Privacy Policy

WEBSITE PRIVACY POLICY

This Privacy Policy applies to all personal information collected by Whole at Work (trading as Jacklyn Rose) (we, us or our) via the website located at www.wholeatwork.com (Website).

1. Scope of this Privacy Policy

This Privacy Policy applies to personal information collected, held, used and disclosed by Whole at Work (trading as Jacklyn Rose) (we, us or our) in connection with our website, enquiries, bookings, intake and onboarding processes, consultations, 1:1 career coaching, life coaching, client communications, payment processing, and related business operations.

This includes personal information collected through our website, contact forms, intake forms, questionnaires, email, phone calls, video conferencing platforms, online scheduling systems, payment systems, and during the delivery of our services.

2. Types of information

The Privacy Act 1988 (Cth) (Privacy Act) defines types of information, including Personal Information and Sensitive Information.

Personal Information means information or an opinion about an identified individual or an individual who is reasonably identifiable:

(a) whether the information or opinion is true or not; and

(b) whether the information or opinion is recorded in a material form or not.

If the information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as “Personal Information” and will not be subject to this privacy policy.

Sensitive Information is defined in the Privacy Act as including information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive Information will be used by us only:

(a) for the primary purpose for which it was obtained;

(b) for a secondary purpose that is directly related to the primary purpose; and

(c) with your consent or where required or authorised by law.

3. What personal information we collect

The personal information we collect depends on how you interact with us and the services you choose to receive. We may collect and hold personal information such as:

  • your name, email address, telephone number, postal address and other contact details;

  • your business, employment and professional information relevant to the services we provide to you;

  • booking, appointment and scheduling details;

  • payment and transaction details, including information processed through third-party payment providers;

  • information you submit through contact forms, intake forms, questionnaires, assessments and surveys;

  • information you provide during consultations, coaching sessions and other communications with us;

  • records of communications with you, including emails, messages and call records;

  • notes, file notes, session summaries, action plans and other internal records we create in connection with providing services to you;

  • documents, files, images or other materials you provide to us; and

  • website usage data, including IP address, browser type, device information, pages visited and cookies.

Where recording or transcription tools are used in connection with a consultation, coaching session or meeting, we may collect audio or video recordings and transcriptions, but only in accordance with clause 5 below.

We only collect personal information that is reasonably necessary for our business functions and activities, including providing 1:1 career coaching, life coaching and related services.

4. Sensitive information

In some circumstances, we may collect sensitive information about you where it is reasonably necessary for providing our services, where you consent, or where otherwise permitted or required by law.

Depending on the nature of the services and what you choose to share with us, this may include information relating to your health, wellbeing, disability, accessibility requirements, or other sensitive matters relevant to intake, consultations or coaching sessions.

We generally collect sensitive information directly from you, including through intake forms, questionnaires, consultations, coaching sessions and related communications.

You do not have to provide sensitive information to us. However, if you choose not to provide certain information, this may affect our ability to provide some services to you or tailor our services to your needs.

We will only collect sensitive information that is reasonably necessary for the services we provide, and we will only use or disclose it:

  • for the primary purpose for which it was collected;

  • for a directly related secondary purpose where permitted by law;

  • with your consent; or

  • where otherwise required or authorised by law.

We do not use sensitive information for direct marketing.

5. Recording and transcription

We may use audio or video recording tools, and transcription tools, for consultations, coaching sessions or meetings where this assists with service delivery, note-taking, record keeping, preparation of client materials, administrative purposes, or quality assurance.

We will only record or transcribe a session where:

  • you have been notified before the session that recording or transcription may occur;

  • the purpose of the recording or transcription has been explained to you; and

  • you have provided your consent before the recording or transcription begins, where required.

You may decline recording or transcription before the session begins. Where reasonably practicable, we will still provide the session without recording or transcription.

Recordings and transcripts will only be accessed by people who reasonably need access for service delivery, administration, technical support, legal, insurance or compliance purposes.

Where we use third-party platforms or service providers for video conferencing, recording or transcription, those providers may store or process recordings or transcripts on our behalf.

We will take reasonable steps to securely store recordings and transcripts and to delete or de-identify them when they are no longer reasonably required for the purpose for which they were collected, unless we are required or permitted by law to retain them.

6. How we collect your Personal Information

We may collect personal information from you when you:

  • visit or use our website;

  • contact us through our website, by email, phone, SMS or social media;

  • make an enquiry or booking;

  • complete an intake form, questionnaire, assessment or other onboarding document;

  • attend an initial consultation, coaching session or other meeting with us;

  • provide information or documents to us during the course of our services;

  • make payment for our services; or

  • otherwise communicate or interact with us.

We may also collect personal information from third parties where you have authorised this or where it is otherwise lawful to do so.

7. Purpose of collection

We collect, hold, use and disclose personal information for purposes including:

  • responding to enquiries and providing information about our services;

  • assessing suitability for, onboarding, and delivering our services;

  • communicating with you about appointments, services and administrative matters;

  • creating and maintaining client records;

  • preparing notes, summaries, action plans, resources and other client materials;

  • processing payments and managing accounts;

  • improving our website, systems and services;

  • complying with legal, accounting, insurance and regulatory obligations; and

  • where permitted by law, sending you marketing communications about our services.

We will not use sensitive information for direct marketing without your consent unless otherwise permitted by law.

8. Disclosure of personal information

We may disclose personal information to third parties who assist us in operating our business and providing services, such as:

  • payment processors;

  • booking and scheduling platform providers;

  • cloud storage and document management providers;

  • email and communication service providers;

  • video conferencing providers and, where used, recording and transcription service providers;

  • IT support, website hosting and software providers;

  • administrative, accounting, legal or other professional advisers; and

  • regulatory bodies, courts, tribunals or government agencies where required or authorised by law.

We take reasonable steps to ensure that third-party service providers handle personal information in a manner consistent with applicable privacy laws and only for the purposes of providing

services to us or on our behalf.

Where reasonably practicable, we will only disclose personal information to third-party providers that are subject to appropriate confidentiality, privacy, security and data handling obligations.

9. Direct marketing

We may send you information about our services where permitted by law.

You may opt out of receiving marketing communications from us at any time by using the unsubscribe facility in our communications or by contacting us directly.

Service-related and administrative communications, including messages about bookings, appointments, payments, account matters or services you have requested, are not marketing communications.

10. Data breaches

If we become aware of a data breach involving personal information, we will assess the incident and take reasonable steps to contain and remediate it.

Where required by the Privacy Act 1988 (Cth), including the Notifiable Data Breaches scheme, we will notify affected individuals and the Office of the Australian Information Commissioner.

11. Storage, security, access, retention and correction

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure.

These steps may include access controls, password protection, use of secure third-party systems, limiting access to information on a need-to-know basis, and taking reasonable steps to secure physical and electronic records.

Personal information may be stored electronically in secure third-party systems and, where applicable, in physical files.

We retain personal information only for as long as reasonably necessary for the purposes for which it was collected, including to provide services, maintain business records, comply with legal, accounting, insurance and reporting obligations, and resolve disputes.

Retention periods may vary depending on the nature of the information and the purpose for which it was collected. For example, we may retain client records, consultation notes, communications, recordings, transcripts and payment records for different periods based on operational needs and legal obligations.

When personal information is no longer required, we will take reasonable steps to destroy it or de-identify it, unless we are required or permitted by law to retain it.

You may request access to the personal information we hold about you, and request correction of inaccurate, out-of-date, incomplete, irrelevant or misleading personal information, subject to any exceptions permitted by law.

12. Access, correction and complaints

You may request access to the personal information we hold about you, and request correction of inaccurate, out-of-date, incomplete, irrelevant or misleading personal information, subject to any exceptions permitted by law.

If you have a complaint about how we handle your personal information, please contact us using the contact details in this policy. We will consider your complaint and respond within a reasonable period.

We may ask you for further information to help us investigate your complaint.

If we agree that your complaint is well founded, we will work with you to take appropriate steps to address the issue.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

13. Overseas disclosure

Some of the third-party service providers we use may store or process personal information outside Australia.

This may occur where our service providers operate infrastructure, support services or data hosting arrangements in overseas jurisdictions.

Where we disclose personal information to overseas recipients, we will take reasonable steps to ensure that the recipient handles the information in a manner consistent with the Australian Privacy Principles, unless an exception under the Privacy Act 1988 (Cth) applies.

If you would like more information about whether we are likely to disclose personal information to overseas recipients, including the countries in which our service providers are likely to store or process personal information, you may contact us using the details set out in this policy.

14. How to contact us about privacy

If you have any queries, or if you seek access to your Personal Information, or if you have a complaint about our privacy practices, you can contact us through: privacy@wholeatwork.com.au.