The Seed Shop Pty Ltd ABN 41 643 999 473, trading as Shepherd Grain (“Shepherd Grain”, “we”, “our”, “us”), respects your privacy and is committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
This Privacy Policy explains what personal information we collect, how we use it, who we share it with, how we protect it, and the rights you have in relation to it. It applies to all personal information we handle in our business activities, including through this website.
Privacy Policy
About this Privacy Policy
1. Who we are and how to contact us
Shepherd Grain is an Australian seed and grain business operating from Moree, New South Wales. We deal with growers, customers, suppliers and other stakeholders across the agricultural sector.
If you have any questions about this Privacy Policy or about how we handle your personal information, please contact our Privacy Officer:
| Role | Privacy Officer |
|---|---|
| Company | Shepherd Grain |
| Postal | 122 Burrington Road, Moree NSW 2400 |
| [email protected] | |
| Phone | (02) 5733 2822 |
| Website | www.shepherdgrain.com.au |
2. What personal information we collect
“Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not.
The types of personal information we collect depend on your relationship with us. Common examples include:
| If you are… | We may collect |
|---|---|
| A grower, customer or business contact | Your name, business name and ABN, address, contact details, banking details, delivery and logistics information, and information about your dealings with us |
| A supplier or service provider | Your business name and ABN, contact details, banking details, insurance information, and information about our contract with you |
| A job applicant | Your CV and qualifications, contact details, references, work rights documentation, and information you provide in interviews or assessments |
| An employee or contractor | Your name, contact and emergency contact details, payroll and banking details, tax file number, superannuation details, employment history, qualifications, and other information needed to manage your employment or engagement |
| A website or system user | Your IP address, browser and device information, login activity, pages viewed, system access logs and cookie information |
| A visitor to our premises | Your name, contact details, vehicle registration and entry/exit details for site security, safety and biosecurity reasons |
We only collect personal information that is reasonably necessary for one or more of our business functions or activities.
Sensitive information
Some personal information is “sensitive information” under the Privacy Act, including information about a person’s health, racial or ethnic origin, religious or political views, criminal record, sexual orientation, or biometric or genetic information.
We do not generally collect sensitive information about you. We will only collect sensitive information with your consent, or where the collection is required or authorised by law (for example, certain health and safety information about employees, or work rights documentation).
3. How we collect personal information
Wherever possible, we collect personal information directly from you. We may also collect personal information from other people or sources where it is necessary or impractical to collect it directly from you, and where it is reasonable to do so.
Examples of how we collect personal information include:
• When you contact us by email, phone, post or in person
• When you provide information through our website, customer or supplier portals, or other digital systems
• When you enter into a contract or transaction with us as a grower, customer or supplier
• When you apply for a job with us or are engaged as a contractor
• During the course of our business dealings with you
• From references you provide, from publicly available sources, or from third parties (such as credit reporting bodies, recruitment agencies or referees) where permitted by law
• Through cookies and similar technologies on our website (see section 5 below)
Dealing with us anonymously
Where it is lawful and practicable to do so, you may deal with us anonymously or using a pseudonym. This will not be practicable in many of our interactions — for example, employment, regulated grain trading, banking and tax-related transactions — because we are required by law or by the nature of the transaction to know who we are dealing with.
If we collect personal information about you from someone else
If we receive personal information about you that we did not solicit, we will assess whether we could have lawfully collected that information directly from you. If we could have, we will treat it in accordance with this Privacy Policy. If not, we will destroy or de-identify the information as soon as practicable, unless it is unlawful or unreasonable to do so.
4. Why we collect, hold, use and disclose personal information
We collect, hold, use and disclose personal information for purposes that are part of, or reasonably necessary for, our business activities. These include:
• Providing our products and services, including seed and grain supply, storage, logistics and related services
• Managing relationships with growers, customers and suppliers
• Negotiating, performing and enforcing contracts
• Processing payments and managing accounts receivable and payable
• Operating, maintaining and improving our website, customer portals and other digital systems
• Recruiting, employing and managing staff and contractors
• Meeting our legal, regulatory, taxation, work health and safety, biosecurity and reporting obligations
• Investigating and responding to complaints, incidents, claims or disputes
• Protecting our people, property, systems and information from harm, theft, fraud and misuse
• Communicating with you about your dealings with us, including providing updates and responding to enquiries
• Sending information about our products, services or industry where you have asked us to or where the law permits us to (see section 6 on direct marketing)
• Such other purposes as are reasonably necessary in the conduct of our business or as you would reasonably expect
When we will use or disclose your information
We will only use or disclose your personal information for the purpose for which it was collected (the “primary purpose”), or for a related secondary purpose that you would reasonably expect, except where:
• You have consented to another use or disclosure
• The use or disclosure is required or authorised by or under Australian law or a court or tribunal order
• A permitted general situation or permitted health situation under the Privacy Act applies
• We reasonably believe the use or disclosure is necessary for an enforcement-related activity by or on behalf of an enforcement body
Who we may share your information with
We may disclose your personal information to:
• Our service providers, including IT, hosting, cloud, accounting, payroll, banking, logistics, professional advisory and similar service providers, where they need the information to perform their services for us
• Our professional advisers, including lawyers, accountants, auditors and insurers
• Government, regulatory, taxation and law enforcement bodies, where required or permitted by law
• Our financiers and banking partners, where necessary in connection with our financing arrangements
• Counterparties in transactions with you, where reasonably necessary (for example, in logistics or supply chain arrangements)
• Anyone else with your consent or where the law allows or requires us to do so We do not sell personal information.
5. Our website, cookies and analytics
When you visit our website, we automatically collect certain information from your device and browser. This includes your IP address, the type of browser and operating system you are using, the pages you visit on our site, the time and date of your visit, and the website you came from.
We use this information to:
- Provide and improve the functionality and content of our website
- Maintain the security and integrity of our website and systems
- Understand how our website is used and identify opportunities to improve it
- Diagnose technical issues
Cookies
A “cookie” is a small text file that a website places on your device. We use cookies and similar technologies on our website to remember your preferences, keep you logged in to portals, measure website performance and analyse how the site is used.
You can set your browser to refuse cookies or to alert you when cookies are being sent. If you disable cookies, some parts of our website may not work as intended.
Third-party analytics
Our website may use third-party analytics services (such as Google Analytics) to help us understand how our site is used. These services may collect information sent by your browser as part of a web page request, including cookies and your IP address. Their use of this information is governed by their own privacy policies.
6. Direct marketing
We do not generally engage in large-scale direct marketing. From time to time we may send you information about our products, services, industry developments or events that we think may be of interest to you.
Where we do this:
- Each marketing communication will contain a simple way to opt out
- If you opt out, we will stop sending you that type of communication promptly and at no cost to you
- We will not use sensitive information for direct marketing without your consent
- You can also opt out at any time by contacting our Privacy Officer using the details in section 1
7. Sending information overseas
Some of the service providers we use are located outside Australia or store information on servers located outside Australia. This may include cloud hosting providers, email and productivity platforms, customer relationship management systems, accounting and payroll providers, and other technology vendors. The locations of these providers may include, among others, the United States and countries within the European Union.
Where we disclose personal information to an overseas recipient, we take reasonable steps to ensure that the recipient does not breach the Australian Privacy Principles in relation to that information, except where:
- We reasonably believe the recipient is subject to a law or scheme that protects the information in a way that is substantially similar to the Australian Privacy Principles, and there are mechanisms available to enforce that protection
- You have been expressly informed and consent to the disclosure
- The disclosure is required or authorised by law
8. How we protect your information
We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. The steps we take include:
- Restricting access to personal information to people who need it to do their jobs
- Requiring multi-factor authentication for access to systems containing personal information
- Using encryption where reasonably practicable for sensitive information in transit and at rest
- Maintaining secure backups and tested recovery procedures
- Keeping software and systems up to date with security patches
- Using endpoint protection and monitoring our systems for unusual activity
- Assessing the security practices of our service providers
- Training our people on privacy and information security
- Maintaining procedures for responding to actual or suspected data breaches
How long we keep personal information
We keep personal information only for as long as we need it for the purposes set out in this Privacy Policy, or for as long as we are required to by law (for example, taxation, employment and corporate records must be kept for periods set by law). When personal information is no longer needed, we take reasonable steps to securely destroy or de-identify it.
9. Data breaches
If we become aware of a data breach involving personal information — for example, unauthorised access, disclosure or loss of personal information — we will:
- Move quickly to contain the breach and reduce any harm
- Investigate the cause and extent of the breach
- Assess whether the breach is likely to result in serious harm to any affected individuals
- If it is, notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme in the Privacy Act
- Take steps to prevent similar incidents from happening again
10. Access to and correction of your personal information
You have the right to ask us for access to the personal information we hold about you, and to ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant or misleading.
How to make a request
To make an access or correction request, please contact our Privacy Officer using the details in section 1. We may ask you to provide proof of identity before we provide access or make corrections, to make sure we are dealing with the right person.
We will usually respond to your request within 30 days. We do not charge a fee for making a request, although a reasonable charge may apply for providing access in a particular format.
If we refuse access or correction
In some limited circumstances we may not be able to give you access to, or correct, your personal information. These include where:
- Giving access would have an unreasonable impact on the privacy of another person
- The request is frivolous or vexatious
- The information relates to existing or anticipated legal proceedings and would not be discoverable in those proceedings
- Giving access would prejudice an investigation, enforcement activity or commercial negotiations
- Giving access would be unlawful or denial is required or authorised by law
If we refuse a request, we will give you a written notice setting out the reasons (where it is reasonable to do so) and how you can complain about our decision.
11. Privacy complaints
If you think we have breached the Privacy Act or the Australian Privacy Principles, or that we have otherwise mishandled your personal information, please let us know. We take privacy complaints seriously and will work with you in good faith to resolve them.
How to make a complaint
Please send your complaint in writing to our Privacy Officer at the contact details in section 1. Including the following information will help us investigate your complaint quickly:
- Your name and contact details
- A clear description of what happened and when
- Any documents or other information that supports your complaint
- The outcome you are seeking
How we will respond
We will acknowledge receipt of your complaint within a reasonable time (usually within 5 business days) and aim to provide a substantive response within 30 days. We may need more time if your complaint is complex, and we will let you know if that is the case.
If you are not satisfied with our response
If you are not satisfied with how we have handled your complaint, you can refer it to the Office of the Australian Information Commissioner (OAIC):
| Office | Office of the Australian Information Commissioner (OAIC) |
|---|---|
| Website | www.oaic.gov.au |
| Phone | 1300 363 992 |
| Postal | GPO Box 5288, Sydney NSW 2001 |
You may also have other rights under Australian law, including the right (since 10 June 2025) to bring a claim in court for a serious invasion of privacy under the statutory tort in Schedule 2 of the Privacy Act. You should consider seeking independent legal advice if you are thinking about exercising those rights.
12. Employee records
Some of the personal information we hold about our current and former employees is exempt from parts of the Privacy Act because of the employee records exemption. Even where the exemption applies, we treat employee personal information with appropriate confidentiality and security, and apply the standards in this Privacy Policy as if the Privacy Act applied in full.
13. Children's privacy
Our website and services are directed at businesses, growers and other professional stakeholders, and are not intended for children. We do not knowingly collect personal information from children under the age of 16. If you believe we have collected personal information from a child, please contact us using the details in section 1 and we will take steps to delete the information.
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or for other reasons. The latest version will always be available on our website at www.shepherdgrain.com.au/privacy.
We will indicate the date this Privacy Policy was last updated at the top of the page. Where we make significant changes, we will take reasonable steps to bring those changes to your attention.