Privacy Policy

Your privacy and data protection rights

Privacy Policy

Last updated: July 2025

Privacy Policy

Last updated: 31 July 2025

Effective date: 31 July 2025

1. Introduction and Compliance Statement

Carey Landwehr Architecture & Design (ABN: 61 657 080 043 ("CLAD AU", "we", "us", "our") is committed to protecting your personal information in accordance with:

  • Privacy Act 1988 (Cth) including the Privacy and Other Legislation Amendment Act 2024
  • Australian Privacy Principles (APPs)
  • General Data Protection Regulation (GDPR) for EU visitors
  • UK GDPR for UK visitors
  • Applicable US state privacy laws

Important: We implement comprehensive measures to prevent serious privacy invasions and maintain technical and organisational safeguards to protect your personal information. Maximum penalties for privacy breaches under current Australian law may reach $50 million.

2. Information We Collect

2.1 Personal Information Categories

We collect the following categories of personal information:

Identity and Contact Information:

  • Full name and professional title
  • Email address and telephone numbers
  • Postal address and business address
  • Company name and position (where applicable)

Project Information:

  • Property details and project requirements
  • Budget ranges and timeline preferences
  • Design preferences and specifications
  • Communication records regarding projects

Technical Information:

  • IP address and device identifiers
  • Browser type and version
  • Operating system and platform
  • Website usage data through cookies (with your consent)
  • Geolocation data (only with explicit consent)

Financial Information (where applicable):

  • Payment details for services
  • Billing addresses
  • Invoice records

Sensitive Information: We do not collect sensitive information (such as health, racial or ethnic origin, political opinions, religious beliefs, or biometric data) unless specifically required for project accessibility requirements and only with your explicit consent.

2.2 Children's Privacy Protection

We do not knowingly collect personal information from individuals under 18 years of age without appropriate parental or guardian consent. If we become aware that we have collected information from a child under 18 without proper consent, we will take immediate steps to delete such information. We are preparing enhanced children's privacy protections in anticipation of the Children's Online Privacy Code effective December 2026.

3. How We Collect Information

3.1 Direct Collection

  • Contact forms and enquiry submissions
  • Email and telephone communications
  • In-person consultations and meetings
  • Service agreements and contracts
  • Feedback and testimonial submissions

3.2 Automatic Collection

  • Website analytics (with cookie consent)
  • Server logs for security purposes
  • Error reports and performance monitoring

3.3 Third-Party Sources

  • Professional referrals (with your consent)
  • Public registers (e.g., property records)
  • Business partners involved in projects

4. Legal Basis and Purpose of Use

4.1 Australian Privacy Principles Compliance

We use your personal information for the following purposes under APP 6:

Primary Purposes:

  • Service Delivery: Providing architectural design and consultation services
  • Contract Performance: Fulfilling our contractual obligations
  • Legal Compliance: Meeting regulatory requirements including building codes and professional standards
  • Legitimate Interests: Operating and improving our business services

Secondary Purposes (with consent):

  • Marketing Communications: Sending updates about our services and industry insights
  • Portfolio Development: Showcasing completed projects (with client consent)
  • Business Analytics: Improving our services and website functionality

4.2 International Visitors - Legal Basis

For EU/UK Visitors (GDPR/UK GDPR):

  • Consent (Article 6(1)(a)): For marketing and non-essential cookies
  • Contract (Article 6(1)(b)): For service delivery
  • Legal Obligation (Article 6(1)(c)): For regulatory compliance
  • Legitimate Interests (Article 6(1)(f)): For business operations

5. Information Disclosure and International Transfers

5.1 Domestic Disclosures

We may disclose your personal information to:

  • Service Providers: IT support, cloud hosting (with contractual safeguards)
  • Professional Partners: Engineers, consultants, contractors (as required for projects)
  • Professional Advisors: Lawyers, accountants, insurers
  • Government Authorities: Building regulators, tax authorities (where legally required)

5.2 International Transfers and Safeguards

We may transfer personal information internationally for cloud storage and service delivery. As Australia currently lacks adequacy decisions from the EU and UK, we implement the following safeguards:

  • Standard Contractual Clauses (2021): For EU personal data transfers
  • UK International Data Transfer Agreement (IDTA): For UK personal data transfers
  • Transfer Risk Assessments: Evaluating recipient country protections
  • Supplementary Measures: Including encryption and access controls

We remain accountable under section 16C of the Privacy Act for ensuring overseas recipients handle your information in accordance with Australian privacy standards.

6. Data Security and Technical Safeguards

6.1 Comprehensive Security Framework

In accordance with APP 11 and the enhanced requirements under the 2024 amendments, we implement both technical and organisational measures to protect your personal information:

Technical Measures:

  • Industry-standard encryption for data in transit and at rest
  • Multi-factor authentication for system access
  • Regular security updates and patch management
  • Firewall protection and intrusion detection systems
  • Secure backup systems with encryption

Organisational Measures:

  • Staff privacy training and confidentiality agreements
  • Access controls based on role and necessity
  • Regular security audits and assessments
  • Incident response and breach notification procedures
  • Vendor due diligence and contractual safeguards

6.2 Data Breach Response

In the event of an eligible data breach:

  • We will assess and contain the breach immediately
  • Notify the Office of the Australian Information Commissioner (OAIC) within 30 days (pending 72-hour reform)
  • Inform affected individuals where the breach is likely to result in serious harm
  • Implement remedial measures to prevent recurrence

7. Data Retention and Destruction

We retain personal information only for as long as necessary to:

  • Provide our architectural services
  • Comply with legal and professional obligations (typically 7 years for project records)
  • Resolve disputes or enforce agreements
  • Maintain business records as required by law

When information is no longer required, we securely destroy it using industry-standard methods including secure deletion for electronic records and secure shredding for physical documents.

8. Your Rights and Choices

8.1 Australian Privacy Rights

Under the Privacy Act and APPs, you have the right to:

  • Access: Request a copy of your personal information (APP 12)
  • Correction: Request correction of inaccurate information (APP 13)
  • Anonymity: Deal with us anonymously where practicable (APP 2)
  • Opt-out: Unsubscribe from marketing communications
  • Complaints: Lodge a complaint with us or the OAIC

8.2 Additional Rights for International Visitors

EU/UK Visitors (GDPR/UK GDPR):

  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a structured format
  • Restriction: Limit processing in certain circumstances
  • Object: Object to processing based on legitimate interests

US Visitors: Rights vary by state but may include access, deletion, and opt-out of sale (though we do not sell personal information).

8.3 Exercising Your Rights

To exercise any of these rights:

  1. Email us at contact@cl-ad.com.au
  2. Provide sufficient information to verify your identity
  3. Specify which right(s) you wish to exercise
  4. We will respond within 30 days (or as required by applicable law)

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

  • Essential Cookies: Required for website functionality and security
  • Analytics Cookies: Help us understand website usage (with consent)
  • Preference Cookies: Remember your settings and choices

9.2 Cookie Consent and Control

We obtain your consent before placing non-essential cookies. You can manage cookie preferences through:

  • Our cookie consent banner on first visit
  • Your browser settings
  • Contacting us to update preferences

10. Complaint Resolution and Statutory Rights

10.1 Internal Complaint Process

If you have concerns about our privacy practices:

  1. Contact our Privacy Officer at contact@cl-ad.com.au
  2. We will acknowledge your complaint within 5 business days
  3. We will investigate and respond within 30 days
  4. If unresolved, we will inform you of external complaint options

10.2 External Complaint Options

Australian Residents:

  • Office of the Australian Information Commissioner (OAIC)
  • Website: www.oaic.gov.au
  • Phone: 1300 363 992

Statutory Tort Rights (Effective 10 June 2025): Individuals may have rights to seek remedies for serious privacy invasions through the Federal Court of Australia.

International Residents: You may lodge complaints with your local data protection authority.

11. Anti-Doxxing and Serious Privacy Invasion Prevention

We implement comprehensive measures to prevent serious privacy invasions including:

  • Strict controls on personal information disclosure
  • Staff training on anti-doxxing criminal offences (up to 7 years imprisonment)
  • Technical safeguards preventing unauthorised access or disclosure
  • Regular risk assessments for serious invasion potential

12. Updates to This Policy

We may update this Privacy Policy to reflect:

  • Changes in our practices or services
  • Legal and regulatory developments
  • Technological advancements
  • Feedback from stakeholders

Material changes will be notified via email or prominent website notice. Continued use of our services after changes indicates acceptance of the updated policy.

13. Contact Information

Privacy Officer

Carey Landwehr Architecture & Design Pty Ltd

Email: contact@cl-ad.com.au

Phone: +61 423 400 578

Address: 11 Wellington Street, Collingwood VIC 3066

Response time: Within 5 business days for initial response

14. Regulatory Environment Notice

This Privacy Policy reflects the enhanced Australian privacy law framework including:

  • Maximum civil penalties of $50 million for serious privacy breaches
  • Criminal penalties up to 7 years imprisonment for doxxing offences
  • Statutory tort remedies for serious privacy invasions (from June 2025)
  • Enhanced OAIC investigation and enforcement powers

We maintain a proactive compliance approach to protect your privacy rights within this enhanced enforcement environment.

This site uses essential cookies.
© 2010–2025 CLAD.
12:00:00 am