Privacy Policy
1. Who we are
Spin Design Pty Ltd (ABN 95 094 058 698) (“Spin Design”, “we”, “us”, “our”) is a web design, development, hosting, and digital services company incorporated in New South Wales, Australia. Our principal place of business is Suite 6, Building 7, 49 Frenchs Forest Road, Frenchs Forest NSW 2086.
Spin Design is bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (“Privacy Act”). We are committed to handling personal information responsibly, transparently, and in accordance with all applicable Australian privacy laws.
This Privacy Policy governs the personal information we collect in connection with:
- our website at www.spindesign.com.au and all associated subdomains;
- the provision of web design, development, hosting, domain management, SEO, AI enhancement, NDIS digital services, and maintenance plan services;
- our payment processing portals, including the Spin Design Payment Portal, Stripe, and EziDebit;
- our project management platform (currently Teamwork.com); and
- any other interactions you have with Spin Design, including via telephone, email, or social media.
2. Definitions
In this Privacy Policy, the following terms have the meanings set out below. Capitalised terms not defined here have the meanings given to them in the Spin Design General Terms and Conditions.
“APP” means an Australian Privacy Principle as set out in Schedule 1 of the Privacy Act 1988 (Cth).
“Client” has the meaning given in the General Terms and Conditions, being the individual, company, or entity that engages Spin Design to perform services.
“Cookies” means small text files placed on your device by a website to store information about your browsing session, preferences, or behaviour.
“EziDebit” has the meaning given in the General Terms and Conditions, being EziDebit Pty Ltd, a licensed direct debit provider used by Spin Design for scheduled and on demand payment processing.
“Meta Pixel” means the tracking code provided by Meta Platforms Inc. (formerly Facebook) and currently operating on the Spin Design website under Pixel ID 1011591437619332, used to measure the effectiveness of advertising and to enable retargeting.
“OAIC” means the Office of the Australian Information Commissioner, the independent national regulator for privacy and freedom of information.
“Personal Information” has the meaning given in the Privacy Act 1988 (Cth), being information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not.
“Privacy Act” means the Privacy Act 1988 (Cth) and the Australian Privacy Principles contained therein.
“Sensitive Information” has the meaning given in the Privacy Act 1988 (Cth) and includes health information, biometric information, and information about racial or ethnic origin.
“Stripe” means Stripe Payments Australia Pty Ltd, the third party payment gateway used by Spin Design to process credit card transactions via the Spin Design Payment Portal.
“Website” means the Spin Design website at www.spindesign.com.au and all associated pages and subdomains.
3. What Personal Information We Collect
3.1 Information You Provide Directly
We collect Personal Information that you provide to us directly, including when you:
- submit an enquiry, request a quote, or contact us via our website, telephone, or email;
- engage Spin Design as a Client by signing or accepting a Quote;
- set up a payment arrangement via Stripe or EziDebit;
- submit a support ticket or communicate with our Accounts or project management teams;
- subscribe to our newsletter or marketing communications; or
- submit images or other assets for use in our AI Enhancement (portrait) service.
The types of Personal Information we may collect in these contexts include: full name, job title, company name, ABN, postal and billing address, email address, telephone number, payment and banking details, and project briefs or creative assets.
3.2 Information We Collect Automatically
When you visit our Website, we may automatically collect certain technical and usage information, including:
- your IP address and approximate geographic location;
- your browser type, version, and operating system;
- pages visited, time spent on pages, and links clicked;
- referring website or search query;
- device type and screen resolution; and
- interactions with embedded content, including social media widgets and third party media.
This information is collected through cookies, the Meta Pixel (ID: 1011591437619332), Google Analytics, and similar tracking technologies. Please refer to Section 7 (Cookies and Tracking Technologies) for full details.
3.3 Sensitive Information — AI Enhancement Service
Where you or your organisation engages Spin Design for our AI Enhancement (portrait) service, we will process facial image data, which may constitute Sensitive Information under the Privacy Act. We collect this information solely for the purpose of delivering the agreed enhancement service. We do not use facial image data for any other purpose, including profiling, identification, or marketing. Source images are retained for no longer than sixty (60) days following delivery of the completed Deliverables, unless a separate data storage arrangement has been agreed in writing.
By submitting images for AI enhancement, you warrant that you have obtained the informed consent of each individual depicted in the submitted images to the collection and processing of their facial image data by Spin Design for this purpose.
3.4 Payment Information
Spin Design does not store credit card numbers or full banking account details on its own systems. Payment card data submitted via the Spin Design Payment Portal is processed directly by Stripe, which is PCI DSS Level 1 certified. Direct debit banking details collected for EziDebit arrangements are held by EziDebit in accordance with its own privacy and security policies. Spin Design retains records of transaction amounts, dates, invoice references, and payment confirmations for accounting and legal compliance purposes.
3.5 Information About Third Parties
Where you provide Personal Information about another individual to Spin Design (for example, a contact person at a Client organisation, or an individual depicted in an AI Enhancement submission), you represent and warrant that you have that individual’s consent to provide their information to us for the relevant purpose, and that you have made them aware of this Privacy Policy or directed them to it.
4. How We Use Your Personal Information
4.1 Primary Purposes
We use your Personal Information primarily to:
- respond to your enquiry or request for quote;
- provide, manage, and deliver our Services in accordance with our General Terms and Conditions;
- communicate with you about your project, including via Teamwork.com, email, and telephone;
- process payments and manage billing, including via Stripe and EziDebit;
- issue invoices, receipts, and financial records;
- provide technical support and respond to support tickets;
- deliver our AI Enhancement service where engaged; and
- meet our legal, regulatory, and contractual obligations.
4.2 Secondary Purposes
With your consent, or where otherwise permitted by the Privacy Act, we may also use your Personal Information to:
- send you newsletters, service updates, or promotional communications about Spin Design’s services (you may opt out at any time);
- conduct client satisfaction surveys or request testimonials or reviews;
- analyse website usage data to improve our Website and services;
- measure the effectiveness of our digital advertising campaigns via the Meta Pixel and Google Analytics; and
- identify you as a customer in our marketing materials, subject to the portfolio and naming rights provisions in our General Terms and Conditions.
4.3 Legal Bases for Use
We use your Personal Information on the following bases:
- where necessary to perform a contract with you or to take steps at your request before entering into a contract;
- where necessary to comply with a legal obligation;
- where you have given your consent; or
- where we have a legitimate interest in doing so and that interest is not overridden by your privacy rights.
5. Disclosure of Personal Information
5.1 Third Party Service Providers
We may disclose your Personal Information to third party service providers who assist us in delivering our Services or operating our business. All such providers are engaged under contractual arrangements that require them to handle your Personal Information in a manner consistent with the APPs. The following table identifies the key third party providers we currently use, the purpose of the disclosure, the categories of data transferred, and the location of that provider.
| Provider | Purpose | Data Transferred | Location |
|---|---|---|---|
| Teamwork.com | Project management, communications, and file sharing | Name, email, project files, communications | Ireland / USA |
| Stripe Payments Australia | Credit card payment processing via Spin Design Payment Portal | Transaction amount, card type, billing details | Australia / USA |
| EziDebit Pty Ltd | Scheduled and on demand direct debit processing | Name, bank account or card details, transaction records | Australia |
| Google Analytics | Website usage analytics and performance reporting | IP address (anonymised), pages visited, session data | USA |
| Meta Platforms Inc. | Advertising effectiveness measurement and retargeting (Meta Pixel ID: 1011591437619332) | Page views, click events, device data | USA |
| AI Tool Providers (various) | AI code generation, image synthesis, and design assistance used in service delivery | Project briefs, design assets, code snippets | USA / varies |
| Spam Detection Service | Automated scanning of website comments and form submissions | IP address, comment content, email hash | USA / varies |
| Gravatar (Automattic) | Profile image display for website comment authors | Hashed email address | USA |
5.2 We Do Not Sell Your Personal Information
Spin Design does not sell, rent, or trade your Personal Information to any third party for commercial purposes. Your Personal Information is disclosed to third parties only as described in this Privacy Policy or as required by law.
5.3 Disclosure Required by Law
We may disclose your Personal Information where required or authorised to do so by law, including to:
- comply with a court order, subpoena, or other legal process;
- respond to a lawful request from a government agency or regulatory authority, including the OAIC, the Australian Tax Office, or law enforcement; or
- protect the rights, property, or safety of Spin Design, our clients, or the public.
5.4 Business Transfers
In the event that Spin Design is subject to a merger, acquisition, sale of business, or corporate restructure, your Personal Information may be transferred to the relevant successor entity as part of that transaction. We will take reasonable steps to ensure that any successor entity is bound by privacy obligations consistent with this Policy.
6. Cross Border Disclosure of Personal Information
Some of the third party service providers identified in Section 5 are located outside Australia, including in the United States and Ireland. Before disclosing Personal Information to an overseas recipient, Spin Design takes reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to that information.
Where data is transferred to the United States, Spin Design relies on the contractual data protection terms published by the relevant provider (for example, Stripe’s data processing agreement, Google’s data processing terms, and Meta’s data processing addendum). Clients in regulated sectors, including health, finance, and government, who have specific data residency or sovereignty requirements must notify Spin Design in writing prior to project commencement so that appropriate arrangements can be made.
By engaging Spin Design or using our Website, you acknowledge that your Personal Information may be transferred to and processed in countries outside Australia, and that the privacy laws of those countries may differ from Australian law.
7. Cookies and Tracking Technologies
7.1 What Are Cookies
Cookies are small text files placed on your device by a website. They are widely used to make websites function more efficiently, to recognise returning visitors, and to provide website operators with analytical and marketing information. In addition to cookies, we also use pixel tags (also called web beacons), which are small transparent images embedded in web pages or emails that allow us to track whether a page or email has been opened or accessed.
7.2 Cookies We Use
Our Website uses the following categories of cookies and tracking technologies. The table below summarises each category, examples of tools used, the purpose, and whether your consent is required before these are placed on your device.
| Category | Examples | Purpose | Consent Required |
|---|---|---|---|
| Strictly Necessary | WordPress session cookies, login cookies, security tokens | Essential to website function. The site cannot operate correctly without these cookies. | No — always active |
| Functional | Comment preference cookies, screen display cookies, login persistence cookies | Remember your preferences and settings to improve your experience on return visits. | No — active by default, may be disabled in browser settings |
| Analytics | Google Analytics (_ga, _gid, _gat) | Collect anonymised data about how visitors use the Website to help us understand performance and improve content. | Yes — requires consent via Cookie Preference Centre |
| Marketing and Targeting | Meta Pixel (ID: 1011591437619332) — Facebook/Instagram advertising pixel | Measure the effectiveness of Spin Design's advertising campaigns and enable retargeted advertising on Meta platforms. | Yes — requires consent via Cookie Preference Centre |
IMPORTANT — META PIXEL DISCLOSURE
7.4 Managing Your Cookie Preferences
You can manage your cookie preferences at any time through the following methods:
- Cookie Preference Centre: accessible from the footer of our Website. You can select which categories of non essential cookies you consent to. Your preferences will be saved for future visits.
- Browser Settings: most browsers allow you to refuse or delete cookies through their settings. Please note that disabling cookies may affect the functionality of our Website and other websites you visit.
- Opt Out Tools: you may opt out of Google Analytics tracking by installing the Google Analytics Opt Out Browser Add On, available at tools.google.com/dlpage/gaoptout. You may manage your Meta advertising preferences via your Facebook account settings at www.facebook.com/settings/?tab=ads.
Withdrawing your consent to non essential cookies will not affect the lawfulness of any tracking that occurred prior to withdrawal. It will also not prevent you from seeing Spin Design advertisements on third party platforms, but those advertisements will not be informed by your activity on our Website.
7.5 Embedded Content
Pages on our Website may include embedded content from third party platforms, including videos, images, and social media posts. Embedded content from other websites behaves as if you have visited that website directly. Those third party websites may collect data about you, use their own cookies, embed additional tracking technologies, and monitor your interaction with that embedded content, including tracking your interaction if you have an account with that platform and are logged in. Spin Design is not responsible for the privacy practices of third party platforms that provide embedded content.
8. How We Protect Your Personal Information
8.1 Security Measures
Spin Design takes reasonable technical and organisational steps to protect the Personal Information we hold from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:
- use of secure, encrypted connections (HTTPS/TLS) for our Website and project management platform;
- engagement of PCI DSS Level 1 certified payment processors (Stripe) for credit card data;
- access controls and authentication requirements for internal systems and project platforms;
- regular software, plugin, and platform updates to address known security vulnerabilities;
- staff awareness of privacy obligations and data handling procedures; and
- hosting of client websites on Australian Tier III and Tier IV data centres with physical and logical access controls.
8.2 No Absolute Guarantee
While we take reasonable precautions, no method of transmission over the internet and no method of electronic storage is completely secure. Spin Design cannot guarantee the absolute security of Personal Information transmitted to or from our Website or held in our systems. We encourage you to take steps to protect your own information, including by using strong passwords and keeping your login credentials confidential.
8.3 Notifiable Data Breaches
Spin Design is subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). In the event of an eligible data breach that is likely to result in serious harm to one or more individuals, we are required to:
- contain the breach and assess whether it is likely to result in serious harm;
- notify the OAIC by submitting a data breach notification; and
- notify the affected individuals as soon as practicable.
Where a data breach affects Personal Information held in connection with a Client engagement, we will also notify the relevant Client as soon as practicable after we become aware of the breach and have completed our initial assessment.
9. How Long We Retain Your Personal Information
9.1 General Retention Principles
We retain Personal Information for as long as is necessary to fulfil the purposes for which it was collected, including to deliver our Services, respond to any queries or complaints, and meet our legal, regulatory, accounting, and contractual obligations.
9.2 Specific Retention Periods
The following retention periods apply to specific categories of information:
- Financial records (invoices, payment records, tax records): a minimum of seven (7) years from the end of the relevant financial year, in accordance with the Corporations Act 2001 (Cth) and the Income Tax Assessment Act 1997 (Cth).
- Active Client project files and communications: retained for the duration of the engagement and for five (5) years following project completion.
- AI Enhancement facial image data (source images): deleted within sixty (60) days of delivery of completed Deliverables, unless a separate written storage arrangement has been agreed.
- Website analytics data: retained for a period consistent with the data retention settings of the relevant analytics platform (currently twenty six (26) months for Google Analytics).
- Enquiry and prospect data (non converted): retained for a maximum of two (2) years from the date of the most recent interaction.
- Hosting account data: retained for thirty (30) days following account deletion, after which it is securely destroyed.
9.3 Destruction and De identification
When Personal Information is no longer required and no legal obligation to retain it applies, we will take reasonable steps to destroy or permanently de identify that information in a secure manner.
10. Your Rights — Access, Correction, and Complaints
10.1 Right of Access
Under APP 12, you have the right to request access to the Personal Information Spin Design holds about you. To make an access request, please contact our Privacy Officer using the details in Section 12. We will respond to your request within thirty (30) days. We may ask you to verify your identity before providing access. In some circumstances, we may be unable to provide access to certain information, for example where doing so would reveal Personal Information about another individual, or where an exemption under the Privacy Act applies. We will notify you in writing if we are unable to provide access and explain the reasons.
10.2 Right of Correction
Under APP 13, if you believe that Personal Information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request that we correct it. We will take reasonable steps to correct the information within thirty (30) days of receiving your request. If we do not agree that correction is warranted, we will notify you in writing and explain our reasons. You may then request that we associate a statement with the relevant record noting that you believe the information is inaccurate.
10.3 Right to Erasure
You may request that we delete Personal Information we hold about you where:
- the information is no longer necessary for the purpose for which it was collected;
- you withdraw consent and no other legal basis for holding the information applies; or
- the information is being held in breach of the Privacy Act.
We will take reasonable steps to delete the information within thirty (30) days of your request, subject to any overriding legal obligation to retain the information (for example, for tax or legal compliance purposes).
10.4 Opt Out of Marketing Communications
You may opt out of receiving marketing or promotional communications from Spin Design at any time by:
- clicking the unsubscribe link in any marketing email we send you;
- contacting us at privacy@spindesign.com.au with your opt out request; or
- adjusting your preferences through the account settings in our project management platform.
Please allow up to ten (10) Business Days for your opt out to take effect. Note that opting out of marketing communications does not affect transactional communications related to your active projects or service agreements.
10.5 Privacy Complaints
If you believe that Spin Design has handled your Personal Information in a manner that breaches the APPs or this Privacy Policy, you may lodge a complaint with our Privacy Officer using the contact details in Section 12. We will acknowledge your complaint within five (5) Business Days and provide a substantive response within thirty (30) days.
If you are not satisfied with our response, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC):
Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Telephone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001
11. Children's Privacy
Our Website and services are directed to businesses and individuals aged eighteen (18) years and over. We do not knowingly collect Personal Information from children under the age of eighteen (18) without verified parental or guardian consent. If you believe that a child has provided Personal Information to us without appropriate consent, please contact our Privacy Officer immediately using the details in Section 12 and we will take steps to delete that information.
In relation to our AI Enhancement service, the Client warrants that images submitted for processing do not depict any individual under the age of eighteen (18) years without verified parental or guardian consent in writing, as required by clause 8.4 of the General Terms and Conditions.
12. Contact Us — Privacy Officer
Privacy Officer
P.O. 177, Frenchs Forest NSW 1640
Email: privacy@spindesign.com.au
Telephone: 1300 620 675
Website: www.spindesign.com.au/privacy-policy/
We aim to acknowledge all privacy related correspondence within five (5) Business Days and to resolve all matters within thirty (30) days. Where a matter is complex or requires further investigation, we will notify you of the extended timeframe and keep you informed of progress.
13. Updates to This Privacy Policy
Spin Design may update this Privacy Policy from time to time to reflect changes in our practices, services, technology, or legal obligations. When we make material changes, we will:
- publish the updated Privacy Policy on our Website with a revised effective date and version number;
- where the change materially affects how we handle the Personal Information of existing Clients, provide at least thirty (30) days prior written notice by email to the address on file; and
- maintain a version history so that you can review previous versions of this Policy.
Your continued use of our Website or Services after the effective date of any update constitutes your acceptance of the revised Privacy Policy. If you do not agree with any update, please contact our Privacy Officer and, where applicable, cease use of the relevant Service.
14. Related Documents
This Privacy Policy forms part of the Spin Design legal document suite and should be read together with the following documents, all of which are available at www.spindesign.com.au/terms-conditions/:
- General Terms and Conditions (Version 2.0, 2026)
- Acceptable Use Policy
- Website Hosting Terms and Conditions
- Ultimate Spin Care Terms and Conditions
- ICANN Registrant Rights and Responsibilities
Who we are
Suggested text: Our website address is: https://www.spindesign.com.au/
Comments
Media
Cookies
Embedded content from other websites
Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.