null

Last updated: January 2026

1. Identity of the Data Controller

This Privacy Policy explains how TUTU Home (“we”, “us”, “our”) collects, uses, discloses, stores and protects personal information.

For the purposes of applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (GDPR), TUTU Home is the data controller of personal information processed through this website.

We operate from Australia and comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Because we may offer goods internationally, additional privacy rights may apply depending on your location.

2. Scope of This Policy

This Privacy Policy applies to:

  • Visitors to our website

  • Customers

  • Account holders

  • Marketing subscribers

  • Individuals contacting customer support

3. Principles Governing Our Processing

We process personal information in accordance with the following principles:

  • Lawfulness, fairness and transparency

  • Purpose limitation

  • Data minimisation

  • Accuracy

  • Storage limitation

  • Integrity and confidentiality

We collect only personal information reasonably necessary for the purposes described in this policy.

Where we rely on legitimate interests (for UK/EEA users), we conduct balancing assessments to ensure your rights are not overridden.

4. Categories of Personal Information We Collect

We may collect and process the following categories of personal information:

4.1 Identity and Contact Information

  • Full name

  • Email address

  • Phone number

  • Billing address

  • Shipping address

4.2 Account Information

  • Account credentials (if created)

  • Order history

  • Customer service communications

4.3 Transaction Information

  • Products purchased

  • Transaction dates and amounts

  • Payment confirmation information

  • Refund and return records

We do not store full credit or debit card numbers. Payments are processed by independent third-party payment providers under their own privacy policies.

4.4 Technical and Usage Information

  • IP address

  • Device type

  • Browser type

  • Operating system

  • Website interaction data

  • Cookie identifiers

  • Referral sources

4.5 Marketing and Engagement Data

  • Email open and click data

  • Campaign interaction data

  • Consent preferences

5. Sources of Personal Information

We collect personal information:

  • Directly from you (orders, account registration, enquiries)

  • Automatically via cookies and analytics technologies

  • From payment providers (transaction confirmations)

  • From fraud prevention tools (risk indicators)

6. Purposes of Processing

We process personal information for the following purposes:

6.1 Contract Performance

  • Processing and fulfilling orders

  • Payment processing

  • Shipping and delivery

  • Returns and refunds

  • Customer support

6.2 Business Operations

  • Fraud detection and prevention

  • Risk management

  • Security monitoring

  • Accounting and taxation compliance

  • Platform improvement and optimisation

We may use automated systems to assist with fraud detection and transaction risk assessment. These systems do not produce legal or similarly significant effects without appropriate review.

6.3 Marketing and Advertising

  • Sending promotional communications (where permitted)

  • Measuring advertising performance

  • Analysing customer engagement

  • Personalised marketing (where consent is required and provided)

We do not carry out automated decision-making that produces legal or similarly significant effects.

7. Legal Bases for Processing (UK/EEA)

If you are located in the UK or EEA, we rely on:

  • Performance of a contract

  • Legitimate interests

  • Consent

  • Legal obligations

Where processing is based on consent, you may withdraw consent at any time.

8. Disclosure of Personal Information

We do not sell personal information for monetary consideration.

Under certain US state privacy laws, some advertising practices may be considered “sharing” for targeted advertising purposes.

We may disclose personal information to:

  • Payment providers (independent controllers)

  • Shipping and fulfilment partners

  • Platform and hosting providers

  • Marketing and email service providers

  • Analytics and advertising platforms (where consent is provided where required)

  • Fraud prevention and security service providers

We implement contractual safeguards where required.

9. International Data Transfers

Personal information may be transferred outside Australia.

Where required by law, we implement appropriate safeguards including:

  • Standard Contractual Clauses

  • Contractual data protection provisions

  • Transfers to jurisdictions recognised as providing adequate protection

10. Data Retention

We retain personal information only as long as necessary for the purposes described.

Typical retention periods include:

  • Customer service communications: as reasonably necessary

  • Marketing consent records: until withdrawn

  • Analytics data: per platform configuration

When no longer required, personal information is securely deleted or de-identified.

11. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Website functionality

  • Security

  • Analytics

  • Advertising measurement

Non-essential cookies are deployed only after consent where required by law.

We maintain records of consent where required.

You may adjust cookie preferences at any time via our cookie settings.

12. Corporate Transactions

In the event of a merger, acquisition, restructuring or sale of assets, personal information may be transferred under strict confidentiality obligations and in accordance with applicable data protection laws.

13. Security Measures

We implement appropriate technical and organisational safeguards including:

  • HTTPS/TLS encryption

  • Role-based access controls

  • Restricted internal access

  • Platform-level protections

  • Periodic security reviews

No system can be guaranteed completely secure, but we take reasonable measures appropriate to the nature of our business.

14. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access personal information

  • Correct inaccuracies

  • Request deletion

  • Restrict processing

  • Object to certain processing

  • Data portability (where applicable)

  • Withdraw consent

UK/EEA

You may lodge a complaint with your local data protection supervisory authority.

Australia

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).

US State Residents

You may have rights to opt out of targeted advertising or the sharing of personal information.

15. Complaint Handling

We aim to respond to privacy enquiries within a reasonable timeframe and in accordance with applicable law.

16. Changes to This Policy

We may update this Privacy Policy from time to time. The most current version will always be published on our website.

17. Contact Information

If you have any questions or concerns about any aspect of this Privacy Policy or our privacy practices, or if you would like to exercise the choices discussed above, please contact us at the address set forth below or email us at privacy [at] tutuhome [dot] shop

PO Box 1530
Macquarie Centre NSW 2113
Australia