Privacy policy

Corporate Profile

bariget.com operates as a licensed digital retailer specializing in premium vaping hardware and TGA-compliant e-liquids. We maintain strict adherence to the Australian Privacy Principles (APPs) under the Privacy Act 1988, with this policy outlining our information governance framework.

This notice formally defines our data stewardship practices, including:

  • Collection scope and legal basis
  • Processing purposes and retention protocols
  • Third-party disclosure parameters
  • Your statutory privacy rights

Note: All services require users to be 18+ years with valid age verification.

1. Essential Information Collection

During order processing, we collect mandatory fields:

  • Legal name (as per government ID)
  • Verified delivery address
  • Active contact email & mobile
  • Date of birth (age verification)

Financial data processing: Payment gateways handle transaction details through PCI DSS-compliant systems with end-to-end encryption. We never store card numbers or CVV codes.

2. Data Processing Framework

Your information enables:

  • Order fulfillment under Australian Consumer Law
  • Regulatory age verification checks
  • Fraud pattern detection via machine learning
  • Service optimization through anonymized analytics

Third-party disclosures strictly limited to:

  • Authorized logistics providers (delivery coordination)
  • Legal compliance requests (court orders/subpoenas)
  • Certified age verification services

3. Your Privacy Rights (APPs Compliance)

  • Access & Portability: Request full data audit reports in machine-readable format
  • Rectification: Update inaccurate records within 72 hours
  • Erasure: Initiate GDPR-style right-to-be-forgotten requests (subject to legal retention requirements)
  • Processing Restrictions: Opt-out of non-essential data uses

4. Enterprise-Grade Protection

Our security architecture includes:

  • AES-256 encryption at rest & in transit
  • Biometric access controls
  • Real-time intrusion detection
  • Quarterly penetration testing

5. Data Retention Schedule

Retention periods aligned with legal obligations:

  • 7 years: Financial transaction records (ATO requirements)
  • 5 years: Age verification documentation
  • Active account duration: Profile data (until deletion request)

6. Data Acquisition Channels

  • E-commerce interactions (orders/returns)
  • Customer support engagements
  • Marketing opt-in subscriptions
  • Verified third-party platforms (e.g., product reviews)

7. Commercial Communications

Marketing outreach adheres to:

  • Spam Act 2003 compliance
  • Double opt-in confirmation
  • Unsubscribe mechanisms in all communications
  • Zero third-party data sharing for promotion

8. Grievance Resolution

Data concerns escalation path:

  1. Primary contact: [email protected] (24h response)
  2. Formal complaint: OAIC.gov.au (if unresolved)

Payment Infrastructure

Certified PCI Level 1 compliance through:

  • Tokenized transactions via Stripe
  • 3D Secure 2.0 authentication
  • Dynamic CVV verification

TLS Encryption Standards

All data exchanges protected by:
• TLS 1.2+ protocols
• 2048-bit key exchange
• Perfect Forward Secrecy

External Site Disclaimer

Third-party links provided for convenience only. We:
• Do not endorse external content
• Assume no liability for third-party practices
• Recommend reviewing destination site policies

Cookie Management

Essential cookies enable:

  • Session persistence
  • Cart functionality
  • CSRF protection

Optional analytics cookies require explicit consent via our preference center.