Privacy Policy
Last updated: 11 March 2026
1. Introduction
This Privacy Policy sets out how Espiraloop (ABN 60 802 480 125) ("we", "us" or "our"), a change management consultancy operated in New South Wales, Australia, collects, holds, uses and discloses personal information.
We are committed to protecting your privacy and handling your personal information in an open and transparent manner. This policy is governed by the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs") contained therein.
By accessing or using our website, you acknowledge that you have read and understood this Privacy Policy.
2. What Personal Information We Collect
We may collect the following types of personal information:
your name;
your email address; and
any other contact details or information you voluntarily provide when submitting an enquiry via the "Contact Me" form on our website.
If you subscribe to our newsletter via Substack (or any other third-party newsletter platform linked from our website), that platform may collect additional personal information in accordance with its own privacy policy.
3. How We Collect Personal Information
We collect personal information directly from you when you:
submit an enquiry through the "Contact Me" form on our website; or
subscribe to our newsletter via a linked third-party platform such as Substack.
We do not collect personal information from third parties or publicly available sources unless you have consented to such collection.
4. Why We Collect Personal Information
We collect personal information for the following purposes:
to respond to your enquiries and communications;
to send you newsletter-style updates and content, where you have subscribed to receive such communications; and
to comply with our legal obligations.
5. How We Use and Disclose Personal Information
We will only use and disclose your personal information for the purposes for which it was collected, or for a directly related purpose that you would reasonably expect.
We do not sell, rent or trade your personal information to any third party.
We may share your personal information with third-party service providers, such as Substack, solely for the purpose of delivering our newsletter or facilitating communications with you. These service providers may store data on servers located outside of Australia. We will take reasonable steps to ensure that any overseas recipient handles your personal information in accordance with the APPs.
Other than as described above, we will not disclose your personal information to overseas recipients unless we have your consent or are required to do so by law.
6. Data Storage and Security
We take reasonable steps to protect the personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure.
Where personal information is held by third-party platforms (such as Substack), the security of that information is subject to the security practices of those platforms. We encourage you to review the privacy and security policies of any third-party platform you interact with.
7. Access and Correction
You have the right to request access to the personal information we hold about you. You also have the right to request that we correct any personal information that is inaccurate, out of date, incomplete, irrelevant or misleading.
To make a request for access or correction, please contact us via the "Contact Me" form on our website. We will respond to your request within a reasonable period and, where required by the APPs, within 30 days.
We will not charge you for making a request for access or correction, although we reserve the right to charge a reasonable fee for providing access if the request requires a significant effort to locate or compile the information.
8. Complaints
If you believe that we have breached the APPs or otherwise mishandled your personal information, you may lodge a complaint by contacting us via the "Contact Me" form on our website.
We will acknowledge your complaint within a reasonable timeframe and endeavour to resolve it within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner ("OAIC"):
Website: www.oaic.gov.au
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Any updated policy will be posted on our website with a revised "Last updated" date. We encourage you to review this policy periodically.
10. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal information, please contact us via the "Contact Me" form on our website.