This privacy policy applies to Recovery Co Colac, a trading name of D & G Horner Pty Ltd (ACN 669 829 636) as trustee for the Horner Trading Trust (ABN 82 640 667 701), of 96-98 Murray Street, Colac, Victoria 3250.
In this policy, “we”, “us” and “our” mean Recovery Co Colac. “You” means anyone who reserves a Foundation Membership, signs up via our website, or otherwise gives us personal information.
We are an Australian small business and we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
What this policy covers
This is our pre-opening privacy policy. It covers personal information we collect from you when you:
- Reserve a Foundation Membership before our Colac facility opens;
- Sign up for updates via our website (therecoverycocolac.com); or
- Contact us by email, phone or social media.
When our facility opens, we will expand this policy to cover the additional information we collect from members on first visit (including health and safety information, photo ID, and access records). We will publish the expanded policy at therecoverycocolac.com/privacy before the facility opens. You will be notified by email.
What we collect
During the Foundation Membership reservation phase, we collect:
- Identity information — your full name, email address, phone number
- Billing information — your billing address, payment method (we do not see or store full card numbers — see below)
- Transaction information — the date and amount of your Foundation Deposit, your Foundation Member number (1 to 50), your selected start preferences
- Correspondence — emails, messages or other communications you send us
We collect this information when you submit it to us directly (through our website signup, our GymMaster member portal, or by emailing or messaging us).
We do not collect health information, government identifiers (Medicare, driver’s licence, etc.), biometric information, or any “sensitive information” under APP 3 during this reservation phase. Some sensitive information (specifically health-related warranties relevant to safe use of recovery services) will be collected on your first visit when we open. You will be told about that collection at the time.
Why we collect it
We collect personal information so we can:
- Process your Foundation Deposit and confirm your reservation;
- Send you updates about the build, the Opening Date, and your membership;
- Provide the Services you’ve signed up for once we open;
- Comply with our legal obligations (including financial record-keeping and consumer law);
- Respond to your questions or complaints; and
- Improve our services.
We will not use your personal information for any other purpose without your consent, unless we are permitted or required to do so by law.
Who we share it with
We share your personal information only with parties who help us run the business, or where required by law. Specifically:
| Recipient | What we share | Why |
|---|---|---|
| GymMaster (our member management platform — Treshna Enterprises Ltd, New Zealand) | Identity + transaction + correspondence information | This is the platform that runs your membership |
| Ezidebit or equivalent direct debit provider | Billing information | They process your Foundation Deposit and (once we open) your weekly fees |
| Our payment gateway (Stripe / equivalent) | Card payment metadata (we do not see or store card numbers) | Card data is held by the payment provider under PCI DSS — not by us |
| Our professional advisers (accountant, insurer, lawyer) | Only the minimum needed | Limited to what’s necessary for them to do their job |
| Government and regulators | Only as required by law | Including responding to subpoenas, court orders, or lawful regulator requests |
We will never sell your personal information. We will never share it with third-party advertisers.
Where we store it
Most of the information we collect is stored on cloud platforms operated by our service providers. Some of these providers may store data outside Australia (for example, GymMaster servers are located in New Zealand; Stripe operates internationally). We have taken reasonable steps to ensure these providers protect your information in a way that’s consistent with the APPs.
By submitting your information to us, you consent to this overseas storage.
How long we keep it
We keep your personal information for as long as you remain a Foundation Member, plus 7 years after your membership ends for tax, financial and legal record-keeping purposes.
After that, we either delete it or anonymise it.
If your Foundation Deposit is refunded under the Foundation Membership Agreement, we keep the minimum records necessary to evidence the refund (7 years) and delete the rest.
Keeping your information secure
We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. These include:
- Storing information on platforms that use industry-standard encryption (TLS in transit, encryption at rest)
- Limiting staff access to a need-to-know basis
- Using strong passwords and multi-factor authentication on administrative accounts
- Keeping our systems updated and patched
No system is perfectly secure. If you become aware of any potential security issue, please email us at therecoverycocolac@gmail.com.
If we become aware of a data breach that’s likely to cause serious harm, we will notify you and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme.
Accessing and correcting your information
You have the right to ask us:
- What personal information we hold about you;
- For a copy of that information; and
- To correct any information that is inaccurate, out of date, incomplete, irrelevant or misleading.
To do any of these things, email therecoverycocolac@gmail.com with your name and what you’d like. We’ll respond within 30 days.
There is no charge for accessing or correcting your information.
Complaints
If you think we’ve mishandled your personal information, please tell us first. Email therecoverycocolac@gmail.com and we’ll respond within 5 business days and aim to resolve the complaint within 30 days.
If you’re not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC):
- Website: oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5288, Sydney NSW 2001
Cookies and website analytics
Our website (therecoverycocolac.com) uses minimal cookies — only what’s needed to run the site. We may add basic anonymous analytics (page views, traffic sources) so we can see what’s working. We do not use tracking pixels for advertising at this stage.
If we add advertising or retargeting cookies in future, we will update this policy and tell you.
Updates to this policy
We may update this policy from time to time. The “Current as at” date at the top will be updated. Material changes will be notified by email to Foundation Members.
Contact
Questions about this policy or your personal information:
Recovery Co Colac 96-98 Murray Street, Colac, Victoria 3250 therecoverycocolac@gmail.com
— End —