Legal · Solaire Studio

Privacy Policy

Effective date: 30 June 2026
Last updated: 30 June 2026
Version: 1.0

This Privacy Policy explains how A REHMAN & A REHMAN trading as Solaire Studio, ABN 82 686 518 372 ("Solaire Studio", "Solaire", "we", "us" or "our") collects, holds, uses, discloses and protects personal information.

This Policy applies to personal information handled through:

  • solairestudio.com.au
  • consultation bookings
  • email, telephone and messaging enquiries
  • social-media communications
  • proposals and client engagements
  • website design, development and maintenance services
  • other business activities conducted by Solaire
1

Contact details

Business:A REHMAN & A REHMAN trading as Solaire Studio
ABN:82 686 518 372
Business location:Melbourne, Victoria, Australia
Email and privacy contact:hello@solairestudio.com.au
Website:solairestudio.com.au
2

Our privacy commitment

Solaire is committed to handling personal information responsibly, transparently and securely.

We aim to comply with:

  • the Privacy Act 1988 (Cth) and Australian Privacy Principles where they apply to us
  • the Spam Act 2003 (Cth)
  • applicable provisions of the Health Records Act 2001 (Vic) if health information is ever handled by us
  • other applicable Australian and Victorian privacy, confidentiality and data-protection requirements

Where a legal exemption applies, we may nevertheless use the Australian Privacy Principles as a benchmark for responsible handling.

3

Meaning of personal information

Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable.

It may include:

  • names
  • email addresses
  • telephone numbers
  • business and employment details
  • online identifiers
  • correspondence
  • photographs or videos depicting identifiable people
  • other information capable of identifying an individual
4

Information we collect

Depending on how you interact with Solaire, we may collect:

4.1 Identity and contact information

  • your name
  • business name
  • position or role
  • email address
  • telephone number
  • social-media username
  • preferred method of contact

4.2 Consultation and enquiry information

  • a brief overview of your business
  • your project requirements
  • desired services
  • preferred consultation times
  • estimated budget or project constraints
  • existing website information
  • correspondence about the proposed project

4.3 Client and project information

  • project briefs
  • business descriptions
  • product and service information
  • text, copy and documents
  • logos, brand assets and style guides
  • photographs and videos
  • testimonials and case-study information
  • names and professional details of staff
  • website content
  • technical configuration details
  • domain and hosting information
  • authorised account credentials
  • approvals, instructions and feedback

4.4 Transaction and administration information

  • quotations and proposals
  • invoices
  • payment status
  • bank-transfer references
  • contract records
  • accounting records
  • complaint and dispute information

We do not intentionally collect or store payment-card details.

4.5 Technical and usage information

When you visit our website, we or our service providers may collect:

  • IP address
  • browser type and version
  • device type
  • operating system
  • approximate geographic region
  • referral source
  • pages viewed
  • dates and times of access
  • interactions with website features
  • cookie and similar-technology identifiers
  • technical error and performance information

4.6 Public and professional information

We may collect information from your business website, public business directories, professional profiles, social-media pages, referrals and other publicly available sources, where reasonably necessary for business communications or delivery of our Services.

5

Information we do not ordinarily collect

We do not ordinarily require:

  • government identification documents
  • payment-card information
  • patient records
  • medical histories
  • appointment reasons
  • clinical notes
  • prescriptions or referrals
  • criminal-history information
  • biometric information
  • other highly sensitive personal information

You should not send this information to Solaire unless we have specifically requested it through an appropriate and secure process.

6

Health and patient information

6.1 No routine access

Solaire designs and develops websites for businesses that may include healthcare providers. We do not ordinarily access or collect patient or clinical information.

6.2 Clinic booking systems

Where a clinic website includes an embedded HotDoc booking system or similar platform:

  • booking information is submitted to and handled by the clinic and relevant booking provider
  • Solaire does not receive or control the patient's booking information
  • the clinic and booking provider are responsible for their own privacy practices
  • individuals should review the clinic's and booking provider's privacy notices

6.3 No clinic contact form controlled by Solaire

Solaire does not intend to operate a clinic patient-enquiry form through which patient information is sent to Solaire.

6.4 Accidental receipt

If health information is accidentally disclosed to Solaire, we may restrict access, notify the sender or relevant Client, return or securely delete the information, take reasonable steps to contain any privacy risk, and comply with legal notification obligations where applicable.

6.5 Authorised technical access

We will not intentionally access health information unless access is technically necessary, specifically authorised, limited to the minimum information required, subject to appropriate security and confidentiality controls, and lawful.

7

How we collect information

We may collect personal information:

  • when you book a consultation
  • when you contact us by email
  • during telephone or video calls
  • through SMS or other messaging services
  • through Instagram, Facebook, LinkedIn or other social platforms
  • when you accept a Proposal or enter an agreement with us
  • when you supply project materials
  • when another authorised person from your organisation communicates with us
  • through website cookies and related technologies
  • through analytics and security providers
  • from public business sources
  • from referrals and business partners

Where reasonable and practicable, we collect personal information directly from the individual concerned.

8

Why we collect and use information

We may collect, hold and use personal information to:

  • respond to enquiries
  • schedule and conduct consultations
  • understand proposed projects
  • prepare quotations and proposals
  • assess whether we can accept a project
  • communicate with Clients and prospective Clients
  • provide website design, development and related services
  • create and manage project content
  • configure hosting, domains, email, booking and other integrations
  • provide maintenance and support
  • issue and administer invoices
  • maintain business, tax and accounting records
  • protect our website, systems, Clients and users
  • detect and respond to technical or security incidents
  • improve our website and Services
  • prepare internal reporting and analytics
  • manage complaints and disputes
  • enforce agreements and protect legal rights
  • comply with legal obligations
  • obtain professional advice
  • maintain insurance and risk-management records
  • send lawful business or marketing communications

We will not use personal information for an unrelated purpose unless you consent, you would reasonably expect the use and it is related to the original purpose, the use is required or authorised by law, or another legal exception applies.

9

Client-supplied information about other people

A Client may supply information about its staff, contractors, customers or other individuals for the purpose of creating a website. The Client must ensure it is authorised to provide the information, collection and disclosure are lawful, any necessary consent has been obtained, the information is accurate, and the individual has received any legally required privacy notice.

Solaire will use that information only for legitimate project and business purposes.

10

Photographs, testimonials and case studies

Where a Client provides photographs, testimonials, logos or case-study information, we may use them to create the Client's Deliverables, to publish the Client's website, to provide the agreed Services, and in Solaire's portfolio and promotional material as permitted by the applicable agreement.

Clients must obtain any necessary consent from identifiable individuals appearing in submitted content. Solaire will not knowingly publish private contact details, patient information or confidential operational information as portfolio content.

11

Direct marketing

11.1 Marketing communications

We may send information about our Services, updates or offers where you have consented, consent can lawfully be inferred from an existing business relationship, the communication is otherwise permitted by law, or the communication is a direct response to your enquiry.

11.2 Identification

Marketing communications will identify Solaire and provide appropriate contact information.

11.3 Opting out

You may opt out at any time by using the unsubscribe option in the message, replying with an opt-out request, or emailing hello@solairestudio.com.au. We will action electronic-marketing opt-out requests within the period required by law.

11.4 Service communications

An opt-out from marketing does not prevent us from sending non-promotional communications reasonably necessary to administer a consultation, perform a contract, provide support, issue an invoice, give a security notice, or comply with law.

11.5 Purchased or scraped lists

Solaire does not intend to purchase or use unlawfully scraped personal contact lists.

12

Cookies and similar technologies

12.1 What cookies are

Cookies are small files or identifiers stored on or associated with a device. Similar technologies include pixels, tags, local storage and session identifiers.

12.2 Types of technology used

Our website may use:

  • essential cookies required for website operation and security
  • functional technologies that remember settings
  • analytics technologies that help us understand website use
  • performance and error-monitoring technologies
  • embedded-content technologies
  • advertising or professional-network measurement technologies where enabled

12.3 Technology providers

Our technology stack may include:

  • Bolt or related website-development infrastructure
  • GoDaddy domain services
  • Google Workspace
  • Google Calendar
  • Google Forms where used
  • Google Fonts
  • Google reCAPTCHA
  • Google Analytics where enabled
  • Google Tag Manager
  • Google Search Console where enabled
  • Microsoft Clarity where enabled
  • LinkedIn Insight Tag where enabled
  • embedded video, social-media or other third-party content

The particular technologies active on the website may change as we update our systems.

Current tracking note — As at the effective date of this Policy, Solaire Studio's website does not use Google Analytics, the LinkedIn Insight Tag, Microsoft Clarity or any similar third-party tracking or advertising-measurement tool. No non-essential analytics or advertising cookies are currently active on this website. If this changes in the future, this Policy and any relevant cookie notice will be updated accordingly.

12.4 Non-essential cookies

Where we use non-essential analytics or advertising cookies, we intend to use consent controls so those technologies are not activated until the user provides the required consent. Essential security and operational technologies may operate without optional consent where permitted by law.

12.5 Managing cookies

You may use our cookie-consent tool where available, adjust your browser settings, delete existing cookies, or block particular categories of cookies. Blocking cookies may affect website functionality.

12.6 Embedded content

Embedded video, social-media, booking or other external content may allow the relevant provider to collect information when you interact with it. Those providers operate under their own terms and privacy policies.

13

Disclosure of personal information

We may disclose personal information to:

  • our partners and authorised personnel
  • hosting, cloud-storage and infrastructure providers
  • email and calendar providers
  • domain and website-platform providers
  • analytics and website-performance providers
  • professional advisers, including lawyers and accountants
  • banks, payment-processing and accounting providers
  • debt-recovery providers where payment is overdue
  • insurers and insurance advisers
  • contractors or specialist providers engaged to assist us
  • regulators, courts, law-enforcement bodies and government authorities where required or authorised
  • a proposed purchaser or successor in connection with a genuine business sale or restructure
  • another recipient with your consent

We only disclose information where reasonably necessary for the relevant purpose or where disclosure is legally permitted.

14

No sale of personal information

Solaire does not sell personal information as a standalone commercial product. We do not trade personal information or disclose it to unrelated third parties merely so they can independently market to individuals.

15

Third-party service providers

Our service providers may collect or process information under their own privacy policies and contractual terms. We take reasonable steps appropriate to our size and operations when selecting and configuring service providers, but we do not control all aspects of their systems.

Individuals should review the privacy terms of third-party services they directly use, including booking systems and embedded platforms.

16

Overseas processing and access

16.1 Overseas providers

Some service providers may store or process information outside Australia, including in the United States and other countries in which their infrastructure, personnel or subprocessors operate.

16.2 Overseas access by Solaire

Solaire's partners may access business information while temporarily travelling outside Australia where necessary to operate the business or provide Services.

16.3 Safeguards

Where appropriate, we take reasonable steps to protect information processed overseas, including through reputable service providers, account-access controls, multi-factor authentication, encryption where available, contractual privacy and security terms, and limiting access to what is reasonably necessary.

Privacy and legal protections in another country may differ from those in Australia.

17

Artificial-intelligence tools

We may use generative AI and machine-assisted tools for activities including drafting and ideation, design development, coding assistance, content refinement, testing and administrative productivity.

We do not intend to submit passwords, patient information, highly sensitive personal information or confidential Client information into public AI systems without appropriate authorisation and safeguards.

Where personal information is processed using an AI-assisted service, we will consider whether the processing is reasonably necessary, the sensitivity of the information, the service provider's privacy and security settings, whether information may be used to train public models, available enterprise or privacy controls, and applicable contractual and legal requirements.

Solaire does not currently use automated decision-making systems to make decisions that materially affect individuals, such as automatically accepting or rejecting Clients or determining final prices without human involvement.

18

Storage of information

We may store information in Google Workspace, cloud-storage systems, password-protected computers, password-protected mobile devices, encrypted or secured external drives, website or hosting systems, project folders, backup systems, and accounting or administrative systems.

Information may exist in more than one location where reasonably necessary for backup, project delivery and administration.

19

Security

We take reasonable steps appropriate to our operations to protect personal information from misuse, interference, loss, unauthorised access, unauthorised modification and unauthorised disclosure.

Our measures may include:

  • multi-factor authentication
  • password-management systems
  • password-protected and encrypted devices
  • restricted access
  • secure credential-sharing practices
  • software updates
  • website backups
  • access revocation
  • service-provider security controls
  • incident containment and response procedures

At the effective date of this Policy, access to Client information is generally limited to the two Solaire partners and authorised service providers who require access.

No storage or transmission system is completely secure. We cannot guarantee that unauthorised access will never occur.

20

Passwords and credentials

Clients should not send passwords through ordinary email unless Solaire expressly instructs them to do so and no reasonably suitable alternative is available.

Where credentials are supplied, we will use them only for authorised project, maintenance or support purposes.

Unless ongoing access is authorised or retention is legally required, we will generally return, revoke or securely delete Client-specific credentials within 30 days after final handover, termination of maintenance, or the end of the relevant engagement.

Clients remain responsible for changing passwords and revoking access after handover or termination.

21

Retention and deletion

We retain personal information only for as long as reasonably necessary for the purpose for which it was collected, providing and supporting Services, maintaining business and financial records, responding to complaints or disputes, enforcing agreements, insurance and risk management, backup and security purposes, and compliance with law.

Typical retention considerations may include:

  • unsuccessful enquiries being retained for a reasonable follow-up and recordkeeping period
  • project, contract and Client records being retained for the duration of the relationship and an appropriate period afterwards
  • invoices and accounting records being retained for legally required periods
  • backups being retained according to applicable backup cycles
  • credentials being removed when no longer required

When information is no longer reasonably required, we may securely delete or de-identify it, subject to legal, technical, backup and evidentiary requirements.

22

Data quality

We take reasonable steps to ensure personal information we use is accurate, complete, relevant and current. You should notify us if your contact or business information changes.

23

Access to personal information

You may request access to personal information we hold about you by emailing hello@solairestudio.com.au. We may ask you to verify your identity before providing access. We will respond within a reasonable period.

Access may be refused or limited where permitted or required by law, including where access would unreasonably affect another person's privacy, reveal confidential commercial information, prejudice legal proceedings or negotiations, be unlawful, or create a serious security risk.

Where reasonable and legally permitted, we may charge the reasonable administrative cost of providing access, but not for making the request itself.

24

Correction of information

You may ask us to correct personal information you believe is inaccurate, out of date, incomplete, irrelevant or misleading. Requests may be sent to hello@solairestudio.com.au.

If we decline a correction request, we will provide reasons where legally required and explain available complaint options.

25

Anonymity and pseudonyms

You may browse general sections of our website without directly identifying yourself. However, we generally need accurate identity and contact information to book a consultation, respond to a project enquiry, prepare a Proposal, enter and administer an agreement, issue invoices, and provide Services. We may be unable to provide these functions anonymously or under a pseudonym.

26

Children and young people

Our Services are primarily directed to businesses and people acting in a professional or commercial capacity. A person under 18 may request a consultation, but should not provide sensitive, confidential or financial information. We may require consent or involvement from a parent or guardian before progressing an enquiry from a minor.

27

Data breaches

A data breach may involve loss, unauthorised access to or unauthorised disclosure of personal information. Where we become aware of a suspected breach, we may take steps to contain it, investigate what occurred, assess the information and individuals affected, change credentials or restrict access, preserve relevant evidence, notify affected Clients or individuals where appropriate, notify regulators where legally required, and take remedial and preventive action.

Where information connected with a clinic is affected, Solaire will notify the relevant clinic as soon as reasonably practicable after confirming a credible incident or risk.

28

Privacy complaints

28.1 Making a complaint

A privacy complaint should be sent to hello@solairestudio.com.au.

Please provide your name and contact details, a description of the issue, relevant dates and communications, and the outcome you are seeking.

28.2 Our response

We will acknowledge the complaint within a reasonable period, investigate the matter, seek further information where needed, and aim to provide a substantive response within 30 days. Complex matters may require additional time; if so, we will explain the delay where reasonably practicable.

28.3 External complaint

If you are not satisfied with our response and the Privacy Act applies, you may be entitled to complain to the Office of the Australian Information Commissioner. Where Victorian health-information laws apply, a complaint may also be made to the appropriate Victorian health-privacy regulator. Nothing in this Policy restricts a legal complaint or remedy that cannot lawfully be restricted.

29

External websites and services

Our website and Deliverables may link to or embed third-party websites and services. We are not responsible for the privacy practices, security or content of third parties. You should review their privacy policies before submitting personal information.

30

Business transfers

If Solaire restructures, sells or transfers all or part of its business, personal information may be disclosed to professional advisers and prospective or actual successors where reasonably necessary. We will take reasonable steps to maintain confidentiality during that process and comply with applicable law.

31

Changes to this Policy

We may update this Policy to reflect changes to our Services, changes to technology or providers, changes to information-handling practices, legal or regulatory developments, security requirements, or changes to our business structure.

The current version will be published on our website with its effective date, last-updated date and version number. Where reasonably practicable, we will notify active Clients by email of a material change that significantly affects how their personal information is handled. We recommend reviewing this Policy periodically.

32

Contact us

Business:A REHMAN & A REHMAN trading as Solaire Studio
ABN:82 686 518 372
Business location:Melbourne, Victoria, Australia
Email:hello@solairestudio.com.au
Website:solairestudio.com.au