Privacy policy.

Last updated: 29 June 2025

1. Who we are

Unplugged Play (“we”, “our”, “us”) curates family board‑game subscription boxes and related digital resources.

Website: unpluggedplay.com.au

Email: info@unpluggedplay.com.au

Phone: +61 (0)429252825

2. Our commitment to your privacy

We handle personal information in line with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), including amendments introduced by the Privacy and Other Legislation Amendment Act 2024. These reforms give individuals stronger rights to transparency, erasure and remedies for serious privacy breaches.

3. What information we collect

We collect the following categories of personal information:

• Identity data – name, date of birth (optional), child’s first name (optional)

• Contact data – postal address, email address, telephone number

• Payment data – transaction ID and last four digits of card number (processed securely via Stripe or PayPal; full card details are not stored on our servers)

• Usage data – pages visited, links clicked, referring URL, IP address

• Preference data – game‑genre likes, child ages, accessibility needs

• Marketing data – marketing opt‑in status and campaign interactions

We do not knowingly collect information about children under 13 without a parent or guardian’s consent.

4. How we collect information

• Directly from you – when you complete forms, send emails, contact us by phone, or message us on social media

• Automatically – via cookies, pixels and similar technologies when you browse our site or open our emails

• From third‑party integrations you authorise – for example, Facebook or Google single‑sign‑on

5. Why we collect and use information

Purpose and legal basis:

• Fulfil orders and deliver boxes – necessary for our functions (APP 3)

• Personalise your experience – consent or legitimate interests (APP 3)

• Marketing and community building – express consent (APP 7)

• Analytics and service improvement – legitimate interests (APP 3)

• Legal and regulatory compliance – APP 6 and APP 11

You may opt out of marketing at any time via the “unsubscribe” link in our emails or by contacting us.

6. When we disclose information

We share personal information only with:

• Service providers – e‑commerce platform, payment gateway, email service, fulfilment partners

• Professional advisers – accountants, legal counsel, auditors

• Regulators or law‑enforcement agencies – when required by law

• Parties to a corporate transaction – e.g., merger or acquisition (we will notify you)

All suppliers must meet or exceed the safeguards in this policy.

Overseas disclosure

Some third‑party providers store data in the USA, EU or Singapore. Where information is transferred overseas, we take reasonable steps to ensure it receives protection equivalent to the APPs, including contractual obligations and ISO 27001‑certified data centres.

7. Data security

• TLS encryption in transit and AES‑256 encryption at rest

• Role‑based staff access and mandatory multi‑factor authentication for admin dashboards

• Annual security‑awareness training

• Incident‑response plan aligned with the Notifiable Data Breaches scheme

8. Your rights

You have the right to:

1. Access the personal information we hold about you

2. Correct inaccurate or out‑of‑date details

3. Erase information (subject to legal retention obligations)

4. Withdraw consent for marketing or other optional processing

5. Complain about our handling of your data

To exercise these rights, contact us using the details in Section 1. We will respond within 30 days.

9. Questions or complaints

If you have a privacy concern:

1. Email privacy@unpluggedplay.com.au with the details.

2. We’ll acknowledge receipt within 2 business days and aim to resolve the issue within 30 days.

3. If you are not satisfied, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC): oaic.gov.au / 1300 363 992.

10. Retention

We retain records only as long as necessary for the purposes described above or as required by tax, consumer‑protection and corporate‑record laws (usually seven years for transaction data). After that, data is securely deleted or anonymised.

11. Changes to this policy

We may update this policy to reflect legal, technical or business changes. We will post the revised version with a new “Last updated” date and, where the changes are material, notify you by email or in‑app banner.