Privacy Policy

Last Updated:

1. Introduction

Phodlarnthral ("we", "us", or "our") operates the website at phodlarnthral.world (the "Site"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit the Site or contact us.

We are committed to protecting your privacy in accordance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the European Union General Data Protection Regulation (GDPR) where applicable.

By using this Site, you acknowledge you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal information is:

  • Business name: Phodlarnthral
  • Address: 212 Station St, Blackheath NSW 2785, Australia
  • Phone: +61 487 510 407
  • Email: notifyuse@phodlarnthral.world

3. Information We Collect

3.1 Information You Provide Directly

When you use our contact form, we collect:

  • Your name
  • Your email address
  • The content of your message
  • Your consent record (GDPR checkbox)

3.2 Information Collected Automatically

When you visit the Site, certain technical data may be automatically collected:

  • IP address and approximate geographic location
  • Browser type and version
  • Operating system
  • Pages visited and time spent on the Site
  • Referring URL
  • Device type

3.3 Locally Stored Data

This Site uses localStorage in your browser to store:

  • Your cookie consent preferences
  • Your weekly meal planner entries (if you use the builder tool)

This data is stored only on your device and is not transmitted to our servers.

4. How We Use Your Information

We use the personal data we collect for the following purposes:

  • To respond to your enquiries — when you submit a contact form, we use your name and email to reply to your message.
  • To improve the Site — aggregated, anonymized analytics data helps us understand how the Site is used and where it can be improved.
  • To manage consent preferences — to remember your cookie and tracking choices and apply them to future visits.
  • To fulfil legal obligations — we may process personal data where required by applicable Australian or international law.
  • To maintain security — technical data is used to monitor for abuse, fraud, and security threats.

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we rely on the following lawful bases:

  • Consent (Article 6(1)(a)) — for optional analytics and marketing cookies, and for processing contact form submissions where you have ticked the GDPR consent box.
  • Legitimate interests (Article 6(1)(f)) — for basic Site security monitoring and service improvement, where these interests are not overridden by your rights.
  • Legal obligation (Article 6(1)(c)) — where we are required by law to process your data.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties. We may share data only in the following limited circumstances:

  • Service providers — trusted providers who assist us in operating the Site (e.g. web hosting), under strict data processing agreements.
  • Legal authorities — if required by law, court order, or to protect our legal rights.
  • Business transfers — in the event of a merger, acquisition, or sale of assets, personal data may be transferred with appropriate notice.

7. International Data Transfers

If personal data is transferred outside of Australia or the EEA, we ensure appropriate safeguards are in place, including standard contractual clauses or equivalent mechanisms approved under applicable law.

Where disclosure is made to overseas recipients, we take reasonable steps to ensure those recipients handle personal information in a manner consistent with the Australian Privacy Principles (including APP 8), unless an exception under Australian law applies.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Contact form submissions — retained for up to 24 months from the date of submission, unless earlier deletion is requested.
  • Analytics data — retained in aggregated, anonymized form indefinitely; individual-level data is deleted after 14 months.
  • LocalStorage data — stored on your device until you clear your browser data or withdraw consent.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of your personal data in certain circumstances.
  • Right to restriction — request that we limit how we process your data.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at notifyuse@phodlarnthral.world. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In Australia, this is the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

10. Direct Marketing and Opt-Out

We do not send marketing emails unless you have requested them or otherwise consented. If we send direct marketing communications, you can opt out at any time by using the unsubscribe method in the message or by contacting us at notifyuse@phodlarnthral.world. We action opt-out requests promptly in accordance with applicable law, including the Spam Act 2003 (Cth).

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:

  • HTTPS encryption for all data transmitted between your browser and our servers
  • Access controls limiting who can view personal data
  • Regular security reviews of our systems

While we take all reasonable precautions, no method of internet transmission or electronic storage is completely secure, and we cannot guarantee absolute security.

12. Notifiable Data Breaches (Australia)

If an eligible data breach occurs, we will assess and respond in line with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth). Where required, we will notify affected individuals and the OAIC as soon as practicable.

13. Children's Privacy

This Site is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

14. Cookies

We use cookies and similar technologies on this Site. For detailed information about the types of cookies we use, how we use them, and how to manage your preferences, please see our Cookie Policy.

15. Links to Other Websites

This Site may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

16. Complaints Handling (Australia)

If you believe we have breached the Australian Privacy Principles, you may submit a privacy complaint to us at notifyuse@phodlarnthral.world. Please include details of the concern and any relevant evidence. We will acknowledge your complaint and aim to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the OAIC via www.oaic.gov.au/privacy/privacy-complaints.

17. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. We encourage you to review this policy periodically to stay informed about how we protect your information.

18. Contact

For any questions, concerns, or requests related to this Privacy Policy, please contact us: