Privacy Policy

Last updated:

1. Who We Are

Cartilageankle, located at 6 Cartwright St, Rydal NSW 2790, Australia, is the organisation responsible for handling your personal information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). You can reach us at inquiry@cartilageankle.world or by phone at +61 415 543 473.

This policy applies to personal information we collect through this website and related communications. It is intended primarily for users in Australia.

2. Information We Collect

We may collect the following categories of personal information:

• Identity and contact details: Name, email address, and message content submitted via our contact form.
• Technical information: IP address, browser type, operating system, device information, and pages visited.
• Cookie and usage data: Information collected through cookies and similar technologies as described in our Cookie Policy.

We do not intentionally collect sensitive information (such as health records) through this website unless you voluntarily include it in a message. If you do, you consent to us handling that information solely to respond to your inquiry.

3. Why We Collect and How We Use Information

We collect and use personal information for the following purposes:

• To respond to inquiries: When you contact us, we use your details to reply to your request. We rely on your consent and our legitimate interests in operating our business (APP 3).
• To operate and improve the website: Including security, analytics (where you have consented), and troubleshooting (APP 3 and APP 6).
• To comply with legal obligations: Including record-keeping and responding to lawful requests from authorities.
• Direct marketing: We will only send marketing communications where permitted by law and, where required, with your express consent. You may opt out at any time (see Section 8 and the Spam Act 2003 (Cth)).

4. Disclosure of Personal Information

We do not sell or rent your personal information. We may disclose information to:

• Service providers: Hosting, analytics, email, or IT vendors who assist us and are contractually required to protect your information and use it only for the services they provide to us.
• Legal authorities: Where required or authorised by Australian law, or to protect rights, safety, or property.
• Overseas recipients: Some providers may store or process data outside Australia (for example, in the United States or the European Union). Before disclosure, we take reasonable steps to ensure overseas recipients handle information in line with the APPs, or we otherwise comply with APP 8.

5. Data Retention

We retain personal information only for as long as necessary for the purposes for which it was collected, unless a longer period is required by law:

• Contact form submissions: up to 12 months after the last communication, unless a longer period is needed for dispute resolution.
• Technical and cookie-related data: up to 26 months, or as stated in our Cookie Policy.
• Records required for legal, tax, or regulatory purposes: as required under applicable Australian law.

When information is no longer needed, we take reasonable steps to destroy or de-identify it (APP 11).

6. Data Quality and Security

We take reasonable steps to ensure personal information we collect is accurate, up to date, and complete (APP 10). We implement appropriate technical and organisational safeguards, including encrypted transmission (TLS/SSL), access controls, and periodic review of our security practices (APP 11).

7. Notifiable Data Breaches

If a data breach is likely to result in serious harm to individuals, we will assess the incident and, where required, notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988.

8. Your Rights and Choices

Under Australian privacy law, you may:

• Request access to the personal information we hold about you (APP 12).
• Request correction of inaccurate, out-of-date, incomplete, or misleading information (APP 13).
• Withdraw consent where processing is based on consent, without affecting the lawfulness of prior processing.
• Opt out of direct marketing by using the unsubscribe link in any marketing email or by contacting us.
• Make a complaint about how we handle your information (see Section 9).

To exercise these rights, contact us at inquiry@cartilageankle.world. We will respond within a reasonable period, and generally within 30 days. We may need to verify your identity before providing access.

If you are located in the European Economic Area, you may also have rights under the GDPR. Contact us to discuss how those rights apply to your situation.

9. Complaints

If you have a concern about how we handle your personal information, please contact us first so we can try to resolve the issue. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

10. Children

This website is not directed at children under 16. We do not knowingly collect personal information from children without appropriate parental or guardian consent.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.