Last Updated: 4 January 2026
1. Introduction
Hejaz ("Hejaz", "we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Notice describes how we collect, use, and share your personal data when you visit our website, www.hejaz.com (the "Website"), and your rights in relation to that data.
This notice applies to all visitors of the Website, including those from Australia, the United Kingdom, and the European Union. We are committed to complying with the Australian Privacy Act 1988, the UK General Data Protection Regulation (UK GDPR), and the EU General Data Protection Regulation (GDPR).
2. Who We Are and How to Contact Us
The data controller for your personal information is Hejaz. If you have any questions about this Privacy Notice or our data protection practices, please contact us:
- Email: information@hejaz.com.au
- Data Protection Officer: compliance@hejaz.com
3. The Data We Collect About You
We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together as follows:
- Identity Data: includes first name, last name, username or similar identifier.
- Contact Data: includes email address and telephone numbers.
- Technical Data: includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Usage Data: includes information about how you use our website, products, and services.
- Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.
4. How We Use Your Personal Data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
- Where you have given us your consent.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so.
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
| To manage our relationship with you which will include notifying you about changes to our terms or privacy policy | (a) Identity (b) Contact (c) Marketing and Communications | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) |
| To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity (b) Contact (c) Technical | (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise) (b) Necessary to comply with a legal obligation |
| To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you | (a) Identity (b) Contact (c) Usage (d) Marketing and Communications (e) Technical | Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
| To use data analytics to improve our website, products/services, marketing, customer relationships and experiences | (a) Technical (b) Usage | Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
5. How We Share Your Personal Data
We may share your personal data with the parties set out below for the purposes set out in the table in paragraph 4 above:
- Internal Third Parties as part of our regular reporting activities on company performance, in the context of a business reorganization or group restructuring exercise, for system maintenance support and hosting of data.
- External Third Parties such as service providers for IT and system administration, professional advisers including lawyers, bankers, auditors and insurers, and regulators and other authorities.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
6. International Transfers
We may transfer your personal data outside of your country of residence. Where we transfer your data to a country that has not been deemed to provide an adequate level of data protection, we will ensure that appropriate safeguards are in place to protect your personal data, such as by using standard contractual clauses approved by the relevant data protection authorities.
7. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
8. Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
9. Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
If you wish to exercise any of the rights set out above, please contact our Data Protection Officer at compliance@hejaz.com.
10. Children's Privacy
Our Website is not intended for children and we do not knowingly collect data relating to children.
11. Changes to This Privacy Notice
We keep our Privacy Notice under regular review. This version was last updated on the date stated above. Any changes will be posted on this page.
12. Contact Us
If you have any questions about this Privacy Notice, please contact us at information@hejaz.com.au or our Data Protection Officer at compliance@hejaz.com.