Privacy

This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website and subscribe to our newsletter.

1. Introduction

This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website and subscribe to our newsletter (together, the “Services”).

We are based in Australia and comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as well as the EU/UK General Data Protection Regulation (GDPR) where it applies to individuals in the European Economic Area (EEA) or UK. By using our Services, you agree to this Privacy Policy.

2. Who we are

  • Website and newsletter owner: Kate Carruthers
  • Website: https://katecarruthers.com/
  • Contact email: kate.carruthers@gmail.com
  • Country of establishment: Australia

For the purposes of the Privacy Act and GDPR, we are the data controller of the personal information collected through our Services. Ghost Foundation Ltd (ghost.org) provides the publishing platform and newsletter infrastructure and generally acts as our data processor.

3. When GDPR applies

GDPR applies to our processing of personal data of individuals located in the EEA or UK when they access our website, subscribe to our newsletter, or otherwise interact with us.

If you are in the EEA or UK, this Policy explains your GDPR rights, our legal bases for processing your data, and how to exercise your rights.

4. What data we collect

We may collect and process:

  • Identification and contact email address, name (optional) when you subscribe, create a member account, or contact us.
  • Usage IP address, device and browser information, referring pages, pages visited, and time spent, collected via our hosting and analytics tools.
  • Communication content of messages or inquiries you send us.

We do not intentionally collect sensitive information (such as health, political opinions, or religious beliefs), and we ask that you do not provide it via our forms.

5. How we collect your data

We collect

  • Directly from you when you:
    • subscribe to the newsletter
    • create or manage a member account
    • contact us by email or forms
  • Automatically when you visit the website, via cookies and similar technologies used by us and our service providers.

We collect personal information only by lawful and fair means and where it is reasonably necessary for, or directly related to, our functions or activities, as required by APP 3.

6. Why we use your data (Purposes)

We use your personal information to:

  • Send newsletters and content you have requested, and manage your subscription.
  • Operate, secure, and improve our website and Services.
  • Understand how visitors use our content (e.g., aggregated analytics about page views and email engagement).
  • Respond to your inquiries and provide support.
  • Comply with legal and regulatory obligations, and protect our legal rights.

We only use or disclose personal information for the primary purpose of collection or a directly related secondary purpose that you would reasonably expect, or as otherwise permitted under APP 6 or applicable law.

Where GDPR applies, we rely on the following legal bases for processing your personal

  • Consent: for sending newsletters and, where required, for analytics or marketing cookies and tracking (e.g., open and click tracking).
  • Contract: to provide you with requested content or membership benefits.
  • Legitimate interests: to operate and improve the Services, prevent misuse, and protect our rights, provided these interests are not overridden by your rights and freedoms.
  • Legal obligation: to comply with record-keeping, tax, or regulatory requirements where applicable.

You can withdraw your consent at any time by unsubscribing or contacting us.

To subscribe, we require your email address; your name is optional. We use this information to send you newsletters and related updates.

We use or may use a double opt-in process for GDPR-compliant consent, meaning you confirm your subscription via a link in a follow-up email before we start sending newsletters. Each email includes an unsubscribe link that you can use at any time.

For GDPR purposes, consent is “freely given, specific, informed and unambiguous,” provided through a clear affirmative action (e.g., ticking a box or clicking ‘Subscribe’). We keep a record of subscription consent (time, IP, and method) where required.

9. Cookies and tracking technologies

Our website may use cookies and similar technologies to:

  • enable core site functions and member logins
  • remember your preferences
  • measure website and newsletter performance and engagement

Where GDPR applies, we obtain your consent for non-essential cookies (e.g., analytics and tracking) through a banner or other consent mechanism, and you can withdraw consent at any time.

Details about the cookies we use, their purpose, and how to manage them are provided in our Cookie Notice (if applicable).

10. Sharing your data

We may share your personal information with:

  • Ghost Foundation Ltd (ghost.org), which hosts our site and provides newsletter and membership infrastructure.
  • Email delivery providers and other technical service providers that help us operate our Services.
  • Analytics tools (if used) for aggregated statistics.
  • Professional advisers (such as lawyers or accountants) where reasonably necessary.
  • Law enforcement or regulators, if required by law or needed to protect our rights or the rights of others.

These third parties may only process your data on our instructions and are required to safeguard it under contractual arrangements, including data processing agreements where required by GDPR.

We do not sell your personal information.

11. International transfers

Our primary hosting provider, Ghost, stores data in the EU. In some cases, support or maintenance work may involve processing EU personal data outside the EU/EEA.

Where GDPR applies and data is transferred internationally, we rely on appropriate safeguards such as standard contractual clauses or equivalent mechanisms to ensure a level of protection essentially equivalent to that in the EU/EEA.

12. Data retention

We retain your personal information only for as long as necessary for the purposes described in this Policy or as required by law. This generally means:

  • Newsletter retained while you are subscribed and for a limited period afterwards to manage suppression lists, disputes, and legal obligations.
  • Usage and analytics retained for a period that allows us to analyse trends and security, after which it may be anonymised or aggregated.

We regularly review our retention periods to ensure we do not keep personal information longer than necessary under APP 11 and GDPR storage limitation principles.

13. Your rights – Australia

Under the Privacy Act and APPs, you can:

  • request access to the personal information we hold about you
  • request correction of your personal information if it is inaccurate, incomplete, or out of date
  • make a complaint if you believe we have breached the APPs

To exercise these rights, contact us using the details above. We will respond within a reasonable time and in accordance with Australian privacy law.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).

14. Your rights – EEA/UK (GDPR)

If you are in the EEA or UK, you have, among others, the following rights under GDPR:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure (“right to be forgotten”) in certain circumstances
  • Right to restriction of processing
  • Right to object to processing, including direct marketing
  • Right to data portability, where processing is based on consent or contract and carried out by automated means
  • Right to withdraw consent at any time (without affecting lawfulness of processing before withdrawal)

You also have the right to lodge a complaint with your local supervisory authority, such as your national Data Protection Authority or the UK Information Commissioner’s Office.

To exercise your rights, please contact us using the details above. We may need to verify your identity before acting on your request.

15. Security

We take reasonable steps to protect the personal information we hold from misuse, interference, loss, unauthorised access, modification, or disclosure, as required by APP 11 and GDPR security obligations.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

16. Third-party sites

Our Services may include links to third-party websites or services. We are not responsible for their privacy practices or content and encourage you to review their policies separately.

17. Children’s privacy

Our Services are not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided personal information to us, please contact us and we will take appropriate steps to delete it where required by law.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page with an updated “Last updated” date, and where required we will notify you through the Services or by email.

Last updated: 11 April 2026