Legal

Privacy Policy

This explains what we collect, why, and what we do with it — in plain English, because a privacy policy nobody can read isn’t much of a promise.

Last updated: 15 July 2026

Who we are

Bloom Literacy Co. sells printed phonics flashcards for structured literacy, posted from Australia.

Bloom Literacy Co. is a trading name of Helder & Sons Pty Ltd (ABN 54 663 574 785). In this policy, “we”, “us” and “our” mean Helder & Sons Pty Ltd trading as Bloom Literacy Co.

Our approach

We handle personal information in line with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth).

Businesses turning over $3 million or less are currently exempt from much of the Privacy Act. We don’t rely on that exemption. You’re trusting us with your name and address, and the standard shouldn’t depend on how big we are.

What we collect

Only what we need to get cards to you:

  • Your name — so we know who the order belongs to
  • Your email address — for order confirmations and any questions about your order
  • Your postal address — to post your cards
  • Your phone number — only if you give it, and only if the courier needs it
  • Order details — what you bought, when, and what it cost
  • Website usage — pages visited, approximate location, browser and device type, IP address

We never see your card details. Payments are handled entirely by our payment provider. Your card number does not pass through our website and we do not store it.

We don’t collect sensitive information as the Privacy Act defines it — nothing about your health, race, religion, politics or background.

Why we collect it

  • To take, pack and post your order
  • To contact you about your order, or answer a question you’ve asked us
  • To handle returns and refunds
  • To meet our legal and tax obligations
  • To understand how the site is used, so we can make it better

If you don’t give us your name and address, we can’t post you anything — but that’s the only consequence.

Who we share it with

We do not sell your personal information. We never have and we won’t.

We share only what’s necessary, with:

  • Our payment provider — to process your payment
  • Australia Post or a courier — your name and address, so your parcel arrives
  • Our website and store platform providers — who host the site and process orders on our behalf
  • Our accountant — for tax and record-keeping
  • Law enforcement or a regulator — only where the law requires it

[Before publishing, replace the vague wording above with real names: Stripe (payments) and Cloudflare (website hosting), plus whoever does your delivery. APP 8 expects specifics, not “our providers”.]

Information sent overseas

Some of the services we rely on — website hosting, payment processing, analytics — store data on servers outside Australia, most likely in the United States and the European Union.

Before we use a provider, we take reasonable steps to satisfy ourselves that they handle personal information to a standard comparable to the APPs, as APP 8 requires.

Keeping it safe

We take reasonable steps to protect your information from misuse, loss, and unauthorised access:

  • Our website is served over HTTPS, so what you send is encrypted in transit
  • Card details never touch our systems
  • Access to order information is limited to the people who need it to fill your order
  • Accounts holding your information are protected by strong, unique passwords and two-factor authentication

No system is perfectly secure, and we won’t pretend otherwise. But we treat your address like it’s our own.

If something goes wrong

If a data breach happens and it’s likely to cause you serious harm, we will tell you and notify the Office of the Australian Information Commissioner (OAIC), as the Notifiable Data Breaches scheme requires. We’ll tell you what happened, what information was involved, and what you can do about it.

How long we keep it

We keep your information only as long as we need it. Order and transaction records are kept for five years, because Australian tax law requires it. Beyond that, we securely delete or de-identify what we no longer need.

Seeing and correcting your information

You can ask us what personal information we hold about you, and we’ll give you a copy. If it’s wrong, tell us and we’ll fix it. If you’d like it deleted, ask — we’ll do it unless we’re legally required to keep it.

Email bloomlitco@gmail.com. We aim to respond within 30 days. There’s no charge.

Cookies and analytics

Our website uses a small amount of browser storage to remember what’s in your cart between visits. That stays on your device.

We may use website analytics to understand how many people visit and which packs they look at. This is about the site, not about you personally — we’re not building a profile.

You can block or clear cookies in your browser settings. The cart may forget itself, but nothing else will break.

Marketing

We don’t run a mailing list. We’ll only email you about an order you’ve placed or a question you’ve asked. You will not receive marketing from us, and we won’t pass your address to anyone who will.

Children

Our cards are made for children, but they’re bought by adults. Our website is intended for people over 18, and we don’t knowingly collect personal information from children. If you believe a child has given us their information, contact us and we’ll delete it.

Making a complaint

If you think we’ve mishandled your personal information, tell us first — email bloomlitco@gmail.com and we’ll look into it and respond within 30 days.

If you’re not satisfied with how we’ve handled it, you can take your complaint to the Office of the Australian Information Commissioner:

Changes to this policy

If we change how we handle personal information, we’ll update this page and change the date at the top. If it’s a significant change, we’ll say so clearly rather than quietly editing it.

Contact us

Questions about privacy, or about anything else:

Bloom Literacy Co.
Helder & Sons Pty Ltd · ABN 54 663 574 785
Email: bloomlitco@gmail.com
Web: www.bloomliteracyco.com.au