Legal

Privacy Policy

This document explains how Organicflexible collects, uses, stores, and protects your personal information when you visit our website or use our consulting services.

Last updated:

1. Introduction and Data Controller

Organicflexible, operating at 9/13 Hay St, Haymarket NSW 2000, Australia, is the data controller responsible for your personal information collected through organicflexible.world and associated consulting services. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR), the Australian Privacy Act 1988, and the Australian Privacy Principles (APPs).

By accessing our website or submitting information through our contact form, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our website and services.

For privacy-related inquiries, contact us at touch@organicflexible.world or by phone at +61 2 9325 1111 during business hours.

2. Information We Collect

2.1 Information You Provide Directly

When you complete our contact form, book a consultation, or communicate with us by email or phone, we may collect the following personal data:

  • Full name
  • Email address
  • Phone number (if provided voluntarily)
  • Message content and inquiry details
  • GDPR consent confirmation and timestamp
  • Consultation notes and preferences shared during sessions

2.2 Information Collected Automatically

When you visit our website, certain technical information may be collected automatically through cookies and similar technologies, subject to your cookie preferences:

  • IP address (anonymised where possible for analytics)
  • Browser type and version
  • Operating system
  • Referring URL and pages visited
  • Date and time of visit
  • Device type and screen resolution

2.3 Information We Do Not Collect

We do not intentionally collect sensitive health data, medical records, financial account numbers, or government identification numbers through our website. Our services provide general nutrition education and do not require clinical health information. If you voluntarily share health-related details during a consultation, we treat that information with heightened care as described in Section 5.

3. Purpose of Data Processing

We process your personal data only for specific, legitimate purposes. These include:

  • Responding to your inquiries and providing requested information about our nutrition consulting services
  • Scheduling and conducting consultations, whether in person at our Haymarket office or via video call
  • Preparing and delivering customised meal system documents and educational materials
  • Processing payments and managing service agreements where applicable
  • Improving our website content, user experience, and service quality through anonymised analytics
  • Complying with legal obligations under Australian and international law
  • Protecting our website and services against fraud, abuse, and security threats
  • Sending service-related communications such as appointment confirmations and policy updates

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects. Marketing communications are sent only where you have provided explicit consent, and you may withdraw that consent at any time.

Under the GDPR, we rely on the following legal bases for processing your personal data:

  • Consent: When you submit our contact form, accept cookies, or opt in to marketing communications, you provide explicit consent for the specified processing activities.
  • Contractual necessity: Processing required to deliver consulting services you have requested or to take pre-contractual steps at your request.
  • Legitimate interests: Website security, fraud prevention, and anonymised analytics to improve our educational content, balanced against your privacy rights.
  • Legal obligation: Retaining certain records as required by Australian tax, consumer protection, or other applicable laws.

Under the Australian Privacy Act, we collect personal information only where it is reasonably necessary for our functions and activities, and we take reasonable steps to ensure information is accurate, up to date, and complete.

5. Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law. Our standard retention periods are:

  • Contact form submissions: Retained for 24 months from the date of submission, then securely deleted unless an active consulting relationship exists.
  • Consultation records and meal system documents: Retained for 36 months from the last service interaction, then archived or deleted upon request.
  • Payment and invoicing records: Retained for 7 years in compliance with Australian tax record-keeping requirements.
  • Cookie consent preferences: Stored locally on your device until cleared or until consent is renewed (maximum 12 months).
  • Analytics data: Anonymised and aggregated data may be retained indefinitely for statistical purposes, provided it cannot identify individuals.
  • Marketing consent records: Retained for the duration of the marketing relationship plus 24 months to demonstrate compliance.

When retention periods expire, personal data is securely deleted or irreversibly anonymised using industry-standard methods.

6. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted between your browser and our website
  • Secure storage of consultation records with access restricted to authorised personnel
  • Regular review of data handling practices and access permissions
  • Password-protected systems and multi-factor authentication for administrative access
  • Staff training on privacy obligations and data handling procedures
  • Incident response procedures for suspected data breaches, including notification to affected individuals and relevant authorities within 72 hours where required by GDPR

While we take reasonable precautions, no method of electronic transmission or storage is completely secure. We encourage you to use strong passwords for any accounts associated with our services and to contact us immediately if you suspect unauthorised access to your information.

7. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share data with the following categories of recipients, strictly for the purposes described in this policy:

  • Service providers: Email delivery platforms, video conferencing tools, payment processors, and website hosting providers that process data on our behalf under data processing agreements.
  • Legal authorities: When required by law, court order, or governmental regulation.
  • Professional advisers: Lawyers, accountants, or auditors bound by confidentiality obligations.

All third-party processors are required to implement appropriate security measures and process data only according to our instructions. Where data is transferred outside the European Economic Area or Australia, we ensure adequate safeguards such as Standard Contractual Clauses or equivalent mechanisms.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data where there is no compelling reason for continued processing.
  • Right to restrict processing: Request limitation of processing in certain circumstances.
  • Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: File a complaint with the Office of the Australian Information Commissioner (OAIC) or your local data protection authority.

To exercise any of these rights, contact us at touch@organicflexible.world with sufficient detail to verify your identity. We will respond within 30 days, or within the timeframe required by applicable law.

9. Children's Privacy

Our website and services are intended for adults aged 18 and over. We do not knowingly collect personal information from individuals under 18 years of age. If we become aware that we have collected data from a minor without parental consent, we will take steps to delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. The date at the top of this page indicates when the policy was last revised. Material changes will be communicated through a notice on our website. We encourage you to review this page regularly.

11. Contact Information

For questions, concerns, or requests related to this Privacy Policy or your personal data, contact:

Organicflexible
9/13 Hay St, Haymarket NSW 2000, Australia
Phone: +61 2 9325 1111
Email: touch@organicflexible.world