VGR Australia collects the minimum data needed to process and ship your order. This policy explains what we collect, how we use it, and how we protect it. We operate in compliance with Australia's Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
We collect only what is needed to fulfill orders and deliver them. We do not collect, request, or store medical records, health conditions, or diagnostic information.
Data we collect:
Providing this information is voluntary. Without accurate shipping details, we cannot process or dispatch your order.
VGR Australia does not handle, view, or store your credit card or banking information.
At checkout, you are redirected to an independent payment gateway. These third-party processors are PCI-DSS compliant and use 256-bit SSL encryption. All financial transactions happen outside our servers — your banking details never touch our platform's database.
After-sales support runs on a separate infrastructure from our retail store. For order tracking, refunds, or support queries, you are directed to our dedicated external support portal. Separating retail and customer service systems keeps your logistics data and correspondence isolated.
Your data is used to:
We do not sell, rent, or share your personal information with third parties for marketing. Data is disclosed to law enforcement only when required by a formal court order or statutory obligation.
Data access is restricted to staff who need it to fulfill orders — primarily address data for shipping labels. All staff and dispensing partners are bound by non-disclosure agreements.
We use only session cookies required for basic site functions, such as keeping items in your cart. These cookies are stored on your device and expire after your session. We do not use third-party tracking pixels or persistent marketing cookies.
You can view and update your contact and shipping details at any time through your account. Keep your address current before placing a new order to avoid delivery issues across Australia.
Under Australia's Privacy Act 1988 and the Australian Privacy Principles, you have the right to request deletion of your personal data.
We do not hold medical data. Anti-fraud and financial regulations require us to retain basic transaction records for a set period. On receiving a deletion request, we will anonymise your profile by removing all Personally Identifiable Information (PII) — name, address, email, and phone number — severing any link between the transaction record and your identity.
We review our security measures and update this Privacy Policy when practices change. The current version is always available on this page.
