Who We Are

Oats My Goodness (“we”, “us”, “our”) operates this website. Our goal is to provide wholesome oat-based breakfast foods while respecting your privacy. We collect, use, and store your personal data only as described below.

What Personal Data We Collect and Why We Collect It

We may collect personal information when you interact with our site, including when leaving comments, submitting forms, or making purchases. Data collected may include your name, email address, IP address, browser information, and purchase details. This information helps us improve our services, detect spam, and provide a better user experience.

Comments

When visitors leave comments on the site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help with spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact Forms

When you use our contact forms (e.g. to ask questions, submit feedback, or connect), we collect information you provide: name, organisation, email address, phone, and message content. We may also record your IP address and browser user agent to help with spam prevention and website analytics.

Cookies

If you leave a comment on our site, you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor had visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

We use analytics tools to understand how people use our site. This may include tracking page views, time spent on pages, bounce rate, referring website, and device type. Data collected is aggregated and anonymised. It helps us improve user experience, site speed, content, and functionality.

Who We Share Your Data With

We do not sell your personal data. We share data only with trusted third parties, such as:

  • service providers (e.g. email platform, CRM, payment processors)

  • analytics providers

  • legal or regulatory authorities when required by law

These third parties are contractually required to keep your data secure and use it only for specified purposes.

How Long Do We Retain Your Data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users who register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What Rights Do You Have Over Your Data

If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your Contact Information

You have the right to:

  • access the personal data we hold about you

  • correct or update your data if it is inaccurate

  • request deletion of your data (except when we must retain it for legal or business reasons)

  • request an export of your data in a common format

You can exercise these rights by contacting us at our designated email or contact address.

Additional Information

How We Protect Your Data

We take security seriously. Measures include:

  • using encrypted connections (HTTPS)

  • restricting access to personal data only to staff who require it

  • storing data in secure servers with regular vulnerability checks

  • implementing firewalls and secure password policies

What Data Breach Procedures Do We Have in Place

In the event of a data breach, we will:

  1. Assess the scope and severity of the breach

  2. Notify affected individuals if there is a risk to their rights and freedoms

  3. Report the breach to relevant regulators in accordance with the law

  4. Take corrective actions to prevent future breaches

What Third Parties Do We Receive Data From

We may receive data from:

  • payment processors (for verifying transactions)

  • marketing or social media platforms (for UTM tracking or ads)

  • analytics providers

  • third-party review or comment platforms

All sources are expected to comply with relevant data privacy and legal standards.

What Automated Decision Making and/or Profiling Do We Do with User Data

We do not use automated decision-making systems or profiling to make legal or similarly significant decisions about you. Any personalisation (e.g. recommended products, content) is based on explicit preferences or prior interactions, not solely automated profiling.

Industry Regulatory Disclosure Requirements

We comply with all relevant laws and regulations governing privacy (for example, the Australian Privacy Act). We disclose personal data to regulatory bodies only when required (e.g. legal requests, compliance audits).