Privacy Policy for Leanne Gaille

1.        Introduction

Leanne Gaille (Marsden) ("I," "me," "my") is committed to protecting your privacy. This Privacy Policy explains how I collect, use, disclose, and safeguard your information when you visit my website (the "Site"), engage with my services, or interact with my marketing materials (including ads on Facebook/Meta, TikTok, YouTube, Pinterest, etc.). This policy is intended to comply with the Australian Privacy Principles (APPs), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA/CPRA).

2.   Information I Collect

2.1 Personal Information You Provide
Name, email address, phone number, mailing address, booking details (via YouCanBookMe), payment/billing details (via Stripe - I do not store full card numbers), communication history, and any other information you choose to provide.

2.2   Information Collected Automatically
Technical data (IP address, browser, device), usage data (pages visited, time on site), location (approximate, via IP), and data from cookies, pixels and similar technologies.

2.3   Information from Third Parties
Information received from advertising/analytics platforms and service providers when you interact with my ads or services.

3.   How I Use Your Information

I use personal information to:

• Provide and manage services and bookings.

• Send marketing communications (with your consent).

• Run and optimise advertising and retargeting campaigns (with your consent).

• Improve the Site and user experience via analytics.

• Process payments (via Stripe).

• Detect and prevent fraud and comply with legal obligations.

4.   Legal Basis for Processing (GDPR)

Where applicable (EEA/UK), processing is based on:

• Consent (e.g., marketing emails, non-essential cookies).

• Contract (service bookings and purchases).

• Legitimate interests (website analytics, service improvement, fraud prevention), balanced against your rights.

• Legal obligations.

5.   Cookies & Tracking Technologies

I use cookies and similar technologies for essential functionality, analytics, and advertising (including Google Analytics, Meta Pixel, Pinterest tag, TikTok pixel and YouTube embeds). You can control cookie preferences via the cookie banner on this Site or through your browser settings. Disabling non-essential cookies may affect functionality.

To manage interest-based advertising more broadly, you can use the EU/EEA opt-out tool or the US Digital Advertising opt-out tools (see Vendor & links below for direct links).

6.   How I Share Your Information

I share personal information only with trusted third-party service providers for the purposes described in this policy (payment processing, booking, CRM, analytics, advertising, hosting, email delivery). I require appropriate contractual safeguards (Data Processing Agreements) where necessary.

7.   International Transfers

I am based in Australia and provide services to clients worldwide. To operate my business and use third-party providers (analytics, hosting, payment processors, booking systems and advertising platforms), your personal information may be transferred to, stored in, or processed in countries outside your country of residence (for example the United States and other jurisdictions).

Where personal data is transferred from the European Economic Area (EEA) / UK to countries that do not have an EU/UK adequacy decision, I rely on appropriate safeguards — such as the European Commission’s Standard Contractual Clauses (SCCs), UK SCCs (where applicable), binding corporate rules, or other lawful transfer mechanisms — to ensure that your personal data receives an adequate level of protection. You can obtain a copy of the relevant safeguards or ask about the transfer destination by contacting me (contact details in the Contact section). For more information on the SCCs used for GDPR-compliant transfers, see the European Commission guidance on Standard Contractual Clauses. European Commission

8.   Data Retention

I retain personal information only as long as necessary:

• Contact/marketing data: until you unsubscribe or up to 3 years of inactivity.

• Transactional records: 7 years (for Australian tax/compliance).

• Analytics data: aggregated data may be retained indefinitely for analysis.

9.   Your Rights

You may have rights to restrict the collection or use of your personal information in the following ways \:

• Access, correct, update or delete your personal information.

• Object to processing or request restriction.

• Request portability of your data.

• Opt out of marketing emails (using an unsubscribe link).

• For California residents: request disclosures, deletion, correct inaccuracies, and opt-out of the sale/sharing of personal information (see Vendor & links for opt-out resources).

• If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing me at the email address below.

I will not sell, distribute or lease your personal information to third parties unless I have your permission or are required by law to do so. I may use your personal information to send you promotional information about third parties which I think you may find interesting if you tell me that you wish this to happen.

You may request details of personal information which I hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you, please email me with details.

If you believe that any information, I am holding on you is incorrect or incomplete, please contact me as soon as possible, at the above address. I will promptly correct any information found to be incorrect.

To exercise rights, contact me at Leanne.Gaille@gmail.com. I will follow required verification steps and respond within statutory timeframes.

10.   How I use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

I use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. I only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help me provide you with a better website, by enabling me to monitor which pages you find useful and which you do not. A cookie in no way gives me access to your computer or any information about you, other than the data you choose to share with me.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

11. Data Security

12. I use reasonable technical and organisational measures (HTTPS/SSL, access controls, contracted provider safeguards). Payments are processed by PCI-DSS compliant providers (Stripe).

13. Children

My services are not intended for children under 16. I do not knowingly collect personal information from children.

14. Third-Party Links

My Site may link to other websites. I am not responsible for their privacy practices — please review their privacy policies.

15. Do Not Track & Global Privacy Control (GPC)

Do Not Track (DNT) browser signals are not widely enforced by third parties. I respect privacy choices via the Site’s cookie preference centre, and I honour GPC browser signals where technically feasible and required by law. For complete control, use the cookie settings on this Site or platform ad controls.

16.   California "Shine the Light" & CCPA/CPRA

California residents have additional rights under CCPA/CPRA (right to know, delete, opt-out of sale/sharing). My use of pixels and targeted advertising may be considered a “sale” or “sharing” under California law — you may opt out using the linked resources below.

17. Changes to this Policy

I may update this policy and will post the revised version with a new “Last Updated” date. For material changes I will notify subscribers where feasible.

18.   Definitions

Consent
Your clear, specific, and informed agreement to the processing of your personal data for a stated purpose (for example, consenting to non-essential cookies or marketing emails). You can withdraw consent at any time.

Legitimate interests
My business interests in conducting and managing my operations (for example, improving services, marketing to existing clients, fraud prevention). Where I rely on legitimate interests I balance those interests against your rights and freedoms.

Personal data / Personal information
Any information that identifies you or could reasonably be used to identify you (for example: name, email address, phone number, IP address, device ID).

Profiling
Any automated processing of personal data to evaluate, analyse, or predict aspects about an individual (for example: interests, behaviour, or likely needs). I may use profiling for targeted advertising; you have the right to object where applicable.

Sale / Sharing (CCPA / CPRA)
Under California law, a “sale” generally means disclosing personal data for monetary consideration, and “sharing” means disclosing personal data for cross-context behavioural advertising. My use of advertising pixels and audience-building tools may constitute a sale or sharing under California law; you have the right to opt out.

Cookie
A small text file placed on your device by your browser when you visit a website. Cookies can be essential (site function), analytical (site usage) or advertising/retargeting (personalisation and ads).

Data controller / Data processor
A data controller determines the purposes and means of processing personal data. A data processor processes personal data on behalf of the controller. I am the data controller for data collected via this Site; some of my service providers act as processors under contract.

Do Not Track (DNT)
A browser signal that indicates a user preference not to be tracked. DNT is voluntary and not universally honoured; I provide cookie controls and honour Global Privacy Control (GPC) signals where technically feasible.

Global Privacy Control (GPC)
A browser/extension signal designed to express a user’s opt-out preference (for example, opt-out of sale/sharing). GPC may be recognised by some services and regulators as a legal opt-out mechanism.

Standard Contractual Clauses (SCCs)
Contractual safeguards adopted by the European Commission that help protect personal data transferred to countries outside the EEA/UK that do not have an adequacy decision.

17. Contact

Email: Leanne.Gaille@gmail.com
Address: 11 Robert Street, Mount Clarence, WA 6330, Australia

If you remain unsatisfied you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or other appropriate supervisory authorities.

Vendor & links (official/privacy pages)

Below are the major third-party services referenced in the policy. Linking to them helps users find provider-specific cookie and privacy controls.

1. California Attorney General — CCPA resources: https://oag.ca.gov/privacy/ccpa

2. Digital Advertising Alliance (DAA) — US opt-out (WebChoices): https://optout.aboutads.info/

3. Global Privacy Control (GPC) — Info: https://globalprivacycontrol.org/

4. Google — Cookies & technologies / Ads cookies: https://policies.google.com/technologies/cookies

5. Mastermind Business System — Platform privacy & cookie info: https://mastermind.com/privacy-policy/

6. Meta / Facebook — Privacy & Pixel info: https://www.facebook.com/about/privacy/

7. Office of the Australian Information Commissioner (OAIC): https://www.oaic.gov.au/

8. Pinterest — Privacy & Cookies: https://policy.pinterest.com/en/privacy-policy and  https://policy.pinterest.com/en/cookies

9. Stripe — Privacy & Cookies (payments): https://stripe.com/au/privacy and https://stripe.com/legal/cookies-policy

10. TikTok — Privacy (business & ads): https://www.tiktok.com/legal/privacy-policy

11. YouCanBookMe — Privacy & Data Protection: https://youcanbook.me/privacy

12. YourOnlineChoices (EU) — Interest-based ad opt-out: https://www.youronlinechoices.com/

13. YouTube (Google) — Privacy & cookie info for embeds: https://www.youtube.com/howyoutubeworks/privacy/