Privacy Policy

Personal information is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

We collect personal information only where it is reasonably necessary for our business functions and by lawful and fair means under the Privacy Act 1988.

The types of personal information we may collect include:

• Identity information: first name and last name.
• Contact information: email address, telephone number.
• Professional information: employer, professional title, department, and business interests — collected where voluntarily provided and relevant to understanding your consulting needs and tailoring our service proposals.
• Message content: any enquiry or message you submit via our contact form.

We also collect technical information automatically when you visit our website:

• IP address and approximate geographic location derived from your IP address.
• Browser type and version.
• Device and network information.
• Pages visited and time spent.
• Referring website or traffic source.
• Tracking pixels used by HubSpot to measure website visits. Where tracking pixels are included in emails, they record when an email is opened. You can prevent this by disabling automatic image loading in your email client settings.

Under the Privacy Act 1988, we collect personal information only by lawful and fair means and only if it is reasonably necessary for our business functions. We do not collect personal information unless we have a genuine need for it in connection with our services.

We collect personal information in the following ways:

• Directly from you: face-to-face, by phone, email, or via online forms on our website. Notes or records made during face-to-face or phone interactions may be stored in our CRM system (HubSpot) — see Section 4.
• When you complete our contact form or opt in to receive communications from us.
• Automatically when you visit our website, via analytics tools, cookies, and tracking pixels — see Section 7.

We use personal information only for the primary purpose for which it was collected, or for a secondary purpose that you would reasonably expect, in accordance with the Privacy Act 1988.

We use the information we collect to:

• Respond to your enquiries and contact form submissions.
• Deliver consulting services and manage client engagements.
• Process invoices and manage financial transactions (see Section 10).
• Send marketing communications where you have opted in (see Section 11).
• Improve the performance and content of our website, using technical data only and not data submitted through our contact form.
• Comply with legal and regulatory obligations.

We do not sell, lease, or share your personal information with third parties for their own commercial benefit. We do not use your personal information for automated decision-making or profiling.

We only share your personal information with third-party service providers necessary to operate our website and deliver our services. We take reasonable steps to ensure all such providers handle your personal information in accordance with the APPs.

The following third-party processors may receive your personal information:

• HubSpot (HubSpot Ireland Limited, Dublin, Ireland): CRM and contact form management. Data may be stored in the United States. We rely on HubSpot's Data Processing Addendum as our reasonable steps under the Privacy Act 1988 for overseas disclosure.
• Hostinger (Hostinger International Ltd, Limassol, Cyprus): website hosting, storing website files and server logs.
• Cookiebot (Cybot A/S, Copenhagen, Denmark): cookie consent management.
• Accounting and payment providers: where required to process invoices for consulting engagements.
• Legal authorities: where required by law, court order, or regulatory obligation.

Before disclosing personal information to overseas recipients, we take reasonable steps to ensure those recipients do not breach the APPs in relation to that information. Where we cannot ensure this, we will seek your consent before disclosure, making clear that APP protections may not apply.

We retain personal information only for as long as it is reasonably necessary for the purpose for which it was collected, or as required by law.

Approximate retention periods are:

• Contact form enquiries: up to two (2) years, reflecting the typical timeframe of a B2B consulting sales cycle.
• Client engagement records: up to seven (7) years, as required by Australian law — see below.
• Financial and transaction records: up to seven (7) years.
• Marketing opt-in records: until you withdraw consent or unsubscribe.
• Technical and analytics data: up to twelve (12) months.

The Tax Administration Act 1953 requires retention of tax records for a minimum of five (5) years, and the Corporations Act 2001 requires financial records to be retained for seven (7) years. These obligations override any request for earlier deletion of the relevant records.

Under the Privacy Act 1988, we take reasonable steps to destroy or de-identify personal information when it is no longer needed for any purpose for which it may be used or disclosed, unless a law requires us to retain it.

You may request deletion of your personal information at any time by contacting us as detailed in Section 17, subject to any legal retention obligations.

Under the Privacy Act 1988 and the APPs, you have the following rights:

• Access: you may request access to personal information we hold about you.
• Correction: you may request that inaccurate, incomplete, or out-of-date personal information be corrected.
• Anonymity: where lawful and practicable, you may interact with us anonymously or using a pseudonym.
• Direct marketing opt-out (s20E Privacy Act): you may request that we stop using your personal information for direct marketing at any time.
• Complaint: you may complain about a breach of the APPs — see Section 13.

To exercise any of these rights, contact us as detailed in Section 17.

Our website uses cookies and similar tracking technologies. Cookies are small text files stored on your device. We use the following categories:

• Session cookies: track your movements between pages during a session so you are not asked for the same information twice. These expire when you close your browser and do not store personal information beyond the session.
• Required cookies: enable basic website functions such as form submission and security. These are always active.
• Functional cookies: enable enhanced features and personalisation. May capture preferences and session data.
• Analytics cookies: used to understand how visitors use the site via HubSpot tracking. These capture IP address, pages visited, time spent, and traffic source.
• Marketing cookies: used for measuring campaign effectiveness. These capture IP address and interaction data.

You may disable cookies in your browser settings at any time, though this may affect site functionality. Where you consent to non-essential cookies via our cookie banner, that consent may be withdrawn at any time through the Cookie settings link in the footer of each page.

We take reasonable steps to protect your personal information from misuse, interference, loss, and from unauthorised access, modification or disclosure, in accordance with the Privacy Act 1988. Our website is served over HTTPS with SSL encryption. Anyone engaged by BlueSky Consulting who has access to personal information is required to maintain confidentiality and comply with this policy. No method of transmission over the internet is completely secure. If you believe your personal information has been compromised, contact us immediately.

BlueSky Consulting may use AI-powered tools to assist with business operations, content creation, and analysis. Where AI tools are used:

• Personal information is only used in AI tools where it is reasonably necessary for our business functions.
• To the best of our knowledge and as assessed at the time of use, we do not input personal information into any AI tool whose provider uses that information to train its models. We review AI tool usage periodically to ensure continued compliance with this commitment.
• Personal information generated or processed by AI tools is treated as personal information and subject to all rights in this policy.
• Where AI tools are used to assist in decisions that significantly affect you, we will take reasonable steps to inform you and ensure human oversight of such decisions.

We conduct due diligence on AI tools before using them with personal information. This includes reviewing the AI provider's privacy policy, data handling practices, and whether personal information may be used for model training.

Where BlueSky Consulting provides paid consulting services, we may collect and process financial and transaction data necessary to fulfil our contractual obligations. This may include:

• Invoice and billing information including business name, company registration number, and billing address.
• Payment details processed via our accounting or payment providers (we do not store full credit card numbers).
• Records of transactions including services provided, amounts invoiced, and payment status.

Financial data is used solely for the purposes of delivering agreed services, issuing invoices, and meeting statutory accounting and tax obligations under Australian law.

BlueSky Consulting is an Australian-registered business providing consulting services to clients in Australia and internationally. Your personal information may be processed or stored overseas by our third-party service providers, specifically:

• HubSpot: United States. We rely on HubSpot's Data Processing Addendum as reasonable steps under the Privacy Act 1988.
• Hostinger: Cyprus.
• Cookiebot: Denmark.

Before disclosing personal information to overseas recipients, we take reasonable steps to ensure those recipients do not breach the APPs. These steps include reviewing and accepting each provider's data processing commitments. If we are unable to take such steps, we will notify you before disclosure and obtain your consent.

If you wish to make a privacy complaint, contact us as detailed in Section 17 with full details of your concern. We will investigate and respond in writing within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. The OAIC can investigate complaints about interferences with privacy and may make a determination, including requiring compensation.

Our website and services are directed at business professionals. We do not knowingly collect personal information from individuals under the age of 18. If you are under 18, please do not submit personal information through our website without parental consent. If we become aware that we have collected personal information from a person under 18, we will delete it promptly.

Our website contains links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies directly.

BlueSky Consulting maintains a presence on LinkedIn. Our website links directly to our LinkedIn company page. Clicking through to LinkedIn subjects you to LinkedIn's own privacy policy and terms. BlueSky Consulting does not control, and is not responsible for, LinkedIn's collection or use of your personal information. LinkedIn's privacy policy is available at linkedin.com/legal/privacy-policy.

We may update this Privacy Policy at any time to reflect changes in our practices or applicable law. The effective date at the top of this page will be updated accordingly. We will notify individuals on our mailing list of any material changes to this policy. It is your responsibility to check this policy periodically for any updates.

Please contact us as follows:

• Website design or functions, requests and complaints: hello@thinkbluesky.consulting.
• Data protection and privacy: data-privacy@thinkbluesky.consulting, subject line Privacy Request.

We aim to respond to all privacy requests within 30 days.