Privacy Policy
Petelin Advisory Pty Ltd
ABN: 6 692 232 161
Last Updated: 1 November 2025

1. Introduction
Petelin Advisory Pty Ltd ("we", "us", "our", or "Petelin Advisory") is committed to protecting your privacy and handling your personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and the European Union General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, store, and disclose your personal information, and your rights regarding that information.
Data Controller:
Petelin Advisory Pty Ltd
85 Wiliam Street
Darlinghurst NSW 201
Email: guenther [at] petelin [dot] com [dot] au

2. Information We Collect
2.1 Personal Information
We may collect the following types of personal information:

• Contact Information: Name and title, Email address, Phone number, Business address, Company name and position
• Professional Information: Industry and sector, Business requirements, Project details, Communication preferences
• Website Usage Information: IP address, Browser type and version, Device information, Pages visited and time spent, Referring website, Geographic location (country/city level)
• Correspondence: Email communications, Meeting notes, Project documentation, Feedback and inquiries

2.2 How We Collect Information
We collect personal information:

• Directly from you when you contact us, engage our services, or use our website
• Through our website using cookies and similar technologies
• From publicly available sources (such as LinkedIn or company websites)
• From third parties with your consent (such as referrals)

3. Legal Basis for Processing (GDPR)
For individuals in the European Union, we process your personal information based on the following legal grounds under GDPR Article 6:

• Legitimate Interest (Article 6(1)(f)): Business development and marketing communications, Website analytics and improvement, Fraud prevention and security
• Contractual Necessity (Article 6(1)(b)): Delivering advisory services under engagement agreements, Processing payments and invoices, Communicating about ongoing projects
• Consent (Article 6(1)(a)): Marketing communications (where required), Optional cookies and tracking
• Legal Obligation (Article 6(1)(c)): Compliance with Australian tax and business regulations, Responding to legal processes

4. How We Use Your Information
We use your personal information for the following purposes:

• Service Delivery: Providing go-to-market strategy consulting services, Communicating about projects and deliverables, Managing client relationships, Invoicing and payment processing
• Business Operations: Responding to inquiries and requests, Improving our services and website, Internal record keeping, Business analytics and planning
• Marketing and Communications: Sending relevant industry insights and updates, Promoting our services, Building professional relationships, Event invitations and networking
• Legal and Compliance: Meeting regulatory and legal obligations, Protecting our legal rights, Preventing fraud and security threats

5. Information Disclosure
We do not sell, trade, or rent your personal information. We may disclose your information to:
Service Providers: Website hosting providers, Email service providers, Payment processors, Cloud storage providers, Professional advisors (lawyers, accountants). We ensure all service providers are bound by confidentiality obligations and handle data in accordance with privacy laws.
Legal Requirements: We may disclose information when required by law, court order, or to protect our legal rights.
Business Transfers: In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the acquiring entity.

6. International Data Transfers
For EU Data Subjects: As an Australian-based company, we transfer personal information from the European Union to Australia. We ensure adequate protection through:
● Standard Contractual Clauses approved by the European Commission
● Adequacy decisions (where applicable)
● Appropriate safeguards under GDPR Article 46
Australia is not subject to an adequacy decision from the EU Commission. We implement appropriate safeguards to ensure your information receives equivalent protection to that required under GDPR.
Third-Party Service Providers: Some service providers may be located outside Australia and the EU. We ensure these providers comply with applicable privacy laws and implement appropriate safeguards.

7. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:
● Secure encrypted communication channels
● Access controls and authentication
● Regular security assessments
● Data encryption in transit and at rest
● Confidentiality agreements with personnel and contractors
However, no method of transmission over the internet is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Typical Retention Periods:
● Client engagement data: 7 years after engagement completion (Australian tax requirements)
● Marketing communications: Until you unsubscribe or request deletion
● Website analytics: 26 months
● Correspondence: 7 years for business communications
After the retention period expires, we securely delete or anonymize personal information.

9. Your Rights
9.1 Rights Under Australian Privacy Law
Under the Australian Privacy Act, you have the right to:
● Access your personal information we hold
● Request correction of inaccurate or incomplete information
● Make a complaint about privacy breaches

9.2 Rights Under GDPR (For EU Data Subjects)
Under GDPR, you have the following rights:
Right of Access (Article 15): Request confirmation of whether we process your personal information and obtain a copy.
Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal information.
Right to Erasure (Article 17): Request deletion of your personal information in certain circumstances, including:
● Information no longer necessary for original purpose
● You withdraw consent
● You object to processing and we have no overriding legitimate grounds
● Processing was unlawful
Right to Restriction of Processing (Article 18): Request that we limit how we use your information in certain circumstances.
Right to Data Portability (Article 20): Receive your personal information in a structured, commonly used, machine-readable format and transmit it to another controller.
Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of alleged infringement.

9.3 Exercising Your Rights
To exercise any of these rights, please contact us using the details in Section 14. We will respond to your request within:
● 30 days (Australian Privacy Act)
● 1 month (GDPR), with possible extension to 3 months for complex requests
We may require proof of identity before processing your request.

10. Cookies and Website Tracking
Our website uses cookies and similar technologies to improve functionality and analyze usage.
Types of Cookies We Use:
● Essential Cookies: Necessary for website operation and cannot be disabled.
● Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics).
● Functional Cookies: Remember your preferences and settings.
Cookie Control: You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.
For more information about our cookie practices, please see our Cookie Policy.

11. Marketing Communications
We may send you marketing communications about our services, industry insights, and relevant updates.
Your Choices:
● You can opt-out of marketing emails by clicking "unsubscribe" in any email.
● You can update your communication preferences by contacting us.
● Opting out of marketing does not affect service-related communications.
GDPR Compliance: For EU recipients, we only send marketing communications based on consent or legitimate interest, and you can object to such communications at any time.

12. Children's Privacy
Our services are directed at business professionals. We do not knowingly collect personal information from individuals under 18 years of age. If we become aware that we have collected information from a child under 18, we will delete it promptly.

13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:
● Posting the updated policy on our website with a new "Last Updated" date
● Sending email notification to clients and active contacts
● Providing reasonable notice period before changes take effect
Your continued use of our services after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Petelin Advisory Pty Ltd
85 Wiliam Street
Darlinghurst NSW 201
Email: guenther [at] petelin [dot] com [dot] au
For GDPR-Related Inquiries: Please specify "GDPR Request" in your subject line to ensure prompt handling.
For Privacy Complaints:
Australia:
Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
European Union: You may lodge a complaint with the supervisory authority in your EU member state.
List of EU Data Protection Authorities:
https://edpb.europa.eu/about-edpb/board/members_en

15. Definitions
Personal Information/Personal Data: Information about an identified or identifiable individual.
Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
Data Controller: The entity that determines the purposes and means of processing personal data (Petelin Advisory Pty Ltd).
Data Subject: An individual whose personal data is processed.
GDPR: General Data Protection Regulation (EU) 2016/679.

Acknowledgment
By using our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal information as described herein.