Last updated:

Privacy Policy

This Privacy Policy explains how Strongorganic collects, uses, stores, and protects personal data when you visit strongorganic.world, submit enquiries, purchase educational products, or participate in our programs. We are committed to transparency and compliance with the General Data Protection Regulation (GDPR), the Australian Privacy Act 1988, and applicable international data protection laws.

1. Data Controller Information

The data controller responsible for your personal information is:

Strongorganic
282 Collins St, Melbourne VIC 3000, Australia
Telephone: +61 3 9654 5244
Email: hello@strongorganic.world
Website: strongorganic.world

Strongorganic operates as an educational provider offering everyday healthy eating support through consulting, personalised non-medical plans, educational products, and structured programs. We do not provide clinical medical services, and data collected through this website is processed in connection with these informational and commercial activities.

2. Categories of Data Collected

Depending on how you interact with our website and services, we may collect the following categories of personal data:

2.1 Identity and Contact Data

When you complete our contact form, register for a program, or purchase an educational product, we may collect your full name, email address, telephone number, postal address, and billing information. This data is necessary to respond to enquiries, deliver purchased materials, and schedule consulting sessions.

2.2 Communication Data

Messages you send through our contact form, email correspondence, and notes from consulting sessions are stored to maintain conversation history and provide consistent follow-up. We do not record video consultations without explicit prior consent.

2.3 Technical and Usage Data

When you visit our website, our servers and analytics tools (where you have provided consent) may automatically collect your IP address, browser type and version, operating system, referring URL, pages viewed, session duration, and approximate geographic location derived from IP data. This information is collected through cookies and similar technologies as described in our Cookie Policy.

2.4 Transaction Data

If you purchase educational products or enroll in paid programs, we collect order details, payment confirmation references, and refund request records. Full payment card numbers are processed by our payment provider and are not stored on our servers.

2.5 Preference Data

Cookie consent selections, newsletter preferences, and program participation choices are stored to honour your privacy settings and deliver relevant educational content.

Under the GDPR, we process personal data only when a lawful basis applies. The bases we rely upon include:

  • Consent (Article 6(1)(a)): For analytics cookies, marketing communications, and optional program features where you actively opt in.
  • Contractual necessity (Article 6(1)(b)): To fulfil orders, deliver educational products, and provide consulting sessions you have requested.
  • Legitimate interests (Article 6(1)(f)): To improve our website, prevent fraud, maintain security, and respond to general enquiries, balanced against your privacy rights.
  • Legal obligation (Article 6(1)(c)): To comply with tax, accounting, and regulatory record-keeping requirements under Australian law.

4. Purposes of Data Usage

We use collected personal data exclusively for the following purposes:

  1. Responding to contact form submissions and email enquiries within our stated response timeframe.
  2. Scheduling and delivering consulting sessions, whether in-person at our Melbourne office or via secure video conferencing.
  3. Providing access to purchased educational products, downloadable resources, and program materials.
  4. Processing payments, issuing invoices, and managing refund requests in accordance with our Refund Policy.
  5. Sending service-related communications such as appointment confirmations, material updates, and policy change notifications.
  6. Analysing aggregated website usage patterns to improve content structure and user experience, where analytics consent has been granted.
  7. Measuring the effectiveness of advertising campaigns on external platforms, where marketing consent has been granted.
  8. Protecting our website and users against unauthorised access, spam, and fraudulent activity.
  9. Maintaining records required by Australian tax and consumer protection legislation.

We do not use your personal data to make automated decisions that produce legal or similarly significant effects. We do not sell personal data to third parties.

5. Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes described above:

  • Contact form enquiries: Twenty-four months from the date of last correspondence, unless an ongoing client relationship exists.
  • Client and consulting records: Seven years from the date of the last session, to comply with Australian business record requirements.
  • Transaction and invoice data: Seven years from the transaction date, as required by the Australian Taxation Office.
  • Cookie consent records: Twelve months from the date consent was given or updated.
  • Analytics data: Twenty-six months in aggregated form, where consent has been provided.
  • Marketing preferences: Until you withdraw consent or unsubscribe, plus thirty days for processing the withdrawal.
  • Server log files: Ninety days, unless required for security incident investigation.

When retention periods expire, data is securely deleted or anonymised so it can no longer be associated with you.

6. Data Sharing and Third Parties

We share personal data with third parties only when necessary and under appropriate safeguards:

  • Hosting and infrastructure providers: Our website is hosted on secure servers with encrypted connections. Providers process data on our instructions under data processing agreements.
  • Payment processors: Transactions are handled by PCI-compliant payment gateways. We receive confirmation data but not full card details.
  • Email delivery services: Used to send transactional and, with consent, marketing emails. Recipients can unsubscribe at any time.
  • Analytics providers: Activated only when you consent to analytics cookies. Data is anonymised where technically feasible.
  • Professional advisers: Accountants and legal counsel may access data when required for compliance or dispute resolution.
  • Law enforcement: We may disclose data when required by valid legal process, court order, or to protect the rights and safety of individuals.

All third-party processors are assessed for adequate security practices and are bound by contractual obligations consistent with GDPR Article 28.

7. International Data Transfers

Our primary data processing occurs within Australia. Where data is transferred to service providers located in countries outside the European Economic Area or Australia, we ensure appropriate safeguards are in place. These may include Standard Contractual Clauses approved by the European Commission, adequacy decisions, or binding corporate rules. You may request details of the specific safeguards applied to your data by contacting us using the details in Section 12.

8. Security Measures

We implement technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption across all pages of strongorganic.world, preventing mixed-content transmission.
  • Access controls limiting employee access to personal data on a need-to-know basis.
  • Regular security reviews of our hosting environment and application configurations.
  • Encrypted storage for sensitive client notes and payment confirmation records.
  • Staff training on data protection principles and incident response procedures.
  • Incident logging and a documented breach notification process compliant with GDPR Article 33 and 34 timeframes.

While we take reasonable precautions, no method of internet transmission is completely secure. We encourage you to use strong passwords for any account areas and to contact us promptly if you suspect unauthorised access to your data.

9. Your Rights Under GDPR

If you are located in the European Economic Area, United Kingdom, or another jurisdiction granting similar rights, you may exercise the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data where no compelling legal basis for retention exists.
  • Right to restriction: Request that we limit processing in certain circumstances.
  • Right to data portability: Receive your data in a structured, machine-readable format where processing is based on consent or contract.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: File a complaint with your local data protection supervisory authority.

Australian residents may also access and correct personal information under the Privacy Act 1988 by contacting us directly. We will respond to verified requests within thirty days, or inform you if an extension is required.

10. Children's Privacy

Our website and services are directed at adults seeking everyday healthy eating education. We do not knowingly collect personal data from individuals under sixteen years of age without verifiable parental consent. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.

11. Policy Changes

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. The date at the top of this page indicates when the policy was last revised. Material changes will be communicated through a notice on our website or, where appropriate, by email to registered clients. Continued use of our website after changes take effect constitutes acceptance of the updated policy.

12. Contact and Complaints

For privacy-related enquiries, data subject requests, or complaints, contact our privacy team:

Strongorganic — Privacy Enquiries
282 Collins St, Melbourne VIC 3000, Australia
Email: hello@strongorganic.world
Telephone: +61 3 9654 5244

EU residents may also contact their local supervisory authority. In Australia, complaints may be directed to the Office of the Australian Information Commissioner at oaic.gov.au.