Privacy policy

PRIVACY POLICY

Last updated: 31/03/2026

This Privacy Policy explains how Common Rail Cowboys Pty Ltd (ABN 60 640 110 112) ("Common Rail Cowboys", "we", "us", "our") collects, uses, discloses and protects your personal information when you visit or make a purchase from www.commonrailcowboys.com ("Website") or otherwise interact with us.

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Nothing in this Privacy Policy limits your rights under the Privacy Act or the Australian Consumer Law (ACL).

  1. What is "personal information"?

"Personal information" has the meaning given in the Privacy Act 1988 (Cth) and includes information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.

If the information does not identify you, and cannot reasonably be used to identify you, it will generally not be personal information and will not be subject to this Privacy Policy.

  1. What personal information we collect

The types of personal information we may collect and hold about you can include:

  • Identity and contact details: name, billing and shipping address, email address, phone number.
  • Order and transaction details: items purchased, order history, purchase date and time, discount use, refund or warranty history.
  • Vehicle and fitment information: vehicle make, model, year, variant, engine code, VIN, registration number, state/territory, and related fitment notes you provide.
  • Warranty and diagnostic information: odometer readings, service history, diagnostic data, fault codes, tune files, dyno sheets, workshop invoices and installer details provided in connection with a warranty or refund claim.
  • Account details: login details for any account you create on our Website (we do not store your password in plain text).
  • Payment information: limited payment-related information such as payment method and transaction identifiers. Full card details are processed by our payment providers (e.g. Shopify Payments, PayPal) and are not stored by us.
  • Communications: emails, SMS messages, chat transcripts, fitment enquiries and other messages you send to us.
  • Technical and usage information: IP address, device type, browser type, operating system, pages visited, time on site, referring/exit pages, clickstream data.
  • Marketing preferences: your preferences for receiving marketing communications, and information about how you interact with our emails, SMS and ads.
  1. How we collect personal information

We may collect personal information in a variety of ways, including:

  • when you visit and use our Website;
  • when you create an account or place an order;
  • when you enter your details into our checkout, contact forms, fitment forms, chat widget or quote requests;
  • when you communicate with us via email, phone, SMS, social media, online chat or other channels;
  • when you subscribe to our marketing communications (e.g. email newsletters, SMS updates);
  • from third-party services that integrate with our systems (e.g. payment gateways, messaging platforms, analytics tools);
  • from cookies, pixels and similar technologies when you browse our Website.

Cookies, pixels and similar technologies

We use cookies, pixels, tags and similar technologies to operate and improve our Website, understand how it is used, provide personalised content and advertising, and measure the effectiveness of our marketing.

Cookies are small text files placed on your device that allow our systems (and our service providers' systems) to recognise your browser and capture certain information. Cookies may be "session cookies" (deleted when you close your browser) or "persistent cookies" (stored until they expire or are deleted).

You can usually configure your browser to refuse some or all cookies, or to alert you when cookies are being used. However, if you disable cookies, some parts of our Website may not function properly.

  1. Why we collect your personal information (purposes)

We collect, hold, use and disclose personal information for purposes including:

  • processing, fulfilling and delivering your orders, including where fulfilment is handled by a third-party supplier via a drop-shipping arrangement;
  • providing product information, fitment guidance and customer support;
  • responding to your enquiries, requests and complaints;
  • managing your account and purchase history;
  • handling warranty, returns, refunds and troubleshooting issues, including forwarding relevant information to suppliers or manufacturers for claim assessment;
  • collecting and assessing warranty-related documentation including odometer readings, service history, diagnostic data, tune files, dyno sheets and installer details;
  • operating, maintaining and improving our Website, systems and services;
  • conducting analytics, measuring Website performance and improving user experience;
  • personalising content, recommendations and marketing communications;
  • sending you direct marketing communications where permitted (see section on Direct Marketing below);
  • detecting, investigating and preventing fraud, abuse, security incidents or unlawful activity;
  • complying with legal obligations and responding to lawful requests from authorities, including Fair Trading, the ACCC or other regulatory bodies in connection with a complaint or dispute;
  • training and quality assurance for our staff and systems, including AI-assisted tools.
  1. Disclosure of personal information to third parties

We may disclose your personal information to third parties where reasonably necessary for the operation of our business, to provide our products and services to you, or as otherwise permitted or required by law. These third parties may include:

  • our e-commerce platform provider (Shopify) and its related storage, hosting and payment infrastructure;
  • payment processors and financial institutions (e.g. Shopify Payments, PayPal, Afterpay, Zip, or other authorised gateways);
  • email, SMS and marketing platforms (including, but not limited to, Coax, Klaviyo, Mailchimp or similar services);
  • customer service platforms, helpdesk software and messaging systems used to handle enquiries and support tickets;
  • AI-assisted tools and automated systems used to assist with fitment information, customer support, content generation and fraud detection;
  • analytics, tracking and advertising partners (such as Google Analytics, Google Ads, Meta/Facebook, Microsoft Clarity and similar providers);
  • logistics partners, couriers and freight companies for order fulfilment and delivery;
  • suppliers, manufacturers and distributors — where an order is fulfilled via a drop-shipping arrangement, your name, delivery address, contact details and order information may be transmitted directly to the relevant supplier or manufacturer (including via email) for the purposes of order fulfilment and dispatch;
  • suppliers, manufacturers and warranty service providers — where a warranty claim requires assessment by a supplier or manufacturer, relevant personal information including purchase details, vehicle information, odometer readings, service history, diagnostic data, tune files, dyno sheets and correspondence may be forwarded to that party (including via email) for the purposes of claim assessment;
  • Fair Trading, the ACCC, government agencies, regulators, law enforcement or other parties where required or authorised by law, or in connection with a complaint or dispute;
  • IT service providers, cloud storage services, data backup providers and security service providers;
  • professional advisers such as accountants, auditors, insurers and legal representatives; and
  • any other third party where you have expressly consented to the disclosure.

We do not sell your personal information to third parties. Personal information is shared only for operational, security, compliance, analytics, support or marketing purposes as described in this Privacy Policy, or where required by law.

  1. Overseas disclosure of personal information

Some of the third-party service providers we use may store or process personal information overseas, including (but not limited to) countries such as the United States, Canada, member states of the European Union or other jurisdictions where Shopify and our service providers host or process data.

Where your personal information is transferred overseas, we take reasonable steps to ensure that the recipient will handle your information in a way that is consistent with the Australian Privacy Principles, for example by:

  • entering into contracts that require the recipient to protect your personal information; and/or
  • working with providers that are subject to comparable privacy or data protection regimes.
  1. Direct marketing

By using our Website, creating an account, or providing your contact details to us, you may consent to receive direct marketing communications (such as emails or SMS) about our products, services, promotions and news.

We will only use your personal information for direct marketing where permitted by law, and where the marketing material is of a type that you would reasonably expect to receive from us. We do not use sensitive information for direct marketing.

You can opt out of direct marketing at any time by:

  • using the "unsubscribe" or opt-out link in an email;
  • replying "STOP" or similar as instructed in an SMS; or
  • contacting us at info@commonrailcowboys.com.
  1. AI-assisted systems and automated tools

We may use automated tools and Artificial Intelligence (AI) technologies to assist with:

  • responding to customer enquiries and fitment questions;
  • supporting internal knowledge retrieval and product information;
  • drafting product descriptions, FAQs and other written content;
  • flagging potential fraud or suspicious activity; and
  • analysing trends and improving our services.

These systems may process personal information you provide in chat messages, forms, emails or other communications. We monitor and review the performance of our AI systems; however, AI-generated responses may contain errors or may not always reflect the most current information.

You should avoid including unnecessary sensitive personal information in chat messages or forms and should contact us directly if you require confirmation of critical technical, fitment or safety information.

  1. Access to and correction of your personal information

Under Australian Privacy Principles 12 and 13, you may request access to the personal information we hold about you, and request that we correct any information that is inaccurate, incomplete or out-of-date, subject to certain exceptions.

If you wish to access or correct your personal information, please contact us using the details in the "How to contact us" section below. We may need to verify your identity before providing access or making corrections. In some cases, we may charge a reasonable fee to cover administrative costs of providing access, but we will inform you of any fee in advance.

  1. Security of your personal information

We take reasonable steps to protect the personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps may include:

  • using secure servers and encryption where appropriate;
  • restricting access to personal information to staff and service providers who need it to perform their duties;
  • requiring confidentiality obligations from our staff and key suppliers; and
  • regularly reviewing our security practices and systems.

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

  1. Data retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law or regulation (for example, record-keeping and taxation obligations). When personal information is no longer required, we will take reasonable steps to destroy or de-identify it.

  1. Complaints about privacy

If you have a complaint about how we handle your personal information or about our compliance with the Australian Privacy Principles, please contact us using the details below. We will acknowledge your complaint, investigate it and respond within a reasonable timeframe.

If you are not satisfied with our response, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC). For more information, visit the OAIC website at www.oaic.gov.au.

  1. GDPR and European Union residents

In some circumstances, the European Union General Data Protection Regulation (GDPR) may provide additional protection to individuals located in the European Union. However, our Website and services are not specifically targeted at individuals in the European Union, and we do not actively monitor the behaviour of individuals in the EU for the purposes of the GDPR. Accordingly, the GDPR will generally not apply to our handling of your personal information.

  1. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors. The updated Privacy Policy will be posted on our Website with a revised "Last updated" date. We encourage you to review this Privacy Policy periodically.

  1. How to contact us about privacy

If you have any questions about this Privacy Policy, if you wish to access or correct your personal information, or if you have a complaint about how we handle your personal information, you can contact us at:

Email: info@commonrailcowboys.com

Common Rail Cowboys Pty Ltd
Suite 382
190 Oxford Street
Bulimba QLD 4171
Australia