top of page

Privacy Policy

At Sunny Days Counselling Services, we prioritise managing client expectations regarding handling personal information. We understand that most individuals tend to avoid reading privacy policies due to their length, complexity, and legal jargon. So, congratulations on making it this far!

Consenting to terms and conditions and privacy policies often feels obligatory rather than optional. This reflects a broader misunderstanding of privacy, consent, and notice processes, with design choices frequently placing the burden on those least equipped to bear it—the customer or citizen.

As an Australian-based business that does not handle Tax File Numbers, we are not required to comply with the Privacy Act 1988 (Cth). However, we exceed these minimum compliance standards wherever possible. We won’t subject you to a traditional privacy policy that merely reiterates legal requirements.

With decades of experience in privacy, we are acutely aware of how to respect, secure, and maintain trust around personal information. As a privacy consultancy, we collect minimal personal information necessary for communication and delivering our services.

Our strategies to safeguard personal information include using privacy filters, secure and encrypted devices, email services, mailing list providers, and backups, all secured with multi-factor authentication. Our service providers are unable to view or access content due to end-to-end encryption.

We do not use social media buttons on our website or set third-party cookies. However, our website host, Wix, sets security and visitor cookies by default, which you can manage in your browser settings. We use Google Analytics but have anonymised your IP address to enhance your privacy.

Please contact us to learn more about our privacy practices or seek advice on effectively communicating your privacy obligations to customers.

Lastly, please note that in November 2019, the European Data Protection Board issued final guidelines (3/2018) on the territorial scope of the GDPR (Article 3). Businesses outside the EU must specifically target EU residents and process their data to fall within its scope.

​

bottom of page