Privacy Policy
1. Introduction
This Privacy Policy explains how we collect, use, hold, disclose and protect your personal information when you visit our website at keyframehealth.com.au (the "Site"), enrol in or participate in our courses and educational programs, or otherwise interact with us.
We are bound by the Privacy Act 1988 (Cth) ("Privacy Act") and the Australian Privacy Principles ("APPs") contained in Schedule 1 of that Act, as amended from time to time including by the Privacy and Other Legislation Amendment Act 2024.
Please read this Privacy Policy carefully. By using our Site or services, you acknowledge that you have read and understood this policy. This Privacy Policy should be read together with our Cookie Policy.
2. About Us and How to Contact Us
ABN: 77 695 846 989
Email: contact@keyframehealth.com.au
If you have any questions, concerns, or complaints about how we handle your personal information, please contact our Privacy Officer using the details above. We will respond to all privacy enquiries within 30 days.
3. What Personal Information We Collect
"Personal information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not, as defined in the Privacy Act 1988 (Cth).
As an education provider, we may collect the following types of personal information:
|
Type of Information |
Examples |
|
Identity information |
Full name, date of birth, title, gender (if provided) |
|
Contact information |
Email address, telephone number, postal address |
|
Professional information |
Job title, profession, employer, professional registration or membership number, years of experience |
|
Account information |
Username, password (encrypted), account preferences and settings |
|
Enrolment information |
Courses enrolled in, enrolment date, enrolment status, referral source |
|
Learning and progress data |
Course completion status, assessment results, quiz scores, certificates issued, time spent on learning activities, lesson progress |
|
Transaction information |
Payment records, purchase history, invoices, refund requests |
|
Communications |
Emails, messages, discussion board posts, live chat transcripts, support enquiries |
|
Technical information |
IP address, browser type and version, device type, operating system, time zone setting |
|
Usage information |
Pages visited, links clicked, videos watched, time spent on pages, referring URLs |
|
Marketing preferences |
Preferences for receiving marketing and communications from us |
3.2 Sensitive Information
We do not routinely collect sensitive information (such as health information, racial or ethnic origin, political opinions, religious beliefs, or criminal record) as part of our standard education services.
If you voluntarily disclose sensitive information to us — for example, by advising us of an accessibility requirement or learning support need — we will handle that information with the additional care required by APP 3 and will only use or disclose it for the purpose for which it was provided and as otherwise permitted by law.
We will always seek your express consent before collecting sensitive information, unless required by law.
3.3 Financial Information
We collect information necessary to process payments for our courses and services, including your name and billing address. Payment card transactions are processed by Stripe, a PCI-DSS compliant third-party payment processor. We do not store your full credit or debit card numbers on our systems. Stripe's privacy policy is available at stripe.com/au/privacy.
3.4 Students Under 18
Some of our courses may be suitable for students under the age of 18. If you are under 18, please ensure a parent or guardian has reviewed this Privacy Policy and consents to your enrolment and our handling of your personal information.
We do not knowingly collect personal information from children under the age of 13 without verifiable parental consent. If you believe a child under 13 has provided us with personal information without appropriate consent, please contact us immediately at contact@keyframehealth.com.au.
4. How We Collect Your Personal Information
4.1 Information You Provide Directly
We collect personal information that you voluntarily provide when you:
• Create an account or register on our Site
• Enrol in or purchase a course or educational program
• Complete a profile, form, survey, or quiz
• Participate in course discussion boards, live sessions, or webinars
• Contact us with an enquiry, feedback, or complaint
• Subscribe to our mailing list or newsletter
• Apply for a certificate, credential, or completion record
• Communicate with us by email, telephone, or live chat
4.2 Information Collected Automatically
When you visit our Site or use our learning platform, we automatically collect certain technical and usage information through cookies and similar technologies. This includes your IP address, browser type, device information, pages visited, course progress, and how you navigated our Site and learning platform. Please refer to our Cookie Policy for full details.
4.3 Information From Third Parties
We may occasionally receive personal information about you from third parties, including:
• Payment processors (such as Stripe) confirming that a transaction has been completed
• Employers or organisations that have purchased access to our courses on your behalf
• Analytics providers supplying aggregated or anonymised usage data
• Marketing platforms where you have consented to share your information with us
5. How We Use Your Personal Information
|
Purpose |
Reason |
|
To create and manage your student account |
Necessary to perform our contract with you |
|
To process your enrolment and deliver courses |
Necessary to perform our contract with you |
|
To track your learning progress and issue certificates |
Necessary to perform our contract with you |
|
To process payments and manage billing |
Necessary to perform our contract with you |
|
To communicate with you about your enrolment or courses |
Necessary to perform our contract with you |
|
To respond to your enquiries, feedback, and complaints |
Legitimate interest / legal obligation |
|
To provide learning support and accessibility accommodations |
Legitimate interest |
|
To send service updates, course announcements, and notices |
Legitimate interest (you may opt out of non-essential messages) |
|
To send marketing and promotional communications |
Your consent (you may withdraw at any time) |
|
To improve and develop our courses and platform |
Legitimate interest |
|
To conduct internal analytics and reporting |
Legitimate interest |
|
To issue and verify certificates and credentials |
Legitimate interest / contractual |
|
To comply with our legal obligations |
Legal obligation |
|
To detect and prevent fraud or security incidents |
Legitimate interest / legal obligation |
|
To manage corporate enrolments from employers |
Necessary to perform our contract |
We will not use your personal information for any purpose that is incompatible with the purpose for which it was collected, unless you have consented or we are required or authorised to do so by law.
6. Corporate and Employer-Sponsored Enrolments
• We may share your enrolment status, course progress, completion status, and assessment results with the sponsoring organisation
• The sponsoring organisation may have access to a dashboard showing learning activity for participants they have enrolled
• We will only share the information reasonably necessary for the organisation to manage and report on its training investment
If you have questions about what information your employer can see, please contact us at contact@keyframehealth.com.au or speak with your employer directly.
7. Direct Marketing
• Expressly consented to receive marketing from us; or
• Previously enrolled in our courses and would reasonably expect to receive similar communications (inferred consent), subject to your right to opt out at any time
All marketing emails we send comply with the Spam Act 2003 (Cth) and include a clear and functional unsubscribe mechanism. You can opt out at any time by:
• Clicking the "unsubscribe" link in any marketing email we send
• Contacting us at contact@keyframehealth.com.au
Opting out of marketing will not affect our ability to send you transactional or service messages such as enrolment confirmations, course access details, payment receipts, or certificate notifications.
8. Disclosure of Your Personal Information
We do not sell your personal information to third parties. We may disclose your personal information to the following categories of recipients for the purposes described in this policy:
|
Recipient |
Purpose |
|
Payment processors (Stripe) |
To process course payments and manage billing |
|
Learning management system (LMS) provider |
To host and deliver our online courses and track learning progress |
|
Cloud hosting and infrastructure providers |
To host our Site and securely store data |
|
Video hosting providers (Vimeo) |
To deliver video-based course content |
|
Analytics providers (Google Analytics) |
To understand how our Site and courses are used |
|
Email and marketing platform providers |
To manage and send course and marketing communications |
|
Certificate and credentialling tools |
To issue, store, and verify course completion certificates |
|
Employers and sponsoring organisations |
To report on learning progress for corporate enrolments (see Section 6) |
|
Professional advisers |
Legal, accounting, and insurance services where required |
|
Regulatory authorities and law enforcement |
Where required or authorised by law |
We require all third-party recipients to respect the security of your personal information and to treat it in accordance with applicable law. We do not allow third parties to use your personal information for their own purposes.
8.2 Disclosure Required by Law
We may disclose your personal information where required or authorised by law, including in response to a valid court order, subpoena, or regulatory requirement. Where possible and legally permitted, we will notify you before making such a disclosure.
8.3 Business Transfers
If we sell, transfer, or restructure all or part of our business, your personal information may be transferred to the new owner as part of that transaction. We will take reasonable steps to ensure the new owner is bound by privacy obligations at least equivalent to those in this policy and, where practicable, will notify you in advance.
9. Overseas Disclosure of Personal Information
We currently use service providers in the following countries:
|
Country |
Service Providers |
Safeguards |
|
United States |
Google LLC (Analytics, Ads), Meta Platforms Inc. (Advertising), Stripe Inc. (Payments), Cloudflare Inc. (Security), Vimeo LLC (Video), [INSERT LMS provider if US-based] |
Data Processing Agreements; Standard Contractual Clauses; Privacy Framework certifications; IP anonymisation enabled (Google Analytics) |
By using our Site and services, you acknowledge that your personal information may be transferred to and processed in countries whose privacy laws may differ from those in Australia. We take reasonable steps to protect your information, but cannot guarantee that overseas recipients will comply with the APPs in all circumstances.
10. Your Privacy Rights
You have the right to request access to the personal information we hold about you, including your enrolment records and learning data. Please contact our Privacy Officer at contact@keyframehealth.com.au. We will respond within 30 days and provide access free of charge.
In limited circumstances permitted by the Privacy Act, we may decline an access request (for example, where it would unreasonably impact another individual's privacy). If we decline, we will provide written reasons.
10.2 Right to Correction
If any personal information we hold about you is inaccurate, out-of-date, incomplete, or misleading, you have the right to request correction. We will take reasonable steps to correct the information within 30 days. If we decline, we will provide written reasons and you may request that a note of the correction sought be associated with your record.
10.3 Right to Withdraw Consent
Where we rely on your consent to process your personal information (for example, for marketing), you may withdraw that consent at any time by contacting us at contact@keyframehealth.com.au or using the unsubscribe link in any marketing email. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.
10.4 Right to Make a Complaint
If you believe we have handled your personal information in breach of the Privacy Act, you have the right to make a complaint. Please see Section 14 for our complaints process.
11. How We Protect Your Information
• Encryption of data in transit using TLS (Transport Layer Security)
• Encryption of data at rest for sensitive information
• Role-based access controls limiting who within our organisation can access personal information
• Secure, password-protected account access for all students
• Regular security assessments of our platform and third-party providers
• Staff training on privacy and data security obligations
• Secure deletion or de-identification of personal information when no longer needed
While we take all reasonable steps to protect your information, no method of internet transmission or electronic storage is completely secure. We cannot guarantee absolute security. If you suspect your account has been compromised, please contact us immediately at contact@keyframehealth.com.au.
12. How Long We Keep Your Information
|
Type of Information |
Retention Period |
|
Student account and profile information |
Duration of account, plus 2 years after account closure or last activity |
|
Enrolment and course progress records |
7 years from the date of enrolment (to support certificate verification and compliance) |
|
Course completion certificates |
Indefinitely, or until you request deletion (to support ongoing credential verification) |
|
Assessment results and quiz data |
7 years from completion |
|
Transaction and payment records |
7 years to comply with tax and financial record-keeping obligations |
|
Marketing preferences and consent records |
Until you withdraw consent or opt out, plus 1 year for compliance purposes |
|
Technical and usage logs |
12 months |
|
Support and correspondence records |
3 years from the date of last correspondence |
|
Corporate enrolment reporting data |
Duration of the corporate agreement, plus 2 years |
When personal information is no longer required, we will take reasonable steps to securely destroy or permanently de-identify it in accordance with APP 11.2.
13. Notifiable Data Breaches
• Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable
• Notify affected individuals directly, or where that is not reasonably practicable, publish a notice on our Site
We have internal procedures to detect, contain, assess, and respond to data breaches in a timely manner. If you suspect that your personal information has been involved in a data breach, please contact us immediately at contact@keyframehealth.com.au.
14. Privacy Complaints
If you believe we have mishandled your personal information or breached the Privacy Act or the APPs, please contact us first so we can attempt to resolve your concern.
Step 1 — Contact us:
Please contact our Privacy Officer in writing:
Email: contact@keyframehealth.com.au
Step 2 — We will investigate:
We will acknowledge your complaint within 5 business days and aim to provide a substantive response within 30 days. For complex matters we may require additional time and will keep you informed.
Step 3 — External escalation:
If you are not satisfied with our response, or we have not responded within 30 days, you may lodge a complaint with the OAIC:
Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Online: www.oaic.gov.au/privacy/privacy-complaints
Post: GPO Box 5218, Sydney NSW 2001
15. Cookies and Online Tracking
16. Third-Party Websites and Links
17. Changes to This Privacy Policy
We encourage you to review this Privacy Policy periodically. Your continued use of our Site or platform after changes have been posted constitutes acceptance of non-material updates. For material changes affecting how we handle your personal information, we will seek your consent where required by law.
18. Governing Law
Keyframe Health acknowledges the Kaurna people as the Traditional Custodians of the Adelaide Plains, and pays respect to Elders past and present. We acknowledge Aboriginal and Torres Strait Islander peoples as the First Peoples of Australia and Traditional Custodians of Country throughout Australia, and recognise the ongoing strength, resilience, and contribution of First Nations peoples, cultures, and communities.
Copyright© Keyframe Health 2026
