This Privacy Policy explains how A REHMAN & A REHMAN trading as Solaire Studio, ABN 82 686 518 372 ("Solaire Studio", "Solaire", "we", "us" or "our") collects, holds, uses, discloses and protects personal information.
This Policy applies to personal information handled through:
Solaire is committed to handling personal information responsibly, transparently and securely.
We aim to comply with:
Where a legal exemption applies, we may nevertheless use the Australian Privacy Principles as a benchmark for responsible handling.
Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable.
It may include:
Depending on how you interact with Solaire, we may collect:
We do not intentionally collect or store payment-card details.
When you visit our website, we or our service providers may collect:
We may collect information from your business website, public business directories, professional profiles, social-media pages, referrals and other publicly available sources, where reasonably necessary for business communications or delivery of our Services.
We do not ordinarily require:
You should not send this information to Solaire unless we have specifically requested it through an appropriate and secure process.
Solaire designs and develops websites for businesses that may include healthcare providers. We do not ordinarily access or collect patient or clinical information.
Where a clinic website includes an embedded HotDoc booking system or similar platform:
Solaire does not intend to operate a clinic patient-enquiry form through which patient information is sent to Solaire.
If health information is accidentally disclosed to Solaire, we may restrict access, notify the sender or relevant Client, return or securely delete the information, take reasonable steps to contain any privacy risk, and comply with legal notification obligations where applicable.
We will not intentionally access health information unless access is technically necessary, specifically authorised, limited to the minimum information required, subject to appropriate security and confidentiality controls, and lawful.
We may collect personal information:
Where reasonable and practicable, we collect personal information directly from the individual concerned.
We may collect, hold and use personal information to:
We will not use personal information for an unrelated purpose unless you consent, you would reasonably expect the use and it is related to the original purpose, the use is required or authorised by law, or another legal exception applies.
A Client may supply information about its staff, contractors, customers or other individuals for the purpose of creating a website. The Client must ensure it is authorised to provide the information, collection and disclosure are lawful, any necessary consent has been obtained, the information is accurate, and the individual has received any legally required privacy notice.
Solaire will use that information only for legitimate project and business purposes.
Where a Client provides photographs, testimonials, logos or case-study information, we may use them to create the Client's Deliverables, to publish the Client's website, to provide the agreed Services, and in Solaire's portfolio and promotional material as permitted by the applicable agreement.
Clients must obtain any necessary consent from identifiable individuals appearing in submitted content. Solaire will not knowingly publish private contact details, patient information or confidential operational information as portfolio content.
We may send information about our Services, updates or offers where you have consented, consent can lawfully be inferred from an existing business relationship, the communication is otherwise permitted by law, or the communication is a direct response to your enquiry.
Marketing communications will identify Solaire and provide appropriate contact information.
You may opt out at any time by using the unsubscribe option in the message, replying with an opt-out request, or emailing hello@solairestudio.com.au. We will action electronic-marketing opt-out requests within the period required by law.
An opt-out from marketing does not prevent us from sending non-promotional communications reasonably necessary to administer a consultation, perform a contract, provide support, issue an invoice, give a security notice, or comply with law.
Solaire does not intend to purchase or use unlawfully scraped personal contact lists.
Cookies are small files or identifiers stored on or associated with a device. Similar technologies include pixels, tags, local storage and session identifiers.
Our website may use:
Our technology stack may include:
The particular technologies active on the website may change as we update our systems.
Current tracking note — As at the effective date of this Policy, Solaire Studio's website does not use Google Analytics, the LinkedIn Insight Tag, Microsoft Clarity or any similar third-party tracking or advertising-measurement tool. No non-essential analytics or advertising cookies are currently active on this website. If this changes in the future, this Policy and any relevant cookie notice will be updated accordingly.
Where we use non-essential analytics or advertising cookies, we intend to use consent controls so those technologies are not activated until the user provides the required consent. Essential security and operational technologies may operate without optional consent where permitted by law.
You may use our cookie-consent tool where available, adjust your browser settings, delete existing cookies, or block particular categories of cookies. Blocking cookies may affect website functionality.
Embedded video, social-media, booking or other external content may allow the relevant provider to collect information when you interact with it. Those providers operate under their own terms and privacy policies.
We may disclose personal information to:
We only disclose information where reasonably necessary for the relevant purpose or where disclosure is legally permitted.
Solaire does not sell personal information as a standalone commercial product. We do not trade personal information or disclose it to unrelated third parties merely so they can independently market to individuals.
Our service providers may collect or process information under their own privacy policies and contractual terms. We take reasonable steps appropriate to our size and operations when selecting and configuring service providers, but we do not control all aspects of their systems.
Individuals should review the privacy terms of third-party services they directly use, including booking systems and embedded platforms.
Some service providers may store or process information outside Australia, including in the United States and other countries in which their infrastructure, personnel or subprocessors operate.
Solaire's partners may access business information while temporarily travelling outside Australia where necessary to operate the business or provide Services.
Where appropriate, we take reasonable steps to protect information processed overseas, including through reputable service providers, account-access controls, multi-factor authentication, encryption where available, contractual privacy and security terms, and limiting access to what is reasonably necessary.
Privacy and legal protections in another country may differ from those in Australia.
We may use generative AI and machine-assisted tools for activities including drafting and ideation, design development, coding assistance, content refinement, testing and administrative productivity.
We do not intend to submit passwords, patient information, highly sensitive personal information or confidential Client information into public AI systems without appropriate authorisation and safeguards.
Where personal information is processed using an AI-assisted service, we will consider whether the processing is reasonably necessary, the sensitivity of the information, the service provider's privacy and security settings, whether information may be used to train public models, available enterprise or privacy controls, and applicable contractual and legal requirements.
Solaire does not currently use automated decision-making systems to make decisions that materially affect individuals, such as automatically accepting or rejecting Clients or determining final prices without human involvement.
We may store information in Google Workspace, cloud-storage systems, password-protected computers, password-protected mobile devices, encrypted or secured external drives, website or hosting systems, project folders, backup systems, and accounting or administrative systems.
Information may exist in more than one location where reasonably necessary for backup, project delivery and administration.
We take reasonable steps appropriate to our operations to protect personal information from misuse, interference, loss, unauthorised access, unauthorised modification and unauthorised disclosure.
Our measures may include:
At the effective date of this Policy, access to Client information is generally limited to the two Solaire partners and authorised service providers who require access.
No storage or transmission system is completely secure. We cannot guarantee that unauthorised access will never occur.
Clients should not send passwords through ordinary email unless Solaire expressly instructs them to do so and no reasonably suitable alternative is available.
Where credentials are supplied, we will use them only for authorised project, maintenance or support purposes.
Unless ongoing access is authorised or retention is legally required, we will generally return, revoke or securely delete Client-specific credentials within 30 days after final handover, termination of maintenance, or the end of the relevant engagement.
Clients remain responsible for changing passwords and revoking access after handover or termination.
We retain personal information only for as long as reasonably necessary for the purpose for which it was collected, providing and supporting Services, maintaining business and financial records, responding to complaints or disputes, enforcing agreements, insurance and risk management, backup and security purposes, and compliance with law.
Typical retention considerations may include:
When information is no longer reasonably required, we may securely delete or de-identify it, subject to legal, technical, backup and evidentiary requirements.
We take reasonable steps to ensure personal information we use is accurate, complete, relevant and current. You should notify us if your contact or business information changes.
You may request access to personal information we hold about you by emailing hello@solairestudio.com.au. We may ask you to verify your identity before providing access. We will respond within a reasonable period.
Access may be refused or limited where permitted or required by law, including where access would unreasonably affect another person's privacy, reveal confidential commercial information, prejudice legal proceedings or negotiations, be unlawful, or create a serious security risk.
Where reasonable and legally permitted, we may charge the reasonable administrative cost of providing access, but not for making the request itself.
You may ask us to correct personal information you believe is inaccurate, out of date, incomplete, irrelevant or misleading. Requests may be sent to hello@solairestudio.com.au.
If we decline a correction request, we will provide reasons where legally required and explain available complaint options.
You may browse general sections of our website without directly identifying yourself. However, we generally need accurate identity and contact information to book a consultation, respond to a project enquiry, prepare a Proposal, enter and administer an agreement, issue invoices, and provide Services. We may be unable to provide these functions anonymously or under a pseudonym.
Our Services are primarily directed to businesses and people acting in a professional or commercial capacity. A person under 18 may request a consultation, but should not provide sensitive, confidential or financial information. We may require consent or involvement from a parent or guardian before progressing an enquiry from a minor.
A data breach may involve loss, unauthorised access to or unauthorised disclosure of personal information. Where we become aware of a suspected breach, we may take steps to contain it, investigate what occurred, assess the information and individuals affected, change credentials or restrict access, preserve relevant evidence, notify affected Clients or individuals where appropriate, notify regulators where legally required, and take remedial and preventive action.
Where information connected with a clinic is affected, Solaire will notify the relevant clinic as soon as reasonably practicable after confirming a credible incident or risk.
A privacy complaint should be sent to hello@solairestudio.com.au.
Please provide your name and contact details, a description of the issue, relevant dates and communications, and the outcome you are seeking.
We will acknowledge the complaint within a reasonable period, investigate the matter, seek further information where needed, and aim to provide a substantive response within 30 days. Complex matters may require additional time; if so, we will explain the delay where reasonably practicable.
If you are not satisfied with our response and the Privacy Act applies, you may be entitled to complain to the Office of the Australian Information Commissioner. Where Victorian health-information laws apply, a complaint may also be made to the appropriate Victorian health-privacy regulator. Nothing in this Policy restricts a legal complaint or remedy that cannot lawfully be restricted.
Our website and Deliverables may link to or embed third-party websites and services. We are not responsible for the privacy practices, security or content of third parties. You should review their privacy policies before submitting personal information.
If Solaire restructures, sells or transfers all or part of its business, personal information may be disclosed to professional advisers and prospective or actual successors where reasonably necessary. We will take reasonable steps to maintain confidentiality during that process and comply with applicable law.
We may update this Policy to reflect changes to our Services, changes to technology or providers, changes to information-handling practices, legal or regulatory developments, security requirements, or changes to our business structure.
The current version will be published on our website with its effective date, last-updated date and version number. Where reasonably practicable, we will notify active Clients by email of a material change that significantly affects how their personal information is handled. We recommend reviewing this Policy periodically.