Your privacy

​

At Held+Free of ABN: 58 666 911 502 (we, us, or our), we are committed to protecting your privacy and making sure your personal information is secure to the best of our ability.  This Privacy Policy explains how we collect, use, store and disclose your information to comply with the Privacy Act 1988 (Cth) (Act) and includes recent amendments made to the Act under the Privacy and Other Legislation Amendment Bill 2024 (Cth). 

​

When you visit our website or social media accounts, interact with us to use our services and/ or buy any products from us and provide us with your information, you agree to the collection of that information and our use of it as set out in this privacy policy.

 

Types of personal information we collect

The types of personal information we may collect about you include:

​

• your name, images and complete contact details;

• your age and/or date of birth;

• payment details;

• any customer survey results and customer service history;

• website access and usage information;

• information required for automated decision making processes (including where we use artificial intelligence or other software); and

• additional personal information that you or a third party provide to us.

​

Collection and use of personal information

We may collect, hold, use and disclose personal information to:

​

• provide access to and use our website and services;

• communicate with you;

• conduct administrative activities such as invoicing and record keeping;

• conduct marketing, analytics and research;

• fulfill legal obligations and respond to disputes; and

• consider employment applications.

​

Disclosure of personal information to third parties

We may disclose personal information to:

​

• third party service providers to enable them to provide their services;

• our employees and contractors; 

• our existing or potential agents or business partners;

• sponsors or promoters of any competition we run;

• anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;

• credit reporting agencies, courts, tribunals, and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;

• courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or to establish, exercise, or defend our legal rights;

• third parties, including agents or sub-contractors, who assist us in providing information, products, services, or direct marketing to you. This may include parties located, or that store data, outside of Australia; and

• third parties for collection and processing of data, such as Google Analytics or other relevant businesses. This may include parties that store data outside of Australia.

​

By providing us with personal information, you consent to the disclosure of your information outside of Australia and acknowledge that we are not required to ensure that overseas recipients handle that personal information in compliance with the Privacy Act (Act) and the Australian Privacy Principles (APPs). 

​

Note the Act and the APPs may not regulate third parties overseas. If any third party engages in any act or practice that contravenes the APPs, it would not be accountable under the Act.

​

How we treat personal information that is also sensitive information

Information classified as “Sensitive Information” has a higher level of protection under the APPs. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information.

​

We only collect Sensitive Information with your explicit consent or where required by law. If we need to collect Sensitive Information we will inform you of the specific reason and obtain your consent before doing so.

So long as you consent, your sensitive information (if we hold any) may only be used and disclosed for purposes relating to the primary purpose for which the sensitive information was collected. 

​

Automated decision making & AI transparency

If we use automated systems such as Artificial Intelligence (AI) or algorithms either now or at any time in the future, we will:

​

• inform you when a decision affecting you has been made automatically;

• provide transparency on the criteria used in automated processes; and

• allow you to request human review of an automated decision where legally required or where decisions significantly impact your rights.

​

Data security and breach reporting

If a data breach occurs that is likely to result in serious harm, we will:

​

• assess the breach within 30 days as required under the Notifiable Data Breaches NDB (NDB) Scheme;

• notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable; and

• provide details on the nature of the breach and actions taken to mitigate harm.

​

Serious invasions of privacy

We acknowledge that individuals have the right to take legal action for the reckless or intentional invasion of their privacy. This applies where personal information is misused knowingly and the invasion causes distress, even if no financial harm occurs.

​

Doxxing 

It is now a criminal offence to publish personal information online with the intent to harass, threaten, or cause harm. We take measures to prevent unauthorised disclosure of personal information online and comply with laws in this regard. 

Our security measures include encryption, access controls and regular cybersecurity audits.

Your rights and controlling your personal information

​

At all times, you have the right to:

​

• request access to your personal data;

• correct inaccurate or outdated information; 

• request deletion of your personal information, subject of course to our legal obligations; and

• opt out of receiving marketing communications at any time by using the unsubscribe function in our emails or by contacting us directly. We will comply with the Spam Act 2003 (Cth) and will not send marketing communications without your express or inferred consent.

​

Overseas transfer

Your personal information may be transferred to an overseas jurisdiction with substantially similar data protection laws such as the United States of America, the United Kingdom, or countries within the European Union (EU). These countries have data protection laws, which protect personal information in a way that is at least substantially similar to the APPs, and there will be mechanisms available to you to enforce the protection of your personal information under that overseas law. 

We take reasonable steps to ensure overseas recipients handle personal information in accordance with APPs. Where personal information is transferred outside Australia, we will ensure appropriate safeguards, such as contractual obligations or data protection agreements, are in place where required. For individuals in the European Union (EU), data transfers outside the EU will be carried out in compliance with Article 46 of the GDPR, ensuring appropriate safeguards.

​

GDPR

In some circumstances, the European Union General Data Protection (GDPR) provides additional protection to individuals located in Europe. Where this is the case, there may be additional rights and remedies available to you under the GDPR if your personal information is handled in a manner inconsistent with that law.

​

Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

​

We cannot guarantee the security of any information transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that the personal information we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

​

Cookies, web beacons and Google analytics

We use cookies and tracking technologies to enhance user experience and measure website performance. By using our website and social media accounts, you consent to use of our cookies.  

While cookies don’t tell us your email address, they do allow third parties, like Google and Facebook, to track you as part of our retargeting campaigns. If and when you choose to provide our website with personal information, this information may be linked to the data stored in the cookie. You can manage or disable cookies through your web browser settings.

Web beacons monitor the behaviour on our website and collect data about your web page viewing. 

We also use Google Analytics to collect and process data from time to time. 

​

Links to other websites

We do not have any control over Third Party Websites and we are not responsible for the protection and privacy of any personal information that you provide whilst visiting them. Third Party Websites are not governed by this Privacy Policy, even if you followed a link from our website to the Third Party Website.

​

Amendments

We may update this privacy policy as laws change. The latest version will always be available on our website.

​

For any questions or notices, please contact our Privacy Officer at:

Held+Free 

Email: hello@heldfree.com

ABN: 58 666 911 502

Last update: November 2025 

 

AI USE POLICY 

 

At Held+Free of ABN: 58 666 911 502 (we, us or our) we are committed to being transparent about how we use Artificial Intelligence (AI) tools in our business operations. Where AI is used, we strive to use it ethically, and in accordance with Australian law and best practices. This policy should be read in conjunction with our privacy policy, which outlines how we handle personal and sensitive information.

​

Use of AI tools

We may use trusted AI powered tools and platforms in our day-to-day operations for purposes including but not limited to:

​​

• drafting written content such as emails, reports, captions, blogs or proposals;

• assisting with design, formatting or editing;

• automating internal workflows or administrative tasks;

• supporting research or information gathering; and

• enhancing customer support.

​

We do not and will not use AI to make autonomous decisions about individuals or their events without human review or oversight.

​

Who does this policy apply to?

This policy applies to all employees, contractors, and any other individuals or entities using AI systems provided or authorised by us. 

​

It covers all current and emergent AI technologies used in our operations, including but not limited to:

​

• generative AI tools (for example, content creation, drafting);

• machine learning models (for example, data analysis, automation)

• AI-powered software applications; and

• AI used in customer service (for example, chatbots)

​

‘AI’ refers to technologies that perform tasks typically requiring human intelligence, such as generating text, analysing data or making recommendations.

​

This policy applies only to AI tools we directly use or control. It does not apply to AI used by third party service providers unless expressly stated.

 

Safeguarding your information

We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

When using AI tools, we handle confidential and commercially sensitive information with care. We take reasonable steps to avoid inputting personal information unless essential, and only into platforms with appropriate privacy protections in place. 

We do not knowingly input sensitive information such as health, racial or biometric data into AI systems without your explicit consent.

​

We will de-identify any of your content unless you give us consent to share it. Where possible, we use AI tools that do not retain, share or train on sensitive client data, based on what we can reasonably verify.

 

Human oversight

Where AI is involved in decisions that may significantly affect individuals, we ensure appropriate human oversight and review are in place.

 

Accuracy and reliability

While AI can help us generate ideas and content, it can also produce errors or inaccuracies. All AI supported outputs are reviewed by a human team member before use. We remain fully responsible for all final content and decisions in our business, regardless of AI use. 

 

Transparency

We aim to be transparent about our use of AI where appropriate and where required by law. For example, we may inform individuals when they are interacting with an AI system (such as a chat bot). If you would like more information about our use of AI or whether it has been used in delivering services to you, please get in touch using the contact details below.

 

Fairness

We are committed to using AI in a fair and without discrimination. We take reasonable steps to identify and reduce potential biases in AI systems and data.

 

Prohibited uses

We will not use AI for:

​

• unlawful activity;

• discrimination based on protected attributes (for example, race, gender, religion);

• generating or spreading false or misleading information with the intent to deceive;

• infringing intellectual property rights;

• creating deepfakes or manipulating media in harmful ways; 

• creating or using biometric surveillance systems (like facial recognition) without lawful authority or consent; or

• automated decision-making with significant legal or personal effects, without appropriate human oversight, where prohibited by law.

​

Monitoring and review

We will monitor how AI systems are used to ensure compliance with this policy. This policy will be reviewed and updated regularly to reflect changes in technology or legal requirements.

 

Contact information

Held+Free 

Email: hello@heldfree.com

ABN: 58 666 911 502

Last update: November 2025