Privacy Policy
Effective Date: 14th September 2025
Evolved Ethos ("we", "us", "our") respects your right to privacy and is committed to safeguarding the personal information of individuals who interact with us.
This Privacy Policy outlines how we collect, use, disclose, store, and protect your personal information in accordance with:
Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
General Data Protection Regulation (GDPR).
Other applicable data protection laws.
If you have any questions, contact us.
What Personal Information We Collect
We may collect the following information to provide services to you:
Name
Contact details (email, phone, address)
Occupation or business name (where relevant)
Payment or billing details (processed securely via third-party providers, not stored by us)
Additional information you provide during interactions (e.g., coaching sessions, surveys, feedback forms)
Technical data (IP address, browser type, device, operating system, site activity via analytics tools)
Coaching notes or session content stored securely in our client management platform
Sensitive information (e.g., health, diversity, wellbeing data) is only collected with your explicit consent, provided voluntarily, and never for marketing or unrelated purposes.
Consequences of non-provision: If you do not provide certain information, we may be unable to deliver coaching services, process payments, or respond to inquiries.
How We Collect Personal Information
We collect information through:
Direct contact (website, email, phone, social media)
Newsletter or mailing list subscriptions
Event, program, or session registrations
Coaching sessions and related communications
Surveys, feedback, or forms
We may also receive personal information indirectly, such as via referrals, event organisers, or public social media. If we collect your information from a third party, we will notify you as soon as practicable.
Our Role and Third-Party Processors
We act as the data controller for your personal information. We use trusted third-party processors, including:
Squarespace (website hosting, analytics, and marketing)
Delenta (coaching and client management)
Stripe (payment processing)
Microsoft Teams (video conferencing)
Microsoft M365 (emails and calendars)
These providers may use sub-processors, which are contractually bound to maintain security and comply with privacy laws.
Why We Collect Your Personal Information and Legal Bases
We collect information:
For service delivery based on any contract agreements that we have you (e.g., coaching sessions, client management).
For payments and tax based on our legal obligations (e.g., processing invoices, meeting tax obligations).
For marketing based on your consent which you can withdraw at any time (e.g., newsletters, promotions).
For analytics & service improvement based on legitimate interests (e.g., website analytics, client feedback).
For legal compliance based on legal obligations (e.g., regulatory or reporting requirements).
We do not use your data for automated decision-making or profiling. If this changes, we will update this policy and provide opt-out rights.
We only rely on legitimate interests where these are not overridden by your rights and freedoms. You may object at any time.
Disclosure of Personal Information
We do not sell, rent, or trade your information. We may disclose personal information:
To trusted third-party service providers (as listed above)
Where required or authorised by law
With your consent
To regulators, insurers, or legal advisers (if necessary for compliance or dispute resolution)
Cross-border transfers may occur (e.g., data stored in the United States or United Kingdom). Where this occurs, we take reasonable steps to ensure overseas recipients do not breach the APPs.
Scheduling and Bookings
Bookings are managed via Delenta. Any details you provide (name, email, appointment information) are stored securely in Delenta, not on our website servers. Delenta complies with GDPR and provides rights of access, correction, and deletion.
Recordings, Testimonials & Marketing
Coaching sessions are not recorded without your prior written consent.
If you consent, recordings are secured and used only for agreed purposes.
Testimonials, feedback, or case studies will only be used in marketing with your express written consent.
Website Hosting, Analytics & Cookies
Our website is hosted by Squarespace, which may collect technical and usage data for site functionality and performance.
We use cookies and analytics tools:
Necessary cookies: Required for site operation (cannot be disabled).
Analytics cookies: Measure and improve website use (consent required).
Marketing cookies: Customise advertising and communications (consent required).
You can manage or withdraw cookie consent at any time via our cookie banner or browser settings.
Data Security
We take reasonable steps to protect personal information, including:
TLS encryption for data transfers.
Secure servers and platforms.
Limited access by authorised staff only.
Confidentiality agreements for staff, coaches, and contractors.
Data breach response plan, including 72-hour notification to regulators and affected individuals where required. We assess breaches against both the APPs and GDPR thresholds to determine if notification is required.
We cannot guarantee absolute security against cybercrime, but we maintain industry-standard protections.
When we no longer need your personal information for the purposes for which it was collected, and we are not legally required to retain it, we will take reasonable steps to destroy or de-identify the information.
Data Retention
We retain data only as long as necessary for the purposes outlined:
Coaching records: up to 7 years (to meet legal, tax, and professional record-keeping obligations)
Website inquiries: only until resolved
Newsletter subscriptions: until you unsubscribe
Booking data: retained within Delenta; deletable upon request
Backups and archives are securely overwritten or destroyed after retention periods.
Children’s Data
Services are not directed at individuals under 18.
We do not knowingly collect children’s data.
If data is collected inadvertently, it will be deleted.
Your Rights
Depending on where you are located, you may have rights to:
Access the data we hold about you.
Request correction or updates.
Request deletion (“right to be forgotten”).
Restrict or object to processing.
Not to be subject to automated decision-making, including profiling.
Data portability (receive your data in machine-readable format or transfer it to another provider).
Withdraw consent (marketing, recordings, testimonials, sensitive data) at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Lodge a complaint with the OAIC, ICO, or other competent supervisory authority.
To initiate a request, contact us.
Complaints Process
We will acknowledge your complaint within 7 business days.
We aim to resolve complaints within 30 days.
If unresolved, you may escalate to the relevant regulator (see below).
Regulator contacts:
Australia: OAIC at www.oaic.gov.au
UK: ICO at www.ico.org.uk
EU: Local data protection authority at https://edpb.europa.eu/about-edpb/board/members_en
Changes to This Policy
We may update this Privacy Policy periodically. Where changes are material, we will notify affected individuals directly (e.g., by email if we hold your contact details).
Your Acceptance of This Policy
By using our website or purchasing services, you signify acceptance of this Policy. If you do not agree, you should not use our services.
Contact Us
If you have any questions, concerns, or complaints about this Privacy Policy or our handling of your personal information, please contact our data privacy officer at:
Evolved Ethos
Contact: Contact us
Website: www.evolvedethos.com.au
We take privacy complaints seriously and will respond promptly.