Legal Document

Privacy Policy

Last updated: . This Privacy Policy describes how Spinalshinecharg collects, uses, stores, and protects personal data when you visit spinalshinecharg.world or interact with our services.

1. Data Controller Information

The data controller responsible for your personal data is Spinalshinecharg, operating from George St, The Rocks NSW 2000, Australia. For privacy-related enquiries, contact us at touch@spinalshinecharg.world or by phone at +61 2 9240 8500. We are committed to handling personal information in accordance with the General Data Protection Regulation (GDPR), the Australian Privacy Act 1988, and applicable international privacy frameworks.

2. Scope of This Policy

This Privacy Policy applies to all personal data collected through our website spinalshinecharg.world, including data submitted via contact forms, collected through cookies and similar technologies, and data generated through your interaction with our informational consulting resources. This policy does not apply to third-party websites linked from our platform, and we encourage you to review the privacy policies of any external sites you visit.

3. Categories of Personal Data We Collect

We may collect the following categories of personal data depending on how you interact with our website:

  • Identity data: your full name as provided in contact form submissions.
  • Contact data: your email address and any additional contact details you voluntarily provide.
  • Communication data: the content of messages you send through our contact form, including the subject and body of your enquiry.
  • Technical data: your IP address, browser type and version, operating system, device identifiers, time zone setting, and browser plug-in types.
  • Usage data: information about how you navigate and use our website, including pages visited, time spent on pages, click patterns, and referral sources.
  • Consent data: records of your cookie preferences and GDPR consent choices, including timestamps of when consent was given or withdrawn.

4. How We Collect Personal Data

We collect personal data through several methods. Direct interactions occur when you complete our contact form, subscribe to informational updates, or communicate with us by email or telephone. Automated technologies collect technical and usage data through cookies, server logs, and analytics tools when you browse our website. We may also receive limited data from third-party analytics providers that help us understand website performance and visitor behaviour in aggregate form.

4.1 Contact Form Data

When you submit our contact form, we collect your name, email address, message content, and confirmation of your GDPR consent. This data is transmitted securely and stored in our enquiry management system for the purpose of responding to your request.

4.2 Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance functionality and, with your consent, to analyse traffic and support marketing activities. Detailed information about the cookies we use is available in our Cookie Policy.

5. Purposes and Legal Bases for Processing

We process your personal data only when we have a valid legal basis to do so. The following table outlines our primary processing activities:

  • Responding to enquiries: we process contact form data to respond to your questions about our informational consulting resources. Legal basis: consent (GDPR Article 6(1)(a)) and legitimate interest in communicating with prospective clients (GDPR Article 6(1)(f)).
  • Website operation: we process technical data necessary to deliver and maintain our website. Legal basis: legitimate interest (GDPR Article 6(1)(f)).
  • Analytics: with your consent, we process usage data to understand how visitors interact with our content and improve the user experience. Legal basis: consent (GDPR Article 6(1)(a)).
  • Marketing: with your consent, we may process contact data to send informational materials about workplace audit resources. Legal basis: consent (GDPR Article 6(1)(a)).
  • Legal compliance: we may process data where required by applicable laws, regulations, or legal proceedings. Legal basis: legal obligation (GDPR Article 6(1)(c)).

6. Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Contact form submissions and associated correspondence are retained for twenty-four months from the date of your last interaction with us, unless a longer retention period is required by law or you request earlier deletion. Cookie consent records are retained for twelve months. Technical server logs are retained for ninety days. Analytics data collected with your consent is retained in anonymised or pseudonymised form for up to twenty-six months. When retention periods expire, data is securely deleted or anonymised beyond recovery.

7. Data Sharing and Third-Party Processors

We do not sell your personal data to third parties. We may share data with third-party service providers who assist us in operating our website and delivering our services, including hosting providers, email delivery services, and analytics platforms. All third-party processors are bound by data processing agreements that require them to protect your data in accordance with GDPR standards and process data only on our documented instructions. We may also disclose personal data if required by law, court order, or governmental authority, or to protect the rights, property, or safety of Spinalshinecharg, our users, or others.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) and Australia, including countries that may not provide the same level of data protection. Where such transfers occur, we implement appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, to ensure your data receives adequate protection. You may request information about the specific safeguards applied to your data by contacting us using the details provided in Section 1.

9. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include HTTPS encryption for all data transmitted between your browser and our servers, access controls limiting data access to authorised personnel, regular security assessments of our systems and processes, secure storage of contact form submissions with encryption at rest where applicable, and staff training on data protection principles and incident response procedures. While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

10. Your Rights Under GDPR and Applicable Laws

Depending on your location and applicable law, you may have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete personal data.
  • Right to erasure: request deletion of your personal data where there is no compelling reason for continued processing.
  • Right to restrict processing: request limitation of processing in certain circumstances.
  • Right to data portability: receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object: object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: file a complaint with a supervisory authority, such as the Office of the Australian Information Commissioner (OAIC) or your local data protection authority in the EEA.

To exercise any of these rights, contact us at touch@spinalshinecharg.world. We will respond to your request within thirty days, or inform you if an extension is necessary. We may request verification of your identity before processing your request.

11. Children's Privacy

Our website and services are not directed at individuals under the age of sixteen. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete such information promptly.

12. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals. Any analytics we perform are used in aggregate form to improve website content and user experience.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the date at the top of this page and, where appropriate, notify you through a prominent notice on our website. We encourage you to review this policy regularly to stay informed about how we protect your data.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Spinalshinecharg
George St, The Rocks NSW 2000, Australia
Email: touch@spinalshinecharg.world
Phone: +61 2 9240 8500
Website: spinalshinecharg.world