Privacy Policy

Last Updated: December 2025
Effective Date: December 2025
Version: 2.1 (2024 Privacy Act Compliant)

1. About This Privacy Policy

Realising Potential Pty Ltd (ABN 27 102 910 743), trading as Realising Potential (“we”, “us”, “our”), is committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, disclose, store and protect your personal information when you:

  • Visit our website at www.realisingpotential.com.au

  • Contact us via email or telephone

  • Engage our services

  • Interact with us through other collaboration platforms

This policy has been updated in December 2025 to comply with reforms to Australia’s privacy laws, including enhanced security requirements, transparency obligations, and expanded enforcement powers of the Office of the Australian Information Commissioner (OAIC).

Important: By using our website or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this policy, please do not use our website or services.

2. What Personal Information We Collect

2.1 Information You Provide Directly

When you contact us or engage our services, we may collect:

  • Contact information: Name, email address, phone number, business name, job title

  • Business information: Company details, ABN/ACN, business address

  • Communication content: The content of emails, messages, and other communications you send to us

  • Project information: Information relevant to the services we provide to you

2.2 Information Collected Automatically

We do collect personal information automatically when you visit our website, including:

  • Technical identifiers: IP address, browser type and version, device type, operating system

  • Usage data: Pages visited, time spent on pages, links clicked, referring website

  • Cookies and tracking technologies: See Section 4 below for detailed information

  • Session information: Date and time of visits, session duration

Note: Under Australian privacy law, IP addresses and other technical identifiers can constitute personal information where you are reasonably identifiable from that information, either alone or in combination with other data.

2.3 Information We Do NOT Collect

We do not knowingly collect:

  • Sensitive information (such as health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, or criminal records) unless specifically required for a service and with your explicit consent

  • Information from children under 18 years of age

  • Credit card or payment information (we do not process payments through our website)

3. How We Collect Personal Information

We collect personal information through:

  1. Direct interactions: When you email us at info@realisingpotential.com.au or call us

  2. Website visits: Through cookies, analytics tools, and server logs

  3. Business relationships: Through our engagement with you as a client or partner

  4. Microsoft Teams and collaboration platforms: When we share project sites with you

  5. Third parties: From our business partners or service providers where you have authorised them to share your information

  6. Publicly available sources: Such as LinkedIn, company websites, or business directories

4. Cookies and Tracking Technologies

4.1 What Cookies We Use

Our website uses cookies and similar tracking technologies. A cookie is a small text file stored on your device that helps us improve your experience and understand how our website is used.

Our website uses different categories of cookies and similar technologies:

• Strictly necessary cookies – These cookies are essential for the operation of our website and cannot be switched off in our systems. They are usually only set in response to actions you take, such as setting your privacy preferences, logging in, or filling in forms. Without these cookies, some parts of the site will not work properly.

• Functional cookies – These cookies allow the website to provide enhanced functionality and personalisation (for example, remembering your preferences). They may be set by us or by third party providers whose services we have added to our pages.

• Performance cookies – These cookies collect information about how visitors use our website (for example, which pages are visited most often and if users get error messages). The information is aggregated and anonymous and is used to improve how our website works.

• Analytics cookies – These cookies help us understand how visitors interact with our website so we can measure and improve the performance and relevance of our content and services (for example, through Google Analytics).

• Marketing / advertising cookies – These cookies may be set through our site by advertising or social media partners (for example, LinkedIn). They may be used to build a profile of your interests and show you relevant adverts on other sites, and to measure the effectiveness of our marketing campaigns.

• Other / uncategorised cookies – These are cookies that are being analysed and have not yet been classified into one of the categories above.

Cookie Name/TypePurposeDurationThird PartyCategoryGDPR Cookie ConsentRemembers your cookie preferences11 monthsNoStrictly necessaryGoogle Analytics
(__utma, __utmc, __utmz, __utmt, __utmb)Website analytics and usage statisticsVaries (session to 2 years)Yes – Google LLC (USA)Analytics/performanceLinkedIn Insight TagMarketing analytics and conversion trackingVariesYes – LinkedIn (USA)Marketing/advertisingVimeoVideo playback and tracking videos viewedSession/PersistentYes – Vimeo Inc (USA)Functional/performanceGoogle reCAPTCHASecurity and spam preventionSessionYes – Google LLC (USA)Strictly necessary/security

We may update this table from time to time as we add or remove cookies or as third‑party providers change their technologies.

4.2 Managing Cookies

The cookies listed in Section 4.1 (including their categories) can be controlled or managed as follows:

  • Our cookie consent banner: When you first visit our site, you can accept or reject non-essential cookies

  • Your browser settings: Most browsers allow you to refuse cookies or delete existing cookies. Please note that disabling cookies may affect website functionality

  • Opt-out tools:

4.3 Automated Scraping, Web Crawling and AI Training

We do not authorise the use of automated tools (including scrapers, crawlers, bots, AI agents or similar technologies) to access, collect, copy or process content or personal information from our website for the purposes of:

• building, training, fine tuning or otherwise improving artificial intelligence (AI) or machine learning models;

• creating datasets or knowledge bases; or

• any other automated analysis or reuse of our content or personal information that is inconsistent with our Legal Disclaimer/Terms of Use.

Any such automated access or scraping is unauthorised and may breach:

• our Legal Disclaimer / Terms of Use;

• Australian privacy and data protection laws; and

• computer misuse or cybercrime laws.

We do not sell or disclose your personal information to third parties for the purpose of training AI or machine learning models. Where we engage third party service providers (for example, website hosting, analytics, video hosting or cloud services), we require them to use your personal information only for the limited purposes described in this Privacy Policy and not for their own AI training or unrelated purposes.

For more detail on our restrictions on automated access and AI training, please see Sections 3 and 4 of our Legal Disclaimer/Terms of Use.

5. How We Use Your Personal Information

We use your personal information for the following purposes:

5.1 Primary Purposes

  • Service delivery: To provide the services you have requested or engaged us to perform

  • Communication: To respond to your inquiries and communicate with you about our services

  • Client relationship management: To manage our business relationship with you

  • Project collaboration: To share project information through Microsoft Teams sites and other collaboration tools

5.2 Secondary Purposes

  • Website improvement: To analyze website usage and improve user experience

  • Security: To protect our website, systems, and business from security threats

  • Legal compliance: To comply with our legal and regulatory obligations

  • Business operations: To maintain records, conduct internal administration, and manage our business

  • Analytics: To understand how visitors use our website and which services are of interest

5.3 What We Do NOT Do

  • We do not send marketing emails or newsletters without your consent

  • We do not use automated decision-making that has legal or similarly significant effects on you

  • We do not sell your personal information to third parties

  • We do not use your information for purposes unrelated to our business relationship without your consent

6. Disclosure of Personal Information

6.1 When We Share Your Information

We may disclose your personal information to:

  • Service providers: Third-party providers who assist us in operating our business, including:

    • Website hosting providers (Squarespace, USA)

    • Cloud service providers (Microsoft 365, servers located in Australia and globally)

    • IT support and maintenance providers

    • Analytics providers (Google Analytics, LinkedIn)

  • Business partners: Partners of specific products or services where necessary to deliver services to you

  • Professional advisors: Lawyers, accountants, auditors, and other professional advisors

  • Related entities: Our subsidiaries, affiliates, and related companies

  • Legal requirements: Government agencies, regulators, law enforcement, or courts where required or authorised by law

  • Business transactions: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business

6.2 Third-Party Service Providers

When we engage third-party service providers, we:

  • Only share information necessary for them to perform their services

  • Require them to protect your information and use it only for the specified purpose

  • Conduct due diligence on their security and privacy practices

  • Enter into written agreements that include privacy and security obligations

7. Cross-Border Disclosure of Personal Information

Important Notice: Your personal information may be disclosed to, stored in, or processed in countries outside Australia.

7.1 Countries Where Your Information May Be Disclosed

We disclose personal information to recipients located in the following countries:

  • United States of America:

    • Website hosting (Squaespace)

    • Analytics services (Google Analytics, LinkedIn)

    • Video hosting (YouTube)

    • Cloud services (Microsoft 365 global infrastructure)

  • European Union: Microsoft 365 data centers

  • Other countries: Where Microsoft 365 operates data centers as part of their global infrastructure

7.2 Safeguards for Cross-Border Disclosures

When we disclose your personal information overseas, we take reasonable steps to ensure that:

  • The overseas recipient does not breach the Australian Privacy Principles

  • We have contractual arrangements in place that require the recipient to protect your information

  • We use service providers that comply with internationally recognized privacy frameworks (such as Microsoft’s compliance with global privacy standards)

Note: By using our services, you consent to the disclosure of your personal information to overseas recipients as described in this policy. You acknowledge that if we disclose your personal information to an overseas recipient, we may not be required to take reasonable steps to ensure the recipient complies with the APPs, and you may not be able to seek redress under the Privacy Act.

8. How We Protect Your Personal Information

8.1 Security Measures

We are committed to protecting your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. In accordance with the strengthened requirements under Australian Privacy Principle 11, we implement both technical measures and organizational measures:

Technical Measures:

  • Encryption: Data is encrypted in transit (HTTPS/TLS) and at rest

  • Multi-factor authentication (MFA): Required for access to business systems and client data

  • Secure hosting: Use of reputable hosting providers with security certifications

  • Firewalls and intrusion detection: Network security measures to prevent unauthorised access

  • Regular security updates: Systems and software are kept up to date with security patches

  • Secure data storage: Personal information stored in secure, access-controlled environments

  • Google reCAPTCHA: Protection against automated attacks and spam

Organizational Measures:

  • Access controls: Personal information is only accessible to authorised personnel who need it to perform their duties

  • Privilege management: Role-based access controls limit who can view or modify personal information

  • Account deactivation: User accounts are promptly deactivated when employees or contractors leave the organization

  • Staff training: Regular privacy and security training for all personnel

  • Confidentiality obligations: All staff and contractors are subject to confidentiality obligations

  • Data breach response plan: We maintain a documented plan for responding to data breaches

  • Regular reviews: Periodic assessment of our security measures and privacy practices

  • Vendor management: Due diligence and ongoing monitoring of third-party service providers

8.2 Data Breach Notification

In the event of a data breach that is likely to result in serious harm to you, we will:

  • Notify the Office of the Australian Information Commissioner (OAIC) within 72 hours of becoming aware of the breach

  • Notify affected individuals as soon as practicable

  • Provide information about the breach, the types of information involved, and steps you can take to mitigate potential harm

  • Take immediate action to contain and remediate the breach

8.3 Limitations

While we take reasonable steps to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

9. How Long We Keep Your Personal Information

9.1 Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our standard retention periods are:

Type of InformationRetention PeriodReason

Email correspondence 5 yearsBusiness records, legal requirementsClient project data 5 yearsBusiness records, warranty obligations, legal requirementsWebsite analytics data 5 years (aggregated)Business analysis and improvementContact inquiries (non-clients) 5 years or until you request deletionBusiness recordsServer logs and IP addressesUp to 5 yearsSecurity, troubleshooting, legal requirementsCookie dataAs specified in Section 4.1 Varies by cookie type

9.2 Secure Destruction

When personal information is no longer required, we will take reasonable steps to securely destroy or de-identify it, including:

  • Secure deletion of electronic records

  • Destruction of physical records (if any)

  • Removal from backup systems in accordance with our backup retention schedules

9.3 Legal Obligations

We may retain personal information beyond the periods specified above where required by law, including:

  • Taxation and accounting requirements (typically 5 years)

  • Legal proceedings or investigations

  • Regulatory requirements

10. Your Rights and Choices

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the following rights:

10.1 Right to Access

You have the right to request access to the personal information we hold about you. We will provide you with access unless there is a legal reason to deny your request (such as where providing access would be unlawful or would have an unreasonable impact on another person’s privacy).

10.2 Right to Correction

You have the right to request correction of your personal information if it is inaccurate, out of date, incomplete, irrelevant, or misleading. If we disagree with your request for correction, we will provide you with a written notice explaining our reasons and how you can complain about our refusal.

10.3 Right to Complain

If you believe we have breached your privacy rights, you have the right to make a complaint. See Section 12 below for our complaints process.

10.4 Right to Opt-Out

You can opt out of:

  • Cookies: Through your browser settings or our cookie consent banner

  • Analytics tracking: Using the opt-out tools mentioned in Section 4.2

Note: We do not send marketing communications, so there is no need to opt out of marketing emails.

10.5 How to Exercise Your Rights

To exercise any of these rights, please contact our Privacy Officer using the details in Section 12 below. We will respond to your request within a reasonable timeframe (typically within 30 days).

We may need to verify your identity before processing your request. We will not charge you for making a request, but we may charge a reasonable fee if your request is manifestly unfounded, excessive, or repetitive.

11. Automated Decision-Making

We do not use automated decision-making processes that have legal or similarly significant effects on you.

This means we do not use algorithms, artificial intelligence, or automated systems to make decisions about you that would:

  • Affect your legal rights

  • Significantly impact your access to our services

  • Have other similarly significant effects on you

All significant decisions about our business relationships are made by human personnel.

Note: This section is included to comply with transparency requirements introduced in the 2024 privacy reforms. If our practices change in the future, we will update this policy and provide clear information about any automated decision-making processes we implement.

12. Contact Us and Privacy Complaints

Privacy Officer Contact Details

Name: Brian Higson, Founding Partner
Organization: Realising-Potential Pty Ltd
Address: 580 Hay Street, Perth, Western Australia, 6000
Phone: +61 (8) 6499 9921
Email: info@realisingpotential.com.au
ABN: 27 102 910 743

12.1 Making a Privacy Complaint

If you believe we have breached your privacy or mishandled your personal information, please contact our Privacy Officer using the details above. Your complaint should include:

  • Your contact details

  • A clear description of the privacy issue or breach

  • Any relevant dates, documents, or correspondence

  • What outcome you are seeking

12.2 Our Complaints Process

  1. Acknowledgment: We will acknowledge receipt of your complaint within 7 business days

  2. Investigation: We will investigate your complaint and may contact you for additional information

  3. Response: We will provide a written response within 30 days, including:

    • Our findings

    • Whether we have breached your privacy

    • What action we will take to address the issue

    • Your options if you are not satisfied with our response

12.3 External Complaints

If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Mail: GPO Box 5218, Sydney NSW 2001

Note: Under the 2024 privacy reforms, the OAIC has enhanced enforcement powers, including the ability to issue infringement notices and civil penalties for privacy breaches.

13. Children’s Privacy

Our website and services are not directed at children under 18 years of age. We do not knowingly collect personal information from children.

If you are under 18, please do not provide any personal information through our website or services. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately and we will take steps to delete that information.

Note: The Australian government is developing a Children’s Online Privacy Code that will impose additional requirements on online services accessed by children. While our services are not directed at children, we will monitor these developments and update our practices if required.

14. Links to Third-Party Websites

Our website may contain links to third-party websites, including:

  • Social media platforms (Facebook, Twitter, LinkedIn, YouTube, Instagram)

  • Partner websites

  • Service provider websites

This Privacy Policy applies only to our website and services. We are not responsible for the privacy practices of third-party websites. When you click on a link to a third-party website, you should review that website’s privacy policy before providing any personal information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes to our information practices

  • Changes in privacy laws and regulations

  • New services or technologies we implement

  • Feedback from regulators or stakeholders

15.1 How We Notify You of Changes

When we make changes to this Privacy Policy, we will:

  • Update the “Last Updated” date at the top of this policy

  • Post the updated policy on our website

  • For material changes, we may provide additional notice through:

    • A prominent notice on our website

    • Direct communication to clients and active contacts

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

16. Definitions

For the purposes of this Privacy Policy:

  • “Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not. This includes information such as your name, email address, phone number, IP address, and other identifiers.

  • “Sensitive information” is a subset of personal information that includes information about an individual’s racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, health information, genetic information, or biometric information.

  • “Australian Privacy Principles (APPs)” are the 13 principles set out in Schedule 1 of the Privacy Act 1988 (Cth) that regulate how organizations collect, use, disclose, and store personal information.

  • “Cookies” are small text files placed on your device by websites you visit. They are widely used to make websites work more efficiently and provide information to website owners.

  • “Data breach” means unauthorised access to or disclosure of personal information, or loss of personal information, that is likely to result in serious harm to affected individuals.

17. Compliance with Australian Privacy Law

This Privacy Policy has been prepared to comply with:

  • The Privacy Act 1988 (Cth)

  • The Australian Privacy Principles (APPs)

  • The Privacy and Other Legislation Amendment Act 2024 (Cth)

  • The Spam Act 2003 (Cth)

  • Other applicable Australian privacy and data protection laws

We are committed to ongoing compliance with Australian privacy law and will update our practices as required to meet new legal obligations.

18. Additional Information

18.1 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or use of your personal information, as well as any choices you may have regarding your personal information.

18.2 Legal Disclosure

We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court, government agency, or law enforcement). We may also disclose your information to protect our rights, property, or safety, or the rights, property, or safety of others.

18.3 De-identified Information

We may create de-identified or aggregated information from personal information by removing information that makes the data personally identifiable to you. We may use and disclose this de-identified or aggregated information for any purpose, as it is no longer considered personal information under Australian privacy law.

19. Questions and Further Information

If you have any questions about this Privacy Policy or our privacy practices, please contact our Privacy Officer using the details in Section 12.

For general information about privacy rights in Australia, you can visit the Office of the Australian Information Commissioner’s website at www.oaic.gov.au.