+61 7 5589 5000 ask@shefrealmychik.world 192 Syndicate Rd, Tallebudgera Valley QLD 4228, Australia
logo

Privacy Policy

Last updated: 1 April 2026. This policy describes how Shefrealmychik (“we”, “us”) processes personal data when you use https://shefrealmychik.world and related channels. We aim to meet the requirements of the EU General Data Protection Regulation (“GDPR”), the UK GDPR where applicable, and the Australian Privacy Act 1988 including the Australian Privacy Principles (“APPs”).

1. Data controller

The data controller responsible for processing is:

Shefrealmychik
192 Syndicate Rd
Tallebudgera Valley QLD 4228
Australia
Email: ask@shefrealmychik.world
Phone: +61 7 5589 5000

If you are in the European Economic Area or United Kingdom and wish to contact our representative where required by law, use the email address above with “GDPR representative” in the subject line.

2. Categories of personal data

Depending on how you interact with us, we may process: identity and contact data (name, email address, postal address if provided); message content you send through forms; technical data (IP address, browser type, device identifiers, approximate location derived from IP); usage data (pages viewed, time on page, referral source); and cookie or similar identifiers as described in our Cookie Policy.

3. Purposes and legal bases (GDPR)

We process personal data for the following purposes and on these legal bases:

Under Australian law we collect personal information only where reasonably necessary for our functions and handle it in line with the APPs, including ensuring notice, quality, security, and access rights.

3a. Australian Privacy Principles (summary)

We are an APP entity under the Privacy Act 1988 (Cth). We comply with the thirteen Australian Privacy Principles regarding open and transparent management; anonymity and pseudonymity where lawful; collection, unsolicited information, notification, use and disclosure; direct marketing (including opt-out where required); cross-border disclosure; adoption, use, and disclosure of government identifiers; quality and security; access; and correction. For the full text, refer to the Office of the Australian Information Commissioner (OAIC) materials applicable at the time you read this policy.

4. Disclosure and recipients

We may share data with hosting and infrastructure providers, email delivery services, analytics partners (only when you enable analytics cookies), and professional advisers bound by confidentiality. Some processors may be located outside your country; see International transfers below.

5. International transfers

Where personal data is transferred from the EEA, UK, or Switzerland to Australia or other countries, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or UK authorities, or we rely on adequacy decisions or derogations where applicable. You may request a copy of relevant safeguards by contacting us.

6. Retention

Contact form submissions and related correspondence are retained for up to twenty-four (24) months after the last message in a thread unless a longer period is required for legal claims, regulatory compliance, or documented legitimate interests. Server and security logs are typically retained for up to ninety (90) days. Cookie lifetimes are stated in the Cookie Policy. When retention ends, we delete or anonymise data where feasible.

7. Security measures

We apply administrative, technical, and organisational measures including HTTPS transport encryption for the site, access controls for systems that store messages, pseudonymisation where appropriate, regular review of subprocessors, and staff confidentiality expectations. No online transmission is completely secure; we encourage you to use strong passwords on your own devices.

8. Your rights

Depending on your location, you may have the right to: access your personal data; rectify inaccurate data; erase data in certain circumstances; restrict processing; receive a portable copy of data you provided; object to processing based on legitimate interests or for direct marketing; withdraw consent where processing was consent-based; and lodge a complaint with a supervisory authority in your country.

In Australia you may request access to or correction of personal information we hold. To exercise any right, email ask@shefrealmychik.world with a clear description of your request. We may need to verify your identity before responding. We will answer within one month for GDPR requests (extendable where complex) and within 30 days for Australian Privacy Act requests where practicable (or as otherwise required under the APPs).

8a. Notifiable Data Breaches scheme (Australia)

If we become aware of unauthorised access, disclosure, or loss of personal information that is likely to result in serious harm to individuals, we will assess the incident under the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act 1988. Where a breach is eligible and notifiable, we will notify affected individuals and the OAIC as required by law, and describe steps we are taking.

8b. Electronic messages (Spam Act 2003)

We send commercial electronic messages only with consent, accurate sender identification, and a functional unsubscribe facility where the Act applies. Enquiry replies and purely transactional messages are handled separately from marketing lists.

9. Children

This website is not directed at children under 16. We do not knowingly collect their personal data. If you believe we have done so, contact us and we will delete the information where appropriate.

10. Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

11. Changes

We may update this policy to reflect legal or operational changes. The “Last updated” date will change accordingly. Material changes may be highlighted on the site or by email where we have your address.

12. Contact

For privacy questions: ask@shefrealmychik.world. You may also use our contact form.