Drainingplant

Privacy Policy

Last updated:

This Privacy Policy describes how Drainingplant ("we", "us", or "our") collects, uses, stores, and protects personal information when you visit our website at drainingplant.world, communicate with us, or participate in our educational mental clarity workshops. We are committed to handling your data responsibly and in accordance with the General Data Protection Regulation (GDPR), the Australian Privacy Act 1988, and applicable international data protection standards.

1. Data Controller Information

The data controller responsible for your personal information is:

  • Business Name: Drainingplant
  • Registered Address: 455 George St, Sydney NSW 2000, Australia
  • Email: hello@drainingplant.world
  • Phone: +61 2 9265 6800
  • Website: drainingplant.world

For any privacy-related enquiries, data subject requests, or concerns about how your information is processed, please contact us using the details above. We will respond to all legitimate requests within thirty days, or sooner where required by applicable law.

2. Scope of This Policy

This Privacy Policy applies to all personal data collected through our website, contact forms, email correspondence, telephone communications, workshop registrations, and any other channels through which you interact with Drainingplant. It does not apply to third-party websites or services that may be linked from our pages. We encourage you to review the privacy policies of any external sites you visit.

3. Categories of Personal Data We Collect

3.1 Information You Provide Directly

When you contact us, register for a workshop, or submit a form on our website, we may collect the following categories of personal data:

  • Full name and preferred name
  • Email address
  • Telephone number
  • Postal address
  • Message content and enquiry details
  • Workshop preferences and program selections
  • Payment and billing information (processed through secure third-party payment providers)
  • Consent records including timestamps and consent method

3.2 Information Collected Automatically

When you browse our website, certain technical data may be collected automatically through cookies and similar technologies, subject to your consent preferences:

  • IP address (anonymised where possible)
  • Browser type and version
  • Operating system
  • Device type and screen resolution
  • Pages visited and time spent on each page
  • Referring website or search engine
  • Date and time of visit
  • Click patterns and navigation paths

3.3 Information from Third Parties

We may receive limited personal data from third-party service providers such as payment processors, analytics platforms, and advertising partners. This data is processed only in accordance with this policy and our agreements with those providers.

4. Legal Basis for Processing

Under the GDPR, we process your personal data based on one or more of the following legal grounds:

  • Consent: Where you have given clear consent for us to process your personal data for specific purposes, such as marketing communications or non-essential cookies.
  • Contractual Necessity: Where processing is necessary to fulfil our obligations under a contract with you, such as workshop registration and delivery of educational services.
  • Legitimate Interests: Where processing is necessary for our legitimate business interests, such as improving our website, preventing fraud, and ensuring network security, provided these interests are not overridden by your rights.
  • Legal Obligation: Where processing is required to comply with applicable laws, regulations, or legal proceedings.

5. Purposes of Data Processing

We use your personal data for the following specific purposes:

  • Responding to enquiries submitted through our contact form, email, or telephone
  • Processing workshop registrations and managing participant records
  • Delivering educational materials and session-related communications
  • Processing payments and issuing invoices or receipts
  • Improving our website functionality and user experience
  • Conducting anonymised analytics to understand visitor behaviour
  • Delivering relevant advertising content where you have provided marketing consent
  • Maintaining records required for accounting, tax, and regulatory compliance
  • Protecting against unauthorised access, fraud, and security threats
  • Enforcing our Terms of Use and resolving disputes

6. Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by law. Our standard retention periods are as follows:

  • Contact form submissions: Retained for twenty-four months from the date of submission, unless an ongoing business relationship exists.
  • Workshop registration records: Retained for seven years from the date of the last attended session for accounting and legal compliance purposes.
  • Payment records: Retained for seven years in accordance with Australian tax legislation.
  • Marketing consent records: Retained for the duration of consent plus three years after withdrawal.
  • Analytics data: Anonymised and aggregated data retained for twenty-six months.
  • Cookie consent preferences: Stored locally on your device until cleared or updated.

When retention periods expire, personal data is securely deleted or anonymised so that it can no longer be associated with you.

7. Data Sharing and Third-Party Processors

We do not sell your personal data to third parties. We may share your information with the following categories of recipients, solely for the purposes described in this policy:

  • Payment processing providers for secure transaction handling
  • Email service providers for transactional and informational communications
  • Website hosting and infrastructure providers
  • Analytics service providers (subject to your cookie consent preferences)
  • Professional advisors including accountants and legal counsel
  • Law enforcement or regulatory authorities when required by law

All third-party processors are bound by data processing agreements that require them to protect your information and process it only according to our instructions.

8. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA) or Australia. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other legally recognised transfer mechanisms.

9. Your Rights Under GDPR and Australian Privacy Law

Depending on your location, you may have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data where there is no compelling reason for continued processing.
  • Right to Restrict Processing: Request limitation of processing in certain circumstances.
  • Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: File a complaint with a supervisory authority. In Australia, contact the Office of the Australian Information Commissioner (OAIC). In the EU, contact your local data protection authority.

To exercise any of these rights, contact us at hello@drainingplant.world. We may need to verify your identity before processing your request.

10. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted between your browser and our servers
  • Secure storage with access controls limited to authorised personnel
  • Regular security assessments and vulnerability monitoring
  • Employee training on data protection responsibilities
  • Incident response procedures for potential data breaches
  • Encryption of sensitive data at rest where technically feasible

While we take reasonable precautions, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but commit to notifying affected individuals and relevant authorities of any data breach as required by applicable law.

11. Children's Privacy

Our website and workshops are intended for adults aged eighteen and over. We do not knowingly collect personal data from individuals under eighteen years of age. If we become aware that we have collected data from a minor, we will take steps to delete that information promptly.

12. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals. Any analytics we conduct are used in aggregate form to improve our services and are not applied to individual profiling.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy regularly to stay informed about how we protect your information.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us:

  • Email: hello@drainingplant.world
  • Phone: +61 2 9265 6800
  • Address: 455 George St, Sydney NSW 2000, Australia