Privacy Policy
Last updated: 2 June 2026
This Privacy Policy explains how Flexiblepure.world (“we”, “us”, “our”) handles personal information as defined in the Privacy Act 1988 (Cth) (“Privacy Act”). We follow the Australian Privacy Principles (APPs) in Schedule 1 of the Privacy Act. Where our services are accessed from overseas, we also address rights under the EU/UK General Data Protection Regulation (GDPR) where applicable.
This policy applies to personal information collected through this website, contact forms, email, and phone enquiries relating to our office anti-stress and workplace wellbeing resources.
1. Who We Are (APP 1 — Open and Transparent Management)
Organisation: Flexiblepure.world (operating from Family Chiro premises)
Postal address: Family Chiro, 2 Lincoln St, Charlestown NSW 2290, Australia
Email: welcome@flexiblepure.world
Phone: +61 417 711 300
ABN: 28 021 789 409
For privacy questions, complaints, or access requests, contact us using the details above. We will respond within a reasonable period, and generally within 30 days for access or correction requests under the APPs.
2. Scope and Australian Privacy Framework
We are committed to managing personal information in accordance with the Privacy Act, the APPs, the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act), OAIC guidance (including privacy and artificial intelligence), and 2026 expectations for transparency about automated and AI-assisted services. We also have regard to the Spam Act 2003 (Cth) and the Australian Consumer Law.
If you are in the European Economic Area or United Kingdom, additional rights in Section 15 may apply.
3. How We Meet the Australian Privacy Principles (APPs 1–13)
The table below summarises how we give effect to each APP. This is a plain-language summary; if there is any inconsistency, the Privacy Act and APPs prevail.
| APP | Our approach |
|---|---|
| APP 1 — Open and transparent management | This Policy, Cookie Policy, Terms, and AI transparency on our About page. |
| APP 2 — Anonymity and pseudonymity | Offered where lawful and practicable; contact details may be needed to reply. |
| APP 3 — Collection of solicited information | Collect only what is reasonably necessary; avoid sensitive health data via forms. |
| APP 4 — Unsolicited information | Destroy or de-identify unsolicited personal information we are not required to retain. |
| APP 5 — Notification of collection | Notice at collection (forms, cookies) and via this Policy. |
| APP 6 — Use or disclosure | Use for stated purposes; processors under contract; no sale of personal information. |
| APP 7 — Direct marketing | Consent or permitted basis; unsubscribe in commercial emails. |
| APP 8 — Cross-border disclosure | Reasonable steps or permitted grounds before overseas disclosure. |
| APP 9 — Government identifiers | We do not request Tax File Numbers, Medicare numbers, or similar IDs on this Website. |
| APP 10 — Quality | Keep information accurate, up to date, and complete where used. |
| APP 11 — Security | HTTPS, access controls, provider agreements, secure destruction when due. |
| APP 12 — Access | Access requests handled within a reasonable period (typically 30 days). |
| APP 13 — Correction | Correction requests welcomed; refusal explained where permitted by law. |
4. Artificial Intelligence, Algorithms, and Automated Processing (2026 Transparency)
Australian regulators expect clear disclosure when AI or automated systems affect what users see or receive. We describe our current use below and will update this section before deploying new AI features.
4.1 What we use today
- Website photographs: Images (
image/picture*.jpg) are pre-existing photographic files. We do not use generative AI for product mock-ups, interior décor panels, or synthetic scenes presented as real premises unless an image is later labelled “AI-generated”. - Written articles: Educational text may be drafted or edited with generative AI tools, then reviewed by a human. AI does not provide personalised medical or psychological advice.
- Logo and favicon: SVG graphics may be created or refined with design tools; they are not photographs.
- Box Breathing widget: Rule-based JavaScript timing—not machine learning and not profiling.
- AI chat or consultations: We do not currently offer an AI chatbot or automated wellbeing consultation. Enquiries are handled by a human.
4.2 Personal information and AI
We do not use your contact form data to train public AI models. If we later integrate an AI assistant, we will disclose it beforehand, explain which provider may process data (including overseas), obtain consent where required under the APPs, and update this Policy.
4.3 Automated decision-making
We do not make solely automated decisions with legal or similarly significant effects on individuals. Cookie consent and the breathing timer use simple technical logic only.
4.4 Accuracy and limitations
Generative AI can err or summarise outdated research. Do not rely on AI-assisted text as professional advice. Report inaccuracies to welcome@flexiblepure.world.
4.5 Future AI features
New AI-generated imagery, chat, or personalised recommendations will be clearly labelled (e.g. “AI-generated image”, “Automated assistant—not a human clinician”) before launch, with an updated Policy.
5. What Personal Information We Collect (APP 3)
We may collect:
- Identity and contact details: name, email address, phone number (if provided), and organisation (optional).
- Communications: message content, email correspondence, and records of consent to this Privacy Policy.
- Technical information: IP address, browser type, operating system, referring URLs, pages viewed, and timestamps from server logs or analytics (where permitted by your cookie choices).
- Cookie and preference data: your cookie consent selections stored in browser local storage.
We do not actively seek sensitive information (including health information) through this website. Please do not send medical records or clinical diagnoses via the contact form. Where lawful and practicable, you may interact using a pseudonym or anonymously (APP 2), but we may be unable to respond without contact details.
6. How We Collect Information (APP 5)
We collect information directly from you (forms, email, phone), automatically when you use the Website (see our Cookie Policy), and from service providers acting on our instructions. We take reasonable steps to notify you of purposes of collection, disclosures, and that this Policy is available on our Website.
7. Why We Use Personal Information (APP 6)
We use personal information to respond to enquiries, administer events, operate and secure the Website, comply with law, send marketing only where permitted under the Spam Act 2003 (with unsubscribe), and conduct analytics where you consent to cookies. We do not use information for unrelated secondary purposes without consent or a permitted exception.
8. Direct Marketing and Spam Act 2003
Commercial electronic messages require consent or another permitted basis. Each message identifies us and includes a functional unsubscribe option. We honour opt-out requests promptly, normally within 5 business days.
9. Disclosure to Third Parties (APP 6)
We may disclose information to hosting and email providers, analytics partners (with consent), professional advisers, and regulators when required by law. We do not sell personal information.
10. Overseas Disclosure (APP 8)
Some providers may process data outside Australia (e.g. US, EU). We take reasonable steps to ensure overseas recipients comply with the APPs, or we rely on consent or another APP 8 ground. Optional analytics or embedded third-party content may involve overseas handling.
11. Data Quality and Security (APP 10 and APP 11)
We take reasonable steps to ensure information is accurate and protected through HTTPS, access controls, and provider confidentiality obligations. No system is completely secure.
12. Access and Correction (APP 12 and APP 13)
You may request access or correction by emailing us. We may refuse in limited circumstances permitted by law and will explain reasons and complaint options. We generally do not charge fees unless a request is complex or repetitive.
13. Retention and Destruction
- Contact enquiries: up to 24 months, unless longer retention is required by law.
- Marketing lists: until you unsubscribe.
- Server logs: typically up to 90 days.
- Cookie consent records: up to 12 months.
We destroy or de-identify information when no longer needed (APP 11.2).
14. Notifiable Data Breaches
If an eligible data breach under Part IIIC of the Privacy Act is likely to result in serious harm, we will notify affected individuals and the OAIC in accordance with statutory timeframes.
15. Complaints
Contact us first. We aim to acknowledge complaints within 7 business days and resolve them within 30 days. If unresolved, you may complain to the OAIC: www.oaic.gov.au, phone 1300 363 992, or GPO Box 5218, Sydney NSW 2001.
16. Rights for EEA/UK Residents (GDPR)
Where GDPR applies, you may have rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Lawful bases include consent, contract, legal obligation, and legitimate interests.
Where automated processing (including profiling) produces legal or similarly significant effects, you may have rights under Article 22 GDPR. We do not currently conduct such processing on this Website. AI-assisted content creation does not, by itself, constitute an automated decision about you.
You may complain to your supervisory authority. We respond within one month unless an extension is permitted.
17. Children
This Website is directed at adults. We do not knowingly collect information from children under 16 without parental consent.
18. Changes to This Policy
We may update this Policy; the “Last updated” date will change. Material changes will be posted on this page.
19. Related Documents
See our Cookie Policy and Terms of Use.