Privacy Policy

Effective date: 13 December 2025
Version: 1.1

Website: https://cardlotz.com
Contact: https://cardlotz.com/contact-us
ABN: 32 894 804 453
Jurisdiction: Queensland, Australia

1. Introduction — scope and purpose

Aussie Card Traders (“we”, “us”, “our”, “Aussie Card Traders”) operates an online card trading marketplace where users can buy, sell, list and trade collectible cards (“Services”). This Privacy Policy explains how we collect, use, disclose, store and protect personal information and individuals’ privacy rights. It applies to personal information we collect through our website, mobile applications, email, telephone and other services we operate, and covers visitors, registered users, sellers, buyers, and other individuals who interact with our Services in Queensland and elsewhere.

This policy is written for users in Australia and describes practices to comply with applicable Australian privacy laws (including the Privacy Act 1988 (Cth) and the Australian Privacy Principles) and other relevant laws to the extent they apply to our operations. This policy also explains how to make enquiries, access or correct personal information, or lodge a privacy complaint.

Note: This policy is a general statement of practices and does not constitute legal advice. If you require legal certainty for a particular situation, consult a qualified legal professional.

2. Personal information we collect

We collect personal information necessary to provide and improve our Services, complete transactions and comply with legal obligations. Types of personal information we may collect include:

Account and identity information

  • Full name, username, date of birth (when required), gender (optional), profile photo, and other profile details you choose to provide.
  • Identity verification documents where required (e.g., to comply with anti-fraud or payment verification processes).

Contact information

  • Email address, postal address, billing and shipping addresses, telephone numbers.

Account and transaction information

  • Payment details and transaction history (note: payment card numbers are not stored by us—see Section 6 Payment processing).
  • Listings, purchase and sale records, order numbers, invoices, shipping tracking numbers.

Communications and support

  • Correspondence with us (support tickets, emails, chats), feedback, dispute and complaint records.

Device, technical and usage information

  • IP address, browser and device type, operating system, mobile device identifiers, cookie identifiers, referrer URLs, pages viewed, search queries, geolocation data where permitted/required for shipping or legal compliance.

Content you provide

  • Images, descriptions and other content you upload to create listings, messages to other users, public reviews, forum posts and other user-generated content (UGC).

Marketing and preference information

  • Marketing preferences, opt-in/opt-out choices, and information collected from surveys and promotions.

Sensitive information

  • We will only collect sensitive information (e.g., government identifiers, health information) where you consent and where it is reasonably necessary for the Services or required by law. We will not collect sensitive information unnecessarily.

3. How we collect personal information

We collect personal information directly from you (for example, when you register, create a listing, purchase or sell, contact support or subscribe to communications). We also collect information:

  • Automatically via cookies, web beacons, and similar technologies when you use our website or apps.
  • From third parties such as payment processors, shipping and logistics providers, fraud-detection services, identity verification providers, analytics providers, social media platforms (when you link accounts), and publicly available sources.
  • From other users where relevant (for example, the buyer’s shipping address provided to a seller as required to fulfill an order).

4. Purposes for which we use personal information

We use personal information for the following primary purposes:

  • To provide, operate, maintain and improve the Services and the website.
  • To create and manage user accounts and profiles.
  • To list, buy, sell, ship and facilitate transactions between buyers and sellers.
  • To verify identity, prevent fraud, enforce our Terms of Service, and comply with legal obligations.
  • To process payments, refunds and disputes (through third-party payment processors).
  • To provide customer service and respond to inquiries, disputes and complaints.
  • To send transactional communications (order confirmations, invoices, shipping notices).
  • To send marketing and promotional communications where you have consented, and to manage your marketing preferences.
  • To personalise content and recommendations, display relevant listings and ads, and improve user experience.
  • To conduct analytics, research and statistical analysis to understand and improve our Services.
  • To enforce our rights, protect the safety of users and ensure security (including preventing abusive or illegal behaviour).
  • For other purposes reasonably related to the operation of a marketplace.

We will not use personal information for purposes materially different to those outlined above without providing notice and, where required, obtaining consent.

5. Legal bases and consent

Under applicable Australian privacy law, we rely on various legal bases to collect, use and disclose personal information, including:

  • Your consent (where required).
  • Performance of a contract (e.g., to fulfil a purchase or sale).
  • Compliance with legal obligations.
  • Our legitimate interests in operating the marketplace, preventing fraud and protecting users and property (balanced against your privacy interests).

Where we ask for consent, you may withdraw consent at any time by contacting us (see Contact section) or by using opt-out mechanisms we provide. Withdrawal of consent may limit the Services we can provide.

6. Payment processing and financial information

We use reputable third-party payment processors (for example, card processors, digital wallets) to handle financial transactions. We do not store full payment card numbers on our servers; payment information is handled directly by our payment partners in accordance with their policies and applicable standards (e.g., PCI-DSS). By making a purchase, you agree to share required payment information with those third parties.

7. Disclosure of personal information — third parties and cross-border transfers

We may disclose personal information to:

  • Other users (e.g., buyer’s shipping address to sellers when necessary to fulfil an order, public seller profile information).
  • Service providers and contractors who perform services on our behalf (payment processors, shipping and logistics providers, hosting providers, analytics providers, customer service platforms, email and messaging services, fraud detection and identity verification providers).
  • Our professional advisors (legal, accounting) and auditors.
  • Law enforcement, government, regulatory authorities or third parties when required by law, to respond to legal process, to protect rights, safety or property, or to prevent illegal activity.
  • Third parties in connection with a corporate transaction (e.g., merger, acquisition, sale of assets) subject to confidentiality protections.

Cross-border transfers: Some third-party service providers are located overseas. When we transfer personal information internationally, we take reasonable steps to ensure appropriate safeguards are in place (contracts, data processing agreements, privacy protections) consistent with applicable privacy laws.

8. Cookies, tracking and analytics

We and our service providers use cookies, pixels, local storage and similar tracking technologies to collect usage information and provide features. These technologies are used for:

  • Essential website functions and security.
  • Analytics to understand how the site is used and to improve it.
  • Personalisation and recommendations.
  • Advertising and marketing (including remarketing and interest-based advertising).

You can manage cookie preferences through our cookie settings available on the website and via your browser settings. Disabling certain cookies may affect the functionality of the Services.

9. Security measures

We implement organisational, technical and physical safeguards to protect personal information from unauthorised access, disclosure, alteration and destruction. These measures include (where applicable):

  • Encryption in transit (TLS) and encryption at rest for sensitive data.
  • Role-based access control and least-privilege principles for staff access.
  • Regular security assessments, patch management and monitoring.
  • Secure development practices and data minimisation.

While we strive to protect personal information, no system can be guaranteed to be 100% secure. If we become aware of a data breach that is likely to result in serious harm, we will comply with our legal obligations to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches scheme, and take steps to contain and remediate the breach.

10. Data retention

We retain personal information as long as necessary to provide services, fulfil transactions, comply with legal obligations, resolve disputes, enforce agreements, and for legitimate business purposes. Retention periods vary depending on the type of data and our operational, legal and regulatory obligations (for example, tax and transaction records). When personal information is no longer needed it will be securely deleted or de-identified.

11. Your rights and choices

Depending on your location and applicable law, you may have rights regarding your personal information, including:

  • Access and correction: You may request access to personal information we hold about you and request correction of inaccurate information.
  • Deletion: You may request deletion of certain personal information, subject to legal and contractual exceptions (e.g., we may need to retain transactional records).
  • Portability: Where applicable, you may request a copy of certain personal information in a portable, machine-readable format.
  • Restriction & objection: You may request restriction of processing or object to certain processing where permitted by law.
  • Opt-out of marketing: You can opt out of promotional emails and marketing communications by using the unsubscribe link or contacting us at https://cardlotz.com/contact-us.

To exercise these rights, contact us using the contact details in Section 18. We may ask you to verify your identity before fulfilling requests. We will respond to valid requests within the timeframes required by law.

12. Children’s privacy

Our Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under the age of 13 without parental consent. If we learn that we have collected personal information from a child under the applicable minimum age without proper consent, we will take steps to delete the information. If you believe we might have information from or about a child, please contact us.

13. User content and public information

Listings, reviews, ratings, forum posts and other user-generated content that you post publicly may be visible to other users and the public. You should not include personal information in public content unless you intend it to be public. We are not responsible for personal information that users post publicly.

14. Third-party services and links

Our Services may contain links to third-party websites, apps and services. We are not responsible for the privacy practices of those third parties. Please review the privacy policies of those third parties before providing personal information.

15. International visitors and cross-border data transfers

If you access our Services from outside Australia, your information may be transferred to, stored and processed in Australia or other countries where our service providers operate. By using our Services, you consent to such transfers. We will protect such transfers consistent with this Policy and applicable law, including by contractual safeguards when required.

16. Marketing communications and direct marketing

We may use personal information to send marketing communications about products, promotions and news. Where required by law, we will obtain your consent before sending marketing messages. You can opt out of marketing at any time via the unsubscribe option or by contacting us. We may still send you transactional or service messages relating to your account or transactions.

17. Complaints and dispute resolution

If you have a privacy concern or complaint, please contact us at https://cardlotz.com/contact-us with details. We will acknowledge receipt and attempt to resolve your complaint promptly and fairly.

If you remain dissatisfied after we respond, you may contact the Office of the Australian Information Commissioner (OAIC) or the relevant state regulator for guidance. For Queensland public sector matters, the Office of the Information Commissioner—Queensland provides oversight for information privacy in the Queensland public sector; however, private sector matters are generally overseen by the OAIC.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or Services. We will post the updated policy on our site with the “Effective date” at the top. Material changes will be communicated by notice on our website, in-app notice, or via email where appropriate.

19. Governing law, jurisdiction and enforcement

This Policy and any dispute arising from it are governed by the laws of the State of Queensland and the Commonwealth of Australia to the extent applicable. To the extent permitted by law, you and Aussie Card Traders submit to the non-exclusive jurisdiction of the courts of Queensland.

20. Contact us

For privacy enquiries, access/correction requests, complaints, or to make a request under this policy:

Privacy Officer
Aussie Card Traders
Contact: https://cardlotz.com/contact-us

21. Additional provisions (marketplace-specific practices)

Seller and buyer obligations: When you use the marketplace, certain information (e.g., seller public profile, listing details, trade history, seller ratings) will be available to other platform users to enable trading. Sellers must not post another person’s personal information in listings without consent.

Dispute resolution and evidence: If you are involved in a dispute, we may use or disclose transaction records, messages and other information to investigate and resolve the issue, and may provide such information to third-party mediators or courts if lawfully required.

Fraud monitoring and compliance: We use fraud detection and risk assessment tools. This may include sharing limited information with fraud prevention partners and law enforcement when necessary to prevent and investigate unlawful activity.

Shipping & logistics: We share required shipping details (e.g., recipient address) with couriers and logistics providers to fulfil orders. Certain shipping labels or customs declarations may contain personal information that becomes visible to carriers and customs authorities.

Safe & Secure Payment
Verified Sellers
Active Fraud Monitoring