to result in serious harm to any individuals to whom the information relates, as defined under the NDB scheme.

3. Types of Personal Information Collected
We collect and hold the following types of personal information, as reasonably necessary for our business functions and activities:
• Contact details (name, address, email, phone number)
• Account registration details (username, password)
• Payment and transaction information (where applicable)
• Website usage data (IP address, browser type, device information, cookies, analytics data)
• Communications with us (emails, online forms, chat logs)
• Any other information you voluntarily provide to us
We do not intentionally collect sensitive information unless required by law or with your explicit consent. If you provide unsolicited sensitive information, we will take reasonable steps to destroy or de-identify it, unless required to retain it by law.

4. How We Collect Personal Information
We collect personal information in several ways, including:
• Directly from you when you submit forms, register an account, make inquiries, or communicate with us via our website or email;
• Automatically through your use of our website, including via cookies, web beacons, and analytics tools;
• From third-party service providers (such as payment processors or analytics platforms) as permitted by law;
• From publicly available sources, where lawful and appropriate.
Where practicable, we will collect personal information directly from you. If we receive unsolicited personal information, we will assess whether we could have lawfully collected it and, if not, will destroy or de-identify it as required by APP 4.

5. Purposes for Collecting, Holding, Using, and Disclosing Personal Information
We collect, hold, use, and disclose your personal information for the following primary purposes:
• To provide and improve our products, services, and website functionality;
• To communicate with you regarding your inquiries, orders, or account;
• To ensure the security and integrity of our website, systems, and networks;
• To comply with legal obligations, including responding to court-issued warrants or lawful requests from authorities;
• To manage our business operations and internal record-keeping;
• For analytics and website performance monitoring (using third-party services such as Google Analytics, Meta, Automattic, and Elsner Technologies Pvt. Ltd.);
• For any other purpose disclosed to you at the time of collection or as required or permitted by law.
We do not sell your personal information to third parties. We only share your data securely with partners for the limited purposes described above.

6. Use of Cookies and Tracking Technologies
Our website uses cookies and similar technologies to enhance your browsing experience, analyze website traffic, and support the operation of third-party services. Cookies are small text files stored on your device that help us recognize repeat visitors and collect aggregate data.
You may adjust your browser settings to refuse cookies or alert you when cookies are being sent. However, disabling cookies may affect the functionality of our website.
For more information on how third-party services use cookies and data, please refer to their respective privacy policies:
• Google Privacy Policy
• Meta Privacy Policy
• Automattic Privacy Policy
• Elsner Technologies Privacy Policy.

7. Third-Party Services and Overseas Disclosure
We use reputable third-party service providers to support our website and business operations, including:
• Google Analytics: For website analytics and performance monitoring. Data may be processed on servers outside Australia. See Google Privacy Policy.
• Meta (Facebook): For social media integration and advertising. Data may be processed globally. See Meta Privacy Policy.
• Automattic (WordPress): For website hosting and content management. See Automattic Privacy Policy.
• Elsner Technologies Pvt. Ltd.: For website development and technical support. See Elsner Privacy Policy.
When disclosing personal information to overseas recipients, we take reasonable steps to ensure that those recipients do not breach the APPs (other than APP 1) in relation to your information, as required by APP 8. This may include contractual safeguards, due diligence, and regular review of third-party privacy practices. We remain accountable for the handling of your personal information by overseas recipients unless an exception applies (such as your informed consent or the recipient being subject to substantially similar privacy laws).

8. Data Security and Protection Measures
We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorized access, modification, or disclosure, as required by APP 11. Our security measures include:
• Secure website hosting and encrypted data transmission (HTTPS/SSL)
• Access controls and authentication for staff and contractors
• Regular security audits, vulnerability assessments, and penetration testing
• Up-to-date firewalls, anti-virus, and intrusion detection systems
• Secure storage of physical and electronic records
• Staff training on privacy and data protection
• Incident response and data breach management plans
We require our third-party service providers to implement comparable security measures and to process your personal information only as necessary to provide their services to us.

9. Data Retention and Destruction
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. When personal information is no longer needed, we take reasonable steps to securely destroy or de-identify it, unless retention is required by law, court order, or for legitimate business purposes (such as record-keeping, dispute resolution, or compliance with statutory obligations).
Retention periods may vary depending on the type of information and applicable legal requirements. For example, certain financial or transaction records may need to be kept for up to seven years under tax or corporate laws. We regularly review our data holdings and implement destruction or de-identification processes in accordance with OAIC and industry guidance.

10. Access to and Correction of Personal Information
You have the right to request access to the personal information we hold about you, and to request correction if you believe that information is inaccurate, out-of-date, incomplete, irrelevant, or misleading, as provided under APPs 12 and 13.
• How to Request Access or Correction: Please contact our Privacy Officer using the details in Section 17. We may require you to verify your identity before processing your request.
• Fees: Access to your personal information is generally provided free of charge. However, we reserve the right to charge a reasonable administrative fee of $15 AUD for requests that are complex, voluminous, or require significant resources beyond basic data access. We will inform you of any applicable fee in advance and provide options to minimize costs where possible.
• Response Time: We aim to respond to access or correction requests within 30 calendar days. If we refuse your request, we will provide written reasons and information on how you can complain or seek review.

11. Anonymity and Pseudonymity
Where lawful and practicable, you may interact with us anonymously or by using a pseudonym (for example, when making a general inquiry). However, in some cases, we may need your real identity to provide certain services, respond to specific requests, or comply with legal obligations.

12. Children’s Privacy
We are committed to protecting the privacy of children and young people online. Our website and services are not specifically directed at children under the age of 16. We do not knowingly collect personal information from children without appropriate consent.
We will comply with the forthcoming Children’s Online Privacy Code, which is expected to impose additional requirements for services likely to be accessed by children, including age-appropriate privacy notices, consent mechanisms, and data minimization. We encourage parents and guardians to supervise their children’s online activities and to contact us if they believe a child’s personal information has been collected without consent.

13. Automated Decision-Making
We do not currently use fully automated decision-making processes that significantly affect individuals’ rights or interests. If we introduce such processes in the future, we will update this Privacy Policy to provide clear information about:
• The kinds of personal information used in automated decision-making systems;
• The types of decisions made solely or substantially by computer programs;
• The rights of individuals to seek human review or further explanation of automated decisions.
We will comply with the new transparency requirements for automated decision-making under the Privacy Act, effective from December 2026.

14. Data Breaches and Notifiable Data Breach Scheme
We have implemented a Data Breach Response Plan to promptly identify, assess, and respond to actual or suspected data breaches. If we become aware of an eligible data breach (i.e., unauthorized access to, disclosure of, or loss of personal information likely to result in serious harm), we will:
• Assess the breach within 30 days;
• Take remedial action to contain and mitigate harm;
• Notify affected individuals and the OAIC as soon as practicable, including a description of the breach, the types of information involved, and recommended steps for affected individuals;
• Publicly communicate the breach if direct notification is not practicable.
Failure to comply with the NDB scheme may result in regulatory action and significant penalties. We are committed to transparency and timely notification in the event of a data breach.

15. Disclosure of Personal Information
15.1. General Disclosures
We do not sell, rent, or trade your personal information. We only disclose personal information to third parties in the following circumstances:
• To our trusted service providers and partners (such as Google Analytics, Meta, Automattic, Elsner Technologies Pvt. Ltd.) for the purposes described in this Policy;
• To law enforcement agencies, courts, regulatory authorities, or other parties as required or authorized by law, including in response to court-issued warrants;
• To protect our rights, property, or safety, or that of our customers or the public;
• With your explicit consent or as otherwise permitted by law.
We require all third-party recipients to handle your personal information in accordance with applicable privacy laws and to implement appropriate security measures.
15.2. Overseas Disclosures
Some of our service providers are located outside Australia, including in the United States, India, and other jurisdictions. When disclosing personal information overseas, we take reasonable steps to ensure that overseas recipients do not breach the APPs (other than APP 1) in relation to your information. These steps may include:
• Conducting due diligence on the recipient’s privacy practices;
• Entering into contractual arrangements requiring compliance with the APPs;
• Obtaining your informed consent where required;
• Relying on exceptions where the recipient is subject to substantially similar privacy laws or where disclosure is required by law.
We remain accountable for the handling of your personal information by overseas recipients, except where an exception applies under APP 8.2.

16. Legal Basis for Collection, Use, and Disclosure
We collect, use, and disclose personal information only where permitted by law, including:
• With your consent;
• Where necessary to perform a contract with you or provide requested services;
• To comply with legal obligations (such as responding to court orders or regulatory requirements);
• Where required to protect the vital interests of individuals or the public;
• For legitimate business interests, provided these do not override your rights and freedoms.
We do not use your personal information for direct marketing without your consent or where you have opted out. You may withdraw your consent or object to certain uses of your information at any time by contacting us.

17. How to Contact Us
For privacy inquiries, requests for access or correction, complaints, or questions about this Privacy Policy, please contact:
The Privacy Officer
Coffs Coast Drones, Project Z Pty Ltd
92-96 Industrial Drive
North Boambee Valley NSW 2450
Email: privacy@projectz.com.au
We aim to respond to all inquiries within a reasonable period, typically within 30 days.

18. Complaints and Dispute Resolution
If you believe we have breached your privacy rights or mishandled your personal information, please contact our Privacy Officer in writing. We will investigate your complaint and respond as soon as practicable, usually within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
• OAIC Privacy Complaints
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au
The OAIC has the authority to investigate complaints, make determinations, and, in some cases, award compensation or impose penalties for serious or repeated privacy breaches.

19. Limitation of Liability and Protective Language
To the fullest extent permitted by law, Coffs Coast Drones and Project Z Pty Ltd exclude all liability for loss, damage, or injury arising out of or in connection with your use of our website or the handling of your personal information, except where such liability cannot be excluded under the Australian Consumer Law or other applicable legislation.
We are not responsible for the privacy practices or content of third-party websites or services linked from our website. We do not accept liability for any unauthorized access to or use of your personal information by third parties, except where required by law.
Nothing in this Policy limits your statutory rights as a consumer or our obligations under the Privacy Act, the APPs, or other applicable laws.

20. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. The updated Policy will be posted on our website with the effective date. We encourage you to review this Policy periodically.
If we make material changes, we will notify you by email or by a prominent notice on our website prior to the change becoming effective, where practicable.

21. Additional Information and Resources
For further information about privacy rights and obligations in Australia, please refer to:
• Office of the Australian Information Commissioner (OAIC)
• Australian Privacy Principles Guidelines
• Privacy Act 1988 (Cth)
• NSW Privacy and Personal Information Protection Act 1998

22. Summary Table: Key Privacy Practices

Note: Each practice is further detailed in the relevant section above. For more information, see the OAIC’s Australian Privacy Principles Guidelines.

23. Acknowledgement of Third-Party Privacy Policies
We use the following third-party services, each of which has its own privacy policy:
• Google Analytics Privacy Policy
• Meta (Facebook) Privacy Policy
• Automattic (WordPress) Privacy Policy
• Elsner Technologies Pvt. Ltd. Privacy Policy
We encourage you to review these policies to understand how your data may be handled by these providers.

24. Effective Date
This Privacy Policy is effective as of 6 November 2025. It supersedes all previous versions.

25. Additional Legal Notices
This Policy is governed by the laws of New South Wales and the Commonwealth of Australia. Any disputes arising under or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts of New South Wales and the Commonwealth of Australia.

If you have any questions or concerns about this Privacy Policy or your personal information, please contact our Privacy Officer at privacy@projectz.com.au.

Last updated: 6 November 2025

 

 

Collective of Online Polices 

Policy - Policy - Announcements 

Get the latest deal

No spam, just the lastest news, early specials and hottest deals straight to your inbox.
Coffs-Drones-Logo
The Coffs Coast's unmanned tech hub providing a complete experience from sales, accessories, spare parts and maintenance under one roof
Follow on:

Categories

Aerial Systems Robotics & AI Underwater Drones Sensors & Gimbals Batteries Parts & Accessories Maintenance/Repairs

Useful links

Store Shipping Policy Hot Specials Privacy Policy Drone Wiki Drone Services

Company

About Articles Refund & Returns FAQ Contact Terms & Conditions

Contact details

Address: 92-98 Industrial Drive
North Boambee Valley, NSW
Phone: +61 (02) 6699 1440
contact@coffsdrones.com.au
Drone safety advocate
© Copyright - Coffs Drones - All Rights Reserved.

Coffs Drones

Ask us anything about drones!