Privacy Policy

Last updated:

Introduction

This Privacy Policy explains how Brighttendon ("we", "us", "our") collects, uses, stores, and protects personal information when you visit brighttendon.world (the "Website"). We are committed to transparency and compliance with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), the Notifiable Data Breaches (NDB) scheme, the General Data Protection Regulation (GDPR) where it applies to visitors in the European Economic Area, and other applicable data protection laws.

This policy is our collection notice under APP 5. By using the Website, you acknowledge that you have read this policy. Where we collect personal information directly from you, we will take reasonable steps to ensure you are aware of the matters set out in this policy at or before the time of collection.

Organisation and Contact

The organisation responsible for your personal information is:

Brighttendon
Flat 5/6 Claire St, McKinnon VIC 3204, Australia
Email: correspondence@brighttendon.world
Phone: +61 410 562 843

Data We Collect

We may collect the following categories of personal data:

  • Contact data: name, email address, and message content submitted through our contact form.
  • Technical data: IP address, browser type, device information, operating system, and referring URLs collected automatically when you visit the Website.
  • Cookie data: preferences stored in cookies and localStorage, including your cookie consent choices. See our Cookie Policy for details.
  • Usage data: pages visited, time spent on pages, and interaction patterns, collected only if you consent to analytics cookies.

Purposes and Legal Bases for Processing

We collect and use personal information only where it is reasonably necessary for our functions and activities. The main purposes are:

  • Responding to enquiries (contact form data) — to communicate with you and respond to your requests.
  • Website functionality (strictly necessary cookies, security logs) — to operate the Website securely and reliably.
  • Analytics (usage data) — to understand how the Website is used and improve content and usability, only with your consent via our cookie banner.
  • Advertising and measurement (marketing cookies) — to measure advertising effectiveness and deliver relevant content, only with your consent via our cookie banner.
  • Legal compliance — to meet obligations under applicable law, including record-keeping and responding to lawful requests.

Where GDPR applies, we rely on the following legal bases under Article 6: legitimate interests (enquiries, security, core site operation), consent (analytics and marketing cookies), and legal obligation. Under the Privacy Act, we collect information by lawful and fair means and only where reasonably necessary.

Direct Marketing and the Spam Act 2003

We do not send commercial electronic messages unless permitted under the Spam Act 2003 (Cth). If we ever contact you by email for marketing purposes, we will:

  • include clear identification of Brighttendon as the sender;
  • provide functional contact details;
  • include a clear and conspicuous unsubscribe facility; and
  • honour unsubscribe requests promptly, generally within 5 business days.

Submitting the contact form is for enquiry purposes only and does not constitute consent to receive marketing communications unless we obtain your separate express consent.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Contact form submissions: up to 24 months from the date of submission, unless a longer period is required by law.
  • Cookie consent records: up to 12 months, stored in your browser's localStorage.
  • Analytics data: up to 26 months, subject to your consent.
  • Server logs and security data: up to 90 days.

After the retention period expires, data is securely deleted or anonymised.

Disclosure, Overseas Transfers, and Third Parties

We do not sell your personal information. We may disclose information to:

  • service providers who assist with hosting, website operation, analytics, advertising measurement, or email delivery, subject to contractual confidentiality and privacy obligations;
  • professional advisers where reasonably necessary; and
  • government agencies, regulators, or courts when required or authorised by law.

Some service providers may be located outside Australia (for example, in the United States, European Union, or other countries). Where personal information is disclosed overseas, we take reasonable steps under APP 8 to ensure the recipient handles the information in a manner consistent with the APPs, unless an exception applies under the Privacy Act. Where GDPR applies, we use appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

Before analytics or marketing tools are activated, we obtain your consent through our cookie banner. Details of cookie categories are set out in our Cookie Policy.

Accuracy, Anonymity, and Quality of Information

We take reasonable steps under APP 10 to ensure personal information we collect is accurate, up to date, and complete. You may ask us to correct information that is inaccurate, out of date, incomplete, irrelevant, or misleading.

Where lawful and practicable, you may interact with us without identifying yourself or by using a pseudonym (APP 2). This may not be possible where we need your identity to respond to a contact form enquiry or meet a legal obligation.

Security and Data Breaches

We implement appropriate technical and organisational measures under APP 11 to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. These measures include HTTPS encryption, access controls, secure hosting environments, and periodic security reviews. While we strive to protect your information, no method of transmission over the internet is entirely secure.

If we suspect an eligible data breach under the NDB scheme — that is, unauthorised access, disclosure, or loss likely to result in serious harm — we will assess the incident promptly, take containment steps, and notify affected individuals and the Office of the Australian Information Commissioner (OAIC) where required by law.

Your Rights and Complaints

Under the Privacy Act and APPs, you may:

  • request access to the personal information we hold about you (APP 12);
  • request correction of inaccurate, out of date, incomplete, irrelevant, or misleading information (APP 13);
  • opt out of direct marketing where applicable;
  • withdraw consent for analytics or marketing cookies at any time via our cookie settings or browser controls, without affecting prior lawful processing; and
  • make a complaint about how we handle your personal information.

Where GDPR applies, you may also have rights to erasure, restriction of processing, data portability, and objection to certain processing.

To exercise your rights or make a privacy enquiry, contact us at correspondence@brighttendon.world. We will acknowledge your request promptly and respond within a reasonable period, generally within 30 days. We may need to verify your identity before providing access or making corrections.

If you are not satisfied with our response, you may lodge a complaint with the OAIC:

  • Website: oaic.gov.au
  • Phone: 1300 363 992 (within Australia)

If you are in the European Economic Area, you may also contact your local data protection supervisory authority.

Children's Privacy

The Website is intended for a general audience and is not directed at children under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take reasonable steps to delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.