Privacy Policy

The information we collect falls into one of two categories: "voluntarily provided" information and "automatically collected" information.

"Voluntarily provided" information refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions — for example, signing up to our newsletter, purchasing a Supporter Membership, or contacting us.

"Automatically collected" information refers to any information automatically sent by your devices in the course of accessing our website.

Depending on how you interact with Kaizen Culture, we may collect one or more of the following:

• Name (and, where you nominate them, the names of gift-membership recipients).
• Email address.
• Postal / shipping address (line 1, line 2, suburb / city, state, postcode, country) — used to deliver your Welcome Pack and to identify you as a member.
• Membership and order history (membership number, purchase dates, fulfilment method).

Kaizen Culture does not directly collect or store your full payment card details. When you purchase a Supporter Membership, payment is processed by Stripe, our payment processor. Stripe collects and processes your card information under its own privacy policy and security standards. We receive only limited information from Stripe needed to confirm your purchase — for example, your name, email, billing address, the last four digits and brand of the card, and a transaction reference.

When you visit our website, our servers may automatically log standard data provided by your web browser. This may include your device's Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.

If you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding it. This may include technical details about your device and what you were trying to do when the error happened.

While this information may not be personally identifying by itself, it may be possible to combine it with other data to identify individuals.

When you visit our website or interact with our services, we may automatically collect data about your device, such as device type, operating system, unique device identifiers, and device settings.

Data we collect can depend on the individual settings of your device and browser. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.

We only collect and use your personal information when we have a legitimate reason for doing so. In which case, we only collect personal information that is reasonably necessary to provide our services to you.

We collect, hold, use, and disclose personal information for the following purposes:

• To provide our website and Supporter Membership features.
• To process your payment and fulfil your Welcome Pack (including assigning a membership number, generating a bag tag, and dispatching or holding for pickup).
• To send transactional emails — welcome emails, payment receipts, magic-link sign-in emails, and similar communications you would reasonably expect.
• To send marketing communications, such as our newsletter, only when you have provided your consent. You can unsubscribe at any time.
• To respond to your enquiries and to contact you about your membership where necessary (for example, if there is a problem with your delivery).
• For internal record-keeping, accounting, and compliance with our legal obligations.

We share personal information with the following third-party service providers, only as necessary for them to perform their function on our behalf:

• Stripe — payment processing. Stripe receives your name, email, billing address, and card details. See https://stripe.com/privacy.
• Mailchimp (Intuit) — email marketing platform used to manage our newsletter subscribers. Mailchimp receives your name, email, postal address, and tags indicating membership status. See https://www.intuit.com/privacy.
• Resend — transactional email delivery (welcome emails, sign-in links). Resend processes the recipient email address and message content. See https://resend.com/legal/privacy-policy.
• Supabase — database and authentication hosting. Supabase stores your account, membership, and address data on our behalf. See https://supabase.com/privacy.
• Google reCAPTCHA — protects our forms from automated abuse. Google receives device signals (including IP address and browser data) and provides us a risk score. See https://policies.google.com/privacy.
• Vercel — website hosting. Vercel processes standard web-server log data when you visit our site. See https://vercel.com/legal/privacy-policy.

We may also disclose personal information to: our employees, contractors, and related entities; professional advisors; courts, tribunals, regulatory authorities, and law enforcement officers as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights; and any entity that buys, or to which we transfer all or substantially all of our assets and business.

Some of the third-party service providers listed above are based outside Australia (notably in the United States and the European Union). When we transfer your personal information to them, we take reasonable steps to ensure your information receives a level of protection consistent with this policy and with Australian Privacy Principle 8 (cross-border disclosure of personal information).

If you purchase a Supporter Membership as a gift, we record the recipient's name alongside the membership so we can print it on the Welcome Pack bag tag. We may, in future, allow gift recipients to claim their membership by linking it to their own email address. If you would prefer the recipient's name not be recorded, please contact us before completing your purchase.

We take commercially reasonable measures to secure your personal information from accidental loss, theft, unauthorised access, disclosure, copying, use, or modification. These include encryption of data in transit, restricted database access, and the use of reputable third-party processors with their own security programs.

Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure and no one can guarantee absolute data security.

We keep your personal information only for as long as we need to. For example, we retain membership records for the duration of your membership and for a period afterwards to satisfy our legal, tax, and accounting obligations. If your personal information is no longer required, we will delete it or anonymise it.

A "cookie" is a small piece of data that our website stores on your device and accesses each time you visit.

Essential cookies: These are required for the site to function and cannot be disabled without affecting core functionality. This includes cookies set by Google reCAPTCHA (used to protect our membership signup and newsletter forms from spam and abuse). reCAPTCHA data is processed by Google under the Google Cloud Data Processing Addendum.

Authentication cookies: When you sign in via a magic link, we set a session cookie so the site can recognise you on subsequent requests. This cookie does not contain personally identifying information directly.

We do not currently use analytics or advertising cookies. If we add them in future, we will update this policy and obtain your consent where required.

Your choices: You can control and delete cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing ones, or notify you when a cookie is being set. Disabling cookies may affect site functionality — in particular, our forms may not work without reCAPTCHA cookies.

Kaizen Culture's services are aimed at adults; however, members of the broader karate community include children. We do not knowingly collect personal information from children under the age of 16 except through a parent or guardian. If you are a parent or guardian and you become aware that your child has provided us with personal information without your consent, please contact us so we can remove the information.

Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, doing so may affect your ability to purchase a membership or receive communications from us.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else — for example a gift recipient — you represent and warrant that you have such person's consent to provide their personal information to us.

Marketing permission: If you have previously agreed to us using your personal information for direct marketing, you may change your mind at any time by contacting us using the details below or via the unsubscribe link in any marketing email.

Access: You may request details of the personal information that we hold about you.

Correction: If you believe any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.

Deletion: You may request that we delete the personal information we hold about you, subject to any retention obligations imposed by law (for example, financial records).

Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information.

Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.

Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond in writing, setting out the outcome and the steps we will take. You also have the right to contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Unsubscribe: To unsubscribe from our email database or opt out of marketing communications, please use the unsubscribe link in any marketing email, or contact us using the details below.

If we or our assets are acquired, or in the unlikely event that we cease operations, we would include personal information among the assets transferred to any party that acquires us. You acknowledge that such transfers may occur, and that any acquirer may, to the extent permitted by applicable law, continue to use your personal information according to this policy.

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

We may change this privacy policy from time to time to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. Material changes will be posted on this page with an updated effective date. Where required by law, we will request your consent before implementing significant new uses of your personal information.

Kaizen Culture is bound by the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where the disclosure of your personal information is solely subject to Australian privacy laws, you acknowledge that some third parties may not be regulated by the Privacy Act and the APPs. You acknowledge that if any such third party engages in any act or practice that contravenes the APPs, it would not be accountable under the Privacy Act, and you will not be able to seek redress under the Privacy Act.

The GDPR distinguishes between organisations that process personal information for their own purposes (known as "data controllers") and organisations that process personal information on behalf of other organisations (known as "data processors"). Kaizen Culture is a Data Controller with respect to the personal information you provide to us.

Our lawful bases for processing personal information depend on the services you use and how you use them. These include:

Consent — where you have given us consent to collect and use your personal information for a specific purpose (for example, joining our newsletter). You may withdraw your consent at any time.

Performance of a Contract — where processing is necessary for us to provide you with a Supporter Membership you have purchased, or to take preparatory steps before entering into such a contract.

Legitimate Interests — where we assess processing is necessary for our legitimate interests, such as operating, improving, and securing our website and services.

Compliance with Law — where we have a legal obligation to use or keep your personal information.

International Transfers Outside of the European Economic Area (EEA): We will ensure that any transfer of personal information from countries in the EEA to countries outside the EEA is protected by appropriate safeguards, including, where applicable, the use of Standard Contractual Clauses approved by the European Commission.

Restrict: You have the right to request that we restrict the processing of your personal information in certain circumstances.

Objection: You have the right to object to processing of your personal information that is based on our legitimate interests.

Data Portability: You have the right to request a copy of the personal information we hold about you in a structured, commonly used, machine-readable format, and to request that we transfer it to another controller.

For any questions or concerns regarding your privacy, or to exercise any of the rights described above, please contact us at:

kaizenculture.info@gmail.com