Privacy Policy
Zakhish Pty Ltd T/A The Cake Catalogue, herein referred to as The Cake Catalogue.
1. We respect your privacy
(a) The Cake Catalogue respects your right to privacy and is committed to safeguarding the privacy of our customers and website visitors. This policy sets out how we collect and treat your personal information.
(b) We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and to the extent applicable, the EU General Data Protection Regulation (GDPR).
(c) “Personal information” is information we hold which is identifiable as being about you. This includes information such as your name, email address, identification number, or any other type of information that can reasonably identify an individual, either directly or indirectly.
(d) You may contact us in writing at PO Box 6094, South Lismore, New South Wales, 2480 for further information about this Privacy Policy.
2. What personal information is collected
(a) The Cake Catalogue will, from time to time, receive and store personal information you submit to our website, provided to us directly or given to us in other forms.
(b) You may provide basic information such as your name, phone number, address and email address to enable us to send you information, provide updates and process your product or service order.
(c) We may collect additional information at other times, including but not limited to, when you provide feedback, when you provide information about your personal or business affairs, change your content or email preference, respond to surveys and/or promotions, provide financial or credit card information, or communicate with our customer support.
(d) Additionally, we may also collect any other information you provide while interacting with us.
3. How we collect your personal information
(a) The Cake Catalogue collects personal information from you in a variety of ways, including when you interact with us electronically or in person, when you access our website and when we engage in business activities with you. We may receive personal information from third parties. If we do, we will protect it as set out in this Privacy Policy.
(b) By providing us with personal information, you consent to the supply of that information subject to the terms of this Privacy Policy.
4. How we use your personal information
(a) The Cake Catalogue may use personal information collected from you to provide you with information about our products or services. We may also make you aware of new and additional products, services and opportunities available to you.
(b) The Cake Catalogue will use personal information only for the purposes that you consent to. This may include to:
(i) provide you with products and services during the usual course of our business activities;
(ii) administer our business activities;
(iii) manage, research and develop our products and services;
(iv) provide you with information about our products and services;
(v) communicate with you by a variety of measures including, but not limited to, by telephone, email, sms or mail; and
(vi) investigate any complaints.
If you withhold your personal information, it may not be possible for us to provide you with our products and services or for you to fully access our website.
(c) We may disclose your personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, legal proceedings or in response to a law enforcement agency request.
(d) If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases.
5. Disclosure of your personal information
(a) The Cake Catalogue may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this privacy policy.
(b) If we do disclose your personal information to a third party, we will protect it in accordance with this privacy policy.
6. General Data Protection Regulation (GDPR) for the European Union (EU)
(a) The Cake Catalogue will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.
(b) We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
(c) We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.
(d) We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
(e) We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
(f) We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
(g) We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
(h) You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.
7. Your rights under the GDPR
(a) If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. The Cake Catalogue complies with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU
(b) Except as otherwise provided in the GDPR, you have the following rights:
(i) to be informed how your personal information is being used;
(ii) access your personal information (we will provide you with a free copy of it);
(iii) to correct your personal information if it is inaccurate or incomplete;
(iv) to delete your personal information (also known as “the right to be forgotten”);
(v) to restrict processing of your personal information;
(vi) to retain and reuse your personal information for your own purposes;
(vii) to object to your personal information being used; and
(viii) to object against automated decision making and profiling.
(c) Please contact us at any time to exercise your rights under the GDPR at the contact details in this Privacy Policy.
(d) We may ask you to verify your identity before acting on any of your requests.
8. Hosting and International Data Transfers
(a) Information that we collect may from time to time be stored, processed in or transferred between parties or sites located in countries outside of Australia. These may include, but are not limited to New Zealand, USA and the UK.
(b) We and our other group companies may have offices and/or facilities in New Zealand, USA and the UK. Transfers to each of these countries will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website; the use of binding corporate rules, a copy of which you can obtain from The Cake Catalogue’s Data Protection Officer.
(c) The hosting facilities for our website may be situated in New Zealand, USA and the UK. Transfers to each of these Countries will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website; the use of binding corporate rules, a copy of which you can obtain from The Cake Catalogue’s Data Protection Officer.
(d) Our Suppliers and Contractors may be situated in New Zealand, USA and the UK. Transfers to each of these Countries will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website; the use of binding corporate rules, a copy of which you can obtain from The Cake Catalogue’s Data Protection Officer.
(e) You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
9. Security of your personal information
(a) The Cake Catalogue is committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
(b) Where we employ data processors to process personal information on our behalf, we only do so on the basis that such data processors comply with the requirements under the GDPR and that have adequate technical measures in place to protect personal information against unauthorised use, loss and theft.
(c) The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.
10. Access to your personal information
(a) You may request details of personal information that we hold about you in accordance with the provisions of the Privacy Act 1988 (Cth), and to the extent applicable the EU GDPR. If you would like a copy of the information which we hold about you or believe that any information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading, please email us at policy@thecakecatalogue.com.au
(b) We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act or any other applicable law.
11. Complaints about privacy
(a) If you have any complaints about our privacy practices, please feel free to send in details of your complaints to policy@thecakecatalogue.com.au We take complaints very seriously and will respond shortly after receiving written notice of your complaint.
12. Changes to Privacy Policy
(a) Please be aware that we may change this Privacy Policy in the future. We may modify this Policy at any time, in our sole discretion and all modifications will be effective immediately upon our posting of the modifications on our website or notice board. Please check back from time to time to review our Privacy Policy.
13. Website
(a) When you visit our website
When you come to our website (www.thecakecatalogue.com.au), we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.
(b) Cookies
We may from time to time use cookies on our website. Cookies are very small files which a website uses to identify you when you come back to the site and to store details about your use of the site. Cookies are not malicious programs that access or damage your computer. Most web browsers automatically accept cookies but you can choose to reject cookies by changing your browser settings. However, this may prevent you from taking full advantage of our website. Our website may from time to time use cookies to analyses website traffic and help us provide a better website visitor experience. In addition, cookies may be used to serve relevant ads to website visitors through third party services such as Google AdWords. These ads may appear on this website or other websites you visit.
(c) Third party sites
Our site may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that The Cake Catalogue is not responsible for the privacy practises of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.
14. Effective date
This policy is effective from 17th December, 2024
Data Breach Policy
Zakhish Pty Ltd T/A The Cake Catalogue, herein referred to as The Cake Catalogue.
- Purpose
This policy describes how Zakhish Pty Ltd T/A The Cake Catalogue, here within known as The Cake Catalogue, will respond to a data breach, in adherence to the Privacy Act 1988.
It is The Cake Catalogue’s belief that clear roles, responsibilities and procedures will serve as the foundation as a comprehensive privacy program.
This policy outlines:
(a) the steps that The Cake Catalogue will take to contain, assess, notify, and review any data breaches that might occur; and
(b) Notifiable Data Breaches and how The Cake Catalogue will address them if they occur.
All The Cake Catalogue employees, officers, representatives or advisers (‘Employees’) are required to understand and act in accordance with this policy.
- Data Breach Definition
A data breach occurs when personal information or intellectual property held by The Cake Catalogue is subject to unauthorised access, disclosure, modification, or is lost. Data breaches can occur in a number of ways, including but not limited to:
(a) Unauthorised Third-party security breaches (e.g. Hackers)
(b) Unauthorised access, disclosure or modification by Employees and users
(c) Data breaches of Third-party services used by The Cake Catalogue that affect user data
Specific to The Cake Catalogue’s business, the following have been identified as possible data breach sources:
(a) Accidental loss, unauthorised access, or theft of classified material data or equipment on which such The Cake Catalogue data is stored, such as company Laptops and USBs.
(b) Unauthorised use, access to, or modification of data on The Cake Catalogue’s cloud databases.
(c) Accidental disclosure of The Cake Catalogue user data or intellectual property, such as via email to an incorrect address.
(d) Unauthorised data collection by third parties posing as The Cake Catalogue, e.g. Phishing Scam
(e) Failed or successful attempts to gain unauthorised access to The Cake Catalogue information or information systems
(f) Unauthorised data collection by third parties through Malware infections on The Cake Catalogue cloud databases, or hardware equipment.
- What to do if a Data Breach is Suspected?
All The Cake Catalogue Employees who are aware of, informed of, or suspect a data breach must inform The Cake Catalogue’s IT team immediately. The IT team must then assess the suspected breach to determine whether or not a breach has in fact occurred. If a data breach has, in fact, occurred, then the IT team will manage the breach according to the steps outlined in the Data Breach Management Plan.
- Data Breach Response Plan
In accordance with OAIC recommendations, the following steps will be taken in response to a verified Data Breach.
(a) Contain the breach as soon as possible. Containment is ensuring that the breach itself is stopped. How a breach is stopped would depend on the particular instance but can include:
(i) The suspension of compromised accounts;
(ii) Removal of malware, where identified;
(iii) Temporary platform downtime if necessary;
(iv) Recovering any lost data, if possible;
(v) Repairing unauthorised modification of data, if possible;
(vi) Restoring access to the platform when able.
(b) Assess the risks involved and the repercussions on respective stakeholders. The following may be considered in assessing the stakeholder risks:
(i) The type of information involved;
(ii) Establish the cause and the extent of the breach;
(iii) Assess the risk of harm to affected persons;
(iv) Assess the risk of other harms: reputational damage;
(v) Notify Management and Affected Individuals where appropriate;
(vi) Management must be notified of breaches as and when they occur, whether or not the breach is an eligible breach under the Notifiable Data Breach Scheme;
(vii) The Cake Catalogue is an APP 11 entity under the Privacy Act 1988 (Cth) and is and must, therefore, comply with its obligations under the Notifiable Data Breach Scheme;
(viii) Data Breaches that are not eligible under the Notifiable Data Breach Scheme need not be reported and may be addressed internally.
(c) Prevent future similar breaches through strengthening security infrastructures and/or policies
- Notifiable Data Breach Scheme
Under the Notifiable Data Breach Scheme, The Cake Catalogue is obliged to report data breaches that satisfy the following criteria:
(i) there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that The Cake Catalogue holds;
(ii) That the unauthorised access to or disclosure of, or loss of personal information is likely to result in serious harm to one or more individuals; and
(iii) The Cake Catalogue has not been able to prevent the likely risk of serious harm with remedial action.
For further information on how to assess a notifiable data breach, The Cake Catalogue must refer to the OAIC’s APP guidelines.
Where The Cake Catalogue suspects that an eligible breach has occurred, it must carry out a reasonable and expeditious assessment of the breach: s 26WH(2)(a) of the Privacy Act. Where possible, the assessment must be completed within 30 days of The Cake Catalogue becoming aware of information that causes it to suspect that an eligible breach has occurred. If The Cake Catalogue is unable to complete the assessment within 30 days, a written document must be written which addresses:
(a) how all reasonable steps have been taken to complete the assessment within 30 days;
(b) the reasons for the delay; and
(c) that the assessment was reasonable and expeditious.
Where an Eligible Breach has occurred, The Cake Catalogue must inform affected users AND the Privacy Commissioner. The Cake Catalogue is allowed to disclose eligible breaches to users in either of the following ways:
(a) It may notify all The Cake Catalogue users
(b) It may notify affected The Cake Catalogue users
(c) It may publish a notification on its website
Disclosure of eligible breaches to the Privacy Commissioner may be done by online form.
For more information on disclosing Eligible Breaches under the Notifiable Data Breach Scheme, please refer to the OAIC’s webpage on the topic.
- Disciplinary Consequences
The Cake Catalogue reserves the right to monitor Employees’ use, access and modification of the company’s data, and initialise an investigation if cases where an employee conducts an action that is in breach of this policy.
All Employees should handle The Cake Catalogue’s data with due diligence in accordance with this policy and any related policies. If an employee’s action or omission that is prohibited under this policy causes a disruption of integrity to the data system or leads to a breach defined in the Privacy Act, the employee may face severe disciplinary action up to and including termination at the discretion of The Cake Catalogue.
7. Effective Date
This policy is effective from 17th December 2024.
Website Disclaimer
Zakhish Pty Ltd T/A The Cake Catalogue, herein referred to as The Cake Catalogue.
All care is taken in the preparation of the information and published materials on this site. The Cake Catalogue does not make any representations or give any warranties about its accuracy, reliability, completeness or suitability for any particular purpose. To the extent permissible by law, The Cake Catalogue will not be liable for any expenses, losses, damages (including indirect or consequential damages) or costs which might be incurred as a result of the information being inaccurate or incomplete in any way and for any reason.
This site may contain hypertext links, frames or other references to other parties and their websites. The Cake Catalogue cannot control the contents of those other sites, and make no warranty about the accuracy, timeliness or subject matter of the material located on those sites. The Cake Catalogue do not necessarily approve of, endorse, or sponsor any content or material on such sites. The Cake Catalogue make no warranties or representations that material on other websites to which this website is linked does not infringe the intellectual property rights of any person anywhere in the world.
The Cake Catalogue are not, and must not be taken to be, authorising infringement of any intellectual property rights contained in material or other sites by linking or allowing links to, this website to such material on other sites.
If you have any concerns regarding the content of the Website, please contact The Cake Catalogue.
Effective date
This policy is effective from 17th December, 2024.
Website Terms of Use
This website (Site) is operated by Zakhish Pty Ltd T/A The Cake Catalogue ABN 42669411527, herein referred to as The Cake Catalogue (we, our or us). It is available at: www.thecakecatalogue.com.au and may be available through other addresses or channels.
Consent: By accessing and/or using our Site, you agree to these terms of use and our Privacy Policy (available on our site) (Terms). Please read these Terms carefully and immediately cease using our Site if you do not agree to them.
Variations: We may, at any time and at our discretion, vary these Terms by publishing the varied terms on our Site. We recommend you check our Site regularly to ensure you are aware of our current terms. Materials and information on this Site (Content) are subject to change without notice. We do not undertake to keep our Site up-to-date and we are not liable if any Content is inaccurate or out-of-date.
Licence to use our Site: We grant you a non-exclusive, royalty-free, revocable, worldwide, non-transferable licence to use our Site in accordance with these Terms. All other uses are prohibited without our prior written consent.
Prohibited conduct: You must not do or attempt to do anything: that is unlawful; prohibited by any laws applicable to our Site; which we would consider inappropriate; or which might bring us or our Site into disrepute, including (without limitation):
(a) anything that would constitute a breach of an individual’s privacy (including uploading private or personal information without an individual’s consent) or any other legal rights;
(b) using our Site to defame, harass, threaten, menace or offend any person;
(c) interfering with any user using our Site;
(d) tampering with or modifying our Site, knowingly transmitting viruses or other disabling features, or damaging or interfering with our Site, including (without limitation) using trojan horses, viruses or piracy or programming routines that may damage or interfere with our Site;
(e) using our Site to send unsolicited email messages; or
(f) facilitating or assisting a third party to do any of the above acts.
Exclusion of competitors: You are prohibited from using our Site, including the Content, in any way that competes with our business.
Information: The Content is not comprehensive and is for general information purposes only. It does not take into account your specific needs, objectives or circumstances, and it is not advice. While we use reasonable attempts to ensure the accuracy and completeness of the Content, we make no representation or warranty in relation to it, to the maximum extent permitted by law.
Intellectual Property rights: Unless otherwise indicated, we own or licence all rights, title and interest (including intellectual property rights) in our Site and all of the Content. Your use of our Site and your use of and access to any Content does not grant or transfer to you any rights, title or interest in relation to our Site or the Content. You must not:
(a) copy or use, in whole or in part, any Content;
(b) reproduce, retransmit, distribute, disseminate, sell, publish, broadcast or circulate any Content to any third party; or
(c) breach any intellectual property rights connected with our Site or the Content, including (without limitation) altering or modifying any of the Content, causing any of the Content to be framed or embedded in another website or platform, or creating derivative works from the Content.
User Content: You may be permitted to post, upload, publish, submit or transmit relevant information and content (User Content) on our Site. By making available any User Content on or through our Site, you grant to us a worldwide, irrevocable, perpetual, non-exclusive, transferable, royalty-free licence to use the User Content, with the right to use, view, copy, adapt, modify, distribute, license, sell, transfer, communicate, publicly display, publicly perform, transmit, stream, broadcast, access, or otherwise exploit such User Content on, through or by means of our Site.
You agree that you are solely responsible for all User Content that you make available on or through our Site. You represent and warrant that:
(a) you are either the sole and exclusive owner of all User Content or you have all rights, licences, consents and releases that are necessary to grant to us the rights in such User Content (as contemplated by these Terms); and
(b) neither the User Content nor the posting, uploading, publication, submission or transmission of the User Content or our use of the User Content on, through or by means of our Site will infringe, misappropriate or violate a third party’s intellectual property rights, or rights of publicity or privacy, or result in the violation of any applicable law or regulation.
We do not endorse or approve, and are not responsible for, any User Content. We may, at any time (at our sole discretion), remove any User Content.
Ownership of Photos and Images
Photos, images, and visual content displayed in our listings have been sourced by us or submitted and remain the property of their respective owners. These materials are used under license, with permission, or are otherwise legally sourced. Users are not permitted to reproduce, distribute, or use these images for any purpose without obtaining the appropriate permission from the rights holder. While we take care to ensure that all images are properly licensed or authorized, we are not liable for any unintentional copyright infringements arising from third-party sources. If you believe any image used on this platform infringes your copyright, please contact us so we can address the matter promptly.
Third party sites: Our Site may contain links to websites operated by third parties. Unless expressly stated otherwise, we do not control, endorse or approve, and are not responsible for, the content on those websites. You should make your own investigations with respect to the suitability of those websites.
Discontinuance: We may, at any time and without notice to you, discontinue our Site, in whole or in part. We may also exclude any person from using our Site, at any time and at our sole discretion. We are not responsible for any Liability you may suffer arising from or in connection with any such discontinuance or exclusion.
Warranties and disclaimers: To the maximum extent permitted by law, we make no representations or warranties about our Site or the Content, including (without limitation) that:
(a) they are complete, accurate, reliable, up-to-date and suitable for any particular purpose;
(b) access will be uninterrupted, error-free or free from viruses; or
(c) our Site will be secure.
You read, use and act on our Site and the Content at your own risk.
Limitation of liability: To the maximum extent permitted by law, we are not responsible for any loss, damage or expense, howsoever arising, whether direct or indirect and/or whether present, unascertained, future or contingent (Liability) suffered by you or any third party, arising from or in connection with your use of our Site and/or the Content and/or any inaccessibility of, interruption to or outage of our Site and/or any loss or corruption of data and/or the fact that the Content is incorrect, incomplete or out-of-date.
Indemnity: To the maximum extent permitted by law, you must indemnify us, and hold us harmless, against any Liability suffered or incurred by us arising from or in connection with your use of our Site or any breach of these Terms or any applicable laws by you. This indemnity is a continuing obligation, independent from the other obligations under these Terms, and continues after these Terms end. It is not necessary for us to suffer or incur any Liability before enforcing a right of indemnity under these Terms.
Termination: These Terms are effective until terminated by us, which we may do at any time and without notice to you. In the event of termination, all restrictions imposed on you by these Terms and limitations of liability set out in these Terms will survive.
Disputes: In the event of any dispute arising from, or in connection with, these Terms (Dispute), the party claiming there is a Dispute must give written notice to the other party setting out the details of the Dispute and proposing a resolution. Within 7 days after receiving the notice, the parties must, by their senior executives or senior managers (who have the authority to reach a resolution on behalf of the party), meet at least once to attempt to resolve the Dispute or agree on the method of resolving the Dispute by other means, in good faith. All aspects of every such conference, except the fact of the occurrence of the conference, will be privileged. If the parties do not resolve the Dispute, or (if the Dispute is not resolved) agree on an alternate method to resolve the Dispute, within 21 days after receipt of the notice, the Dispute may be referred by either party (by notice in writing to the other party) to litigation.
Severance: If a provision of these Terms is held to be void, invalid, illegal or unenforceable, that provision must be read down as narrowly as necessary to allow it to be valid or enforceable. If it is not possible to read down a provision (in whole or in part), that provision (or that part of that provision) is severed from these Terms without affecting the validity or enforceability of the remainder of that provision or the other provisions in these Terms.
Jurisdiction: Your use of our Site and these Terms are governed by the laws of New South Wales. You irrevocably and unconditionally submit to the exclusive jurisdiction of the courts operating in New South Wales and any courts entitled to hear appeals from those courts and waive any right to object to proceedings being brought in those courts.
Our Site may be accessed throughout Australia and overseas. We make no representation that our Site complies with the laws (including intellectual property laws) of any country outside Australia. If you access our Site from outside Australia, you do so at your own risk and are responsible for complying with the laws of the jurisdiction where you access our Site.
For any questions and notices, please contact us at:
Zakhish Pty Ltd T/A The Cake Catalogue ABN 42669411527
Email: policy@thecakecatalogue.com.au
Last update: 26th June, 2025
