Privacy Policy
Frankster Privacy Policy
Last updated: June 3rd 2026
Introduction
This Privacy Policy explains how Frankster Pty Ltd (ABN 78 667 498 544) ("Frankster", "we", "us" or "our") collects, uses, stores, shares and protects your personal information when you visit, use, or make a purchase from frankster.com.au (the "Site"), interact with our marketing communications, or otherwise communicate with us.
In this Privacy Policy, "you" or "your" means any individual whose personal information we collect, including customers, prospective customers, website visitors, and anyone who contacts us.
By using the Site or providing your personal information to us, you acknowledge that you have read this Privacy Policy and understand how we handle your personal information.
About us
Frankster is a small, independent Australian business founded in 2023. We are based at 480 St Kilda Road, Melbourne, Victoria 3004, Australia, and we sell men's shorts directly to customers in Australia and a small number of international markets (currently the United States, Canada, the United Kingdom, the European Union, New Zealand and Singapore, with other countries reachable as "Rest of World").
We don't have offices, staff, or representatives outside Australia. The business is run by the founder with the help of a small number of freelancers, and we rely on established third-party platforms (such as Shopify, Klaviyo, and our fulfilment partner) to process and store customer data securely. We take privacy seriously and have written this policy to be honest, clear, and useful — both for you and for us.
Applicable laws
This Privacy Policy is designed to comply with the privacy laws that apply to us based on where our customers are located. These include:
- The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) (Australia)
- The General Data Protection Regulation (EU) 2016/679 ("EU GDPR") (European Union and European Economic Area)
- The UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018 (United Kingdom)
- The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act ("CCPA/CPRA") (California, USA)
- Other US state privacy laws, including the Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, Texas Data Privacy and Security Act, Oregon Consumer Privacy Act, Montana Consumer Data Privacy Act, and similar state laws
- The Personal Information Protection and Electronic Documents Act ("PIPEDA") (Canada)
- The Personal Data Protection Act 2012 ("PDPA") (Singapore)
- The Privacy Act 2020 and the Information Privacy Principles (New Zealand)
Where you have rights under more than one law, you are entitled to rely on whichever law gives you the strongest protection.
1. What personal information we collect
We collect the following categories of personal information.
1.1 Information you provide directly
- Identity and contact information: first name, last name, email address, phone number, postal address (billing and shipping), country of residence
- Account information: account login credentials, password (stored in encrypted form), preferences
- Order and transaction information: items purchased, order numbers, order value, shipping method, returns and exchanges, basket contents, discount codes used
- Payment information: payment card details and billing details (collected and processed by our payment processors, not stored by us — see Section 4)
- Customer support information: the content of your messages or queries (via email, contact form, or our chat tool), screenshots or attachments you provide, your contact details
- Reviews and user-generated content: product reviews, ratings, photos or videos you choose to submit
- Marketing preferences: your subscription status and preferences for emails and other communications
1.2 Information we collect automatically
When you visit the Site or interact with our communications, we automatically collect:
- Device and technical information: IP address, device type and model, operating system, browser type and version, screen resolution, language preferences, time zone
- Usage information: pages visited, products viewed, time spent on pages, clickstream data, scroll behaviour, mouse movements, referring URLs, search terms used on the Site, exit pages
- Location information: approximate location derived from your IP address (country and region level)
- Cookie and similar technology data: information collected via cookies, pixels, tags, web beacons, software development kits and similar technologies (see Section 5)
1.3 Information we receive from third parties
We may receive personal information about you from:
- Analytics and advertising providers (such as Meta, Google, Microsoft Clarity) — information about your interactions with our ads or with our Site
- Payment processors (Shopify Payments, PayPal, Afterpay) — payment confirmations and limited transaction data
- Fulfilment and delivery partners — delivery status, address verification
- Social media platforms — if you choose to interact with us via social media or use a social login feature, we may receive information from the platform consistent with your privacy settings
- Fraud prevention services — information used to detect and prevent fraudulent transactions
1.4 Sensitive information
We do not seek to collect sensitive personal information (such as health, racial or ethnic origin, religious beliefs, sexual orientation, or government identifiers) as part of our usual business. If you voluntarily provide sensitive information (for example, to explain a service issue), we will only use it for the purpose you provided it and will not use it for marketing or profiling.
2. How and why we use your personal information
We collect and use your personal information for the following purposes. The table below sets out, for each purpose, the type of data involved and our legal basis under EU GDPR and UK GDPR. Customers in jurisdictions outside the EU/UK have equivalent protections under their applicable local laws.
| Purpose | Types of data | Legal basis (EU/UK GDPR) |
|---|---|---|
| To process and fulfil your order, including payment, shipping and delivery | Identity, contact, order, payment | Performance of a contract |
| To manage your account and provide customer support | Identity, contact, account, customer support | Performance of a contract; legitimate interests |
| To communicate with you about your order, returns, exchanges, or account | Identity, contact, order | Performance of a contract |
| To process returns and exchanges | Identity, contact, order | Performance of a contract |
| To send marketing communications (such as promotional emails) | Identity, contact, marketing preferences, usage | Consent (which you can withdraw at any time) |
| To personalise our Site and the marketing you see | Identity, usage, technical, device, location | Consent (for non-essential cookies and advertising); legitimate interests (for first-party personalisation) |
| To run, measure and optimise our advertising on third-party platforms (including Meta and Google) | Identity, contact, usage, technical, device | Consent (for advertising cookies and pixels); legitimate interests (for measurement) |
| To analyse Site performance and customer behaviour | Usage, technical, device, location | Consent (for analytics cookies); legitimate interests (for aggregated analytics) |
| To detect, investigate and prevent fraud and security threats | Identity, contact, order, payment, technical | Legitimate interests; legal obligation |
| To meet our legal, tax, accounting and regulatory obligations | Identity, contact, order, payment | Legal obligation |
| To enforce our Terms of Service and protect our rights | All categories as relevant | Legitimate interests |
| To facilitate a business transaction (such as a sale, merger, or restructure) | All categories as relevant | Legitimate interests |
We do not engage in any fully automated decision-making that produces legal or similarly significant effects on you. Our payment processors and fraud prevention partners may use automated processes to score transactions for fraud risk; these processes do not produce legal effects but may result in additional verification being requested.
3. How we collect your personal information
We collect personal information in three ways:
- Directly from you — when you create an account, place an order, contact customer support, subscribe to our marketing, leave a review, participate in a competition or survey, or otherwise interact with us
- Automatically — through cookies, pixels and similar technologies when you use our Site or open our emails
- From third parties — including our service providers and integrated platforms (see Section 4)
Where we collect your personal information indirectly, we take reasonable steps to ensure that you are made aware of the collection and that the third party is authorised to share that information with us.
4. Who we share your personal information with
We share your personal information with the following categories of recipients to provide our services, run our business, and meet our legal obligations. We do not sell your personal information for money. However, we do "share" certain personal information for cross-context behavioural advertising as defined under US state privacy laws — see Section 13 for details and your opt-out rights.
4.1 Service providers
We share personal information with the following categories of service providers, who process your data on our behalf and under contractual obligations of confidentiality and data protection:
| Category | Service provider | What we share |
|---|---|---|
| E-commerce platform | Shopify Inc. (Canada / USA) | Account, order, contact, technical and usage information |
| Payment processing | Shopify Payments, PayPal, Afterpay | Payment, billing, contact, order information |
| Email marketing and automation | Klaviyo Inc. (USA) | Identity, contact, order, behavioural and preference data |
| Web analytics — first-party | Shopify Analytics, Google Analytics 4 | Usage, device, technical and behavioural data |
| Session recording and heatmaps | Microsoft Clarity (Microsoft Corporation, USA) | Usage, device, behavioural data, screen interactions (with input field masking enabled) |
| Tag management | Google Tag Manager | Technical data routed to other tools we have integrated |
| Reviews | Judge.me | Identity, contact (email), order data, the content of any review you submit |
| Returns management | PostCo | Identity, contact, order data, return reason |
| Customer service / chat | Richpanel | Identity, contact, order data, conversation content |
| Order fulfilment and warehousing | Our third-party logistics provider in Australia | Identity, contact, shipping address, order details |
| International shipping carriers | Australia Post, DHL eCommerce | Identity, contact, shipping address |
| Advertising platforms | Meta Platforms Inc. (USA), Google Ads (USA) | Identity (typically hashed), contact, behavioural and event data (see Section 4.2) |
4.2 Meta Pixel and Conversions API
We use the Meta Pixel and the Meta Conversions API to measure the performance of our advertising on Facebook and Instagram, to build audiences for advertising, and to deliver more relevant ads to people who may be interested in our products.
When you visit our Site or take certain actions (such as adding to cart, beginning checkout, or completing a purchase), we share with Meta:
- Event data (such as the type of action, the page URL, the product details, the value of the transaction)
- Hashed identifiers (such as a hashed version of your email address, phone number, name and IP address)
- Device and browser information
Meta uses this data to attribute ad performance, build Custom Audiences (people who have engaged with us) and Lookalike Audiences (people similar to our customers), and to deliver advertising. Meta's use of your personal information is governed by its own privacy policy: https://www.facebook.com/privacy/policy
You can opt out of this data sharing in several ways:
- Reject non-essential cookies via our cookie banner when visiting our Site
- Adjust your advertising preferences within your Facebook or Instagram account
- Use industry opt-out tools such as https://optout.aboutads.info/ or https://www.youronlinechoices.eu/ (EU/UK) or https://www.youradchoices.ca/ (Canada)
- Contact us at privacy@frankster.com.au to request that we suppress your information from being shared with Meta via the Conversions API
4.3 Other disclosures
We may also disclose your personal information:
- To other businesses we acquire or that acquire us — if Frankster is involved in a sale, merger, restructure or insolvency, your information may be transferred to the new entity, subject to ongoing protections under this Privacy Policy
- To professional advisers — such as lawyers, accountants, auditors and insurers, where required for legitimate business purposes
- To law enforcement and regulators — where we are required to do so by law, by court order, or where we believe disclosure is necessary to protect our rights, our property, the safety of others, or to investigate fraud
- To other third parties with your consent — if you ask us to share your data with someone else
5. Cookies and similar tracking technologies
Cookies and similar technologies are small data files placed on your device when you visit our Site. We use them to make the Site work, to remember your preferences, to analyse Site performance, and to deliver and measure advertising.
We use the following categories of cookies and technologies:
- Strictly necessary — required for the Site to function (such as cart and checkout cookies, login session cookies). These cannot be disabled.
- Analytics and performance — help us understand how the Site is used (Google Analytics 4, Shopify Analytics, Microsoft Clarity)
- Functional — remember your preferences (such as language and country)
- Advertising and targeting — used to deliver relevant ads on and off the Site (Meta Pixel, Google Ads)
5.1 Your cookie choices
When you visit our Site, you will be presented with a cookie banner that allows you to accept all, reject all, or customise your cookie preferences. You can change your preferences at any time by accessing the cookie settings link in the footer of our Site.
We honour the Global Privacy Control (GPC) signal — if your browser or extension sends a GPC signal, we will treat it as a request to opt out of the sale or sharing of your personal information for cross-context behavioural advertising in jurisdictions where this right applies.
For UK and EU visitors, non-essential cookies will only be placed once you have given consent through the cookie banner.
You can also control cookies directly through your browser settings, although disabling certain cookies may affect Site functionality.
6. International data transfers
Frankster is based in Australia. Many of our service providers are located in the United States, Canada, the European Union, and other countries. This means that when you provide us with personal information, it may be transferred to, stored, and processed in countries outside the country where you live.
Where personal information is transferred from the EU, the UK, or other jurisdictions with cross-border transfer restrictions, we rely on the following safeguards:
- Standard Contractual Clauses (or equivalent UK addenda) approved by the European Commission and the UK Information Commissioner's Office, where required
- Adequacy decisions where applicable
- Other approved transfer mechanisms required by local law
For New Zealand customers, transfers comply with Information Privacy Principle 12 of the Privacy Act 2020. For Singapore customers, transfers comply with the data transfer requirements of the PDPA.
By providing your personal information to us, you acknowledge that it may be transferred internationally as described in this Privacy Policy. If you would like more information about the safeguards in place for international transfers, please contact us at privacy@frankster.com.au.
7. How long we keep your personal information
We retain personal information only for as long as we need it for the purposes set out in this Privacy Policy, or to comply with our legal obligations.
| Type of information | Retention period |
|---|---|
| Order and transaction records | 7 years from the date of the order (to meet tax, accounting and legal obligations) |
| Customer account information | Until you delete your account, or 5 years of account inactivity, whichever is sooner |
| Marketing preferences and email list | Until you unsubscribe, plus a further 12 months on a suppression list (to honour your opt-out) |
| Customer support tickets and chat history | 3 years from the close of the ticket |
| Cookies and browsing data | Up to 13 months from collection, unless you delete sooner |
| Reviews and user-generated content | Indefinitely (subject to your right to request removal) |
| Fraud and security logs | Up to 7 years where required for our legitimate interests or legal obligations |
When personal information is no longer needed, we will delete or anonymise it in accordance with our internal retention schedule.
8. How we keep your personal information secure
We take reasonable steps to protect your personal information from loss, misuse, unauthorised access, disclosure, alteration and destruction. Because we're a small business, we rely heavily on established, security-vetted platforms (such as Shopify and our payment processors) to keep your data safe. The steps we take include:
- Encrypting data in transit using TLS/SSL
- Storing payment information only with PCI DSS-compliant payment processors (we do not store full payment card details ourselves)
- Restricting access to personal information to the founder, a small number of freelancers, and service providers who need it to do their jobs
- Maintaining contractual data protection commitments with our service providers (typically through their standard data processing terms)
- Keeping our systems and accounts current with multi-factor authentication where available
No system is completely secure. While we work hard to protect your personal information, we cannot guarantee absolute security. If you believe your account has been compromised or your information has been disclosed without authorisation, please contact us immediately at privacy@frankster.com.au.
9. Data breach notification
If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant data protection authority within the timeframes required by applicable law (for example, within 72 hours under EU/UK GDPR)
- Notify affected individuals where required by law, in clear and plain language, including the nature of the breach, the likely consequences, and the steps we are taking
- Comply with our obligations under the Australian Notifiable Data Breaches scheme and equivalent regimes in other jurisdictions where our customers live (including the New Zealand Privacy Act 2020 notification requirements and the Singapore PDPA data breach notification regime)
10. Your privacy rights
Depending on where you live, you may have some or all of the following rights in relation to your personal information. We will respond to your request within the timeframe required by applicable law (usually within 30 days, or 45 days where extensions apply).
- Right to be informed — to know how we collect and use your information
- Right of access — to obtain a copy of the personal information we hold about you
- Right to rectification — to correct inaccurate or incomplete information
- Right to erasure — to request that we delete your personal information (subject to legal and operational exceptions)
- Right to restrict processing — to ask us to limit how we use your information
- Right to data portability — to receive your personal information in a portable format and ask us to transfer it to another provider
- Right to object — to object to certain processing, including direct marketing and processing based on legitimate interests
- Right to withdraw consent — where we rely on consent, you can withdraw it at any time
- Right to opt out of sale or sharing — see Section 13 for US state-specific rights
- Right to non-discrimination — we will not discriminate against you for exercising your rights
- Right to appeal — if we refuse your request, you may appeal our decision by contacting us, and you may also lodge a complaint with a supervisory authority
To exercise any of these rights, please email privacy@frankster.com.au with your request. We may need to verify your identity before processing your request.
You can also unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any email we send. Please note that even if you opt out of marketing, we may still send you transactional or account-related communications (such as order confirmations and shipping updates).
11. Region-specific rights
11.1 Australia
If you live in Australia, your personal information is protected by the Privacy Act 1988 (Cth) and the Australian Privacy Principles. You may request access to or correction of your personal information at any time. If you believe we have not complied with our obligations, you can complain to us first; if you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
11.2 European Union / European Economic Area
If you live in the EU or EEA, you have the rights set out in Section 10 under the EU GDPR. You also have the right to lodge a complaint with the data protection authority in your country of residence. A list of EU data protection authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
Frankster is a small Australian business and does not have an EU representative under Article 27 of the EU GDPR. For any request relating to your personal information, please contact us directly at privacy@frankster.com.au.
11.3 United Kingdom
If you live in the UK, you have the rights set out in Section 10 under the UK GDPR and the Data Protection Act 2018. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
Frankster is a small Australian business and does not have a UK representative under Article 27 of the UK GDPR. For any request relating to your personal information, please contact us directly at privacy@frankster.com.au.
11.4 United States — California
If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you the following rights:
- Right to know what personal information we have collected, used, disclosed and shared about you over the past 12 months
- Right to delete personal information we have collected from you, subject to certain exceptions
- Right to correct inaccurate personal information
- Right to opt out of sale or sharing of your personal information
- Right to limit use of sensitive personal information (we do not use sensitive personal information for inferring characteristics about you)
- Right to non-discrimination for exercising your rights
In the 12 months preceding the most recent update of this Policy, we have collected the categories of personal information listed in Section 1 and disclosed them as described in Section 4. We share (but do not "sell" for money) personal information for cross-context behavioural advertising purposes — specifically, we share identifiers, internet activity data, and commercial information with advertising partners (primarily Meta and Google) for ad targeting and measurement.
To opt out of this sharing, you can:
- Reject advertising cookies via our cookie banner
- Submit an opt-out request by emailing privacy@frankster.com.au with the subject line "Do Not Sell or Share My Personal Information"
- Use a Global Privacy Control (GPC) signal — we will honour it as an opt-out request
You may also designate an authorised agent to submit requests on your behalf. We may require the agent to provide proof of authorisation and may require you to verify your identity directly with us.
11.5 United States — Other states
If you live in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, Indiana, Tennessee, Minnesota, Maryland, Kentucky, New Hampshire, Rhode Island, Nebraska, New Jersey, Florida, or another US state with a comprehensive consumer privacy law, you have rights similar to those described for California residents (with some variation by state). These typically include the right to access, delete, correct, port your data, and opt out of targeted advertising and sales of personal information. To exercise these rights, please email privacy@frankster.com.au.
11.6 Canada
If you live in Canada, your personal information is protected by the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. You have the right to access and correct your personal information and to withdraw consent to the collection, use or disclosure of your personal information (subject to legal and contractual restrictions). Complaints can be made to the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.
11.7 Singapore
If you live in Singapore, your personal information is protected by the Personal Data Protection Act 2012 (PDPA). You have the right to access and correct your personal information, and to withdraw consent for our collection, use and disclosure of your personal information. Withdrawal of consent may limit our ability to provide certain services. For any privacy-related request, please contact us at privacy@frankster.com.au. Complaints can be made to the Personal Data Protection Commission Singapore at www.pdpc.gov.sg.
11.8 New Zealand
If you live in New Zealand, your personal information is protected by the Privacy Act 2020 and the 13 Information Privacy Principles. You have the right to access and correct your personal information. Complaints can be made to the Office of the Privacy Commissioner at www.privacy.org.nz.
12. Children's privacy
Our Site and products are intended for adults aged 18 and over. We do not knowingly collect personal information from anyone under the age of 18. If we discover that we have collected personal information from a person under 18, we will delete it promptly.
If you are a parent or guardian and believe that a child has provided us with personal information, please contact us at privacy@frankster.com.au and we will take steps to remove it.
13. Direct marketing and your choices
We use your personal information to send you marketing communications about our products and offers where you have consented to receive them, or where we are otherwise permitted to do so under applicable law.
You can opt out of marketing emails at any time by:
- Clicking the "unsubscribe" link at the bottom of any marketing email
- Updating your preferences in your account
- Emailing privacy@frankster.com.au
Even if you opt out of marketing, we will continue to send you transactional and service-related messages (such as order confirmations, shipping updates, and account notifications).
14. Third-party websites and services
Our Site may link to or integrate with third-party websites and services (such as social media platforms, payment providers, and external content). We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing them with your personal information.
15. User-generated content
If you submit reviews, photos, comments or other content to our Site or our social media channels, that content may be visible to the public and may be used by us for marketing and promotional purposes. Please consider carefully what personal information you choose to share publicly.
16. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or applicable law. When we make material changes, we will notify you by:
- Posting the updated Privacy Policy on our Site and updating the "Last updated" date
- Emailing customers who have subscribed to our marketing or have an account with us, where the change is significant
- Providing any other notification required by applicable law
We encourage you to review this Privacy Policy periodically. Your continued use of the Site or our services after an update constitutes your acceptance of the revised Privacy Policy, to the extent permitted by law.
17. How to contact us
If you have any questions about this Privacy Policy, want to exercise your rights, or want to make a complaint about how we have handled your personal information, please contact us at:
Email: privacy@frankster.com.au Postal address: Frankster Pty Ltd, 480 St Kilda Road, Melbourne VIC 3004, Australia ABN: 78 667 498 544
Because we're a small team, requests are handled directly by the founder. We aim to respond as soon as we reasonably can, and in any event within the timeframe required by applicable law (typically 30 days, or up to 45 days where extensions apply). If you are not satisfied with our response, you may lodge a complaint with the relevant data protection authority listed in Section 11.
This Privacy Policy reflects our commitment to handling your personal information transparently and responsibly. Thanks for trusting us with your data — we'll look after it as carefully as we look after your shorts.