Privacy Policy

Your privacy and data protection are fundamental to our operations

Last Updated: January 1, 2025

Introduction

Storntotem Pty Ltd (ABN: 12 345 678 901) ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us.

This policy complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and the General Data Protection Regulation (GDPR) for our European users.

Information We Collect

Personal Information

We may collect the following types of personal information:

  • Contact Information: Name, email address, phone number, postal address
  • Account Information: Username, password, profile preferences
  • Educational Information: Art experience level, course interests, portfolio samples
  • Payment Information: Credit card details, billing address (processed securely through third-party payment processors)
  • Communication Records: Messages, emails, and other communications with us
  • Marketing Preferences: Newsletter subscriptions, communication preferences

Automatically Collected Information

When you visit our website, we automatically collect certain information:

  • Technical Information: IP address, browser type, operating system, device information
  • Usage Information: Pages visited, time spent on pages, click patterns, referring websites
  • Location Information: General geographic location based on IP address
  • Cookies and Tracking: Information collected through cookies and similar technologies

How We Use Your Information

We use your personal information for the following purposes:

Service Provision

  • Processing course enrollments and managing your educational journey
  • Providing customer support and responding to inquiries
  • Delivering educational content and materials
  • Processing payments and managing financial transactions
  • Creating and maintaining your student account

Communication

  • Sending course-related notifications and updates
  • Delivering newsletters and marketing communications (with your consent)
  • Responding to your questions and requests
  • Providing important service announcements

Improvement and Analytics

  • Analyzing website usage to improve our services
  • Conducting research to enhance our educational programs
  • Personalizing your experience on our website
  • Developing new courses and features

Legal and Compliance

  • Complying with legal obligations and regulations
  • Protecting our rights and interests
  • Preventing fraud and ensuring security
  • Enforcing our terms of service

Legal Basis for Processing

We process your personal information based on the following legal grounds:

  • Contract Performance: To fulfill our obligations under our service agreement with you
  • Legitimate Interests: To operate our business, improve our services, and communicate with you
  • Consent: Where you have given explicit consent for specific processing activities
  • Legal Obligation: To comply with applicable laws and regulations

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

Service Providers

We may share information with trusted third-party service providers who assist us in:

  • Payment processing and financial services
  • Email marketing and communication platforms
  • Website hosting and technical infrastructure
  • Analytics and performance monitoring
  • Customer support services

Legal Requirements

We may disclose your information when required by law or to:

  • Comply with legal processes or government requests
  • Protect our rights, property, or safety
  • Prevent fraud or illegal activities
  • Enforce our terms of service

Business Transfers

In the event of a merger, acquisition, or sale of business assets, your information may be transferred as part of the transaction, subject to appropriate safeguards.

Data Security

We implement comprehensive security measures to protect your personal information:

  • Encryption: All sensitive data is encrypted in transit and at rest
  • Access Controls: Strict access controls limit who can view your information
  • Regular Audits: We conduct regular security audits and assessments
  • Staff Training: Our team receives regular privacy and security training
  • Incident Response: We have procedures in place to respond to security incidents

Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services and support your educational journey
  • Comply with legal obligations and regulations
  • Resolve disputes and enforce our agreements
  • Maintain business records for legitimate purposes

Generally, we retain:

  • Account Information: For the duration of your account plus 7 years after closure
  • Course Records: For 10 years to support ongoing educational needs
  • Marketing Data: Until you unsubscribe or request deletion
  • Analytics Data: In aggregated, non-identifiable form for business intelligence

Your Rights and Choices

You have the following rights regarding your personal information:

Access and Portability

  • Request access to your personal information
  • Obtain a copy of your data in a portable format
  • Receive information about how your data is processed

Correction and Updates

  • Correct inaccurate or incomplete information
  • Update your contact details and preferences
  • Modify your account settings

Deletion and Restriction

  • Request deletion of your personal information
  • Restrict certain processing activities
  • Object to processing for direct marketing

Consent Management

  • Withdraw consent for specific processing activities
  • Manage your communication preferences
  • Update your cookie settings

To exercise these rights, please contact us at [email protected].

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information about our cookie practices, please see our Cookie Policy.

International Data Transfers

Your information may be transferred to and processed in countries other than Australia. When we transfer your data internationally, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions by relevant data protection authorities
  • Standard contractual clauses approved by authorities
  • Certification schemes and codes of conduct
  • Binding corporate rules for intra-group transfers

Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it immediately.

For users aged 13-18, we require parental consent before collecting personal information and encourage parents to review this policy with their children.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of significant changes by:

  • Posting the updated policy on our website
  • Sending email notifications to registered users
  • Displaying prominent notices on our website
  • Providing direct notification for material changes

Your continued use of our services after policy changes indicates your acceptance of the updated terms.

Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

Storntotem Pty Ltd
Level 3, 123 Collins Street
Melbourne VIC 3000
Australia

Privacy Officer:
Email: [email protected]
Phone: +61 3 9876 5432

Data Protection Officer (EU):
Email: [email protected]

Complaints and Disputes

If you have concerns about our handling of your personal information, you can:

  • Contact our Privacy Officer directly
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)
  • For EU residents, contact your local data protection authority
  • Seek resolution through alternative dispute resolution services

We are committed to resolving privacy concerns promptly and fairly.

Definitions

  • Personal Information: Information that identifies or could reasonably identify an individual
  • Processing: Any operation performed on personal information, including collection, use, storage, and disclosure
  • Data Controller: The entity that determines the purposes and means of processing personal information
  • Data Processor: An entity that processes personal information on behalf of a data controller
  • Consent: Freely given, specific, informed agreement to the processing of personal information

This Privacy Policy is effective as of January 1, 2025, and supersedes all previous versions.