Privacy Policy
Last Updated: 2026
This Privacy Policy explains how Anna Rutherford Approach (ABN 20 192 551 862) (“we”, “us”, or “our”) collects, holds, uses, and discloses personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the General Data Protection Regulation (GDPR) for European users.
By using our services, you acknowledge that you have read and understood this Privacy Policy.
1. DEFINITIONS
“Personal information” means information about an identified or reasonably identifiable individual, including: name, contact details, financial information, program intake questionnaires, health and movement screening forms, fitness and training background details, pregnancy or postpartum stage information, exercise preferences and limitations, course progress data, quiz and reflection responses, coaching communications, technical data (IP address, device identifiers), and communications with us.
“Sensitive information” includes health information, pregnancy status and stage, postpartum recovery details, pelvic floor symptoms or concerns, diastasis recti or abdominal recovery status, exercise contraindications or injury disclosures, general health screening information relevant to safe participation in exercise, and other special categories of data. We only collect sensitive information with your consent and when reasonably necessary. We implement enhanced security for sensitive information including restricted access, encryption, and secure deletion protocols.
2. AGE RESTRICTIONS
Our services are for individuals aged 18 years and over only. If you are under 18, you must not use our services or provide personal information without parental consent. If we discover we have collected information from someone under 18 without proper consent, we will delete it promptly. Parents may contact us at anna@arawomen.com.au to access, correct, or delete their child’s information.
3. WHAT WE COLLECT AND HOW
We collect:
- contact and account information (name, email, phone, address);
- financial information for payment processing;
- program intake and onboarding questionnaires, health and movement screening forms, fitness goals and training history information, pregnancy and postpartum stage details, exercise preferences and limitations, course progress tracking and feedback forms, quiz or reflection responses, and coaching communications;
- community and interaction data including comments or responses in online classes or group discussions, messages or posts in private community spaces associated with programs or memberships, and user interactions submitted via social platforms linked to the business;
- coaching session summaries, program planning notes related to individual goals or progress, and safety considerations or movement modifications discussed;
- technical information (IP address, device type, browsing behaviour); and
- website usage data via cookies, Google Analytics, and Meta Pixel (Facebook/Instagram).
We collect information directly from you (forms, purchases, communications), from third parties (referrers, affiliates), and through automated technologies (cookies, analytics).
4. COOKIES AND TRACKING
We use cookies for website functionality, user experience, and marketing. Third-party services (Google Analytics and Meta advertising services) may track your activity across websites for advertising purposes. You can manage cookies through your browser settings.
Opt-out options:
- Google Analytics: https://tools.google.com/dlpage/gaoptout
- Meta (Facebook): https://www.facebook.com/settings/?tab=ads
We use cookies for website functionality, user experience, and marketing. Third-party services (Google Analytics and Meta advertising services) may track your activity across websites for advertising purposes. You can manage cookies through your browser settings.
Opt-out options:
- Google Analytics: https://tools.google.com/dlpage/gaoptout
- Meta (Facebook): https://www.facebook.com/settings/?tab=ads
5. WHY WE COLLECT YOUR INFORMATION
We use your information to: provide services and programs; process payments; communicate about your account and purchases; deliver personalised content and recommendations; administer exercise programs and courses; tailor programs to pregnancy and postpartum stages; monitor course participation and progress; provide coaching support and safety modifications; facilitate community participation within memberships or programs; respond to client enquiries and support requests; improve our services; send marketing communications (with consent); and comply with legal obligations.
Marketing Communications: We distinguish between transactional messages (purchase confirmations, account updates — you cannot opt out) and marketing messages (newsletters, promotions — you can opt out anytime). Opt out by clicking “unsubscribe” in emails, replying “STOP” to SMS, or emailing anna@arawomen.com.au.
For EU users, we may rely on legitimate interest for existing customer marketing, but you can always object.
6. DATA RETENTION
We retain personal information as follows:
- financial and client records: 7 years (legal requirement);
- service-specific data (questionnaires, screening forms, progress tracking, messages): duration of the active program or membership, and up to 2 years after completion or inactivity, or until you request deletion;
- course and program data (course progress history and internal tracking data): up to 2 years after program completion;
- mailing list: while subscribed, then 2 years after last engagement;
- session notes and recordings for 1:1 sessions: up to 2 years after the last session;
- website analytics: 26 months; and
- inactive accounts: anonymised after 3 years of no activity.
7. SERVICE CLARIFICATION
Our coaching, fitness training, exercise instruction, and educational programs delivered online and through group classes or one-on-one sessions are NOT clinical healthcare services, physiotherapy, medical diagnosis or treatment, psychological counselling, dietetic services, legal advice, or financial advice. We are not a regulated health service provider under the Health Practitioner Regulation National Law (Australia) and do not maintain clinical or medical health records. However, any health and fitness screening information you share is treated as sensitive information with enhanced security.
Individual session recordings are deleted within 30 days (if applicable). Group class recordings hosted on the membership platform are retained for the duration of program access plus 12 months.
If you require medical, mental health, or allied health support, please seek assistance from an appropriately qualified healthcare professional.
8. WHERE YOUR DATA IS STORED
Your information may be stored overseas with these service providers:
- Bluehost (USA) — website hosting;
- Stripe (USA) — payment processing;
- PayPal (USA) — payment processing;
- Mailchimp (USA) — email marketing services;
- Google (USA) — website analytics (Google Analytics);
- Meta Platforms (USA) — advertising services and tracking (Facebook/Instagram, Meta Pixel);
- Vimeo (USA) — video hosting and streaming; and
- YouTube (USA) — video hosting and streaming.
When we disclose information to these overseas providers, APP 8.1 may not apply, and you may not be able to seek redress under the Privacy Act 1988 (Cth) from the OAIC. We ensure these providers have privacy protections substantially similar to the APPs. For EU users, we use Standard Contractual Clauses or rely on adequacy decisions for international transfers.
9. SOCIAL MEDIA AND PUBLIC FORUMS
We operate on Instagram, Facebook (including private or public groups), YouTube, and private membership community spaces hosted on our website or membership platform. Important warnings:
- public posts are NOT private and are visible to other users and potentially the general public;
- we cannot control how others use information you share publicly;
- third-party platforms have their own privacy policies; and
- even in private groups, content is visible to all members who may screenshot or share outside the group.
Exercise discretion when sharing personal information. We are not responsible for information you choose to share publicly or for third-party platform practices.
10. AUTOMATED PROCESSING
Our online intake questionnaires, screening quizzes, and assessments use automated processing to generate program or course recommendations, personalised content or class suggestions, and exercise guidance or modifications based on your responses. This does not produce legal effects or significantly affect you under GDPR Article 22. Results are guidance only — you can request human review, contest recommendations, or delete your data at any time by contacting anna@arawomen.com.au.
11. WHEN WE DISCLOSE YOUR INFORMATION
We disclose personal information when: you consent; required by law; necessary to provide services; to service providers who assist our business (subject to confidentiality); or to prevent serious threats to life, health, or safety.
We implement security measures including restricted access, encryption, password protection, and staff training. We only disclose sensitive information for the purpose you provided it or with your consent, except where required by law or to prevent serious harm.
Serious Threat Disclosures: We may disclose information to authorities if we reasonably believe there is risk of harm to self or others, suspected abuse of anyone under 18, or if required by court order.
12. FINANCIAL INFORMATION SECURITY
We use PCI-DSS compliant payment processors (Stripe and PayPal). We implement SSL/TLS encryption, restrict access to authorised personnel, do not retain complete card details, and encrypt financial information when stored. We retain financial information for 7 years to comply with taxation requirements. No internet transmission is 100% secure, and we cannot guarantee absolute security.
13. DATA BREACHES
Under the Notifiable Data Breaches scheme, if we experience an eligible data breach (one likely to result in serious harm), we will: notify the OAIC within 72 hours; notify affected individuals without undue delay; explain the breach and recommend protective steps; and take immediate action to contain the breach, secure systems, and prevent future incidents. You can contact us for support and may lodge a complaint with the OAIC if affected by a breach.
14. THIRD-PARTY WEBSITES
Our website contains links to third-party websites and services. We are not responsible for their privacy practices, security, or content. Review their privacy policies before providing information. Links do not imply our endorsement.
15. YOUR RIGHTS — ACCESS, CORRECTION, DELETION
You have the right to:
- access personal information we hold about you;
- request correction of inaccurate or incomplete information;
- request deletion of your information (subject to legal retention requirements);
- opt out of marketing communications; and
- lodge a complaint if you believe we have breached privacy laws.
To exercise these rights, email anna@arawomen.com.au with your request. We will respond within 30 days. We do not charge fees for access, correction, or deletion requests unless manifestly unfounded or excessive.
Deletion Limitations: We cannot delete information if required by law to retain it (for example, financial records for 7 years, client records for legal compliance), necessary for legal claims, or where overriding legitimate interests require retention.
16. COMPLAINTS
If you have privacy concerns, email anna@arawomen.com.au with “Privacy Complaint” in the subject line. We will acknowledge within 5 business days, investigate thoroughly, and respond within 30 days. If unsatisfied with our response, you can complain to the Office of the Australian Information Commissioner:
Phone: 1300 363 992
Online: www.oaic.gov.au
Post: GPO Box 5218, Sydney NSW 2001
17. GDPR RIGHTS (EUROPEAN USERS)
If you are in the EEA or UK, you have additional rights under GDPR:
- right to be informed (this policy);
- right of access to your data;
- right to rectification of inaccurate data;
- right to erasure (“right to be forgotten”);
- right to restrict processing;
- right to data portability (receive your data in machine-readable format);
- right to object to processing (especially direct marketing);
- right not to be subject to automated decision-making with legal effects;
- right to withdraw consent; and
- right to lodge a complaint with your supervisory authority.
Lawful Bases: We process your data based on: consent (marketing, program enrolment, quiz and assessment participation); contract performance (service delivery); legal obligation (record keeping); or legitimate interests (business improvement, fraud prevention).
For special categories of data (health information, exercise screening and fitness intake information), we rely on your explicit consent or legal claims necessity.
International Transfers: We use Standard Contractual Clauses approved by the European Commission for transfers to countries without adequacy decisions.
To exercise GDPR rights, email anna@arawomen.com.au. We will respond within one month (extendable by two months for complex requests). You have an absolute right to object to direct marketing at any time.
18. CHANGES TO THIS POLICY
We may update this policy to reflect changes in our practices or legal requirements. We will update the “Last Updated” date, post the updated policy on our website, and notify you by email for material changes. Material changes take effect 30 days after notification. Continuing to use our services after changes take effect constitutes acceptance. You are responsible for regularly reviewing this policy.
19. DISCLAIMERS
Non-Therapeutic Services: Our services are not medical treatment, physiotherapy, psychological counselling, psychotherapy, nutrition or dietetic therapy, or mental health treatment, and are not substitutes for professional healthcare. We are not registered health practitioners.
Security: While we implement reasonable security measures, we cannot guarantee absolute security of data transmitted over the internet or protection against all cyber threats.
Third Parties: We are not responsible for third-party website privacy practices or for information you share publicly in social media or community spaces.
Accuracy: You are responsible for providing accurate information and updating your details.
Australian Consumer Law: Nothing in this policy excludes, restricts, or modifies any consumer guarantee, right, or remedy under the Australian Consumer Law that cannot be excluded by law.
20. CONTACT INFORMATION
For all privacy inquiries, requests, or complaints:
Email: anna@arawomen.com.au
Business Name: Anna Rutherford Approach
ABN: 20 192 551 862
Physical Address: Available upon request via email
Response Times: We aim to acknowledge inquiries within 5 business days and provide substantive responses within 30 days (1 month for GDPR requests).
21. ACKNOWLEDGMENT
By using Anna Rutherford Approach’s services, you acknowledge that you have read and understood this Privacy Policy, understand how we handle your personal information, consent to the collection, use, and disclosure described herein, and accept any limitations and disclaimers. If you are under 18, you confirm you have obtained parental consent. If you disagree with this policy, you should not use our services.
Thank you for trusting Anna Rutherford Approach with your personal information. We are committed to protecting your privacy and using your information responsibly in accordance with applicable privacy laws. If you have any questions, please contact us at anna@arawomen.com.au.
— End of Privacy Policy —