Menu
Home Board Professional Development Personal Mastery for Board Directors Strategic Governance Review Induction Insights for Directors Library of Governance Knowledge Strategic Thinking Skills Contact

Data Protection Policy

 

Data Protection Policy

Last updated: May 2026

1. Purpose

Life Mastery (Aust) Pty Ltd trading as Conscious Governance (“the Company”) is committed to protecting personal information and ensuring that all data is handled in a secure, lawful and transparent manner.

This policy establishes the principles and procedures for the collection, use, storage, access and protection of personal information in accordance with the Privacy Act 1988, the Australian Privacy Principles (APPs), and, where applicable, the General Data Protection Regulation.

2. Scope

This policy applies to:

  • All employees, contractors and directors
  • All personal information handled by the Company
  • All systems, platforms and devices used to store or process data

3. Types of Personal Information

The Company may collect and process:

  • Identity and contact information (e.g. name, email, phone, address)
  • Account and transaction data
  • Billing and invoicing information (including tax identifiers where required)
  • Course participation and engagement data
  • Event and webinar participation data
  • Testimonials and communications
  • Technical and usage data

Sensitive information will only be collected where necessary and with appropriate consent.

4. Purpose of Data Processing

Personal information is collected and used to:

  • Deliver products, services, courses and events
  • Manage customer and client relationships
  • Process payments and maintain financial records
  • Verify eligibility for courses or services
  • Provide recordings and related content
  • Communicate with customers and clients
  • Comply with legal and regulatory obligations

5. Data Storage and Location

Personal information is stored using secure cloud-based systems and platforms.

Data may be stored in Australia and other jurisdictions, including the United States, depending on the service providers used.

The Company takes reasonable steps to ensure that overseas recipients comply with appropriate data protection standards.

6. Data Retention

Personal information is retained only for as long as necessary to:

  • Maintain business relationships
  • Fulfil contractual obligations
  • Comply with legal and tax requirements

Data will be securely deleted or de-identified when no longer required.

7. Access Control

Access to personal information is restricted to authorised personnel only.

The Company applies the following principles:

  • Least privilege: access is limited to what is necessary for role duties
  • Role-based access: permissions are assigned based on job responsibilities
  • Confidentiality: staff must not access or disclose data without authorisation

Access may be granted to external service providers only where necessary and subject to appropriate safeguards.

8. Data Sharing

Personal information may be shared:

  • Internally with authorised staff
  • With service providers (e.g. IT, payment processing, accounting)
  • Where required by law or regulatory authorities

The Company does not sell personal information.

9. Data Security

The Company implements reasonable security measures including:

  • Secure systems and password-protected access
  • Encryption where appropriate
  • Controlled access to systems and data
  • Staff training on data protection practices

All personnel are required to handle personal information securely and in accordance with this policy.

10. Data Breach Management

A data breach occurs when personal information is lost, accessed, disclosed or altered without authorisation.

In the event of a suspected or actual data breach:

  1. The incident must be reported immediately to management
  2. The breach will be assessed to determine risk
  3. Appropriate containment and remediation actions will be taken
  4. Where required, notifications will be made in accordance with the Notifiable Data Breaches scheme

11. Individual Rights

Individuals may:

  • Request access to their personal information
  • Request correction of inaccurate data
  • Request deletion where appropriate

Requests should be directed to:
info@consciousgovernance.com

12. Staff Responsibilities

All staff, contractors and directors must:

  • Comply with this policy
  • Handle personal information responsibly
  • Report any suspected breaches immediately
  • Complete any required data protection training

Failure to comply may result in disciplinary action.

13. Governance and Oversight

The Managing Director is responsible for implementing this policy.

The Board has oversight of data protection practices and risk management.

14. Policy Review

This policy will be reviewed periodically and updated as required.