1. Who We Are
The organisation responsible for your personal information under the Privacy Act 1988 (Cth) is:
Musclesbone
45 Westmacott St, Esperance WA 6450, Australia
Email: helpcenter@musclesbone.world
Phone: +61 499 149 520
This Privacy Policy is provided in accordance with Australian Privacy Principle (APP) 1 — open and transparent management of personal information.
2. Scope and Applicable Law
This Privacy Policy applies to the website musclesbone.world and describes how we collect, hold, use, and disclose personal information when you visit our site or contact us.
We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where applicable, we also comply with the General Data Protection Regulation (GDPR) for visitors located in the European Economic Area.
Our website provides educational and informational content about outdoor movement. We do not provide medical, diagnostic, or therapeutic services through this website.
3. Personal Information We Collect
3.1 Information you provide
When you use our contact form, we collect the following personal information where collection is lawful and reasonably necessary (APP 3):
- Your name
- Your email address
- The content of your message
- Your consent to data processing
3.2 Automatically collected data
When you visit our website, we may automatically collect:
- IP address (anonymised where possible)
- Browser type and version
- Operating system
- Referring URL
- Pages visited and time spent on pages
- Date and time of access
3.3 Cookie data
We use cookies and similar technologies as described in our Cookie Policy. Cookie consent preferences are stored in your browser's localStorage.
4. Why We Collect, Use, and Disclose Personal Information
We collect, hold, use, and disclose personal information only for purposes that are reasonably necessary for, or directly related to, our functions and activities (APP 6). These purposes include:
- Responding to enquiries — to reply to messages submitted via our contact form, based on your consent and our legitimate business need to communicate with you
- Website operation and security — to maintain, protect, and improve the functioning of our website
- Analytics — to understand how visitors use our site, only where you have given consent through our cookie settings
- Marketing and advertising measurement — to measure campaign effectiveness, only where you have given consent through our cookie settings (APP 7 — direct marketing)
- Legal compliance — to meet obligations under Australian law, including record-keeping and responding to lawful requests from authorities
We will not use or disclose your personal information for a secondary purpose unless you consent, or an exception under the Privacy Act applies (such as where the use is required or authorised by law).
We do not sell your personal information.
5. Data Retention
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law (APP 11):
- Contact form submissions: up to 24 months after the last communication
- Analytics data: up to 26 months
- Cookie consent records: up to 12 months
- Server log files: up to 90 days
After the retention period expires, data is securely deleted or anonymised.
6. Disclosure to Third Parties and Overseas Recipients
We may disclose personal information to:
- Service providers who assist with website hosting, email delivery, or analytics (bound by contractual obligations to protect your information and use it only for the agreed purpose)
- Professional advisers where reasonably necessary
- Government agencies, regulators, or law enforcement when required or authorised by Australian law
Some service providers may be located outside Australia (APP 8). Where personal information is disclosed overseas, we take reasonable steps to ensure the recipient handles the information in a manner consistent with the APPs, including through contractual safeguards. By submitting your enquiry, you acknowledge that some information may be processed or stored on servers located outside Australia.
7. Your Rights Under the Privacy Act
Under the Privacy Act 1988 and the APPs, you have the following rights in relation to your personal information:
- Access (APP 12) — request access to the personal information we hold about you
- Correction (APP 13) — request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading
- Anonymity and pseudonymity (APP 2) — where lawful and practicable, you may interact with us without identifying yourself or by using a pseudonym; however, we may be unable to respond to contact form enquiries without your name and email
- Opt out of direct marketing (APP 7) — unsubscribe from any direct marketing communications we may send (we do not send marketing communications without your consent)
- Withdraw consent — withdraw consent for optional processing (such as analytics or marketing cookies) at any time via our cookie settings, without affecting the lawfulness of prior processing
- Complain to the OAIC — lodge a complaint with the Office of the Australian Information Commissioner if you believe we have breached the APPs
If you are located in the European Economic Area, you may also have additional rights under the GDPR, including erasure, restriction of processing, and data portability.
To exercise your rights, contact us at helpcenter@musclesbone.world. We will respond within a reasonable period, generally within 30 days. We may need to verify your identity before providing access or making corrections.
If you are not satisfied with our response, you may contact the OAIC at www.oaic.gov.au or by calling 1300 363 992.
8. Data Quality and Security
We take reasonable steps to ensure personal information we collect is accurate, up to date, and complete (APP 10), and that it is protected from misuse, interference, loss, and unauthorised access, modification, or disclosure (APP 11). Measures include:
- HTTPS encryption for data transmitted through our website
- Access controls limiting personal information to authorised personnel who need it for their role
- Regular review of our data handling practices and security arrangements
- Secure deletion or de-identification of information when it is no longer needed
9. Notifiable Data Breaches
If a data breach is likely to result in serious harm to individuals whose personal information is involved, we will comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. This includes assessing eligible data breaches, notifying affected individuals, and reporting to the OAIC where required.
10. Collection Notice
When you submit our contact form, we collect your name, email address, message content, and consent record so we can respond to your enquiry. If you do not provide this information, we may be unable to reply to your message. At the time of collection, you are directed to this Privacy Policy for further details about how your information will be handled (APP 5).
11. Children's Privacy
Our website is not directed at children under 18. We do not knowingly collect personal information from children without appropriate parental or guardian consent. If you believe we have collected information from a child, please contact us immediately so we can take steps to delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Changes will be posted on this page with an updated date. Material changes will be communicated where appropriate. We encourage you to review this policy periodically.
13. Contact and Privacy Enquiries
For any questions about this Privacy Policy or your personal data, contact:
Musclesbone
45 Westmacott St, Esperance WA 6450, Australia
Email: helpcenter@musclesbone.world
Phone: +61 499 149 520