Oscar Furniture Home

Privacy Policy

Last Updated : Tuesday 18 February 2025

Oscar Furniture · Privacy

Privacy policy

How Oscar Group Australia collects, holds, uses and discloses your personal information across our websites, portals and online forms.

Policy statement

The Oscar Group Australia (OGA) is committed to protecting the privacy of our customers and complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, hold, use and disclose personal information across our websites, customer and wholesale portals, and online forms — including product configuration and quote-request forms. Where we handle health information, we also comply with applicable state health-privacy laws.

Scope & responsibility

This Policy applies to all personal information OGA collects through its websites, customer and wholesale portals, and online forms (including product configuration and quote-request forms). It applies to everyone we deal with, including customers, retailers and stockists, prescribing clinicians, and end users and their families.

Contents
Section 1

The information we collect

We collect personal information that is necessary to provide our products and services. Depending on how you interact with us, this may include:

  • Identity and contact details — name, email, postal/residential address, phone number;

  • Role and organisation — your business, store or practice, and your role (for example retailer, prescribing clinician, or end user / family member);

  • Account and authentication data — when you register for or sign in to one of our portals;

  • Order and product configuration details;

  • Payment and billing information (processed by our payment provider);

  • Sensitive information, including health information — where you request a custom or prescribed product such as a lift chair, this may include the end user's physical measurements, mobility and support needs, configuration requirements, and funding type (for example NDIS, DVA or aged care).

We collect only information relevant to our relationship with you and the product or service requested. Providing the information is voluntary, but we may be unable to prepare a quote or supply a product without it.

Section 2

Sensitive and health information

Some of our products are prescribed or funded assistive technology. Information about a person's health, disability or clinical needs is "sensitive information" under the Privacy Act and receives a higher level of protection. We only collect sensitive information:

  • with the consent of the individual it concerns; and

  • where it is reasonably necessary to prepare a quote, configure a product, or fulfil a funded order.

Section 3

Collecting information about another person

Sometimes a retailer, allied-health professional or family member submits a request on behalf of the person who will use the product. Where you provide another person's personal or health information to us, you confirm that you have that person's consent to do so and that they have been made aware of this Privacy Policy. We will, where reasonable, take steps to ensure the individual is aware of the matters set out here.

Section 4

How we use personal information

We use personal information to:

  • prepare quotes and configure, supply, deliver and service products;

  • process payments and manage funded claims;

  • communicate with you about your request or order;

  • route a request to the appropriate stockist, retailer or branch;

  • meet our legal, taxation and funding-program obligations;

  • send marketing and improve our products and services.

We will not use sensitive information for a secondary purpose without your consent.

Section 5

Disclosure of personal information

We may disclose personal information to:

  • the stockist, retailer or branch handling your request, so they can provide the product or service;

  • our related companies within Oscar Group Australia;

  • service providers who help us operate our business — including cloud hosting, database, email, customer-relationship/ERP and payment providers — under contracts that require them to protect your information and use it only to provide services to us;

  • government funding bodies (for example the NDIS, DVA or My Aged Care) where necessary to process a funded order or claim;

  • others where required or authorised by law.

We do not disclose personal information to third parties for their own marketing purposes without your explicit consent.

Section 6

Government related identifiers

Where we handle government related identifiers (such as NDIS, DVA or Medicare numbers), we do not adopt them as our own identifier of you, and we use or disclose them only as reasonably necessary to verify identity or fulfil a funded claim, or where required by law.

Section 7

Where we store your information and overseas disclosure

We store your personal information — including any health information — on servers located in Australia. Our database is hosted in Australia, and the application that processes your request runs in our Australian region.

Section 8

Security of personal information

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. Our measures include encryption in transit and at rest, access controls, and regular security reviews. Our database is hosted on infrastructure providing healthcare-grade security controls, including encryption, strict access controls and audit logging. Access to sensitive and health information is restricted to staff who need it to do their work.

Section 9

Access and correction

You may request access to, and correction of, the personal information we hold about you by contacting our Compliance Officer (see Roles & Responsibilities below). We will respond within a reasonable period and may need to verify your identity first.

Section 10

Cookies and analytics

Our website may use cookies and analytics tools to enhance your browsing experience. These tools collect non-personal information such as browser type, device, and pages visited. You can manage your cookie preferences through your browser settings.

Section 11

Data breaches

If a data breach occurs that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

Section 12

Complaints

If you have a concern or complaint about how we have handled your personal information, please contact our Compliance Officer (see Roles & Responsibilities below). If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner at oaic.gov.au.

Section 13

Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. Please review it periodically to stay informed about how we protect your information.

Additional notes — By using our websites and services, you consent to the collection and use of your personal information as outlined in this Privacy Policy.

Reference

Terms & definitions

Term

Definition

APPs (Australian Privacy Principles)

The privacy principles set out in the Privacy Act 1988 (Cth) that govern how organisations collect, hold, use and disclose personal information.

Personal information

Information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Sensitive information

A subset of personal information receiving higher protection, including health, disability and clinical-needs information; collected only with consent and where reasonably necessary.

Health information

Information about an individual's health, disability or clinical needs — for example physical measurements, mobility and support needs for a prescribed product.

Government related identifier

An identifier assigned by a government body, such as an NDIS, DVA or Medicare number.

Notifiable Data Breaches (NDB) scheme

The scheme requiring notification of affected individuals and the OAIC where a data breach is likely to result in serious harm.

OAIC

Office of the Australian Information Commissioner — the national privacy regulator.

Exceptions

Disclosures that are required or authorised by law, or necessary to fulfil a funded order or claim, are addressed within the Disclosure and Government related identifiers sections above. No other exceptions apply.

Roles & responsibilities

Contact our Compliance Officer

For access to or correction of your personal information, or to raise a privacy concern or complaint, contact our Compliance Officer. We will respond within a reasonable period and may need to verify your identity first.

Email

compliance@oscargroup.com.au

Regulator

oaic.gov.au

Contact us →

 

YOU MIGHT ALSO LIKE

Shopping Cart

0

Your cart is empty