top of page

Privacy Policy

EFFECTIVE DATE

Effective Date: 24 July 2025  
Your Privacy and Purple Elephant Virtual Assistant (VA) Services (ABN 16 465 275 502) (collectively and individually referred to as “Purple Elephant Virtual Assistant (VA) Services (“we”, “us” or “our”). 

WHO WE ARE AND HOW YOU CAN CONTACT US 

We are Purple Elephant Virtual Assistant (VA) Services, and we are based in Melbourne, Victoria, Australia. We are committed to protecting your privacy and respecting and upholding your rights when you use this Site. This Privacy Policy applies to the products and/or services we provide on our Site https://www.purpleelephantvaservices.au (“Site”) and our social media channels, and explains how we collect, hold, use and disclose data and comply with the requirements of the Privacy Act 1988 (Cth) and constitutes part of our Website Terms & Conditions. This Privacy Policy does not cover information that you submit on other websites, even if we communicate with you on those sites. For example, if you post something on Instagram, Facebook, Pinterest, X, or YouTube, that information is governed by the privacy policies on those websites and is not governed by this Privacy Policy.  
You can contact us for privacy-related questions by contacting us at: KylieF@purpleelephantvaservices.au  
We will only use your personal information in compliance with Australian Privacy Laws (Privacy Act (1988 (Cth)), Australian Privacy Principles and to the extent applicable, with the EU General Data Protection Regulation (GDPR) and any replacement legislation or regulation or guidelines and standards governing the use, storage, or transmission of personal data. 

OUR ROLE IN YOUR PRIVACY

If you are a customer, subscriber or just a visitor on our Site, this Privacy Policy will apply to you.   

OUR RESPONSIBILITIES

As we are the providers of the products and services on this Site, we determine how and why your data is processed. We do not sell or rent your details to any third parties. We are committed to protecting your privacy and we want you to know exactly what information is collected and how we use it. 

YOUR RESPONSIBILITIES 

Please read this Privacy Policy and our Website Terms & Conditions. If you provide us with any data relating to a third party, you confirm that you have the right to authorise us to process that data on your behalf in accordance with this Privacy Policy. It is also your responsibility to inform them about our privacy practices, including how we collect, use, disclose, and retain their Personal Information as outlined in this Privacy Policy. By sharing another person’s Personal Information with us, you agree to indemnify and hold us harmless from any claims, liabilities, damages, or expenses arising from your failure to obtain consent or inform the individual of our privacy practices as required under this section. 

CHILDREN'S PRIVACY

If we provide products or services likely to be accessed by individuals under the age of 18, we comply with the requirements of the Children’s Online Privacy Code (COP Code). This may include providing child-friendly privacy notices and limiting the collection and use of personal information from children. 

WHEN AND HOW WE COLLECT DATA  

From the moment you visit our Site, we are collecting data, sometimes you might provide this data by completing a form or setting up an account, otherwise we might collect the data automatically. We may also collect data when: 

  • Personal details: name, contact information, date of birth, relationship to someone you are acting on behalf of (e.g., screenshots and forwarded documents) 

  • You complete any sign-up forms (Paperform, Google Forms, Embedded Wix Forms), landing pages or send us a direct message via social media or an email to any of our nominated emails 

  • Direct replies to service enquiries or client intake emails 

  • Attachments (e.g., Identification documents, property records, adoption files) 

  • Email signatures and metadata (e.g., IP, timestamp) 

  • Manual notetaking or automated transcription tools 

  • Caller ID and call logs 

  • Sensitive verbal disclosures (e.g., family history, estate details) 

  • Scheduling tools 

  • Client portals or secure uploads (e.g., Wills, Powers of Attorney, NDIS plans, tenancy agreements) 

  • Manual data entry from client files (e.g., scanned documents, handwritten notes, legacy records, transcripts, adoption records, estate inventories, data from CVs or reports) 

  • Payment and invoicing systems (e.g., Xero, Stripe, PayPal, Square) 

  • You make a purchase on our Site, including but not limited to, gift cards, or any other products/services available for purchase (e.g., gift card for a service that is offered for a friend or family member) 

  • You interact with us on social media and messaging apps (e.g., FB Messenger, WhatsApp, Instagram DMs) 

  • You complete any sign-up forms (Paperform, Google Forms, Embedded Wix Forms), landing pages or send us a direct message via social media or an email to any of our nominated emails 

  • Consent checkboxes, disclaimers, and service preferences 

  • You participate in events, promotions and giveaways or any request for additional data (e.g., feedback and customer surveys) 

  • You accept our cookies and tracking technologies, which may include services from third parties that provide analytics, traffic management, content delivery, and load balancing (e.g., CDNs). For more details on the cookies we use, including those from third-party providers that assist with performance, analytics, and functionality, please refer to our Cookie Policy on our website.  

  • You voluntarily submit your data to us for any reason 

TYPES OF DATA WE MAY COLLECT

  • Contact details (name, address, email)  

  • Financial Information (bank details when you are making a purchase)  

  • Your business name (sometimes)  

  • Basic information about your business and its history (sometimes)

  • Data about the products or services you purchase   

  • Data about your experience with our Site and our products and services  

  • Data relating to your circumstances and such other information that is relevant to the products or services we provide to you  

  • Data relating to your attendance at seminars or other events held by us (including webinars and podcasts)  

  • Data that identifies you (your IP address, login, browser type, time zone, browser plugins, geolocation, what operating system and version) - we do not link this with any personal Data  

  • Data on how you use our Site (URL clicks, products, and services views, how long you are on our pages and other actions) 

  • We may also collect technical data via third-party services, such as content delivery networks or font services, to improve the performance and functionality of our Site. These services may collect information like IP addresses to ensure proper delivery and functionality. 

USE AND DISCLOSURE OF YOUR DATA

Under data laws, we are only allowed to use your data for specific reasons and where we have the legal basis to do so. We will use your data for the purposes it was collected and related purposes which include:  

  • Operating our Site   

  • Providing you with products, information, and services  

  • Customer support  

  • Tracking your purchase history  

  • Detecting and preventing fraud  

  • Improving our Site  

  • Making your experience on our Site more efficient and enjoyable  

  • Market research (e.g., we may contact you for feedback about our products and services)  

  • Provide you with information about events, other products or services or opportunities that may be of interest  

  • Marketing (with your consent)  

  • Monitoring your compliance with our Website Terms and Conditions  

We may disclose your data for the purposes it was collected and: 

  • As required by law subject to our legal obligations  

  • With your explicit consent  

  • Within our business, limited to employees and trusted service providers who have a legitimate interest to access your data to provide our products and/or services  

  • To send you marketing material (with your consent)  

  • To process your participation in any promotions and giveaways (including contacting you if you win, displaying your name online and on our social media platforms)  

  • Share with third parties who are necessary to enable us to provide our products and/or services to you, subject to appropriate confidentiality and data protection agreements 

DOXXING AND DATA MISUSE  

The unauthorised publishing or sharing of personal data online (commonly referred to as “doxxing”) is strictly prohibited. We take all necessary steps to protect personal data, and any misuse of data may result in legal action, including criminal charges, under Australian privacy law.  

GOOGLE ANALYTICS  

We use Google Analytics functions. You can find out how your data is collected here. You can also opt-out of Google Analytics data tracking.  

Our use of Google Analytics may include but is not limited to display advertising and remarketing. You may see our adverts across the internet, this is due to the use of tracking technologies (cookies) to optimise and serve our adverts based on past visits to our Site. When you log onto our Site, we, with the help of Google Analytics, use your browsing behaviour to connect this with other data that you previously provided to us in accordance with this privacy policy. 

META INSIGHTS

In our efforts to continuously improve your experience on our platform, we utilise Meta Insights and Meta Analytics to understand how you interact with our content on our Facebook page. This technology helps us to measure and analyse user engagement and effectiveness of our services, ensuring we can enhance our offerings to better meet your needs.  For details on how Meta collects and uses your data, we encourage you to review Meta’s Privacy Policy.  Should you prefer to not have personalised ads on Facebook based on the data collected, you have the right to modify your ad preferences.  This can be done by accessing your Facebook settings and navigating to “Ad Preferences”, where you can adjust your settings according to your preferences.

CHOOSING NOT TO PROVIDE PERSONAL DATA

You can choose not to provide us with any personal data. However, if you do this, we will not be able to provide you with any products or services, however, you can continue to use our Site and browse the pages of our Site.

TURNING OFF COOKIES

Our Site uses cookies and similar technologies to provide certain functionality to our Site. You can turn off cookies by activating the setting in your browser that allows you to do this. You can also delete cookies through your browser settings. If you do decide to turn off cookies, you can continue to use the Site, however, certain services may not work as effectively.

MARKETING

We will always let you know before we collect any data from you what the intended use is and if we intend to use it for marketing and if third parties are involved, we will obtain your consent (which you can withdraw at any time). You can change your mind about marketing material by opting out by:

SMS MARKETING AND NOTIFICATIONS

  • By providing your phone number and opting into SMS marketing, you agree to receive text messages from us regarding your purchases, promotions, and updates. Message and data rates may apply. You can opt out at any time by following the instructions provided in the messages.
    How We Use Your Information for SMS

  • When you provide your phone number, we collect and store this information for purposes such as sending order updates, promotional offers, and marketing messages. We do not share your phone number with third parties except as required to process your requests or when required by law.
    Opt-Out and Data Removal

  • You can opt out of SMS marketing at any time by replying 'STOP' to any of our text messages. Once opted out, you will no longer receive SMS marketing from us, but you may still receive essential transactional messages regarding your orders.

YOUR RIGHTS

You can exercise your rights at any time by contacting us via email at KylieF@purpleelephantvaservices.au.

ACCESSING INFORMATION WE HOLD ABOUT YOU

We will provide you with the information within 14 business days of your request, unless doing so would adversely affect the rights and freedoms of others (e.g., another person’s confidentiality or intellectual property rights). We will tell you if we cannot comply with your request and why.

INACCURATE INFORMATION

You can contact us to ask us to correct any information we hold about you that you believe is inaccurate via email at KylieF@purpleelephantvaservices.au.

OBJECTIONS TO USING DATA FOR PROFILING OR AUTOMATED DECISIONS

We may analyse your data to determine the products and services that are most relevant to you, such as tailoring our emails based on your behaviour. However, we will not use your data for any automated decisions that could significantly impact you without your explicit consent or where required or authorised by Australian law. The primary purpose of using your data is to provide our products and services to you effectively.
In some cases, we use automated systems to assist in service delivery, including the use of technologies such as Artificial Intelligence (AI), smart forms, and scheduling platforms. These systems may support us in:

  • Pre-screening form submissions (e.g., Paperform, Smart Logic)

  • Recommending service streams based on client input

  • Generating document templates or summaries

  • Flagging incomplete onboarding tasks or missing documentation

These automated decisions do not replace human judgment and are designed to streamline administrative workflows while preserving the dignity and rights of our clients.

We are committed to transparency and accountability. Some examples of use are below:

  • The types of personal data used by automated systems

    • Identity data

    • Contact details

    • Sensitive documents

    • Online identifiers

    • Behavioural data

    • Scheduling data

    • Payment data

    • Uploaded files

  • The nature and scope of decisions made using these tools

    • Smart form logic

    • Eligibility recommendations

    • Document generation

    • Scheduling workflows

    • Analytics-based insights

    • Security triggers

    • Content personalisation

  • The safeguards in place to ensure fairness and minimise risk

    • Human review options

    • Clear disclosures

    • Consent mechanisms

    • Bias mitigation

    • Data minimization

    • Audit trails

    • Platform safeguards

    • Privacy-aligned design

You have the right to know when automated tools are used in your interactions with us. If you would like further information or wish to request human review of an automated decision (e.g., document generation or content personalisation), please contact us directly via email at KylieF@purpleelephantvaservices.au .

THE RIGHT TO BE FORGOTTEN

You have the right to request for your data to be erased. This means we must delete all information that we hold about you, except to the extent of any information we are required to hold due to our legal obligations.

MAKING A COMPLAINT

If you have any complaints regarding how your data is handled, please contact us via email at KylieF@purpleelephantvaservices.au.
If you are not satisfied with our response to your complaint, you may seek a review by contacting the Office of the Australian Information Commissioner (OAIC) via their website https://www.oaic.gov.au.
If you are located in the European Union and feel your data has been mishandled, you may lodge a complaint with your local data protection authority, which you can find through the European Data Protection Board (EDPB) at https://edpb.europa.eu/about-edpb/board/members_en.
Under Australian privacy laws, individuals may take legal action for serious invasions of privacy, including intrusion upon seclusion or misuse of private information. If you believe your privacy has been intentionally or recklessly breached, and the invasion is serious, you have the right to seek compensation or other remedies through the courts.

SECURITY OF  THE DATA WE COLLECT

We realise that our customers trust us to protect their data and whilst we cannot guarantee the security of any information you transmit to us, or receive from us, we take that task seriously and maintain reasonable and appropriate physical, electronic and procedural safeguards to help protect your data. This includes the following:

  • Secure home-office set up (e.g., dedicated workspace independent from shared living areas)

  • ​Use laptops with biometric login or password lock and has enabled auto lock after a period of inactivity

  • Sensitive documents are shredded when no longer required; printing is avoided unless essential

  • Not discussing client matters in shared spaces and using headphones for calls

  • Two-factor authentication enabled across email, cloud storage and client portals

  • Use of a password manager (1Password)

  • Encrypted file sharing

  • Not working on a public Wi-Fi

  • Keeping antivirus, operating systems and apps patched and current

  • Automated encrypted backups to cloud and external drives

  • Having Cyber insurance that includes critical incident response capabilities

  • Use of email security classifications when essential

  • Use of branded client intake forms with clear consent and disclaimers

  • Collecting only what is necessary for the service being provided

  • Using confidentiality agreements when requested or when essential

  • Conducting regular manual audit trails

  • Engage IT specialists to conduct quarterly checks of my security set up and client data handling

WHERE WE STORE DATA

We use service providers based in Australia.
We do not share your data with overseas organisations in countries or under privacy frameworks approved by the Australian Government, even though these countries are deemed to have privacy protections like Australia’s. We ensure that your data remains protected in line with Australian privacy laws.

HOW LONG WE STORE DATA FOR

We will retain your data for as long as it is reasonably necessary for the purposes for which it was collected, and as required by Australian law. The specific retention period will depend on your interactions with us. If you have made a purchase, we will keep a record of your purchase for the period necessary to fulfill our invoicing and tax obligations as mandated by Australian tax laws. Once we no longer require your information for the stated purposes, we will securely delete it or anonymise any data that is no longer necessary, in accordance with applicable Australian privacy regulations.

THIRD PARTIES WHO ACCESS YOUR DATA

We will only share data with third parties in the following circumstances:

  • As necessary to operate our Site

  • For the purposes of payment processing, if relevant (e.g., Xero, Stripe, PayPal, Square)

  • Our professional and legal advisors if required to do so under Australian Law

  • Third parties engaged in fraud prevention and detection if necessary

  • Law enforcement or other government authorities if necessary

Share with third parties who enable us to provide our products and services which may include:

  • Social media and analytics such as Facebook, Instagram, and Google AdWords for purpose of custom audience generation and the development of targeting criteria.

  • Other third parties for processing and holding Data that enables us to ensure you are kept informed of all online meetings, course information, logins and marketing material, offers, promotions, newsletters, blogs, and video training.

  • Where we have your consent to do so or otherwise where we are legally permitted to do so.

PAYMENT SECURITY

All our real-time credit card authorisations are handled by secure third-party gateway providers, and these are secured by the highest level of security. The following measures are taken to protect your data:

  • Payments are fully automated with an immediate response

  • Your complete credit card number cannot be viewed by us or any outside party

  • All transaction data is encrypted for storage within our third-party gateway suppliers bank-grade data centre, further protecting your credit card data

  • Our third-party gateway provider is an authorised third-party processor for all the major Australian banks

  • Our third-party gateway provider will at no time touch your funds, all monies are directly transferred from your credit card to the merchant account held by us

We use third-party gateway providers that are widely respected for providing secure and reliable online payment solutions. We have chosen to deal with the best so you can feel safe that your personal information is always kept safe and secure. While we attempt to protect the information in our possession, no security system is perfect, and we cannot promise that information about you will remain secure in all circumstances.

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for all organisations that handle branded credit cards from major card schemes. PCI DSS is a standard mandated by the card brands like Visa, Mastercard, American Express and Discover and is managed by the PCI Security Standards Council. PCI-DSS requirements help ensure the secure handling of credit card information through our Site and the service providers.

Stripe, PayPal and Square are all fully PCI DSS compliant and are certified as PCI Level 1 service providers:

  • Level 1: Over 6 million transactions per year.

  • Level 2: 1 million to 6 million transactions per year.

  • Level 3: 20,000 to 1 million transactions per year.

  • Level 4: Fewer than 20,000 transactions per year.

AGE OF CONSENT

By using this site, you warrant that you are at least the age of majority (18) in your State or Territory of residence. Our Site should not be used by anyone under the age of majority (18), and we do not knowingly collect data from anyone under the age of majority (18).

COOKIES AND HOW TO BLOCK THEM

Our Site uses cookies and similar technologies to provide certain functionality to our Site. “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. Cookies can also be used to analyse traffic and for advertising and marketing purposes. They do not harm your systems and the HELP function in your browser will tell you how to restrict or block the cookies. 
You can turn off cookies by activating the setting in your browser that allows you to do this. You can also delete cookies through your browser settings.  For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org. If you use browser settings to block all cookies, you may not be able to access all or parts of our Site.

WEB BEACONS

We may use web beacons (also known as clear gifs) on our website and in our emails. These enable us to track behaviours such as email opens and link clicks, as well as collect information like your IP address, browser type, or email client. This data helps us analyse and improve the performance of our email campaigns, ensuring we can provide you with services that better meet your needs. You can opt out of receiving emails from us at any time by clicking the “unsubscribe” link included in each email.

GOVERNING LAW

This Privacy Policy and your use of this Site is governed in all respects by the laws of Australia.

UPDATES TO OUR PRIVACY POLICY

Please make sure to check in on our Privacy Policy periodically, as we may update this Privacy Policy from time to time to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons. We will always ensure that the current date of the Privacy Policy also known as the “Effective Date” is prominently displayed at the very top of this Privacy Policy, so you know it is the latest version.

bottom of page