The Phoenix Within is committed to providing quality services to you and this policy outlines my ongoing obligations to you in respect of how I manage your Personal Information.
I have adopted the Australian Privacy Principles (APPs) and the ten National Privacy Principles (NPPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The NPPs govern the way in which I collect, use, disclose, store, secure and dispose of your Personal Information.
A copy of the APPs may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au.
What is 'Personal Information' and why do I collect it?
Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include: names, addresses, email addresses, phone and facsimile numbers.
This Personal Information is obtained in many ways including interviews, correspondence, by telephone and facsimile, by email, via my website www.thephoenixwithin.com.au, from your website, from media and publications, from other publicly available sources and from third parties. I don’t guarantee website links or policy of authorised third parties.
I collect your Personal Information for the primary purpose of providing my services to you, providing information to my clients and marketing. I may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from my mailing/marketing lists at any time by contacting us in writing.
When I collect Personal Information we will, where appropriate and where possible, explain to you why I am collecting the information and how I plan to use it.
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Sensitive information will be used by me only:
- For the primary purpose for which it was obtained
- For a secondary purpose that is directly related to the primary purpose
- With your consent; or where required or authorised by law.
Where reasonable and practicable to do so, I will collect your Personal Information only from you. However, in some circumstances I may be provided with information by third parties. In such cases I will take reasonable steps to ensure that you are made aware of the information provided to me by the third party.
Disclosure of Personal Information
The Phoenix Within may disclose Personal Information to third parties, such as contractors, agents and service providers, to assist us with our activities and the provision of services to my clients. In doing so, I will take reasonable steps to ensure that these organisations are bound by obligations of confidentiality and privacy in order to protect your Personal Information in accordance with the Privacy Act.
Your Personal Information may be disclosed in a number of circumstances including the following:
- Third parties where you consent to the use or disclosure; and
- Where required or authorised by law.
Security of Personal Information
Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure.
When your Personal Information is no longer needed for the purpose for which it was obtained, I will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by me for a minimum of 7 years.
Access to your Personal Information
You may access the Personal Information I hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact me in writing.
The Phoenix Within will not charge any fee for your access request but may charge an administrative fee for providing a copy of your Personal Information.
In order to protect your Personal Information, I may require identification from you before releasing the requested information. The Phoenix Within will respond to a request for Personal Information as soon as reasonably practicable.
Maintaining the Quality of your Personal Information
It is an important to me that your Personal Information is up to date. I will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information I have is not up to date or is inaccurate, please advise me as soon as practicable so I can update my records and ensure I can continue to provide quality services to you.
For statistical purposes, The Phoenix Within may collect information through the use of ‘cookies’ on website activity (including the number of users who visit my website, date and time of your visit to the website, the pages accessed and any information downloaded, navigation patterns, the country and systems through which users have accessed the website).
Cookies are data that a website transfers to an individual’s hard drive for record-keeping purposes. Cookies can facilitate a user’s ongoing access to and use of a website and may be necessary to access features such as online transactions.
While The Phoenix Within takes great care to protect your personal information on my website and use state-of-the-art data transmission encryption, unfortunately no data transmission over the internet can be guaranteed to be 100% secure. Accordingly, The Phoenix Within cannot ensure or warrant the security of any information that you send to me or receive from me online. This is particularly true for information you send to me via email. I have no way of protecting that information until it reaches me. Once I receive your transmission, I use my best efforts to ensure its security in my possession.
My website may contain links or plug-ins to third party websites. The use of your information by those third party websites is not within the control of The Phoenix Within and I cannot accept responsibility for the conduct of those companies.
The Phoenix Within's responsibilities under EU's General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area (“EEA”) you have certain rights and protections under the GDPR regarding the processing of your personal information. I am a controller under the GDPR as I collect, use and store your personal information to enable me to provide you with my goods and/or services and information about them.
I rely on the following lawful means of processing your personal information:
- Where it is necessary to fulfill a contract with you
- Where you have given me valid consent to use your personal information, I will rely on that consent, and only use the personal information for the specific purpose for which you have given consent. This includes where I email newsletters or send mobile notifications
- I may also process your personal information where it is to further my legitimate interests where they are overridden by your rights or interests. This could include usage statistics, analytics and internal analysis so I can improve our services.
Your Rights as an EU or UK Resident
If you are a resident of the EU or UK, you have various rights including the:
- Right to be informed
- Right of access
- Right to rectification
- Right to object
- Right to restriction of processing
- Right to erasure or to be forgotten
- Right to data portability and
- Right not to be subject to automated processing.
If you want to access your Personal Data or ask for the information to be corrected, please contact The Phoenix Within. In some circumstances, you also have a right to object to or ask that I restrict certain processing activities or delete your Personal Data. If you would like to limit or request deletion of your Personal Data or exercise any other rights you can do so by contacting The Phoenix Within.
Withdrawing Your Consent
You can withdraw your consent to my collection or processing of your Personal Data. You can do so by contacting me or by opting out of email newsletter communications by following the instructions in those emails or by clicking unsubscribe. If you withdraw your consent to the use of your Personal Data, you may not have access to my services and I might not be able to provide you with my services. In some circumstances, where I have a legal basis to do so, I may continue to process your information after you have withdrawn consent. For example, if it is necessary to comply with an independent legal obligation or if it is necessary to do so to protect my legitimate interest in keeping my services secure.
The Phoenix Within complies with the GDPR protection directives set out by the EU and UK regarding the collection, use and retention of Personal Data from EU member countries and the UK. All Personal Data stored on my platform is treated as confidential. It is stored securely and is only accessed by authorised personnel. My collection is limited in relation to what is necessary, for the purpose for which the Personal Data is processed, and kept only for so long as is necessary for the purpose for which the Personal Data was collected. I implement and maintain appropriate technical, security and organisational measures to protect Personal Data against unauthorised or unlawful processing or use, and against accidental loss, destruction, damage, theft or disclosure. I ensure the encryption and pseudonymisation of Personal Data and I have adequate cyber security measures in place.
By providing The Phoenix Within with your Personal Data, you consent to me disclosing it to third parties who reside outside the EU or UK. I will ensure that those third parties are GDPR compliant.
This Policy may change from time to time and is available on my website.
Updated: 11 May 2020