Privacy Policy

Effective Date: 21st October 2025

Locus Clarity ("we", "us", "our") respects your right to privacy and is committed to safeguarding the personal information of individuals who interact with us.

This Privacy Policy outlines how we collect, use, disclose, store, and protect your personal information in accordance with:

  • Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

  • General Data Protection Regulation (GDPR).

  • Other applicable data protection laws.

If you have any questions, contact us.

 

What Personal Information We Collect

We may collect the following information to provide services to you:

  • Name

  • Contact details (email, phone, address)

  • Occupation or business name (where relevant)

  • Payment or billing details (processed securely via third-party providers, not stored by us)

  • Additional information you provide during interactions (e.g., consulting notes, surveys, feedback forms)

  • Technical data (IP address, browser type, device, operating system, site activity via analytics tools)

  • Notes or session content stored securely in our client management platform

Sensitive information (e.g., health, diversity, wellbeing data) is not collected.

Consequences of non-provision: If you do not provide certain information, we may be unable to deliver services, process payments, or respond to inquiries.

 

How We Collect Personal Information

We collect information through:

  • Direct contact (website, email, phone, social media)

  • Newsletter or mailing list subscriptions

  • Event, program, or session registrations

  • Consulting sessions and related communications

  • Surveys, feedback, or forms

We may also receive personal information indirectly, such as via referrals, event organisers, or public social media. If we collect your information from a third party, we will notify you as soon as practicable.

 

Our Role and Third-Party Processors

We act as the data controller for your personal information. We use trusted third-party processors, including:

  • Squarespace (website hosting, analytics, and marketing)

  • Stripe (payment processing)

  • Microsoft Teams (video conferencing)

  • Microsoft M365 (emails and calendars)

These providers may use sub-processors, which are contractually bound to maintain security and comply with privacy laws.

 

Why We Collect Your Personal Information and Legal Bases

We collect information:

  • For service delivery based on any contract agreements that we have you (e.g., consulting sessions, client management).

  • For payments and tax based on our legal obligations (e.g., processing invoices, meeting tax obligations).

  • For marketing based on your consent which you can withdraw at any time (e.g., newsletters, promotions).

  • For analytics & service improvement based on legitimate interests (e.g., website analytics, client feedback).

  • For legal compliance based on legal obligations (e.g., regulatory or reporting requirements).

We do not use your data for automated decision-making or profiling. If this changes, we will update this policy and provide opt-out rights.

We only rely on legitimate interests where these are not overridden by your rights and freedoms. You may object at any time.

 

Disclosure of Personal Information

We do not sell, rent, or trade your information. We may disclose personal information:

  • To trusted third-party service providers (as listed above)

  • Where required or authorised by law

  • With your consent

  • To regulators, insurers, or legal advisers (if necessary for compliance or dispute resolution)

Cross-border transfers may occur (e.g., data stored in the United States or United Kingdom). Where this occurs, we take reasonable steps to ensure overseas recipients do not breach the APPs.

 

Scheduling and Bookings

Bookings are managed via our client management platform. Any details you provide (name, email, appointment information) are stored securely in the client management platform, not on our website servers. Our client management platform complies with GDPR and provides rights of access, correction, and deletion.

 

Recordings, Testimonials & Marketing

  • Consulting sessions are not recorded without your prior written consent.

  • If you consent, recordings are secured and used only for agreed purposes.

  • Testimonials, feedback, or case studies will only be used in marketing with your express written consent.

 

Website Hosting, Analytics & Cookies

Our website is hosted by Squarespace, which may collect technical and usage data for site functionality and performance.

We use cookies and analytics tools:

  • Necessary cookies: Required for site operation (cannot be disabled).

  • Analytics cookies: Measure and improve website use (consent required).

  • Marketing cookies: Customise advertising and communications (consent required).

You can manage or withdraw cookie consent at any time via our cookie banner or browser settings.

 

Data Security

We take reasonable steps to protect personal information, including:

  • TLS encryption for data transfers.

  • Secure servers and platforms.

  • Limited access by authorised staff only.

  • Confidentiality agreements for staff, consultants, and contractors.

  • Data breach response plan, including 72-hour notification to regulators and affected individuals where required. We assess breaches against both the APPs and GDPR thresholds to determine if notification is required.

We cannot guarantee absolute security against cybercrime, but we maintain industry-standard protections.

When we no longer need your personal information for the purposes for which it was collected, and we are not legally required to retain it, we will take reasonable steps to destroy or de-identify the information.

 

Data Retention

We retain data only as long as necessary for the purposes outlined:

  • Consulting records: up to 7 years (to meet legal, tax, and professional record-keeping obligations)

  • Website inquiries: only until resolved

  • Newsletter subscriptions: until you unsubscribe

  • Booking data: retained within our client management platform; deletable upon request

Backups and archives are securely overwritten or destroyed after retention periods.

 

Children’s Data

  • Services are not directed at individuals under 18.

  • We do not knowingly collect children’s data.

  • If data is collected inadvertently, it will be deleted.

 

Your Rights

Depending on where you are located, you may have rights to:

  • Access the data we hold about you.

  • Request correction or updates.

  • Request deletion (“right to be forgotten”).

  • Restrict or object to processing.

  • Not to be subject to automated decision-making, including profiling.

  • Data portability (receive your data in machine-readable format or transfer it to another provider).

  • Withdraw consent (marketing, recordings, testimonials, sensitive data) at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

  • Lodge a complaint with the OAIC, ICO, or other competent supervisory authority.

To initiate a request, contact us.

 

Complaints Process

  • We will acknowledge your complaint within 7 business days.

  • We aim to resolve complaints within 30 days.

  • If unresolved, you may escalate to the relevant regulator (see below).

Regulator contacts:

 

Changes to This Policy

We may update this Privacy Policy periodically. Where changes are material, we will notify affected individuals directly (e.g., by email if we hold your contact details).

 

Your Acceptance of This Policy

By using our website or purchasing services, you signify acceptance of this Policy. If you do not agree, you should not use our services.

 

Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our handling of your personal information, please contact our data privacy officer at:

Locus Clarity

Contact: Contact us

Website: www.locusclarity.com.au

We take privacy complaints seriously and will respond promptly.