Privacy Policy.

hamish.com.au (ABN 59 980 864 897), operated by Hamish Palmer ("we", "us", "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose your personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth).

For a copy of the APPs, visit the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

By using our website or engaging our services, you consent to the practices described in this policy. If you do not agree with this policy, please do not provide us with your personal information.

We collect personal information that is reasonably necessary to provide our services. This may include:

• Contact information — name, email address, phone number, and business address
• Enquiry and project details — information you provide when contacting us about a project, including your business name, goals, and budget
• Technical and usage data — IP address, browser type, pages visited, time on site, and referring URLs (collected automatically via analytics tools)
• Payment information — invoicing details such as business name and email; we do not store credit card numbers

We only collect sensitive information (as defined in the Privacy Act) in exceptional circumstances, with your explicit consent, and where relevant to the services we are providing.

We collect personal information in the following ways:

• Directly from you — when you complete the enquiry form on our website, email us, or call us
• Automatically — through cookies, analytics tools (Google Analytics, Google Search Console, Plausible Analytics, Fathom Analytics), and server logs when you visit our website
• From third parties — in limited cases, from referrers or business directories where this is lawful and relevant

Where it is reasonable and practicable to do so, we collect personal information directly from you. When we collect information by other means, we take steps to ensure you are informed of this.

We collect and use personal information for the following primary purposes:

• To respond to your enquiries and assess your project requirements
• To provide web design, development, SEO, and related services
• To issue invoices and manage client accounts
• To communicate with you about your project and ongoing support
• To improve the quality of our website and services

We may also use your information for secondary purposes that are directly related to the above, where you would reasonably expect such use. We do not use your personal information for unsolicited marketing without your consent. You may opt out of any marketing communications at any time by contacting us.

Our website uses cookies and third-party analytics tools to understand how visitors use the site. These tools may collect:

• Pages visited and time spent on each page
• Referring website or search query
• Device type, browser, and operating system
• General geographic location (country/city level)

This data is aggregated and used to improve our website content and performance. It is not used to identify you personally.

You can disable cookies through your browser settings, though doing so may affect the functionality of some pages.

We do not sell, rent, or trade your personal information to third parties. We may disclose your information only in the following circumstances:

• Service providers — trusted third-party tools we use to operate our business (e.g. email platforms, project management tools, cloud storage). These providers are required to handle your data securely and only for the purpose we share it.
• With your consent — where you have agreed to the disclosure
• Legal obligations — where we are required or authorised by law to disclose information (e.g. court orders or regulatory requirements)

We take reasonable steps to ensure any third parties we share information with comply with the APPs or equivalent privacy standards.

Some third-party tools we use may store or process data on servers located outside Australia (for example, Google Analytics is operated by Google LLC in the United States). Where personal information is disclosed to overseas recipients, we take reasonable steps to ensure those recipients handle the information in a manner consistent with the APPs.

By using our website, you consent to your information being processed in accordance with the privacy policies of those third-party platforms.

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Security measures include:

• HTTPS encryption on our website
• Access controls limiting who can view client information
• Secure email practices

While we take every reasonable precaution, no method of transmission over the internet is completely secure. We cannot guarantee the absolute security of information transmitted to or from our website.

In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the OAIC as required under the Notifiable Data Breaches (NDB) scheme (Privacy Amendment (Notifiable Data Breaches) Act 2017).

We retain personal information for as long as necessary to provide our services and meet our legal obligations. Specifically:

• Client project files are retained for a minimum of 7 years following project completion, consistent with business record-keeping obligations
• Enquiry records are retained for up to 2 years if a project does not proceed
• Analytics data is retained according to the data retention settings of the relevant platform (e.g. Google Analytics)

When personal information is no longer required, we take reasonable steps to securely destroy or de-identify it.

You have the right to request access to the personal information we hold about you, and to request correction of that information if it is inaccurate, incomplete, or out of date.

To make a request, contact us at [email protected]. We will respond within a reasonable timeframe (typically within 30 days). We will not charge a fee for access requests, though in some circumstances an administrative fee may apply for providing copies of information.

We may decline access in limited circumstances permitted by the Privacy Act, in which case we will provide written reasons.

If you believe we have not handled your personal information in accordance with this policy or the APPs, we encourage you to contact us first so we can attempt to resolve the matter.

Contact: [email protected]

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001