Last updated: 20/02/2025

ONE MILLION GOOD DEEDS PLACES A HIGH VALUE ON YOUR PRIVACY AND ENSURES THAT ANY INFORMATION YOU SHARE IS COLLECTED AND STORED IN ACCORDANCE WITH RELEVANT AUSTRALIAN PRIVACY LAWS, SUCH AS THE PRIVACY ACT OF 1988, AND ALSO IN ALIGNMENT WITH GLOBAL STANDARDS, INCLUDING GENERAL DATA PROTECTION REGULATION (GDPR).

1. About This Policy

This Privacy Policy is applicable to and governs matters related to the Website and communication via e-mail. 1.1 This Privacy Policy (“Policy”) explains how One Million Good Deeds (referred to as “MGD”, “we,” “us,” or “our”) collects, shares, and uses information that relates to you (“Personal Data”). Personal Data refers to information that, either alone or combined with other data, identifies you. This Policy applies when you visit our website milliongooddeeds.club (the “Website”), contact us via e-mail. In addition, this Policy outlines your rights concerning the Personal Data we process and how you can exercise them.1.2 We urge you to carefully review this Policy. If you have questions or comments, please reach out to us via email at milliongooddeeds@yahoo.com.au

2. What Personal Data Does MGD Collect and Why?

2.1 Types of Personal DataHere at MGD, we may collect various types of Personal Data and process them for specific purposes, including: Name, Surname: We collect your full name when you make a purchase or create an account in order to process your order and manage your account. Email Address: Your email address helps us communicate with you, including sending order confirmations, updates, and responses to inquiries. Password: To ensure your account security and facilitate access. Financial Information: We securely process your payment information through trusted payment gateway partners and do not retain this data. Customer ID: Helps us manage your account and personal preferences, process and ship orders, and provide access to your order history. Order History: Documenting transactions made on our website. Shopping Preferences: Providing you with exclusive email updates, promotions, and notifications about our products or services based on your preferences. IP Address: Collecting technical information like your IP address, device type, and browser details, which helps us understand how our website is used, customize content, and measure the audience. 2.2 Legal BasisWe collect and process your Personal Data based on the following legal grounds: Contractual Necessity: Certain data is required to enable you to create an account, manage your preferences, process and ship orders, and access your order history. Our Legitimate Interests: We may process Personal Data to document transactions, protect our business and legal rights, provide exclusive updates, and understand website usage. Your Consent: For certain activities, such as providing email updates, promotions, and notifications, we seek your consent, which you can withdraw at any time unless legal exceptions apply. Legal Obligation: We collect data to fulfill legal obligations, such as preventing fraud. Prevention of Fraud: We may process your data to prevent fraudulent activities. Administering and Maintaining Our Web Platform: Personal Data processing is based on our legitimate interests to offer, maintain, and enhance our platform. Data Analytics, Statistics, and Audience Measurement: We use Personal Data to understand website usage and audience demographics, serving our legitimate interests in improving user experience and content relevance. 2.3 Information Collection and CookiesWe may also collect certain information automatically from your device, including: IP Address: To understand your geographic location (e.g., country or city-level). Device Type and Unique Identifiers: Technical information that helps us tailor your experience. Browser-Type: Understanding how your device interacts with our website. Browsing Patterns: Data on pages accessed and links clicked. This information aids us in better comprehending our visitors, their origins, and the content that piques their interest. We leverage this data for internal analytics and to enhance the quality and relevance of our website. Some of this information is collected through cookies and tracking technology, as elaborated further in our Cookie Policy. 2.4 We encourage you to review our Cookie Policy for comprehensive information on cookie usage and management.

3. Who does MGD share your Personal Data with?

3.1 Preserving the sanctity of your privacy remains paramount at MGD. We wish to apprise you of the potential scenarios in which we might disclose your Personal Data: (a) Compliance with Legal Obligations: Our commitment to adhering to prevailing laws and regulations may necessitate the sharing of your Personal Data with authorities, regulatory bodies, judicial entities, or other third parties. These instances may arise: (i) In strict adherence to applicable laws and regulations, (ii) To assert, establish, or safeguard our legal rights, (iii) To safeguard your vital interests or those of other individuals. (b) Engagement of Expertise: Your Personal Data may be shared with auditors, consultants, legal representatives, and analogous professionals who provide essential advisory services for legitimate business purposes. These engagements are bound by contractual arrangements that preclude the use of your data for alternative objectives. (c) With Your Explicit Consent: In instances where you grant your explicit consent, we may disseminate your Personal Data to designated parties. 3.2 We reassure you that MGD operates as an autonomous entity without affiliations to group companies or partners. Consequently, your Personal Data is not shared with such entities.

4. How we protect your privacy

4.1 The stewardship of your privacy at MGD is guided by a set of fundamental principles: (a) Lawfulness, Fairness, and Transparency: We commit to processing personal data in strict compliance with Australian legal regulations, thereby ensuring fair treatment of individuals and maintaining transparent communication about our data practices. This commitment underscores our dedication to safeguarding your privacy while adhering to Australian law. (b) Data Security: Employing appropriate technical and organisational measures, we safeguard the Personal Data collected and processed. These measures are tailored to address the risk levels involved, encompassing physical, technical (such as encryption), and organisational aspects, including employee vetting and supervision. (c) Purpose Limitation: Personal Data is processed solely for specific, explicit, and legitimate purposes. We do not engage in incompatible processing, except where permitted by applicable data protection laws. (d) Data Minimisation: We process only the Personal Data that is necessary, relevant, and adequate to fulfil the intended purposes. (e) Data Accuracy: We take diligent steps to maintain the accuracy, completeness, and currency of the Personal Data we hold. However, it is equally important for you to promptly inform us of any changes or inaccuracies in your Personal Data, including personal details and contact information updates. (f) Storage limitation: Personal Data is retained only as long as necessary to achieve the processing objectives, and we do not store data beyond this unless a legitimate business need exists, such as fulfilling a requested service or complying with legal, tax, or accounting obligations. If no ongoing legitimate business need exists, we follow a meticulous process of deletion or anonymisation. In cases where immediate deletion is not feasible, your Personal Data is securely isolated from further processing.

5. Data Storage and Processing

5.1 Data Processing MGD processes and stores user data on servers hosted by Liquid Web, LLC (“Nexcess”), which may be situated in various geographical locations, including but not limited to Australia, United States, Europe, or other regions. By using our services, you acknowledge that your data may be transferred and processed in these locations. 5.2 Ensuring Data Protection Rest assured, we have implemented stringent measures to guarantee the security of your Personal Data in compliance with this Policy. When processing your Personal Data, we ensure that it remains protected in accordance with Australian data protection laws. In particular, we adhere to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), while also considering the global General Data Protection Regulation (GDPR) as a benchmark for data protection standards. In all other situations, we only transfer or provide access to your Personal Data to foreign countries when such transfers are necessary to fulfill a contract between you and MGD or to carry out pre-contractual measures. 5.3 Limitation of Liability Third-Party Hosting: MGD utilizes the services of Nexsess for data hosting and processing. While MGD takes every reasonable measure to ensure the security and integrity of your data, please be aware that Nexsess is a third-party service provider, and their liability is governed by their own terms and conditions. Exclusion of Liability: MGD, including its owners, officers, employees, agents, and partners, shall not be held liable for any direct, indirect, incidental, consequential, or special damages, losses, or expenses, including but not limited to: (a) Loss of data; (b) Unauthorized access to, use, or alteration of your personal information; (c) Any data breaches or security incidents affecting data hosted by Nexcess. Nexcess Liability: Any claims, disputes, or issues related to data hosting by Nexsess are subject to Nexsess’s terms of service and limitations of liability, which you are encouraged to review separately here.

6. Profiling

6.1 In certain situations, we utilize your Personal Data to gain insights into your preferences and provide tailored products or services. It’s crucial to note that we never base decisions solely on automated processing that might produce significant legal effects or similarly impact you.

7. Minors

7.1 The use of this website is intended for individuals who are at least 18 years of age or the age of majority in their respective jurisdiction. If you are a minor, which may vary depending on your location, you may only use this website with the express consent and supervision of a parent or legal guardian. By using this website, you represent and warrant that you are of the required age or are using the website with parental or legal guardian consent.

8. Your Data Protection Rights

8.1 You have several data protection rights: (a) If you want to access, correct, update, or exercise your data protection rights, you can do so anytime by reaching out to us using the contact details provided under the “Contact Us Regarding Your Personal Data” section (11) below. Please be aware that certain limitations may apply to deletion requests. For instance, we may retain Personal Data as permitted by law, such as for tax or record-keeping purposes, maintaining an active account, and processing transactions and customer requests. (b) In specific circumstances, as outlined in applicable data protection legislation, you can object to the processing of your Personal Data, request restrictions on processing, or ask for the portability of your Personal Data. You can exercise these rights by contacting us through the provided contact details below. (c) If we have collected and processed your Personal Data with your consent, you have the right to withdraw your consent at any time. This withdrawal will not affect the lawfulness of any prior processing conducted before your withdrawal or processing based on lawful grounds other than consent. (d) You can opt-out of receiving marketing communications from us at any time. To unsubscribe from our newsletters or marketing notifications, you can use the unsubscribe option in the “Email Preferences” section of your account or click the unsubscribe link at the bottom of every newsletter email. Alternatively, you may contact us at milliongooddeeds@yahoo.com.au</a >. 8.2 We respond to all requests from individuals looking to exercise their data protection rights in accordance with applicable data protection laws.

9. Links to Other Websites

9.1 Our website may include hyperlinks to websites owned and operated by third parties. These websites maintain their own privacy policies, and we strongly recommend that you review them. These policies will govern the use of any Personal Data you provide while visiting these external websites. 9.2 We do not assume any responsibility or liability for the privacy practices of these third-party websites. Your use of such websites is at your own discretion and risk.

10. Policy Updates

10.1 We may periodically update this Policy to address changing legal, technical, or business developments. When we make changes to our Policy, we will take appropriate steps to inform you, in accordance with the significance of the modifications. We will obtain your consent for any substantial Policy changes if required by applicable data protection laws. 10.2 You can find the last update date of this Policy at the top of the document, allowing you to verify when it was last revised.

11. Contact Us Regarding Your Personal Data

11.1 If you have any questions or concerns regarding this Policy or how we handle your Personal Data, please feel free to contact us via email at milliongooddeeds@yahoo.com.au