Gardennature
Legal Information

Privacy Policy

This document explains how Gardennature collects, uses, stores, and protects your personal information when you visit our website or use our services.

Last updated:

1. Introduction and Data Controller

Gardennature ("we", "us", or "our") operates the website gardennature.world and provides food habit coaching including consulting, custom meal frameworks, educational products, and structured programs. We are committed to protecting your privacy and handling your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) for individuals in the European Economic Area and the Privacy Act 1988 (Cth) and Australian Privacy Principles for individuals in Australia.

The data controller responsible for your personal information is:

Gardennature
Shop R1.05/13 Hay St, Haymarket NSW 2000, Australia
Email: hello@gardennature.world
Phone: +61 2 9325 6200

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us using the details above.

2. Scope of This Policy

This Privacy Policy applies to all personal data we collect through our website, contact forms, coaching sessions, program enrolments, email communications, and any other interactions you have with us. It does not apply to third-party websites or services that may be linked from our platform. We encourage you to review the privacy policies of any external sites you visit.

3. Categories of Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

3.1 Identity and Contact Data

Your full name, email address, telephone number, postal address, and any other contact details you provide when completing our contact form, registering for services, or communicating with us directly.

3.2 Communication Data

The content of messages you send through our contact form, email correspondence, and notes from coaching sessions where you have provided explicit consent for recording or note-taking.

3.3 Technical and Usage Data

Information collected automatically when you visit our website, including your IP address, browser type and version, operating system, device type, referring URL, pages viewed, time spent on pages, and interaction patterns. This data is collected through cookies and similar technologies as described in our Cookie Policy.

3.4 Service-Related Data

Information you share during coaching consultations about your food habits, meal preferences, household composition, and scheduling constraints. This data is used solely to deliver our coaching services and is treated with heightened confidentiality.

3.5 Transaction Data

Details of purchases you make, including payment method type (but not full card numbers), transaction dates, amounts, and purchased products or services.

4. Legal Basis for Processing

Under the GDPR, we process your personal data on the following legal bases:

  • Consent: When you submit our contact form, accept cookies, or agree to data processing during service enrolment, you provide explicit consent for us to process your data for the stated purposes.
  • Contractual necessity: Processing required to deliver coaching services, educational products, or programs you have purchased or enquired about.
  • Legitimate interests: Processing necessary for our legitimate business interests, such as improving our website, preventing fraud, and ensuring network security, provided these interests do not override your fundamental rights.
  • Legal obligation: Processing required to comply with applicable laws, regulations, court orders, or regulatory requests.

5. Purposes of Data Usage

We use your personal data for the following specific purposes:

  • Responding to enquiries submitted through our contact form or email
  • Delivering coaching sessions, custom meal frameworks, and educational materials
  • Processing payments and managing your account or program enrolment
  • Sending service-related communications, such as session reminders and program updates
  • Improving our website content, user experience, and service offerings through aggregated analytics
  • Complying with legal and regulatory obligations
  • Protecting our website and services against unauthorised access, fraud, and security threats

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

6. Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share your information with the following categories of recipients only when necessary:

  • Service providers: Trusted third parties who assist us with website hosting, email delivery, payment processing, and analytics. These providers are bound by contractual obligations to protect your data and process it only according to our instructions.
  • Professional advisers: Lawyers, accountants, or auditors when required for legal compliance or business operations.
  • Regulatory authorities: When required by law, court order, or governmental request.

Any international transfer of personal data outside the European Economic Area or Australia is conducted with appropriate safeguards, including standard contractual clauses approved by relevant authorities.

7. Data Retention Period

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Contact form submissions: Retained for 24 months from the date of submission, unless you request earlier deletion.
  • Coaching session records: Retained for 36 months from the date of your last session, or until you request deletion.
  • Transaction records: Retained for 7 years to comply with Australian tax and financial reporting requirements.
  • Technical and analytics data: Retained for 14 months in anonymised or pseudonymised form.
  • Cookie consent records: Retained for 12 months from the date of consent.

When retention periods expire, we securely delete or anonymise your data so it can no longer be associated with you.

8. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted between your browser and our servers
  • Access controls limiting personal data access to authorised personnel only
  • Regular security assessments and updates to our systems and software
  • Secure storage of physical and digital records containing personal information
  • Staff training on data protection principles and confidentiality obligations
  • Incident response procedures for detecting, reporting, and addressing data breaches

While we take reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but commit to notifying affected individuals and relevant authorities of any breach as required by law.

9. Your Rights Under GDPR and Australian Privacy Law

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data where there is no compelling reason for continued processing.
  • Right to restrict processing: Request that we limit how we use your data in certain circumstances.
  • Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: File a complaint with a supervisory authority, such as the Office of the Australian Information Commissioner (OAIC) or your local data protection authority in the EEA.

To exercise any of these rights, contact us at hello@gardennature.world. We will respond within 30 days of receiving your request. We may need to verify your identity before processing your request.

10. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The "Last updated" date at the top of this page indicates when the most recent revision took effect. We encourage you to review this page periodically. Material changes will be communicated through a notice on our website or via email where appropriate.

12. Contact Information

For privacy-related enquiries, data subject requests, or complaints, please contact:

Gardennature
Shop R1.05/13 Hay St, Haymarket NSW 2000, Australia
Email: hello@gardennature.world
Phone: +61 2 9325 6200

We aim to resolve all privacy concerns promptly and fairly. If you are not satisfied with our response, you have the right to contact the Office of the Australian Information Commissioner at www.oaic.gov.au or your relevant European supervisory authority.