PHOENIX SANCTUM™ PRIVACY POLICY

Effective date: 4 April 2026
Last updated: 4 April 2026

1. ABOUT THIS POLICY

PHOENIX SANCTUM™ respects your privacy and is committed to handling personal information lawfully, transparently, and securely.

This Privacy Policy explains how PHOENIX SANCTUM™ collects, holds, uses, discloses, and otherwise handles personal information, including sensitive information and health information, in connection with our website, enquiries, bookings, intake processes, services, products, reports, communications, and related business operations.

This policy is intended to comply with applicable Australian privacy requirements, including the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Notifiable Data Breaches scheme, and, where applicable, the Health Records and Information Privacy Act 2002 (NSW).

If privacy, health-record, consumer, or data-protection laws in another jurisdiction apply to you or to a particular interaction with us, this policy is intended to operate alongside those laws to the extent they apply.

2. WHO WE ARE

PHOENIX SANCTUM™
ABN: 94 991 399 634
Address: 4A Painters Parade, Dee Why, NSW 2099, Australia
Email: info@phoenixsanctum.com
Website: https://www.phoenixsanctum.com

In this policy, “PHOENIX SANCTUM™”, “we”, “us” and “our” means the PHOENIX SANCTUM™ business and authorised personnel acting for it.

3. WHO THIS POLICY APPLIES TO

This policy applies to personal information we handle about:

  • website visitors

  • people making enquiries

  • subscribers and mailing list contacts

  • prospective clients

  • current and former clients

  • carers, emergency contacts, or authorised representatives

  • referring practitioners or collaborators

  • suppliers, contractors, and other business contact

4. THE TYPES OF INFORMATION WE MAY COLLECT

Depending on how you interact with us, we may collect and hold the following categories of information.

4.1 Identity and Contact Information

This may include:

  • full name

  • date of birth

  • telephone number

  • email address

  • residential or postal address

  • emergency contact details

  • communication preferences

4.2 Sensitive Information and Health-Related Information

Where reasonably necessary for our activities and permitted by law, we may collect sensitive information and health-related information that you provide to us, including:

  • intake form responses

  • self-reported symptoms, experiences, and wellbeing concerns

  • lifestyle, environmental, and personal history relevant to your requested services

  • medications, supplements, and sensitivities voluntarily disclosed by you

  • medical or practitioner information you choose to provide

  • contraindication and safety information

  • information relevant to service suitability, consent, risk management, or continuity of care

4.3 Service Records and Session-Related Information

This may include:

  • booking and attendance records

  • notes of consultations or sessions

  • service preferences

  • product or protocol history

  • client communications

  • reports, summaries, and internal working notes

4.4 Biofeedback, Energetic, and Technical Session Data

Where relevant to our services, this may include:

  • scan outputs

  • device-generated results

  • reverse lookup results

  • resonance or session observations

  • historical comparison data

  • programme or frequency-selection records

  • records linked to sample-based remote service delivery

4.5 Sample and Remote-Service Information

Where you use remote or sample-based services, we may collect and hold information associated with that process, including:

  • instructions and logistics for sample submission

  • records identifying that a sample was received

  • the type of sample submitted

  • the date of receipt, assignment, return, destruction, or disposal

  • records linking the sample to your client file and service history

Unless expressly stated otherwise, we do not require more sample-related information than is reasonably necessary for the requested service and lawful record-keeping.

4.6 Recordings and Transcripts

If you expressly agree, we may create and hold:

  • audio recordings

  • video recordings

  • photographs

  • transcripts

  • written summaries derived from recordings

We do not intentionally record sessions without your express permission, except where recording is reasonably necessary or permitted by law for security, dispute handling, or legal compliance.

4.7 Payment and Transaction Information

We may collect limited transaction-related information such as:

  • invoice and billing records

  • payment status

  • transaction identifiers

  • partial payment metadata supplied by payment processors

We do not intentionally store full payment card details unless this is handled by a PCI-compliant third-party payment provider in accordance with their own systems and terms.

4.8 Website, Device, and Usage Data

When you use our website or digital channels, we may collect:

  • IP address

  • browser and device information

  • pages viewed

  • referring URLs

  • approximate location data inferred from technical information

  • cookies and analytics data

  • form submission data

  • marketing interaction data

  • security and fraud-prevention logs

4.9 Marketing and Social Media Data

If you subscribe, enquire, or interact with our marketing or social media content, we may collect:

  • your subscription status

  • engagement data

  • social media handle or profile details visible to us

  • information you send to us through social messaging tools or comments

5. HOW WE COLLECT INFORMATION

We collect personal information in a number of ways, including:

  • directly from you through forms, bookings, emails, calls, messages, and consultations

  • through our website, intake pages, and scheduling tools

  • during in-person, remote, or online service delivery

  • from device outputs and service records created during sessions

  • from payment providers and booking platforms in connection with transactions or appointments

  • from your authorised representative, carer, or referrer where you have authorised this or the law permits it

  • from publicly available sources where reasonably necessary for verification, fraud prevention, safety, or business administration

Where reasonable and practicable, we collect information directly from you.

6. WHY WE COLLECT, HOLD, USE, AND DISCLOSE INFORMATION

We collect, hold, use, and disclose personal information for purposes including to:

  • respond to enquiries

  • decide whether our services are suitable for you

  • manage bookings, accounts, and administration

  • deliver requested services and products

  • personalise service delivery where appropriate

  • maintain continuity across sessions and over time

  • prepare notes, reports, summaries, and recommendations

  • manage remote services and sample-based workflows

  • communicate with you about appointments, scheduling, support, and service matters

  • take payment and manage invoicing, accounting, and fraud prevention

  • maintain internal records

  • protect client safety, business integrity, and legal rights

  • investigate complaints, incidents, disputes, or suspected misuse

  • comply with legal, regulatory, tax, insurance, and professional obligations

  • improve our website, operations, client experience, and service quality

  • send marketing or educational content where permitted and in accordance with your preferences and applicable law

We do not sell personal information to data brokers or third-party advertisers.

7. CONSENT AND SENSITIVE INFORMATION

Because we may handle sensitive information and health-related information, your consent matters.

By submitting an intake form, providing health-related or sensitive information, proceeding with a booking, requesting our services, or otherwise choosing to provide such information to us after being given notice, you consent to our collection, use, and disclosure of that information for the purposes described in this policy, unless the law requires a higher or more specific form of consent.

Where we need express consent for a particular activity, we will seek it separately. Examples may include:

  • session recordings

  • receiving particularly sensitive documents from you

  • disclosing information to another practitioner or support person

  • using identifiable testimonials, images, or case studies

  • handling information in a way not reasonably covered by the original collection context

You may withdraw consent for a future use of information where consent is the basis for that use. However, withdrawal does not invalidate earlier lawful handling, and does not require us to erase information we must retain by law or for lawful business, safety, or dispute-management purposes.

8. IF YOU DO NOT PROVIDE INFORMATION

You may choose not to provide some information. However, if you do not provide information reasonably required for our activities, we may be unable to:

  • assess suitability

  • provide services safely

  • complete bookings

  • maintain continuity of service

  • respond properly to concerns

  • comply with legal obligations

9. DISCLOSURE OF PERSONAL INFORMATION

We may disclose personal information where reasonably necessary for the purposes in this policy, including to:

  • booking and scheduling providers

  • website hosting and website-form providers

  • payment processors

  • cloud-storage and business-administration providers

  • email and communications providers

  • security, anti-fraud, and IT support providers

  • transcription or document-processing providers

  • professional advisers such as accountants, lawyers, insurers, or consultants

  • regulators, law enforcement, courts, tribunals, or government bodies where required or authorised by law

  • another practitioner, health professional, support person, or authorised representative, where you request or consent to this, or where otherwise permitted by law

  • a purchaser, successor, or restructuring counterparty in connection with a business transaction, subject to appropriate confidentiality protections

We may also disclose information if we reasonably believe this is necessary to lessen or prevent a serious threat to life, health, or safety, or to establish, exercise, or defend a legal claim.

10. OVERSEAS DISCLOSURE AND INTERNATIONAL DATA HANDLING

Some of the service providers we use may store, process, or make information accessible outside Australia.

Depending on the platform used, personal information may be stored in, processed in, or disclosed to recipients in countries including Australia, the United States, Japan, countries in the European Union, and other countries in which our service providers or their subprocessors operate.

This may occur in connection with providers used for:

  • website hosting and forms

  • bookings and scheduling

  • cloud storage and internal administration

  • payment processing

  • communications

  • analytics, security, and spam filtering

  • transcription or document support tools

Where APP 8 applies, we take reasonable steps in the circumstances to ensure overseas recipients do not handle personal information in a way that would breach the APPs. These steps may include vendor due diligence, contractual privacy obligations, security reviews, access restrictions, and limiting the information shared.

However, overseas laws and enforcement regimes may differ from those in Australia, and information processed overseas may be accessible under the laws of those jurisdictions.

11. DIRECT MARKETING

We may send you newsletters, updates, announcements, educational content, or promotional material about PHOENIX SANCTUM™ where permitted by law.

We will not use sensitive information or health information for direct marketing unless permitted by law and, where required, with your consent.

You can opt out of marketing communications at any time by:

  • using the unsubscribe facility in the message, where available

  • emailing us at info@phoenixsanctum.com

Operational or service-related messages are not marketing and may still be sent where necessary.

12. COOKIES, ANALYTICS, AND ONLINE TRACKING

Our website may use cookies, analytics tools, and related technologies to:

  • operate and secure the website

  • remember settings and preferences

  • understand website usage

  • improve website performance

  • measure campaign effectiveness

  • detect abuse, fraud, or technical issues

Some of these technologies may be supplied by third parties.

You can control cookies through your browser settings. If you disable cookies or similar technologies, some website functionality may not operate properly.

13. AI, AUTOMATION, AND TRANSCRIPTION TOOLS

We may use secure software tools, including AI-assisted or automated tools, to help with administration, drafting, transcription, summarisation, record preparation, service continuity, quality control, or internal efficiency.

Where such tools are used, this does not mean decisions about your care, eligibility, or safety are made solely by automation. We take reasonable steps to keep meaningful human oversight over material service, safety, privacy, and communications decisions.

We do not intentionally use your information to train public AI models unless expressly stated and lawfully authorised.

14. STORAGE AND SECURITY

We take reasonable technical and organisational steps to protect personal information from misuse, interference, loss, unauthorised access, unauthorised modification, and unauthorised disclosure.

Measures we may use include:

  • multi-factor authentication

  • password management and access controls

  • least-privilege access to files and systems

  • restricted folder and document sharing

  • encryption in transit and at rest where supported by the provider

  • security monitoring and administrative controls

  • secure device practices

  • selective use of reputable cloud-service providers

  • staff or contractor confidentiality controls

  • review of retention and deletion practices

  • incident response and breach management procedures

Despite these measures, no platform, transmission method, or storage environment is completely immune from risk. You acknowledge that internet-based systems and third-party platforms can never be guaranteed to be perfectly secure.

15. RETENTION OF INFORMATION

We keep information only for as long as reasonably necessary for the purposes for which it was collected, and as otherwise required or permitted by law.

Without limiting the above:

  • where health information is held by us as a NSW private health service provider, we generally retain adult health information for at least 7 years from the last occasion on which a relevant health service was provided

  • where health information was collected while the individual was under 18, we generally retain it until the individual reaches 25 years of age

  • financial, tax, payment, and core business records may be retained for the periods required by applicable law

  • enquiry, marketing, and website records may be retained for shorter operational periods unless a longer retention basis applies

  • recordings may be retained for the period reasonably necessary for the purpose for which they were made, unless deleted earlier or required to be retained for legal, safety, insurance, or dispute reasons

When information is no longer required, we take reasonable steps to destroy it, de-identify it, or securely archive it where lawful retention continues to apply.

If we delete, dispose of, or transfer health information where NSW law requires record-keeping about that step, we may keep the legally required disposal or transfer record.

16. ACCESS TO AND CORRECTION OF INFORMATION

You may request access to personal information we hold about you, and you may request correction if you believe it is inaccurate, out of date, incomplete, irrelevant, or misleading.

To make a request, contact:info@phoenixsanctum.com

We may need to verify your identity before granting access or making a correction.

We will respond within a reasonable time. Where NSW health privacy law applies, some access requests may be subject to specific timelines and exceptions. In some circumstances, we may lawfully refuse access or refuse to amend a record in the exact manner requested, but if so we will explain the basis and, where required, discuss available alternatives.

17. DELETION REQUESTS

You may ask us to delete information we hold about you.

We will consider the request in good faith. However, deletion is not absolute, and we may retain information where reasonably necessary or legally required, including for:

  • compliance with Australian or NSW law

  • record retention obligations

  • tax and accounting obligations

  • dispute resolution

  • insurance or legal defence

  • fraud prevention

  • client safety and business continuity

18. ANONYMITY AND PSEUDONYMS

Where lawful and practicable, you may interact with us anonymously or using a pseudonym for general enquiries.

However, this will usually not be practical where you seek services, bookings, records access, remote-service assignment, payments, reports, or any activity requiring identity verification, continuity, or safety screening.

19. CHILDREN AND CAPACITY

If information relates to a minor or to a person who lacks legal or practical capacity to manage their own affairs, we may collect, use, and disclose information through or to a parent, guardian, authorised representative, or other responsible person where lawful and reasonably necessary.

20. THIRD-PARTY WEBSITES AND SERVICES

Our website or communications may contain links to third-party websites, apps, or services. We are not responsible for the privacy practices, security, content, or terms of third-party services. You should review their own privacy policies and terms.

21. DATA BREACHES

If an actual or suspected data breach occurs, we will assess and respond in accordance with applicable law and our incident procedures.

Where required, we will notify affected individuals and the Office of the Australian Information Commissioner under the Notifiable Data Breaches scheme, and we will take reasonable steps to contain, assess, and remediate the incident.

22. COMPLAINTS

If you have a privacy concern or complaint, please contact us first so that we can attempt to resolve it promptly and fairly.

Contact:info@phoenixsanctum.com

Please include enough detail for us to understand the issue.

If you are not satisfied with our response, you may be able to complain to the Office of the Australian Information Commissioner (OAIC) and, where NSW health privacy law applies, to the Information and Privacy Commission NSW.

OAIC website:https://www.oaic.gov.au

IPC NSW website:https://www.ipc.nsw.gov.au

23. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in law, technology, business operations, service providers, or risk practices.

The current version will be published on our website with the updated effective date.

24. CONTACT

PHOENIX SANCTUM™
4A Painters Parade, Dee Why, NSW 2099, Australia
Email: info@phoenixsanctum.com
Website: https://www.phoenixsanctum.com

Get Started