Data Breach Notification Policy

Last Updated: 20 October 2025

This Data Breach Notification Policy explains how The Groove Man (“we,” “us,” “our”) responds to and manages any data breaches involving personal information collected through our website https://thegrooveman.com (the “Site”).

We are committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) and the Notifiable Data Breaches (NDB) Scheme administered by the Office of the Australian Information Commissioner (OAIC).

1. Purpose

The purpose of this policy is to ensure that any data breach is identified, contained, and managed promptly, and that affected individuals are notified if their personal information is likely to result in serious harm.

2. What Is a Data Breach?

A data breach occurs when personal information held by us is lost, accessed, or disclosed without authorisation. Examples include:

  • Loss or theft of a device containing customer information
  • Unauthorised access to our systems by a third party
  • Accidental sharing of customer details via email
  • Malware or ransomware attacks compromising stored data

3. Our Response Process

We follow a four-step process for all data breach incidents:

  1. Identification: Detect and verify any suspected or confirmed breach.
  2. Containment: Take immediate steps to stop further unauthorised access or disclosure.
  3. Assessment: Evaluate the type and extent of information involved, the cause, and potential harm to affected individuals.
  4. Notification: Notify affected individuals and the OAIC if the breach is likely to result in serious harm, as required by law.

4. Notification Procedure

If a breach is assessed as an “eligible data breach” under the NDB Scheme, we will:

  • Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable.
  • Inform all affected individuals (or publish a public notice if direct contact is not possible).
  • Provide details of the breach, including:
    • The type of information involved
    • When and how the breach occurred
    • Steps taken to contain and mitigate the impact
    • Advice on how individuals can protect themselves

5. Containment and Prevention

Upon identifying a breach, we will take immediate action to secure systems, change access credentials, and suspend compromised accounts if necessary. We will also review security procedures to prevent recurrence.

6. Record Keeping

All suspected and confirmed breaches are documented, including details of the incident, investigation, outcome, and remedial actions taken. Records are retained in line with our Data Retention Policy.

7. Customer Support and Assistance

We will provide guidance to affected individuals on protecting their personal information following a breach, including changing passwords, monitoring financial accounts, or reporting identity theft.

8. Third-Party Involvement

Where a breach involves third-party systems (such as Shopify, Google, or Meta), we will cooperate fully with their incident response teams and ensure affected customers are informed of any outcomes relevant to their data.

9. Review and Updates

This policy will be reviewed annually or after any significant breach to ensure its ongoing effectiveness and compliance with applicable laws and best practices.

10. Contact Us

If you suspect a data breach or have concerns about your personal information, please contact us immediately:

The Groove Man
23 Arthur Terrace, Red Hill, QLD 4059, Australia
Email: info@thegrooveman.com
Phone: 0468 474 556
ABN: 36 672 060 259

Discover Audio Gear