Privacy Policy - Enlightened Business Solutions

1

About This Policy

Enlightened Business Solutions Pty Ltd (“EBS”, “we”, “us”, or “our”) is committed to protecting the privacy of everyone who interacts with our website and services. This Privacy Policy explains what personal information we collect, how we use it, who we may share it with, and how we protect it.

This Policy applies to all personal information collected through:

Our website at www.enlightenedbusiness.com.au and any subdomains;
Our booking system at bookings.enlightenedbusiness.com.au;
Direct communications with us (email, phone, or in person); and
The delivery of our professional services.

By using our website or engaging our services, you agree to the collection and use of your information in accordance with this Policy. If you do not agree, please do not use our website or services.

2

Who We Are

Enlightened Business Solutions Pty Ltd
ABN: 31 428 210 720
Suite 1A, Level 2, 802 Pacific Highway, Gordon NSW 2072, Australia
Email: heretohelp@enlightenedbusiness.com.au
Phone: 1300 052 594

We are an Australian-owned and operated digital transformation consultancy. Our principal consultant, Anthony Pinto, is the Privacy Officer for the purposes of this Policy.

Under the Privacy Act 1988 (Cth), we are an APP entity and are bound by the Australian Privacy Principles (APPs). Where we handle personal data of individuals located in the European Union or United Kingdom, we also act as a data controller for the purposes of the General Data Protection Regulation (GDPR) and UK GDPR respectively.

3

Information We Collect

We collect only the minimum personal information necessary to respond to enquiries and deliver our services. The categories of personal information we may collect include:

3.1 Information you provide directly

Identity data: first name, last name, job title, company name;
Contact data: email address, telephone number, postal address;
Communication data: the content of enquiries, messages, or correspondence you send us;
Booking data: appointment preferences, scheduling information collected through our booking system;
Service data: business information, system access credentials, project documentation, and other data necessary to deliver contracted services; and
Financial data: invoicing details and payment records (we do not store payment card details directly — payments are processed through our secure third-party payment systems).

3.2 Information collected automatically

Technical data: IP address, browser type and version, operating system, device type, screen resolution;
Usage data: pages visited, time spent on pages, referring URL, links clicked; and
Cookie data: as described in Section 9 below.

3.3 Sensitive information

We do not intentionally collect sensitive information (as defined in the Privacy Act 1988, including health information, racial or ethnic origin, religious beliefs, or biometric data). Please do not submit sensitive information through our contact forms or communications. If sensitive information is provided in the course of a professional engagement, it will be handled with additional care in accordance with APP 3.3.

4

How We Collect Your Information

We collect personal information through the following channels:

Contact forms: when you submit an enquiry through our website contact form;
Booking system: when you schedule a discovery call or appointment through our online booking portal;
Direct communications: when you contact us by email, telephone, video conference, or in person;
Service delivery: information provided by you or your organisation in the course of a consulting or implementation engagement;
Cookies and analytics: automatically through your browser when you visit our website (see Section 9); and
Public sources: information that is publicly available, such as your company’s website or LinkedIn profile, where relevant to a business enquiry.

Where practicable, we collect personal information directly from the individual concerned. We will not collect personal information by unlawful or unfair means.

5

Why We Collect Your Information

We collect and use personal information for the following purposes, each of which has a lawful basis under the Privacy Act 1988 and, where applicable, the GDPR:

5.1 Responding to enquiries and providing services

To respond to your enquiries, book appointments, provide quotations, and deliver the professional services you have engaged us for. This is necessary for the performance of a contract or to take steps prior to entering one.

5.2 Business administration

To manage our client relationships, issue invoices, process payments, maintain project records, and comply with legal obligations including tax and accounting requirements.

5.3 Service improvement

To analyse how our website is used and improve its content, performance, and user experience. This is based on our legitimate interests in operating an effective business.

5.4 Marketing communications

With your consent, to send you relevant updates, articles, and information about our services that may be of interest. You may withdraw consent at any time by contacting us or clicking “unsubscribe” in any marketing email. We comply with the Spam Act 2003 (Cth) and will only send commercial electronic messages with your consent.

5.5 Legal compliance and security

To comply with our legal obligations (including under the Privacy Act 1988, the Notifiable Data Breaches scheme, tax laws, and court orders), to protect the security of our systems and data, and to detect and prevent fraud or abuse.

We will not use personal information for a purpose other than those described above without first obtaining your consent or as otherwise permitted by law.

6

Storage and Security

6.1 How we store your information

Personal information is stored in the following systems:

Zoho CRM: contact and lead information submitted via our website forms is stored in Zoho CRM, hosted on Zoho’s cloud infrastructure;
Zoho Bookings: appointment and scheduling data is stored on Zoho’s booking platform;
Email systems: communications are stored in our managed email environment; and
Project management tools: project-related data is stored in secure cloud platforms used for client delivery.

6.2 Security measures

We take reasonable technical and organisational steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Our security measures include:

HTTPS/TLS encryption across all web properties;
Role-based access controls limiting data access to authorised personnel;
Multi-factor authentication on systems holding personal data;
Regular software updates and security patching;
Contractual data protection obligations imposed on all third-party processors; and
Staff awareness of privacy obligations.

6.3 Retention periods

We retain personal information only for as long as it is necessary for the purpose for which it was collected, or as required by law:

Enquiry and contact data: 3 years from last contact, unless a client engagement arises;
Client engagement data: 7 years from the conclusion of the engagement, in accordance with Australian tax and record-keeping requirements;
Website analytics data: up to 26 months in aggregated form; and
Marketing consent records: for the duration of the consent plus 1 year.

When personal information is no longer required, it is securely deleted or de-identified.

6.4 No absolute guarantee

While we take all reasonable precautions, no method of electronic transmission or storage is completely secure. If you have reason to believe your personal information has been compromised, please contact us immediately.

7

Disclosure to Third Parties

We do not sell, rent, or trade your personal information. We may disclose personal information in the following limited circumstances:

7.1 Service providers (data processors)

We engage trusted third-party service providers who process personal information on our behalf, strictly under our instructions and bound by appropriate data processing agreements:

Zoho Corporation Pty Ltd — CRM, bookings, email, and productivity platform (Privacy Policy: zoho.com/privacy.html);
Our web hosting provider — the platform on which this website operates;
Google LLC — Google Fonts (font delivery via CDN); and
Payment processors — where applicable, to process invoiced payments.

7.2 Professional advisers

We may disclose information to our accountants, lawyers, or insurers on a confidential basis where necessary.

7.3 Legal requirements

We may disclose personal information where required to do so by law, court order, or regulator (including the Office of the Australian Information Commissioner), or where we reasonably believe disclosure is necessary to protect the rights, property, or safety of EBS, our clients, or others.

7.4 Business transfers

In the event of a merger, acquisition, or sale of all or part of our business, personal information held by us may be transferred to the acquirer, subject to equivalent privacy protections.

In all other cases, we will obtain your consent before disclosing your personal information to a third party.

8

International Data Transfers

Some of our service providers (including Zoho) may store or process personal information outside Australia, including in the United States, India, and member states of the European Union. Where this occurs, we take steps to ensure that appropriate safeguards are in place consistent with APP 8 of the Privacy Act 1988.

For transfers from the European Economic Area, we rely on the following safeguards as applicable:

European Commission adequacy decisions;
Standard Contractual Clauses (SCCs) approved by the European Commission; and/or
The EU–U.S. Data Privacy Framework where the recipient is certified.

You may request details of the safeguards in place for any specific transfer by contacting our Privacy Officer.

9

Cookies and Tracking Technologies

9.1 What are cookies?

Cookies are small text files placed on your device by a website. They help websites remember your preferences and understand how you use the site.

9.2 Cookies we use

Strictly necessary cookies: required for the website to function (e.g. WordPress session cookies, form security tokens). These cannot be disabled.
Analytics cookies: used to understand how visitors interact with our website (e.g. pages visited, session duration). This data is aggregated and does not identify you personally.
Preference cookies: used to remember choices you make, such as language or region.
Third-party cookies: Google Fonts may set cookies when delivering font files. We do not use third-party advertising cookies.

9.3 Your choices

You can control and delete cookies through your browser settings. Disabling cookies may affect the functionality of certain parts of our website. For more information about managing cookies, visit oaic.gov.au or your browser’s help documentation.

9.4 Do Not Track

Our website does not currently respond to “Do Not Track” signals from browsers, as there is no agreed industry standard for handling them.

10

Your Privacy Rights

10.1 Australian residents

Under the Australian Privacy Principles, you have the right to:

Access the personal information we hold about you (APP 12);
Correct personal information that is inaccurate, out-of-date, incomplete, irrelevant, or misleading (APP 13);
Make a complaint if you believe we have interfered with your privacy; and
Know what personal information we collect and hold, and generally how we handle it (APP 1).

10.2 EU / UK residents (GDPR)

If you are located in the European Economic Area or United Kingdom, you have additional rights under the GDPR:

Right of access — to obtain a copy of your personal data and information about how it is processed (Art. 15);
Right to rectification — to have inaccurate data corrected (Art. 16);
Right to erasure (“right to be forgotten”) — to have your data deleted in certain circumstances (Art. 17);
Right to restrict processing — to limit how we use your data in certain circumstances (Art. 18);
Right to data portability — to receive your data in a structured, machine-readable format (Art. 20);
Right to object — to object to processing based on legitimate interests or for direct marketing (Art. 21); and
Rights relating to automated decision-making — we do not carry out automated profiling that produces legal or similarly significant effects.

10.3 California residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, disclose, or sell; to request deletion; to opt out of any sale of your personal information (we do not sell personal information); and to non-discrimination for exercising your rights.

10.4 How to exercise your rights

To exercise any of the rights above, please contact our Privacy Officer at heretohelp@enlightenedbusiness.com.au. We will respond within 30 days (or such shorter period as required by applicable law). We may need to verify your identity before processing your request. We will not charge a fee unless the request is manifestly unfounded or excessive.

11

Data Breach Notification

We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988. In the event of an eligible data breach — one that is likely to result in serious harm to any individuals whose information is involved — we will:

Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable;
Notify affected individuals directly, where required and practicable; and
Take prompt steps to contain the breach and prevent further harm.

If you believe a data breach has occurred, please notify us immediately at heretohelp@enlightenedbusiness.com.au.

12

Children’s Privacy

Our website and services are directed at business professionals and are not intended for children under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

13

Links to Third-Party Websites

Our website may contain links to third-party websites (including Zoho, LinkedIn, and other platforms). We are not responsible for the privacy practices of those sites. We encourage you to read the privacy policy of any third-party site you visit. This Policy applies only to information collected by EBS.

14

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. The “Last updated” date at the top of this page will reflect any changes. We will notify you of material changes by posting a notice on our website or, where appropriate, by direct communication.

Continued use of our website or services after the effective date of any update constitutes your acceptance of the revised Policy.

15

Contact Us & How to Complain

15.1 Privacy enquiries

For any questions, concerns, or requests relating to your personal information or this Policy, please contact our Privacy Officer:

Anthony Pinto, Privacy Officer
Enlightened Business Solutions Pty Ltd
Suite 1A, Level 2, 802 Pacific Highway, Gordon NSW 2072
Email: heretohelp@enlightenedbusiness.com.au
Phone: 1300 052 594

15.2 Making a complaint

If you are not satisfied with our response to a privacy concern, you may lodge a complaint with:

Australia — Office of the Australian Information Commissioner (OAIC): oaic.gov.au | 1300 363 992;
European Union / UK: your local data protection supervisory authority; or
California: the California Privacy Protection Agency (CPPA).

We ask that you contact us first so that we have the opportunity to address your concern directly.