PRIVACY POLICY
Hi there! This website, www.shahnasarpi.com, is owned and operated by Shahna Sarpi, trading under the business name Project Nourish (ABN 79 517 904 519).
If you have any questions or need further information, please contact:
Shahna Sarpi
Email: hello@shahnasarpi.com
This page sets out my Privacy Policy. It describes how I collect and manage your personal information when you interact with this site. I take this responsibility very seriously. If you have any questions or concerns about how your personal information is being handled, please do not hesitate to contact me.
I comply with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act). I understand that visitors from the EU may access this site, so I also aim to comply with the General Data Protection Regulations (GDPR).
Personal Information
If you engage with me via this website, or choose to become my client I may ask to collect the following kinds of personal information from you, including:
· Contact Details: Including your name and email address when you join my mailing list.
· Interests & Preferences: Including your opinion about future topics, products or services that may interest you.
· Internet: I may collect your IP address, and information about pages browsed to help me improve the usability and appeal of my website.
· Any other information you disclose via email, contact forms or throughout our time working together.
Collection and Use
I may collect your personal information by various means including:
· An opt-in form for my mailing list
· Direct emails from you
· A contact form on my website
· My website automatically collecting information about you and your activities on the site
· Directly from you, when working together
· Recordings of a session via Zoom
I use this information to:
· Respond to your enquiries
· Provide you with relevant news and updates about my products and services
· Improve this website and the products and services I provide
· Offer you the best products and services possible
I will only collect your personal information:
· With your awareness and consent, such as when you email me, tick a checkbox or fill in a form to provide me with information
· If I need it to provide you with information or services that you request
· If I am legally required to collect it
· For necessary administrative processes if you become my client
Sensitive Information
I understand that some personal information is particularly sensitive, and that you are trusting me to keep this information confidential.
I will only collect sensitive information by methods that are reasonably secure, such as:
· In a zoom consultation or face to face
· When you send me information in an email
The reason why I collect this information is:
· So that I can provide you with the services you have contracted for
· To ensure that I am providing you with the most appropriate services
The sensitive information I ask you to provide for this purpose may include:
· Your birth date
· Your medical history
· Your lifestyle factors
· Any other information related to your health and wellbeing that is important for effective delivery of a service
I am committed to securely storing and handling your sensitive information.
Sensitive information is stored on a password protected computer. Only I may access sensitive material. Some sensitive information may be stored securely online, or in the cloud through Google Drive. You can find out more about their security provisions here: https://policies.google.com/privacy?hl=en
All archived sensitive information is securely destroyed after 7 years.
You may choose not to provide me with your sensitive information. However, sharing accurate information allows me to complete the service most efficiently and effectively. If you choose not to be completely honest with me, I may not be able to provide you with the services that you request.
Disclosure of Information
Reasons I may disclose your information include providing you with the products or services you have requested.
In order to do this, I may share some relevant information - on a strictly need to know basis – with third parties, such as my email marketing provider.
I will also disclose your information if required by law to do so or in circumstances permitted by the Privacy Act – for example, where I have reasonable grounds to suspect that unlawful activity, or misconduct of a serious nature, that relates to my functions or activities has been, is being or may be engaged in, and in response to a subpoena, discovery request or a court order.
I will use all reasonable means to protect the confidentiality of your information while in my possession or control.
I will not knowingly share any of your information with any third party other than the service providers who assist me in providing the information and/or services I am providing to you.
To the extent that I do share your information with a service provider, I would only do so if that party has agreed to comply with my privacy standards or I am satisfied that the service provider has a suitably protective policy of their own. However, some of my service providers may be overseas and may not be subject to Australian Privacy Laws or compliant with GDPR.
If you have any concerns regarding the disclosure of your information, please do not hesitate to get in touch with me to discuss this personally.
Security
I take reasonable physical, technical and administrative safeguards to protect your information from misuse, interference, loss, and unauthorised access, modification and disclosure.
I manage risks to your information by:
· Storing files securely
· Ensuring that only I have access to sensitive information
· Releasing information to service providers on a strictly need-to-know basis
As mentioned above, your information may also be stored with a third-party provider, where it will be managed under their security policy:
· Mailchimp - https://mailchimp.com/about/security/
From time to time, I may combine information provided by you with information gathered from:
· Google Analytics
· Personal contact
If you do not wish this to occur, please contact me.
Cookies and Google Analytics
Cookies are small text files that are commonly used by websites to improve a user’s experience, collect statistics or marketing information and provide access to secure areas. My website uses the following cookies:
· Analytical cookies from Squarespace tracking how my website is used
I use Google Analytics to collect information about your use of my website, so that I can get strategic information about how my website is being used, and improve its functionality. You can find out more about the information Google collects and how it is used here: https://support.google.com/analytics/answer/6004245.
Google also provides an add-on for your browser that you can use to opt-out and prevent your data being used by Google Analytics. You can access that add-on here: https://tools.google.com/dlpage/gaoptout
Access to Information
You can contact me to access, correct or update your personal information at any time.
Unless I am subject to a confidentiality obligation or some other restriction on giving access to the information which permits me to refuse you access under the Privacy Act, and I believe there is a valid reason for doing so, I will endeavour to make your information available you within 30 days.
You can begin this process by sending me an email requesting your information via hello@shahnasarpi.com and I will endeavour to respond within 7 days.
Complaints
If a breach of this Privacy Policy occurs, or if you wish to a request a change to your personal information, you may contact me by sending an email outlining your concerns to me at hello@shahnasarpi.com.
If you are not satisfied with my response to your complaint, you may seek a review by contacting the Office of the Australian Information Commissioner using the information available at http://www.oaic.gov.au/privacy/privacy-complaints.
Notification of Change
If I decide to change my Privacy Policy, I will post a copy of the revised policy on my website.
Notification of Breach
If I have reason to suspect that a serious data breach has occurred and that this may result in harm or loss to you, I will immediately assess the situation and take appropriate remedial action. If I still believe that you are at risk, I will notify the Office of the Information Commissioner and either notify you directly, or if that is not possible, publicise a notification of the breach on this website.