1. Introduction.

This Privacy Policy outlines how Sandcastle Creative Agency ("Sandcastle," "we," "us," "our") manages personal information collected from individuals. It applies to our operations, digital services, and interactions with clients, collaborators, employees, and partners. We are committed to complying with applicable Australian privacy laws, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), to ensure transparency, accountability, and data security.
‍

2. Types of Personal Information Collected.

We may collect the following types of personal information:

• Full name
• Contact details (such as email address, phone number, and business address)
• Employment or business-related information
• Demographic information
• Payment and billing information
• IP addresses, device information, and cookies for website analytics
• Any other information reasonably necessary to deliver our services
  ‍

3. Methods of Collection.

We collect personal information directly from individuals through:

• Online forms on our website
• Email, video, and phone communications
• Proposals, service agreements, and onboarding documents
• Cookies and similar tracking technologies
• Surveys, campaigns, and marketing initiatives

We may also collect personal information indirectly through third-party platforms or partners where individuals have provided consent or where permitted by law.

4. Purposes of Collection, Use, and Disclosure.

We collect, use, and disclose personal information for purposes including:

• Delivering branding, digital marketing, strategy, web/app design, and related creative services
• Managing client relationships, projects, and accounts
• Processing payments and administrative functions
• Responding to enquiries and providing customer support
• Improving our services, systems, and user experience
• Conducting marketing and promotional activities (with consent)
• Complying with legal, regulatory, and contractual obligations

Sandcastle does not sell or rent personal information. We may disclose personal information to trusted contractors, suppliers, or partners where required for service delivery, provided they adhere to appropriate confidentiality and data protection obligations.

‍

5. Cross-Border Data Transfers.

‍

Sandcastle may store or process personal information using cloud-based systems or service providers that operate outside Australia. Where personal information is transferred overseas, we take reasonable steps to ensure that:

• Transfers comply with applicable privacy laws and the APPs
• Overseas recipients provide a level of protection comparable to Australian standards
• Consent is obtained where required by law
  ‍

6. Data Security Measures.

We implement reasonable and appropriate technical and organisational measures to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure, including:

• Secure authentication and access controls
• Encryption of data in transit and, where appropriate, at rest
• Role-based access to sensitive information
• Regular system monitoring and updates
• Staff awareness and training on privacy and data protection practices

We periodically review our security practices to maintain alignment with industry standards.
‍

7. Physical Security Measures.

Where personal information is held in physical form, we take reasonable steps to protect it, including:

‍

8. Incident Response Procedures.

• Controlled access to offices and workspaces
• Secure storage of physical records
• Visitor management procedures
• Environmental safeguards to reduce the risk of damage or loss
  ‍

In the event of a data breach or suspected breach, Sandcastle follows a structured response process, which may include:

‍

9. Data Minimisation and Retention.

We collect only the personal information necessary to fulfil the purposes described in this Privacy Policy. Personal information is retained only for as long as required for business, legal, or regulatory purposes. When no longer required, information is securely destroyed or de-identified.
‍

• Prompt investigation and containment of the incident
• Assessment of potential risks to affected individuals
• Notification to affected individuals and regulators where required by law
• Implementation of remedial actions to prevent recurrence
  ‍

10. Privacy by Design.

Sandcastle integrates privacy considerations into its business processes, technologies, and project workflows from the outset. This approach supports responsible data handling and compliance with applicable privacy obligations.
‍

11. Access, Correction, and Individual Rights.

Individuals have the right to:

Requests can be made using the contact details set out in Section 17.
‍

12. Consent Management and Direct Marketing.

Where consent is required, Sandcastle collects and manages consent in a clear and transparent manner. Individuals may withdraw their consent at any time, noting that this will not affect the lawfulness of processing prior to withdrawal.

• Request access to personal information we hold about them
• Request correction of inaccurate, incomplete, or outdated information
• Raise concerns or object to certain processing activities, where applicable

If you have opted in to receive marketing communications, you may unsubscribe at any time by using the unsubscribe link in our communications or by contacting us directly.
‍

13. Use of Cookies and Tracking Technologies.

Our website uses cookies and similar technologies to enhance user experience and analyse website performance. Cookies help us understand website usage and improve our digital offerings. Users can manage or disable cookies through their browser settings; however, this may affect website functionality.

14. Third-Party Links.

Our website may contain links to third-party websites or platforms. Sandcastle is not responsible for the privacy practices or content of those third parties, and we encourage users to review their privacy policies independently.
‍

15. Complaints Handling Process.

If you believe that Sandcastle has breached this Privacy Policy or applicable privacy laws, you may lodge a complaint with us. We will:

‍

16. Policy Updates.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. The most current version will be published on our website.
‍

17. Contact Information.

For enquiries, requests, or complaints relating to this Privacy Policy, please contact:

• Acknowledge your complaint within a reasonable timeframe
• Investigate the matter and respond promptly
• Take appropriate steps to resolve the issue
  ‍

Sandcastle Creative Agency

Email: info@sandcastle.agency