Free Express Shipping Australia-Wide | International Shipping Available

PRIVACY POLICY

Privacy Policy – MyTPMS Automate Sensors
Privacy Policy — Transparent & Compliant

MyTPMS Automate Sensors Privacy Policy

This Privacy Policy explains how MyTPMS Australia collects, uses, stores, discloses, and protects your personal information — fully compliant with the Privacy Act 1988 (Cth), the Privacy and Other Legislation Amendment Act 2024, all 13 Australian Privacy Principles, and applicable international privacy law for customers worldwide.

Springvale VIC 3171, Australia Ships Worldwide ABN 53 807 701 500 APP Compliant GDPR Aware Google Shopping Compliant
Last Updated: 09 June 2026 Effective Date: 09 June 2026 Governing Law: Privacy Act 1988 (Cth) | APPs 1–13 | POLA Act 2024
Data Controller / Privacy Officer
MyTPMS Australia (ABN: 53 807 701 500)
Trading As
MyTPMS Automate Sensors
Registered Address
Unit 5-6, 44-50 Westall Road, Springvale VIC 3171, Australia
Privacy Enquiries & Complaints
Business Hours
Mon–Fri 09:00–17:00 AEST (GMT+10)
External Regulator
OAIC — oaic.gov.au
Australian Business Number (ABN)
53 807 701 500
Registered & Verified
Section 01
About This Privacy Policy

This Privacy Policy is published by MyTPMS Australia (ABN: 53 807 701 500), trading as MyTPMS Automate Sensors, with our registered premises at Unit 5-6, 44-50 Westall Road, Springvale VIC 3171, Australia. We operate the website mytpms.com.au, built on WordPress and powered by WooCommerce, through which we supply Tyre Pressure Monitoring System (TPMS) sensors, diagnostic tools, programming tools, DIY TPMS kits, and related automotive accessories to customers in Australia and worldwide.

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you visit our website, place an order, create a customer account, request a compatibility check, contact our support team, submit a warranty or returns claim, or otherwise interact with our business in any way.

This Privacy Policy is drafted in full compliance with the Privacy Act 1988 (Cth), the Privacy and Other Legislation Amendment Act 2024 (Cth) (POLA Act, in force 10 December 2024), all 13 Australian Privacy Principles (APPs), the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth), the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act, and the statutory tort of serious invasion of privacy (in force 10 June 2025). For international customers, this policy also addresses obligations under the GDPR (EU) 2016/679, the UK GDPR, the New Zealand Privacy Act 2020, the CASL (Canada), and other applicable privacy frameworks.

By using our website, placing an order, or providing us with your personal information in any way, you acknowledge that you have read, understood, and agreed to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, you should not use our website or provide us with your personal information.

This Privacy Policy must be read together with our Terms of Service, Cookie Policy, and all other published policy documents. If you have any questions about this Privacy Policy, please contact us at sales@mytpms.com.au or call +61 1300 818 030 during business hours (Monday–Friday, 09:00–17:00 AEST).

Section 02
What Personal Information We Collect

We collect only the personal information that is reasonably necessary for our legitimate business functions, or that you voluntarily provide to us. The type and extent of information collected depends on how you interact with our business. We do not collect sensitive information (as defined in the Privacy Act 1988) unless strictly necessary and with your explicit consent.

Customer & Order Information
  • Identity Data: Full legal name, company name (for wholesale/trade accounts), title or salutation where provided.
  • Contact Data: Email address, phone number (mobile and landline), preferred contact method.
  • Delivery & Billing Address Data: Street address, suburb, state, postcode, and country for both delivery and billing purposes.
  • Account Credentials: Username, password (stored in hashed, non-recoverable form), account preferences, order history, and saved addresses, if you create a registered customer account.
  • Transaction & Order Data: Order numbers, items purchased, order values, payment method type (not full card details), transaction reference numbers, invoices, and order status information.
  • Communication Records: Records of all communications between you and our team, including emails, phone call notes, live chat transcripts, WhatsApp messages, website contact form submissions, social media messages, and any other correspondence.
  • Returns, Refunds & Warranty Data: Information provided in connection with return requests, refund claims, warranty claims, and product defect reports, including photographs and descriptions of issues.
Vehicle & TPMS Technical Information

Because we specialise in TPMS sensors and automotive diagnostic tools, we may collect vehicle-specific technical information that you voluntarily provide to help us confirm product compatibility, provide technical support, or assist with TPMS programming:

  • Vehicle Details: Vehicle make, model, model year, series, variant, trim level, and build date, used to confirm correct TPMS sensor and tool compatibility.
  • VIN (Vehicle Identification Number): Your 17-character VIN may be requested voluntarily to confirm exact vehicle specifications for compatibility assessment. VIN data is used only for the technical purpose for which it was provided and is not linked to your broader personal profile for marketing or other purposes.
  • OE Part Numbers & Sensor IDs: Factory OEM part numbers, sensor frequency and protocol data, and existing sensor IDs that you provide to facilitate sensor cloning, programming, or replacement matching.
  • TPMS System Data: Information about your vehicle's TPMS warning light status, sensor battery condition, and any diagnostic tool readouts you share when seeking technical support.
  • Photographs: Photos of your vehicle, existing sensors, tyre valve stems, or tool displays that you submit to help us identify the correct product or diagnose a technical issue.
Technical & Website Usage Information
  • Device & Browser Data: IP address, device type, operating system, browser type and version, screen resolution, and device identifiers collected automatically when you visit our website.
  • Browsing & Interaction Data: Pages viewed, products browsed, search queries entered on our site, time spent on pages, links clicked, and navigation pathways through our website.
  • Commerce & Conversion Data: Shopping cart contents, checkout steps completed, purchase completion events, and abandonment data, collected to improve our checkout process and order fulfilment accuracy.
  • Location Data: Approximate geographic location derived from your IP address (country, state, and city level). We do not collect precise GPS location data from your device.
  • Referral & Attribution Data: The source through which you arrived at our website (search engine, social media platform, paid advertisement, direct URL), used for advertising attribution and website performance analysis.
  • Cookie & Analytics Data: Data collected via cookies, pixels, and analytics tools. See Section 08 (Cookies & Tracking Technologies) for full details.
Wholesale & Trade Account Information

For customers registering a wholesale or trade account, we additionally collect: business name, ABN (or equivalent international business registration number), business type and description, intended product use, and details of your business operations and key contact persons. This information is used solely to verify wholesale eligibility, set up your trade account, and manage the wholesale business relationship.

What We Do Not Collect: We do not collect full credit card numbers, CVV codes, or any full payment credentials at any point. All payment processing is handled exclusively by our PCI DSS-certified payment gateway partner, and payment data is encrypted directly on the payment gateway's systems. We do not collect sensitive information such as health, racial or ethnic origin, religious beliefs, sexual orientation, or criminal history, unless you voluntarily disclose such information in the course of a communication with us, in which case it is treated with the highest level of care and used only for the specific purpose disclosed.

Section 03
How We Collect Your Personal Information

We collect personal information through the following methods. In all cases, we collect only information that is reasonably necessary for our business functions in accordance with APP 3 (Collection of Solicited Personal Information).

Directly from You
  • Website Checkout & Account Registration: When you complete a purchase on mytpms.com.au (either as a registered customer or as a guest), or when you create a registered customer account, you voluntarily provide your name, contact details, delivery and billing address, and payment information.
  • Contact Forms & Enquiries: When you submit a contact form on our website, send us an email, call our phone line, use our live chat service, message us via WhatsApp, or contact us through social media (YouTube, Instagram, or Facebook), you provide us with the information you include in that communication.
  • Compatibility & Technical Support Requests: When you contact us for help confirming which TPMS sensor or tool is compatible with your vehicle, or for assistance with a TPMS relearn or programming procedure, you provide us with vehicle details, sensor information, and other relevant technical data.
  • Returns, Warranty & Complaints: When you submit a return request, warranty claim, product defect report, or formal complaint, you provide us with order details, product information, and a description of the issue.
  • Wholesale Registration: When you submit a wholesale or trade account registration via mytpms.com.au/wholesale-registration-form, you voluntarily provide your business name, ABN, business contact details, and business description.
  • Marketing Sign-Up: When you opt in to our email marketing list (at checkout or via a website sign-up form), you provide your email address and consent to marketing communications.
Automatically via Our Website
  • When you visit mytpms.com.au, certain technical information about your device, browser, and browsing activity is collected automatically by our web server, analytics platforms (Google Analytics), and advertising tools. This includes your IP address, device type, browser, pages visited, and time spent on the site. See Section 08 (Cookies & Tracking) and Section 09 (Google Advertising & Analytics) for full details.
From Third-Party Sources
  • Payment Processors: Our payment gateway (processing Visa, Mastercard, AMEX, PayPal, Afterpay, Zip, Apple Pay, and Google Pay transactions) may provide us with a transaction reference number and payment status confirmation. We do not receive your full card details from the payment gateway.
  • Delivery Partners: Our courier and freight partners (including Australia Post, DHL, FedEx, and others) may provide us with updated delivery status, delivery confirmation, and recipient signature information in connection with your order.
  • Advertising Platforms: Google Ads and Google Merchant Center may provide us with aggregated, anonymised campaign performance data (such as ad clicks and conversion events). We do not receive identifiable personal information about individual users from advertising platforms.
  • Social Media Platforms: If you contact us via Facebook, Instagram, or YouTube, we receive the information you include in your message and your social media profile name. We do not access any other data from your social media account.

In accordance with APP 3.3, we will always notify you at or before the time we collect your personal information (or as soon as practicable thereafter) about: who we are; what information we are collecting; the purposes for which it is being collected; how you can access it; to whom it may be disclosed; and whether any overseas disclosure is likely. This notification is provided through this Privacy Policy, which is accessible on all pages of our website.

Section 04
Why We Use Your Personal Information — Purposes of Collection & Use

We use personal information only for the primary purpose for which it was collected, or for secondary purposes that you would reasonably expect, or where required or authorised by law (APP 6). We do not use personal information in ways that are inconsistent with the purposes for which it was collected.

PurposeInformation UsedLegal Basis (APP / POLA)
Processing and fulfilling your order — including picking, packing, dispatching, and arranging delivery of your TPMS sensors, tools, or DIY kitsName, delivery address, contact details, order detailsAPP 3, APP 6 — primary purpose
Verifying TPMS sensor and tool compatibility with your vehicle before dispatch, and providing pre-programming services where applicableVehicle make, model, year, VIN, sensor detailsAPP 6 — reasonably expected secondary purpose
Issuing Tax Invoices in compliance with the A New Tax System (Goods and Services Tax) Act 1999 (Cth) and ATO record-keeping requirementsName, billing address, ABN (wholesale), order value, GST amountAPP 6 — legal obligation
Sending order confirmation, payment confirmation, dispatch notification with tracking details, and delivery updatesEmail address, phone number, order details, carrier tracking referenceAPP 6 — primary purpose; Spam Act — transactional exemption
Providing post-sale customer support, technical TPMS assistance, compatibility advice, TPMS relearn guidance, and programming supportOrder details, vehicle details, sensor data, communication historyAPP 6 — reasonably expected secondary purpose
Processing returns, refunds, exchanges, and warranty claims under our Lifetime Warranty and under the Australian Consumer Law (ACL)Order details, product information, communications, photographsAPP 6 — primary purpose for returns/warranty context
Managing registered customer accounts and providing account functionality (order history, saved addresses, account security)Account credentials, contact details, order historyAPP 6 — primary purpose for account holders
Detecting, investigating, and preventing fraudulent transactions, chargebacks, and suspicious account activityIP address, payment reference, order data, device dataAPP 6 — legitimate interest; legal obligation
Maintaining, improving, and optimising our website, product catalogue, and checkout experience using anonymised analytics dataAnonymised/aggregated browsing data, device dataAPP 6 — legitimate interest; anonymised, not personal information
Sending marketing and promotional emails (new products, discount codes, TPMS technical content) — only where you have provided express, opt-in consentEmail address, name, purchase history (for relevance)APP 7 (Direct Marketing); Spam Act 2003 — express consent required
Complying with legal obligations including ATO tax reporting, law enforcement requests, and court ordersAs required by the specific legal obligationAPP 6 — required or authorised by law
Processing and resolving formal privacy complaints submitted by customers or referred from the OAICContact details, complaint details, relevant order and communication recordsAPP 1, APP 13 — regulatory obligation

APP 6 — Use and Disclosure: We will not use or disclose your personal information for any purpose other than the primary purpose of collection or a directly related secondary purpose you would reasonably expect, without your consent, unless required or authorised by Australian law. We will never sell your personal information to third parties for their own commercial use.

Section 05
Checkout, Vehicle Details & Payment Privacy

This section provides specific transparency about how we handle the most privacy-sensitive categories of information collected through our checkout and customer support processes.

Data CategoryHow It Is UsedWhere It Is StoredHow Long Retained
Customer Name & EmailOrder processing, Tax Invoice, dispatch notifications, support communications, warranty claimsWooCommerce / WordPress database (secure, Australian hosting)7 years (ATO tax records requirement)
Delivery & Billing AddressFreight label generation, dispatch, Tax Invoice, returns processingWooCommerce order records7 years (ATO tax records requirement)
Phone NumberDelivery carrier use (required for Express courier), order follow-up, urgent supportWooCommerce order records7 years with order record
Payment Method & Transaction ReferencePayment confirmation, fraud detection, refund processing, chargeback defencePayment gateway records only — we do not store card data on our systems7 years (payment gateway's own retention)
Vehicle Make, Model, YearCompatibility confirmation, pre-programming, TPMS technical support, warranty assessmentAttached to the relevant order record in WooCommerceWith order record (7 years); deleted on request if not needed for legal obligation
VIN NumberPrecise compatibility confirmation only — never used for marketing or profilingAttached to the specific support or order recordUntil the purpose for which it was collected is fulfilled; deleted on request
Sensor IDs & Programming DataCloning support, sensor replacement matching, DIY kit programming assistanceAttached to support recordUntil support purpose is resolved; deleted on request
IP AddressFraud prevention, website security, approximate geolocation (for regional shipping rate display)Web server logs, Google Analytics (anonymised)90 days (server logs); anonymised in Analytics
Payment Security & PCI DSS Compliance

All payment transactions on mytpms.com.au are processed by our PCI DSS-certified payment gateway partner. At no point during the checkout process do we receive, store, or process your full credit card number, debit card number, or card security code (CVV/CVC). The payment form on our website is a secure embedded element from our payment gateway provider, which handles all card data within its own PCI-compliant environment. Our website communicates with the payment gateway using industry-standard TLS 1.2/1.3 encryption. You can confirm the security of each page by looking for the padlock icon and “https://” prefix in your browser's address bar.

Google Shopping Compliance Notice: In compliance with Google Merchant Center's checkout and payment transparency requirements, we confirm that: (1) our checkout process uses HTTPS/TLS encryption throughout; (2) accepted payment methods (Visa, Mastercard, AMEX, PayPal, Afterpay, Zip, Apple Pay, Google Pay) are disclosed at checkout; (3) no hidden fees or surcharges are applied; (4) our Privacy Policy is linked from every page of our website; and (5) order total including GST and shipping is displayed and confirmed before payment is processed.

Section 06
Disclosure of Personal Information to Third Parties

We do not sell, rent, trade, or otherwise provide your personal information to third parties for their own commercial purposes. We share personal information only with the service providers and partners necessary to operate our business and fulfil your order, as described below. All disclosures are made in accordance with APP 6 (Use or Disclosure of Personal Information).

Third-Party RecipientNature of DisclosurePurpose
Payment Gateway Providers (e.g. Stripe, PayPal, Afterpay, Zip)Transaction processing data — payment amount, currency, billing addressSecure payment processing, fraud detection, refund processing. PCI DSS-certified. Each provider governs your payment data under their own privacy policy.
Freight & Courier Partners (e.g. Australia Post, DHL Express, FedEx, StarTrack)Recipient name, delivery address, phone number, order referenceGenerating shipping labels, dispatching parcels, providing delivery tracking, completing delivery confirmation.
Email Marketing Platform (e.g. Mailchimp or equivalent)Email address, first name, subscription preferences — only for opted-in subscribersSending promotional emails, newsletters, and product updates to customers who have provided express consent. No purchase data is shared with this platform.
Website Hosting Provider (WordPress/WooCommerce hosting)All data stored in our website database is hosted on this provider's infrastructureSecure, reliable website and order management. Our hosting provider is bound by data processing obligations and does not access or use your data for any independent purpose.
Google Analytics & Google AdsAnonymised/pseudonymised browsing data, conversion events, approximate locationWebsite performance analysis, advertising attribution, and remarketing. No personally identifiable information is shared in identifiable form. See Section 09 for full details.
Live Chat & WhatsAppMessage content and contact details you provide during a chat sessionProviding real-time customer support. Chat transcripts are retained for customer service quality and follow-up purposes.
Accounting & Tax SoftwareBilling name, address, ABN (wholesale), order total, GST componentATO-compliant financial record-keeping and GST reporting. Required under the A New Tax System (Goods and Services Tax) Act 1999 (Cth).
Government & Regulatory AuthoritiesDisclosed only as required by law or a valid court or regulatory orderCompliance with legal obligations, including ATO requirements, OAIC investigations, law enforcement requests, and judicial orders. We will notify you of any such disclosure where legally permissible.

We never disclose your personal information to overseas marketing companies, data brokers, list-buying services, or social media platforms for targeted advertising without your explicit consent. When personal information is shared with our service providers, those providers are bound by contractual obligations to use the information only for the specific service they are providing to us, and not for any independent commercial purpose.

Section 07
Overseas Disclosure of Personal Information — APP 8

Some of our service providers and technology platforms are operated by companies based outside Australia. When we disclose personal information to an overseas recipient, we do so in accordance with APP 8 (Cross-border Disclosure of Personal Information). Before disclosing personal information to any overseas recipient, we take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to that information.

Service / PlatformCountry of OperationData InvolvedAPP 8 Safeguard
Google Analytics & Google Ads (Google LLC)United States (servers globally distributed)Anonymised browsing data, pseudonymised conversion eventsData Processing Amendment with Google; data anonymised before processing; Google Privacy Framework certified
PayPal (PayPal Holdings, Inc.)United States (PayPal Australia Pty Ltd is locally registered)Payment transaction data where PayPal is selected at checkoutPayPal Australia is locally regulated; transaction data governed by PayPal's Privacy Policy
DHL Express / FedExGlobal logistics networks (US-headquartered)Recipient name, address, phone for international deliveries onlyCarrier's own privacy policies; data used solely for delivery of your parcel
Email Marketing Platform (e.g. Mailchimp)United States (if applicable)Email address, first name — opted-in subscribers onlyData Processing Agreement; Standard Contractual Clauses; EU-US Data Privacy Framework certified
Meta / Facebook (if social media contact)United StatesMessage content and profile name from Facebook/Instagram messages onlyMeta's own Data Policy governs; we do not upload customer data to Meta platforms

Under APP 8.1, before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the overseas recipient will not breach the APPs. Under APP 8.2(a), an exception applies where you have given informed consent to the disclosure after we have told you that APP 8.1 will not apply. Under the POLA Act 2024, an international data transfer “whitelist” has been introduced to streamline compliant overseas disclosures — we will comply with updated APP 8 requirements as they take effect.

Section 08
Cookies, Tracking Technologies & Consent

Our website uses cookies, pixels, web beacons, and similar tracking technologies. Our complete Cookie Policy provides full details of every cookie deployed, its purpose, duration, and opt-out instructions. This section provides a summary.

Cookie CategoryPurpose & Data CollectedRequired?Duration
Strictly Necessary / EssentialShopping cart persistence, WooCommerce session management, checkout security tokens (CSRF protection), login authentication for registered accounts. Without these, core site functions will not operate.Yes — always activeSession to 30 days
Functional / PreferenceRemembering your language preference, currency preference, cookie consent choice, and recently viewed products to personalise your browsing experience.Optional — active by default; can be disabledUp to 1 year
Analytics (Google Analytics)Aggregate, anonymised data on pages visited, time on site, traffic source, device type, and user flows. IP addresses are anonymised before processing. Used to improve website content and navigation. No personally identifiable information is shared.Optional — requires consentUp to 2 years
Advertising & Remarketing (Google Ads, Meta Pixel if applicable)Conversion tracking (recording when a purchase is made after clicking an ad), remarketing audience building (to show relevant ads to past website visitors on other platforms). Your browsing activity on our site may be associated with a pseudonymous advertising ID.Optional — requires explicit consentUp to 90 days (remarketing window)
Third-Party Embeds (YouTube, Google Maps)When you interact with YouTube video embeds (how-to videos) or Google Maps (our location), those platforms may set their own cookies. MyTPMS Australia does not control these cookies.Optional — set on interaction onlyPer third party's own policy
Cookie Consent & How to Opt Out

When you first visit mytpms.com.au, you will be presented with a cookie consent banner that allows you to accept all cookies, or customise your preferences by category. You may update your cookie preferences at any time by accessing the cookie settings link in our website footer.

  • Browser Settings: You can configure your browser to block or delete cookies. Instructions for major browsers are available at your browser provider's help centre. Note that blocking essential cookies will impair your ability to complete checkout.
  • Google Analytics Opt-Out: You can opt out of Google Analytics tracking across all websites by installing the Google Analytics Opt-out Browser Add-on.
  • Google Advertising Opt-Out: You can manage your Google advertising preferences and opt out of personalised advertising at adssettings.google.com.
  • Industry Opt-Out Tools: You may opt out of interest-based advertising from multiple providers using the Your Online Choices platform (Australia) or the Network Advertising Initiative opt-out tool.
Section 09
Google Advertising, Analytics & Shopping — Privacy Compliance

MyTPMS Australia uses Google services to operate our online store, advertise our products, and analyse our website performance. This section specifically addresses privacy practices related to Google Shopping and Google Advertising to ensure full compliance with Google's merchant privacy requirements and applicable Australian privacy law.

Google Analytics 4 (GA4)

We use Google Analytics 4 to collect anonymised data about how visitors use our website. Google Analytics collects data via cookies and sends it to Google's servers. We have configured our GA4 implementation with IP anonymisation enabled, meaning no full IP addresses are transmitted to Google. The data collected by Google Analytics is used exclusively by us to understand aggregate website usage patterns and improve our website content, product listings, and checkout experience.

  • We have entered into Google's Data Processing Amendment, which governs how Google processes personal data on our behalf as a data processor.
  • We do not share identifiable customer data (names, email addresses, order details) with Google Analytics.
  • We use Google Consent Mode v2, which adjusts how Google tags behave based on the consent choices made by individual users on our cookie consent banner. When a user declines analytics cookies, no analytics data is collected for that user's session.
Google Shopping & Google Merchant Center

Our products are listed on Google Shopping via Google Merchant Center. When you click on one of our Google Shopping advertisements and visit our website, Google may set an advertising cookie on your device to measure the click and any subsequent purchase conversion. This data is reported back to us in aggregated, anonymised form only (e.g. “X purchases resulted from Y ad clicks”) and does not identify you personally.

  • Our Google Shopping product feeds contain only product information (title, price, description, availability, images, GTIN/MPN) and do not include any customer personal information.
  • We comply with Google's requirements for merchant privacy by maintaining this Privacy Policy, linking it from every page of our website, and disclosing all data collection practices related to Google services in this section.
  • We do not use customer email addresses collected from orders to upload customer match lists to Google Ads without obtaining separate explicit consent from the customer for that specific use.
Google Ads Remarketing

If you have consented to advertising cookies on our website, we may use Google Ads remarketing to show advertisements for our TPMS products to previous visitors of our website when those visitors browse other websites or use Google services. Remarketing audiences are built using pseudonymous cookie IDs and do not include your name, email address, or other directly identifiable personal information.

  • Remarketing is only activated for users who have accepted advertising cookies via our cookie consent banner.
  • You can opt out of Google remarketing at any time at adssettings.google.com or by declining advertising cookies.
  • For EU/EEA customers, remarketing is only activated where valid consent has been obtained in accordance with the GDPR and Google's EU User Consent Policy.

Google Privacy Framework: Google LLC is certified under the EU-US Data Privacy Framework and the UK Extension to the EU-US Data Privacy Framework. For further information about how Google collects and uses data in the context of Google services, please review Google's Privacy Policy and Google's Merchant Services Privacy information.

Section 10
Data Security — APP 11 & POLA Act 2024 Obligations

We take the security of your personal information seriously and implement a range of technical and organisational security measures in accordance with APP 11 (Security of Personal Information) as updated by the Privacy and Other Legislation Amendment Act 2024 (Cth), which now explicitly requires both technical and organisational measures as part of the “reasonable steps” obligation.

Technical Security Measures
  • TLS/SSL Encryption: All data transmitted between your browser and our website is encrypted using TLS 1.2/1.3. The padlock icon in your browser confirms an encrypted connection is active. All pages of mytpms.com.au, including product pages, account pages, and checkout, are served over HTTPS.
  • PCI DSS-Compliant Payment Processing: Payment card data is handled exclusively by our PCI DSS-certified payment gateway partner. We maintain SAQ-A compliance as a merchant who does not directly process, store, or transmit card data.
  • Password Security: Customer account passwords are stored as one-way cryptographic hashes (bcrypt). We cannot view or recover your password. Lost password recovery is via a secure reset link sent to your registered email address.
  • Database Security: Our WooCommerce/WordPress database is stored on a secured hosting environment with restricted access controls, regular security patching, and automated vulnerability scanning.
  • Regular Security Updates: We maintain current versions of WordPress, WooCommerce, and all installed plugins, applying security updates promptly to address known vulnerabilities.
  • Access Controls: Access to systems containing personal information is restricted to authorised personnel only, using role-based access controls and unique login credentials. Administrative access to our website backend requires multi-factor authentication.
Organisational Security Measures
  • Staff Training & Awareness: All staff members who handle personal information receive privacy awareness training and are bound by confidentiality obligations.
  • Third-Party Contracts: All third-party service providers who handle personal information on our behalf are required to maintain appropriate security standards and are bound by contractual data protection obligations.
  • Minimum Data Collection: We collect only the personal information that is reasonably necessary for our business functions. We do not collect or retain information that we do not need.
  • Regular Privacy Reviews: We periodically review our data handling practices, this Privacy Policy, and our security measures to ensure ongoing compliance with the APPs and updated Australian privacy legislation.

While we implement robust security measures, no internet transmission or data storage system is perfectly secure. We cannot guarantee absolute security of personal information transmitted over the internet. If you suspect your account has been compromised, or if you become aware of any unauthorised access to our systems, please contact us immediately at sales@mytpms.com.au or +61 1300 818 030. You should also consider changing your account password immediately.

Section 11
How Long We Retain Personal Information — APP 11.2

We retain personal information only for as long as it is required for the purpose for which it was collected, or as required by Australian law. Once personal information is no longer needed and retention is not required by law, we take reasonable steps to destroy it or de-identify it in accordance with APP 11.2.

Data CategoryRetention PeriodReason for Retention
Order Records (name, address, email, items, amounts)7 years from date of transactionATO requirement — s.262A Income Tax Assessment Act 1936; GST record-keeping obligations
Tax Invoices & Financial Records7 years from transaction dateATO tax record-keeping requirements
Customer Account Data (active accounts)For the duration of the account being active, plus 2 years after last loginAccount service provision
Customer Account Data (closed/deleted)Deleted within 30 days of account closure request, except where retained for ATO complianceCustomer right to deletion (where no legal obligation to retain)
Warranty & Returns Records7 years from date of purchaseACL potential liability period; Lifetime Warranty administration
Communication Records (emails, chat)3 years from the date of the communicationCustomer service quality, dispute evidence, warranty/returns context
Vehicle & VIN DataWith order record (7 years) unless deletion is requested earlierWarranty claims, product liability; deleted on request where no legal obligation
Marketing Email ListUntil unsubscribe or withdrawal of consentSpam Act 2003 — marketing requires ongoing consent; consent is withdrawn on unsubscribe
Web Server Logs (IP addresses)90 daysSecurity monitoring, fraud investigation; not used for customer profiling
Google Analytics DataAnonymised — 14 months (GA4 default)Website performance analysis; anonymised data is not personal information

If you request deletion of your personal information and we are not required by law to retain it, we will take reasonable steps to destroy or de-identify the information within 30 days of your request. Please note that we are required by the ATO to retain financial records (including order records with customer name and address) for 7 years, and these records cannot be deleted on request during that retention period. We will notify you of any such legal restriction when processing a deletion request.

Section 12
Your Privacy Rights — Access, Correction & More

Under the Privacy Act 1988 (Cth) and the Privacy and Other Legislation Amendment Act 2024 (Cth), you have the following rights in relation to the personal information we hold about you. Additional rights may apply to customers located in the European Union, United Kingdom, or other jurisdictions — see Section 17.

Right of Access (APP 12)
You have the right to request access to the personal information we hold about you. We will provide you with a copy of your information within a reasonable time (generally within 30 days) and at no cost unless the request is excessive. We may decline access in limited circumstances prescribed by the Privacy Act — we will explain any refusal in writing.
Right of Correction (APP 13)
You have the right to request correction of any personal information we hold about you that is inaccurate, out-of-date, incomplete, irrelevant, or misleading. We will correct the information or attach a note of the dispute if we do not agree with the correction, and notify any third parties to whom the incorrect information was disclosed where it is practicable to do so.
Right of Deletion
You may request deletion of your personal information where it is no longer required for the purpose for which it was collected and we are not legally required to retain it. We will delete or de-identify the information within 30 days of your request where no legal retention obligation applies. ATO financial record obligations may prevent deletion of order records for up to 7 years.
Right to Opt Out of Direct Marketing (APP 7)
You have the absolute right to opt out of receiving marketing communications from us at any time. Every marketing email we send contains a one-click unsubscribe link. You may also opt out by emailing sales@mytpms.com.au or by contacting us by phone. Opt-out requests will be processed within 5 business days. Opting out of marketing does not affect transactional communications relating to your orders.
Right re: Automated Decisions (POLA Act 2024)
Under the Privacy and Other Legislation Amendment Act 2024 (effective 10 December 2026 for full compliance), where we use automated processes to make decisions significantly affecting your interests, we will disclose this in our Privacy Policy. See Section 14 for current details of automated decision-making in our operations.
Right to Privacy Complaint
You have the right to make a formal complaint if you believe we have mishandled your personal information. Complaints are first handled internally (see Section 18). If unresolved, you may escalate to the OAIC. See Section 18 for the full complaints process.
How to Exercise Your Rights

To exercise any of the above rights, or to ask questions about the personal information we hold about you, please contact our Privacy Officer:

By Post
Unit 5-6, 44-50 Westall Road, Springvale VIC 3171, Australia
Response Time
Within 30 days of receipt of your written request

Please include your full name, email address, order number (if applicable), and a clear description of the information you are requesting access to, or the correction you are requesting. We may need to verify your identity before processing your request to protect against fraudulent access to another person's data.

Section 13
Marketing Communications — APP 7 & Spam Act 2003 Compliance

We comply fully with APP 7 (Direct Marketing) of the Privacy Act 1988 (Cth) and the Spam Act 2003 (Cth) in all marketing communications. We only send marketing emails to individuals who have provided express, opt-in consent.

Our Marketing Commitments
  • Consent Required: We will only send you marketing communications if you have specifically opted in — either by ticking the marketing consent checkbox at checkout, or by signing up via our website newsletter form. We never add customers to our marketing list without their explicit consent.
  • Clear Identification: Every marketing email will clearly identify that it is from MyTPMS Australia / MyTPMS Automate Sensors, and will include our business name, registered address, ABN, and contact details.
  • Unsubscribe Mechanism: Every marketing email we send includes a clearly visible, one-click unsubscribe link as required by the Spam Act 2003 (Cth). We will process unsubscribe requests promptly — within 5 business days.
  • No Selling of Email Lists: We will never sell, rent, or share your email address with third-party marketers. We will never provide your personal information to a third party for the purpose of that third party's own direct marketing.
  • Transactional Emails Are Not Marketing: Order confirmation emails, Tax Invoice emails, dispatch notifications, tracking updates, warranty response emails, and support communications are transactional in nature and will continue to be sent regardless of your marketing preferences, as they are necessary for the fulfilment of your order or the resolution of a service request.
  • Canadian Customers — CASL: For customers located in Canada, we comply with the Canadian Anti-Spam Legislation (CASL). Marketing emails to Canadian addresses are only sent where express consent has been obtained and all CASL identification and unsubscribe requirements are met.

You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in any marketing email, or by emailing sales@mytpms.com.au with the subject line “UNSUBSCRIBE”. We will remove you from our marketing list within 5 business days of your request. Unsubscribing from marketing will not affect your ability to place future orders or receive transactional communications about existing orders.

Section 14
Automated Decision-Making — POLA Act 2024 Disclosure

The Privacy and Other Legislation Amendment Act 2024 (Cth) introduces new transparency obligations requiring organisations to disclose when personal information is used in automated decision-making processes that significantly affect individuals. Full compliance obligations commence on 10 December 2026. We are voluntarily disclosing our current automated processes in this Policy ahead of the mandatory compliance date.

Current Automated Processes on mytpms.com.au
Automated ProcessPersonal Data UsedImpact on YouHuman Review Available?
Order fraud screening & payment risk assessmentIP address, payment method, order value, delivery address, device fingerprintAn order may be automatically flagged for manual review or placed on hold pending verification if the automated fraud screening detects high-risk patternsYes — all flagged orders are reviewed manually by our team before any action is taken
Cart abandonment detection & email trigger (if applicable)Email address (registered customers only), cart contents, session dataA single follow-up email may be sent if you add items to your cart but do not complete checkout — only where marketing consent is activeN/A — can be prevented by opting out of marketing
Shipping rate calculationDelivery postcode/country, combined order weightAutomatic calculation of shipping cost at checkout — no adverse impactN/A — a calculation, not a decision affecting rights
Promotional code validationPromotional code entered, cart contentsAutomatic acceptance or rejection of discount codes based on validity rulesYes — contact our team if you believe a valid code was incorrectly rejected

We do not use fully automated decision-making processes (without human review) that produce legal effects on customers or similarly significantly affect them. All fraud screening flags result in human review before any order cancellation, account action, or customer communication. We will update this section as our automated processes evolve and as the December 2026 mandatory disclosure requirements take full effect.

Section 15
Children's Privacy — POLA Act 2024 & Children's Online Privacy Code

The MyTPMS Automate Sensors website and all products we sell are intended for adults aged 18 years and over. Our TPMS sensors, diagnostic tools, and automotive accessories are professional and technical automotive products not directed at or intended for children or minors.

  • We do not knowingly collect personal information from any person under the age of 18. If you are under 18, you must not submit any personal information to us or place an order. Any purchase made on behalf of a person under 18 must be completed by a parent or legal guardian.
  • We do not direct marketing communications at children or persons under 18.
  • If we become aware that we have inadvertently collected personal information from a child under 18, we will take immediate steps to securely delete that information from our systems and notify the parent or guardian where practicable.
  • POLA Act 2024 — Children's Online Privacy Code: The Privacy and Other Legislation Amendment Act 2024 (Cth) requires the OAIC to develop a Children's Online Privacy Code (COP Code) for online services directed at children. As our website is not directed at children, we do not anticipate that the COP Code will impose specific obligations on our business. We will review our practices and update this Policy when the COP Code is finalised and published by the OAIC.

If you believe a child under 18 has submitted personal information to our website, please contact us immediately at sales@mytpms.com.au and we will promptly investigate and take appropriate action.

Section 16
Data Breach Notification — Notifiable Data Breaches (NDB) Scheme

We are subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth), as strengthened by the Privacy and Other Legislation Amendment Act 2024 (Cth) (which enhanced security, retention, and breach notification obligations from 10 December 2024).

What Is a Notifiable Data Breach?

A notifiable data breach occurs when: (1) there is unauthorised access to or disclosure of personal information, or personal information is lost in circumstances where unauthorised access or disclosure is likely; and (2) the breach is likely to result in serious harm to any of the individuals whose information was involved.

Our Data Breach Response Process
  • Assess: Upon becoming aware of a suspected data breach, we will promptly assess whether the incident constitutes an eligible data breach under the NDB scheme. This assessment will be completed as quickly as possible, and no later than 30 days after we become aware of the suspected breach.
  • Notify the OAIC: If the assessment confirms an eligible data breach, we will notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable using the OAIC's notification form at oaic.gov.au.
  • Notify Affected Individuals: We will notify affected individuals whose information was involved in the breach and who are at likely risk of serious harm. Notification will be provided by email (to the email address in our records) and, where email is not practicable, by other reasonable means including a notice on our website.
  • Breach Notification Content: Our notification to affected individuals will include: a description of the breach; the kinds of information involved; the steps we recommend you take in response; and our contact details for further assistance.
  • Containment & Review: We will take immediate steps to contain the breach, mitigate harm, and review and improve our security measures to prevent recurrence.

If you believe your personal information may have been compromised in connection with our systems, or if you suspect unauthorised activity on your MyTPMS Australia customer account, contact us immediately at sales@mytpms.com.au or +61 1300 818 030. You should also consider changing your account password and monitoring your email and financial accounts for unusual activity. If you are concerned about identity theft, you may also contact the Australian Cyber Security Centre (ACSC) at cyber.gov.au.

Section 17
International Customers — Applicable Privacy Rights by Jurisdiction

MyTPMS Australia ships to customers in over 100 countries worldwide. While this Privacy Policy is governed by Australian law, we recognise that customers in certain jurisdictions may have additional privacy rights under their local legislation. This section provides a summary of the most significant additional rights by region.

🇦🇺
Australia
Privacy Act 1988 (Cth), 13 APPs, POLA Act 2024. Full rights including access, correction, opt-out of marketing, NDB notification.
🇪🇺
European Union
GDPR (EU) 2016/679. Rights: access, rectification, erasure ("right to be forgotten"), portability, restriction, objection, no solely automated decisions.
🇬🇧
United Kingdom
UK GDPR & Data Protection Act 2018. Same GDPR-equivalent rights. ICO is the supervisory authority. You may lodge a complaint with the ICO at ico.org.uk.
🇳🇿
New Zealand
Privacy Act 2020 (NZ), 13 Information Privacy Principles. Rights include access, correction, complaint to the NZ Privacy Commissioner.
🇨🇦
Canada
PIPEDA (federal), provincial privacy laws, CASL (marketing). Rights include access, correction, withdrawal of consent. OPC is the federal privacy regulator.
🇺🇸
United States
No single federal privacy law — applicable state laws include CCPA/CPRA (California), VCDPA (Virginia), CPA (Colorado), and others. CA residents have specific access, deletion and opt-out rights under CCPA.
🇸🇬
Singapore
Personal Data Protection Act 2012 (PDPA). Rights include access, correction, withdrawal of consent, and data portability (from Feb 2021). PDPC is the regulator.
🇯🇵
Japan
Act on Protection of Personal Information (APPI), amended 2022. Rights include disclosure, correction, use cessation, deletion. PPC is the regulator.
Additional Rights for EU/EEA & UK Customers (GDPR)

For customers located in the European Economic Area (EEA) or the United Kingdom, in addition to the rights described in Section 12, you also have:

  • Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, machine-readable format (e.g. CSV), and the right to transmit that data to another controller where technically feasible.
  • Right to Erasure (“Right to Be Forgotten”): You may request erasure of your personal data where it is no longer necessary, where you withdraw consent, where you object and there is no overriding legitimate ground, or where it has been unlawfully processed — subject to our legal retention obligations.
  • Right to Object: You may object to processing of your personal data for direct marketing purposes (always upheld) or based on legitimate interests (subject to our assessment of whether our legitimate interest overrides your interest or rights).
  • Lawful Basis for Processing: Our processing of EU/UK personal data is based on: (a) Contract — processing necessary to fulfil your order; (b) Legal Obligation — processing required by applicable law; (c) Legitimate Interests — fraud prevention, security; (d) Consent — marketing communications.
  • Right to Lodge a Complaint with a Supervisory Authority: EU customers may lodge a complaint with your national data protection authority. UK customers may lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
California Residents — CCPA/CPRA Rights

California residents have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to know what personal information is collected, the right to delete, the right to opt out of the “sale” or “sharing” of personal information, and the right to non-discrimination for exercising privacy rights. We do not “sell” or “share” personal information as defined by the CCPA/CPRA. To exercise CCPA/CPRA rights, contact us at sales@mytpms.com.au.

Section 18
Privacy Complaints — How to Raise a Concern

We take privacy complaints seriously and are committed to resolving them promptly, fairly, and transparently in accordance with APP 1.2 and the NDB scheme. If you believe we have interfered with your privacy or mishandled your personal information, please follow the process below.

Step 1 — Contact Us Directly

Your first step should always be to contact our Privacy Officer directly. Most concerns can be resolved quickly by our team without the need for external escalation:

Email (Preferred)
Post
Unit 5-6, 44-50 Westall Road, Springvale VIC 3171, Australia
Response Commitment
Acknowledged within 2 business days; full response within 30 days

Please include in your complaint: your full name, contact details, a detailed description of the privacy concern, and any relevant supporting information. We will acknowledge receipt of your complaint within 2 business days and provide a full written response within 30 days.

Step 2 — External Escalation

If your complaint is not resolved to your satisfaction after following Step 1, you have the right to escalate your complaint to the following external bodies depending on your location:

RegulatorJurisdictionContact
Office of the Australian Information Commissioner (OAIC)Australia — Privacy Act 1988 (Cth) complaintsoaic.gov.au/privacy/privacy-complaints | 1300 363 992
Office of the Privacy Commissioner (NZ)New Zealand — Privacy Act 2020 (NZ)privacy.org.nz
Information Commissioner's Office (ICO)United Kingdom — UK GDPR & DPA 2018ico.org.uk/make-a-complaint
Your national Data Protection Authority (DPA)European Union — GDPRFind your national DPA at edpb.europa.eu
Office of the Privacy Commissioner of Canada (OPC)Canada — PIPEDApriv.gc.ca
California Privacy Protection Agency (CPPA)California, USA — CCPA/CPRAcppa.ca.gov

Under the Privacy and Other Legislation Amendment Act 2024 (Cth), individuals may now bring a statutory tort action for serious invasions of privacy (in force from 10 June 2025). This provides an additional avenue of legal redress for serious privacy breaches beyond the OAIC complaints process. We are committed to handling all personal information in a way that ensures no grounds for such an action could arise from our practices.

Section 19
Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data handling practices, changes in applicable Australian or international privacy legislation, or changes to our business operations. All updates will be published on this page with a revised “Last Updated” date at the top of the document.

  • Material Changes: For changes that materially affect how we handle your personal information, we will provide notice via a prominent banner on our website homepage. Where we hold your email address for marketing communications and you have opted in, we will also send a notification email alerting you to the update.
  • Continued Use: Your continued use of our website or placement of an order after any updated Privacy Policy has been published constitutes your acknowledgement of the updated policy as it applies to information collected after the effective date of the update.
  • Previous Versions: If you would like to review a previous version of this Privacy Policy, please contact us at sales@mytpms.com.au and we will make our best efforts to provide it.
  • Upcoming Changes — POLA Act 2024: We will update this Privacy Policy before 10 December 2026 to fully comply with the automated decision-making disclosure requirements introduced by the Privacy and Other Legislation Amendment Act 2024 (Cth). We will also update this policy when the Children's Online Privacy Code (COP Code) is finalised by the OAIC.

We recommend bookmarking this page and reviewing our Privacy Policy periodically. The current version is always the governing version and supersedes all prior versions. Current effective date: 09 June 2026.

Section 20
All 13 Australian Privacy Principles — Full Compliance Summary

This section summarises how MyTPMS Australia complies with each of the 13 Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), as amended by the Privacy and Other Legislation Amendment Act 2024 (Cth). This summary is provided as required by APP 1.4(b), which requires our Privacy Policy to address how we manage personal information.

APP 1
Open & Transparent Management
We maintain this clear, publicly accessible Privacy Policy. All staff who handle personal information are trained on our privacy obligations. Our policy is linked from every page of our website.
APP 2
Anonymity & Pseudonymity
Where practicable, individuals may interact with us anonymously or using a pseudonym. You may browse our website, view product pages, read relearn guides, and watch how-to videos without identifying yourself. Account registration and checkout require identification to fulfil the service.
APP 3
Collection of Solicited Information
We only collect personal information that is reasonably necessary for our business functions. We collect information by lawful and fair means. We notify individuals at or before collection about the purpose of collection, as described in this Policy.
APP 4
Dealing with Unsolicited Information
If we receive unsolicited personal information that we could not have collected under APP 3, and the information is not required for our business functions, we will destroy or de-identify it as soon as practicable.
APP 5
Notification of Collection
We notify individuals at or before the time we collect their personal information (or as soon as practicable) about who we are, the purposes of collection, likely overseas disclosures, and how to access and correct their information. This Privacy Policy serves as our primary notification mechanism.
APP 6
Use & Disclosure
We use personal information only for the primary purpose of collection or for related secondary purposes the individual would reasonably expect. We do not use or disclose information for any unrelated purpose without consent or unless required by law. We never sell personal information.
APP 7
Direct Marketing
We only use personal information for direct marketing where the individual has provided express opt-in consent, or where permitted under a limited exception for existing customers. We always provide a clear, functional opt-out mechanism in every marketing communication, as required by the Spam Act 2003 (Cth).
APP 8
Cross-Border Disclosure
Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient will not breach the APPs. Where overseas service providers are used (e.g. Google Analytics, PayPal), we have data processing agreements in place. See Section 07 for full details.
APP 9
Government-Related Identifiers
We do not collect, use, or disclose Australian government-related identifiers (e.g. tax file numbers, Medicare numbers) as our own identifier for any individual. Where ABNs are collected for wholesale account verification, they are used solely for that business purpose.
APP 10
Quality of Information
We take reasonable steps to ensure that personal information we collect, use, or disclose is accurate, up-to-date, complete, and relevant. Customers can update their information at any time via their account settings or by contacting us. We use current information for dispatch and communication to minimise errors.
APP 11
Security of Information
We implement technical and organisational security measures (including TLS encryption, PCI DSS compliance, access controls, and staff training) as required by APP 11 and strengthened by the POLA Act 2024. We destroy or de-identify information when it is no longer required. See Section 10 for full details.
APP 12
Access to Information
Individuals may request access to their personal information by contacting our Privacy Officer. We will respond within 30 days and provide access at no cost unless the request is excessive. We will give reasons for any decision to deny access in accordance with APP 12.3.
APP 13
Correction of Information
Individuals may request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading personal information. We will correct the information within 30 days or attach a note of disagreement. We will notify third parties of corrections where practicable and required under APP 13.3.
Related Policies
All MyTPMS Australia Legal & Policy Documents

This Privacy Policy should be read together with all of our other published legal and policy documents, which collectively govern your relationship with MyTPMS Australia.

Privacy Questions or Requests?

Our Privacy Officer is available Monday–Friday, 09:00–17:00 AEST to handle any privacy enquiry, access request, correction request, marketing opt-out, or formal privacy complaint.

© 2024–2026 MyTPMS Australia (ABN: 53 807 701 500) trading as MyTPMS Automate Sensors • Unit 5-6, 44-50 Westall Road, Springvale VIC 3171, Australia • mytpms.com.au

Terms of ServiceCookie PolicyReturns & RefundsShipping PolicyContact Us

This Privacy Policy was last updated on 09 June 2026. Drafted in compliance with the Privacy Act 1988 (Cth), the Privacy and Other Legislation Amendment Act 2024 (Cth) (POLA Act), all 13 Australian Privacy Principles (APPs 1–13), the Spam Act 2003 (Cth), the Notifiable Data Breaches (NDB) scheme, GDPR (EU) 2016/679, UK GDPR, NZ Privacy Act 2020, CASL (Canada), and applicable US state privacy laws. External Regulator: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au — 1300 363 992.

0