Privacy Policy

This Privacy Policy explains how Musclesbonejoint ("we", "us", "our") processes personal data when you visit musclesbonejoint.world, submit enquiries, purchase educational products, or participate in consulting and guidance programs related to daily meal organization. We are committed to transparency under the EU General Data Protection Regulation (GDPR), the UK GDPR where applicable, and the Australian Privacy Act 1988.

1. Data controller

Musclesbonejoint
185 Elizabeth Street, Melbourne VIC 3000, Australia
Phone: +61 3 9662 9477
Email: assist@musclesbonejoint.world
Website: https://musclesbonejoint.world

For privacy-related requests, contact us using the details above with the subject line "Privacy Request".

2. Scope

This policy applies to personal data processed through our website, email correspondence, phone calls, video consultations, in-person appointments at our Melbourne studio, and payment flows for programs or educational materials. It does not cover third-party websites linked from our pages; review their policies separately.

3. Categories of personal data

3.1 Data you provide

• Identity and contact data: name, email address, phone number if supplied, and message content submitted through our contact form.
• Account and order data: billing address, transaction references, and program selections when you purchase paid offerings.
• Consultation context: household size, scheduling preferences, pantry layout notes, and cooking habits you voluntarily share during guidance sessions.
• Consent records: timestamps and wording of GDPR or marketing consents you grant.

3.2 Data collected automatically

• Technical data: IP address, browser type, device identifiers, operating system, and referring URLs.
• Usage data: pages viewed, time on site, and interaction events where analytics cookies are enabled with your consent.
• Cookie data: as described in our Cookie Policy.

3.3 Special categories

We do not request health or medical data. If you voluntarily mention dietary needs tied to health conditions, we treat such information with heightened care and delete it when no longer needed unless you request otherwise in writing.

4. Purposes and legal bases (GDPR)

We process personal data only when a lawful basis applies:

• Contract (Art. 6(1)(b)): To deliver consulting, programs, or digital products you purchase.
• Legitimate interests (Art. 6(1)(f)): To secure our website, prevent fraud, improve educational content, and respond to enquiries—balanced against your rights.
• Consent (Art. 6(1)(a)): For optional analytics, marketing communications, and non-essential cookies. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): To meet tax, accounting, and regulatory record-keeping requirements in Australia and other applicable jurisdictions.

5. How we use data

Specific purposes include:

1. Responding to contact form submissions and scheduling consultations.
2. Preparing personalized meal organization outlines and educational materials you request.
3. Processing payments and issuing receipts.
4. Sending service-related notices such as appointment confirmations or policy updates.
5. Measuring site performance when you enable analytics cookies.
6. Defending legal claims and enforcing our Terms of Use.

We do not use your data to make automated decisions that produce legal or similarly significant effects.

6. Sharing and recipients

We may share personal data with:

• Hosting and infrastructure providers that store website logs under contract.
• Email and calendar tools used to coordinate consultations.
• Payment processors that handle transactions securely.
• Professional advisers (lawyers, accountants) bound by confidentiality.
• Authorities when required by valid legal process.

We do not sell personal data. Processors may operate outside Australia or the EEA; where they do, we implement appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.

7. International transfers

If you access our services from the European Economic Area, United Kingdom, or other regions with transfer restrictions, we ensure supplementary measures when data leaves those regions. Request details of safeguards by emailing our privacy contact.

8. Retention periods

• Contact enquiries: up to 24 months after last interaction unless a longer period is needed for active consulting.
• Client project files: up to 36 months after program completion for reference and quality review.
• Transaction and invoice records: 7 years to satisfy Australian tax obligations.
• Marketing consents and unsubscribe logs: kept while consent is active plus 3 years for proof of compliance.
• Server logs: typically 90 days unless needed for security investigations.
• Cookie preference records: 12 months, then refreshed when you revisit.

When retention ends, we delete or irreversibly anonymize data.

9. Security measures

We apply administrative, technical, and organizational measures including HTTPS encryption for site traffic, access controls for internal systems, staff training on confidentiality, and least-privilege access to client documents. No online transmission is completely secure; notify us promptly if you suspect unauthorized access to your account or messages.

10. Your rights

Depending on your location, you may have the following rights:

• Access: Obtain confirmation whether we process your data and receive a copy.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion when data is no longer necessary or consent is withdrawn, subject to legal exceptions.
• Restriction: Limit processing in defined circumstances.
• Portability: Receive data you provided in a structured, machine-readable format where processing is automated and based on consent or contract.
• Objection: Object to processing based on legitimate interests or direct marketing.
• Withdraw consent: At any time for consent-based processing without affecting prior lawful processing.
• Lodge a complaint: EU/EEA residents may contact their supervisory authority; Australian residents may contact the Office of the Australian Information Commissioner (OAIC).

We respond to verified requests within one month, extendable by two months for complex cases with notice.

11. Children

Our services target adults managing household meals. We do not knowingly collect data from individuals under 16 without parental consent. Contact us to remove such data if discovered.

12. Third-party links

Our site links only to pages we operate. External resources referenced in educational content are illustrative; visiting them is optional and governed by their own policies.

13. Changes to this policy

We may update this Privacy Policy to reflect legal or operational changes. Material updates will be noted by revising the date above. Continued use after publication constitutes acknowledgment where permitted by law.

14. Advertising and landing pages

If you click an advertisement for Musclesbonejoint, we may process technical data about the visit when you have enabled analytics cookies. We do not combine ad click data with sensitive health information. Ad landing pages display the same business identity, contact details, and policy links as other pages on musclesbonejoint.ddd.

15. Contact

Questions about this policy or your data rights: assist@musclesbonejoint.world or 185 Elizabeth Street, Melbourne VIC 3000, Australia.