Privacy policy

Osteon Medical Componentry Store (“Osteon Medical”, “we”, “us”, “our”) operates this online store and website, including all related content, features, tools, products and services (the “Services”). The Services are powered by Shopify, which enables us to provide a secure shopping and account experience.

This Privacy Policy explains what personal information we collect, how we use and disclose it, and the choices you have. If there is any conflict between this Privacy Policy and our Terms of Service, this Privacy Policy governs how we collect, process and disclose personal information. By using the Services, you acknowledge that you have read and understood this Policy.

What we collect

“Personal information” means information that identifies, relates to, describes, or could reasonably be linked to you. It does not include anonymised or de-identified data.

We may collect the following, depending on how you interact with us:

  • Contact and account details such as name, email, phone, billing and shipping addresses, login credentials, preferences and settings.
  • Transaction and order details such as items viewed or purchased, returns, exchanges, payment confirmation and fulfilment information.
  • Payment information such as card type and tokenised payment details. (Payments are processed by Shopify or other payment providers; we do not store full card numbers.)
  • Device and usage information such as IP address, browser and device identifiers, and how you navigate and interact with the Services, including via cookies and similar technologies.
  • Communications you send us (for example, product enquiries, support requests, reviews).
  • Clinical/health-related information you choose to provide in the context of professional orders or support (for example, intra-oral scans, clinical photographs, study models, and correspondence with other health care professionals you authorise). We treat this as sensitive information and apply additional safeguards.

Where the information comes from

  • Directly from you when you browse, create an account, place an order, contact us, or submit content (including reviews).
  • Automatically from your device and browser when you use the Services (including via cookies and similar technologies).
  • From service providers and partners acting on our behalf (for example, payment processors, analytics and fulfilment partners).
  • From other health professionals where you have authorised sharing for a clinical purpose.

How we use personal information

We use personal information to:

  • Provide, operate and improve the Services, process payments, fulfil and deliver orders, manage your account, handle returns/exchanges, and remember preferences.
  • Communicate with you about your account, orders, support requests and updates to our Services or policies.
  • Personalise your experience (for example, product recommendations) and perform analytics to improve site performance and product quality.
  • Protect the Services, prevent fraud, authenticate users and ensure platform security.
  • Comply with law, respond to lawful requests and enforce our terms.
  • Send marketing communications where permitted; you can opt out at any time (see “Your rights and choices”).

Health and sensitive information

We only collect health information where necessary to deliver clinical or technical support you request or authorise. Access is restricted on a strict “need-to-know” basis. We do not use health information for marketing and we disclose it only to the extent necessary to provide care or as required by law.

Relationship with Shopify

Our store is hosted on Shopify. Shopify collects and processes personal information about your use of the Services to provide, secure and improve its platform, including enhanced features that may use data from interactions across multiple merchants. In these cases, Shopify is responsible for that processing and for responding to related privacy rights requests. For details about how Shopify processes personal information and to exercise rights available through Shopify, please refer to the Shopify Consumer Privacy Policy and the Shopify Privacy Portal.

Cookies and similar technologies

We use cookies and similar technologies to operate the site, remember preferences, perform analytics and tailor content. You can manage cookie preferences through your browser settings and, where offered, our on-site cookie controls. For more information, see our Cookie Policy.

How we disclose personal information

We may disclose personal information:

  • To Shopify and trusted service providers who assist with payment processing, IT and hosting, data storage, analytics, customer support, marketing (e.g., email/SMS), fulfilment and shipping.
  • To business and marketing partners for permitted advertising and measurement. Depending on your location, you may have rights to opt out of targeted advertising—see “Your rights and choices”.
  • To health professionals and laboratories involved in your case on an authorised, need-to-know basis.
  • Within our corporate group and in connection with corporate transactions (e.g., merger, acquisition).
  • When you ask us to or otherwise consent (for example, social logins, review publishing).
  • As required by law or to protect our rights, users, or the public.

We do not sell personal information as “sale” is defined under applicable laws. We do not disclose health information for advertising.

International transfers

We may transfer, store and process personal information outside your country of residence, including where Shopify and our providers operate (for example, Australia, the EU, the UK, the US and Canada). Where required, we use appropriate safeguards (such as Standard Contractual Clauses) to protect personal information transferred internationally.

Security

We use administrative, technical and physical safeguards appropriate to the sensitivity of the information we hold, including password policies, restricted access, secure servers, malware protection, secure cloud storage and routine backups. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Retention

We keep personal information only for as long as necessary for the purposes described in this Policy, including to comply with legal, accounting and regulatory requirements, to resolve disputes and to enforce agreements. Where possible, we de-identify or aggregate data. Certain clinical and transactional records may be retained for periods mandated by law.

Your rights and choices

Your rights will depend on where you live and the laws that apply:

  • Australia (Privacy Act 1988 (Cth) and Australian Privacy Principles): you may request access to, and correction of, personal information we hold about you. You may opt out of direct marketing at any time. We comply with the Notifiable Data Breaches (NDB) scheme and will notify you and the Office of the Australian Information Commissioner (OAIC) where required.
  • EU/UK (GDPR): subject to conditions and exemptions, you may have rights to access, rectify, erase, port and restrict processing of your personal data, and to object to processing (including profiling).
  • United States (e.g., California): depending on your state, you may have rights to know, access, delete, correct, and opt out of the “sale” or “sharing” of personal information for targeted advertising. We do not sell personal information. You may opt out of targeted advertising where applicable.

Marketing preferences. You can unsubscribe from promotional emails at any time using the link in the email or by contacting us. We may still send non-promotional messages about your account or orders.

Exercising rights. You can exercise rights available to you via on-site tools (where provided) or by contacting us (see “Contact”). We may need to verify your identity and, where permitted, you may authorise an agent to make a request on your behalf.

User-generated content and reviews

If you submit reviews or other content for publication, that content may be visible to other users and the public. Once published, it may be re-shared and is not covered by this Policy in the same way as account/order data.

Children

The Services are not intended for use by children and we do not knowingly collect personal information from individuals under the age of 16. If you believe a child has provided personal information, please contact us so we can delete it.

Third-party links

The Services may link to third-party sites and services. Their privacy and security practices are not governed by this Policy. We recommend reviewing their policies before providing personal information.

Changes to this Policy

We may update this Policy from time to time to reflect changes to our practices or for operational, legal or regulatory reasons. We will post the revised Policy with an updated “Last updated” date and provide additional notice where required by law.

Contact

If you have questions about this Policy or our privacy practices, or you would like to exercise your rights:

Email: privacy@osteonmedical.com

Address: 759–767 Springvale Rd, Mulgrave, VIC 3170, Australia

You may also have the right to lodge a complaint with your local data protection authority. In Australia, this is the Office of the Australian Information Commissioner (OAIC). We encourage you to contact us first so we can address your concerns promptly.