Privacy Policy

1. Introduction

This Privacy Policy explains how Farhan Uddin (ABN 36 788 419 671) (“we”, “our”, or “us”) collects, uses, discloses, and protects your personal information when you use our medical admissions tutoring services, visit our website www.farhanuddin.com.au, join our email newsletter, or otherwise interact with us.

We are committed to protecting your privacy and handling your personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth). For international students, we also aim to comply with applicable privacy laws in your jurisdiction, to the extent they apply.

We operate as a sole trader based in Victoria, Australia and act as the data controller for your personal information.

By using our website, booking services, or providing us with your personal information, you agree to this Privacy Policy.

2. Information We Collect

2.1 Categories of Personal Information

We may collect the following types of personal information:

• Identifiers: Name, email address, phone number, IP address and similar identifiers.
• Contact Information: Residential address, billing address, emergency contact details.
• Academic Information: ATAR scores, UCAT results, school/university details, interview outcomes, and other educational performance data.
• Commercial Information: Services purchased, payment history, program enrolment details.
• Financial Information: Payment card details entered via Stripe or similar providers (we do not store full card numbers).
• Communication Records: Emails, contact form messages, session notes, feedback, off-boarding notes.
• Internet / Device Information: Basic website usage data, IP address, browser type, device type, and similar technical data (when analytics/cookies are enabled).
• Audio/Visual Information: Video call recordings, screenshots, photographs, and testimonials, where you have given consent.
• Marketing Preferences: Newsletter subscription status, email engagement (opens/clicks), and opt-out requests.

2.2 Information You Provide Directly

You may provide information when you:

• Fill out contact or booking forms on our website;
• Book or pay for tutoring services;
• Participate in tutoring sessions or mini-mocks;
• Provide feedback, testimonials, or reviews;
• Subscribe to our email newsletter.

2.3 Information Collected Automatically

At present, our automatic collection is limited. Over time we may implement:

• Cookies: To remember preferences and improve site functionality.
• Analytics tools (e.g. Google Analytics): To understand website usage and performance.
• Email marketing tools (e.g. Kit): To track newsletter engagement (opens, clicks) in aggregate.

We will update this Policy and, where required, provide notices or controls if we materially expand automatic data collection.

2.4 Information We Do Not Intentionally Collect

We do not intentionally collect:

• Health or medical records;
• Sensitive personal information beyond academic performance;
• Information from children under 12 without parental consent;
• Full credit card numbers stored on our own systems (handled by Stripe or similar).

3. Legal Basis for Processing

We process your personal information on the following grounds:

• Contract Performance: To deliver tutoring services you request and manage your enrolment.
• Consent: For testimonials, marketing communications, use of recordings in marketing, and certain analytics.
• Legitimate Interests: For running and improving our business, preventing fraud, managing disputes, and analysing outcomes.
• Legal Obligations: For tax, accounting, and record-keeping obligations and responding to lawful requests.

4. How We Use Your Information

4.1 Service Delivery

We use your information to:

• Provide personalised tutoring and interview preparation;
• Schedule and conduct sessions (e.g. via Zoom);
• Track progress and outcomes;
• Process payments and manage billing;
• Communicate about bookings, changes, and important program updates.

4.2 Business Operations and Improvement

We use information to:

• Maintain internal records and client files;
• Analyse student outcomes and improve teaching methods;
• Develop new programs, resources, and services;
• Manage technical and security operations.

4.3 Testimonials, Recordings, and Marketing

We may:

• Request separate, explicit consent to use your name, image, voice, academic results, or excerpts from sessions as testimonials or marketing material (e.g. on our website, social media, email newsletters);
• Use anonymised or de-identified performance data (e.g. “X% of students received offers”) for marketing and educational content;
• Send educational content, updates, and promotional offers via our email newsletter.

You can refuse or withdraw consent to identifiable marketing use at any time; this will not affect your access to services.

4.4 Legal and Security

We may use your information to:

• Comply with legal obligations and respond to lawful requests;
• Enforce our Terms of Service;
• Detect, investigate, and prevent fraud or misuse;
• Protect the rights, property, and safety of our students, customers, and business.

5. How We Share Your Information

5.1 Third-Party Service Providers

We use third-party providers to help run our business. Depending on your interactions, we may share your information with:

• Stripe (payment processing): Name, email, payment details.
• Google Workspace (Gmail, Google Drive, Docs, Sheets): Emails, session notes, documents, and data storage.
• Notion (client management): Client records, session notes, program tracking.
• Zoom or similar (video sessions): Name, email, meeting details.
• Cal or similar (scheduling): Name, email, phone, availability.
• Kit (email newsletter and marketing): Name, email address, program tags, basic engagement data (opens/clicks).
• Website hosting and analytics providers: Basic device and usage data.

These providers are only permitted to use your information to perform services for us and must implement reasonable security measures.

5.2 Legal and Safety Disclosures

We may disclose information:

• When required by law, regulation, court order, or government request;
• When necessary to establish, exercise, or defend legal claims;
• To protect our rights, property, safety, or those of others;
• To assist with fraud prevention or investigations.

5.3 What We Don't Do

We do not:

• Sell your personal information;
• Share your data with third parties for their independent marketing purposes;
• Use automated decision-making that has legal or similarly significant effects on you.

6. International Data Transfers

Your information may be stored or processed in Australia and in other countries where our service providers (such as Stripe, Google, Notion, Zoom, Kit) operate their servers.

We take reasonable steps to ensure these providers handle your information in a way that is consistent with this Policy and applicable privacy laws.

7. Data Security

We use reasonable technical and organisational measures to protect your information, including:

• Encryption in transit (e.g. HTTPS) and at rest (via our cloud providers);
• Access controls and permissions based on role and necessity;
• Strong account security practices;
• Regular review of tools and providers.

However, no system is completely secure. If we become aware of a data breach that is likely to cause serious harm, we will notify affected individuals and relevant authorities as required by law.

8. Data Retention

We retain personal information only as long as necessary for the purposes described in this Policy or as required by law:

• Client records and session notes: Generally up to 7 years after last interaction (or longer if needed for legal purposes).
• Payment records: At least 7 years for tax and accounting compliance.
• Session recordings (educational use): Typically up to 1 year after recording, unless you request earlier deletion or we need them longer for internal training or dispute resolution.
• Testimonials and marketing materials: Indefinitely, until you withdraw consent or we no longer need them.
• Newsletter data: Until you unsubscribe or we consider the data no longer needed.
• Contact/enquiry forms: Typically up to 2 years.

We may retain anonymised or aggregated data indefinitely for research and statistical purposes.

9. Your Rights and Choices

9.1 Rights under Australian Law

Subject to certain exceptions, you may:

• Access the personal information we hold about you;
• Request correction of inaccurate or incomplete information;
• Request deletion of your personal information (where legally possible);
• Request restrictions on certain uses;
• Object to certain types of processing;
• Make a complaint to the Office of the Australian Information Commissioner (OAIC).

We may ask you to verify your identity before acting on a request.

9.2 Marketing and Newsletter

• You can unsubscribe from our email newsletter and other non-essential marketing communications at any time by clicking the unsubscribe link in the email or contacting us directly.
• You cannot opt out of essential service communications (e.g. billing, session reminders, important program updates), as these are necessary to deliver the services you have requested.

9.3 International Rights

If you are located in a jurisdiction with additional privacy rights (e.g. GDPR in the EU/UK), you may have extra rights such as data portability or lodging complaints with local regulators. Where these laws apply, we will respect your rights in accordance with them.

10. Children and Minors

Our paid services are primarily aimed at students aged 16 and above.

• For Students under 18, we require a Parent/Guardian to act as the Customer, give consent, and manage payment.
• We do not knowingly collect personal information from children under 12 without verifiable parental consent.
• If you believe we have collected personal information from a child under 12 without appropriate consent, please contact us and we will delete it as soon as reasonably practicable.

11. Cookies and Tracking Technologies

As our website and tools evolve, we may use:

• Essential cookies to run the site and keep it secure;
• Analytics cookies (e.g. Google Analytics) to understand usage patterns;
• Email tracking (via Kit or similar) to measure newsletter engagement in aggregate.

You can control cookies through your browser settings (e.g. blocking or deleting cookies). If we implement non-essential cookies or tracking, we will provide appropriate notices and, where required, obtain your consent.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal obligations.

• The “Last updated” date at the top indicates the most recent version.
• For material changes, we may also notify you via email or by a prominent notice on our website.
• Your continued use of our services after any changes take effect will be taken as acceptance of the updated Policy.