Effective date:

05 February 2025

Last updated:

08 December 2025

1. Who we are

Website: www.stbasils.org.au
Business name: St Basil’s Homes
We operate in Australia and handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. What personal data we collect and why

We collect identity & contact data, transactional data, technical & usage data, communications & marketing preferences, and sensitive information (if applicable). Legal basis: APPs and Spam Act compliance.

3. Media uploads

Avoid uploading images with embedded location data (EXIF GPS).

4. Contact forms

We collect information you provide to respond to enquiries. Retention: for minimum 365 days

5. Cookies

Cookies are small text files placed on your device. WordPress sets necessary cookies for authentication and comments. Additional cookies may be set by plugins/themes. Provide a cookie table in your final version.

6. Analytics

We may use analytics services (e.g., Google Analytics). Users can opt out via consent tools or provider opt-out mechanisms.

7. Direct marketing and electronic messages (Spam Act)

We only send marketing emails/SMS where we have valid consent, identify ourselves, and include an unsubscribe link.

8. Who we share your data with

We may share data with service providers (payment processors, analytics, email platforms).

9. Cross-border disclosures

If data is transferred overseas, we ensure comparable privacy protections and disclose where data goes.

10. How long we retain your data

We retain data only as long as necessary. Examples: contact form entries 30 days, analytics 12-24 months, purchase records up to 10 years.

11. Your rights and choices

You have rights to access and correct your personal information under APPs.

12. How we protect your data

We take reasonable steps to protect data: access controls, encryption, backups, vendor agreements.

13. Data breach and cyber incident response

We follow the Notifiable Data Breaches scheme: contain & assess within 30 days, notify OAIC and affected individuals.

14. Automated decision-making and profiling

We do not conduct automated decision-making with significant effects.

15. Third-party data sources

We may receive data from third parties (payment processors, marketing platforms).

16. Industry-specific disclosures

Additional obligations may apply for regulated sectors (e.g., health services).

17. Children’s privacy

Our site is not intended for children; we do not knowingly collect data from children.

18. Where your data is sent

Your data may be processed in Australia or overseas by hosting, analytics, or support providers.

19. Changes to this policy

We may update this policy; the effective date will be updated, and notice will be provided for material changes.

20. Contact information

For privacy questions, requests, or complaints, contact: it@stbasils.org.au