Last updated: 1 July 2026
This Privacy Policy explains how MINDVISION PTY LTD (ACN 125 377 817), operating the website www.ondemandhypnosis.com (the “Website”) and trading as “On Demand Hypnosis” (“MINDVISION,” “we,” “our,” or “us”), collects, uses, discloses and protects personal information of visitors and users (“you” or “User”) of the Website and our related products and services.
This Privacy Policy is intended to comply with:
• The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), including amendments made by the Privacy and Other Legislation Amendment Act 2024;
• The EU General Data Protection Regulation (GDPR) and the UK GDPR / Data Protection Act 2018, for Users located in the European Economic Area (EEA) or United Kingdom;
• The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), for California residents; and
• Other applicable data protection laws in the jurisdictions where our Users are located.
Section 8 sets out rights that apply specifically to Users in Australia, the EEA/UK, and California, in addition to the general provisions that apply to all Users.
If you do not agree to this Privacy Policy, please do not use the Website. Your continued use of the Website will be deemed acceptance of this Privacy Policy.
1. INFORMATION WE COLLECT
1.1 Personal Information
“Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable.
Where this Policy refers to “personal data,” that term carries the equivalent meaning under the GDPR.
Registration Information — When you create an account, we collect:
• Email address (required)
• Password (encrypted and stored securely)
• Date of account creation
• Account preferences and settings
Payment Information — When you make a payment, we collect:
• Billing name
• Transaction details (amount, date, product/service ordered)
Payment card information is collected directly by our third-party payment processors (Stripe/PayPal) and is not stored on our servers.
Communications — We may collect personal information when you:
• Contact us via email or the Contact Form
• Participate in surveys, contests, or promotional activities
• Subscribe to our newsletter or marketing communications
• Provide feedback, testimonials, or reviews
Usage Information — We automatically collect information about how you use the Website, including:
• Pages visited and time spent on pages
• Clickstream data and navigation patterns
• Products/services accessed and usage patterns
• Search queries and preferences
1.2 Sensitive Information
Because our hypnosis programs may relate to matters such as weight management, smoking cessation, sleep, anxiety, or confidence, information you choose to share with us (for example in feedback, testimonials, or support requests) may constitute “sensitive information” under the APPs or a “special category of personal data” under the GDPR (such as information about your health).
• We only collect sensitive information that you voluntarily provide to us.
• We will seek your explicit consent before using sensitive information for any purpose beyond responding to your specific request or providing the service you asked for.
• We do not use sensitive or health-related information for advertising, ad targeting, or automated decision-making.
• You are not required to provide any sensitive information to use the Website, and you can decline without affecting access to non-related services.
1.3 Technical Information
We collect technical information that may not identify you personally, including:
• IP address and geolocation data
• Browser type, version, and settings
• Device type, operating system, and screen resolution
• Referring website and exit pages
• Date and time of visits
• Internet service provider information
1.4 Cookies and Similar Technologies
We use cookies, web beacons, and similar technologies to remember your login credentials and preferences, analyse website usage, provide personalised content, measure marketing effectiveness, and prevent fraud.
• EEA/UK Users: Where required by law, we will request your consent through a cookie banner before placing non-essential cookies (e.g., analytics, marketing, personalisation). You may withdraw consent at any time through the cookie settings tool or your browser.
• All Users: You can manage cookie preferences through your browser settings; disabling certain cookies may limit some features of the Website.
• California Users: We recognise and honour Global Privacy Control (GPC) browser signals as a valid request to opt out of the sale/sharing of personal information, where applicable.
For detailed information, please see our separate Cookie Policy.
2. HOW AND WHY WE USE YOUR INFORMATION
2.1 Purposes
Primary purposes
• Service Provision: To provide access to our products/services, process payments, and manage your account
• Customer Support: To respond to inquiries, resolve technical issues, and provide assistance
• Order Management: To process and fulfil orders, send confirmations, and provide order updates
• Account Security: To verify your identity, prevent fraud, and protect account security
Secondary purposes
• Service Improvement: To analyse usage patterns and improve the Website and our products/services
• Personalisation: To customise your experience and recommend relevant content
• Marketing Communications: To send newsletters, promotional offers, and product updates, only where you have opted in
• Legal Compliance: To comply with legal obligations and respond to lawful requests
We will only send you marketing communications if you have opted in to receive them. You can unsubscribe at any time using the unsubscribe link in our emails or by contacting us directly.
2.2 Our Legal Basis for Processing (EEA/UK Users)
Where the GDPR applies, we rely on the following legal bases to process your personal data:
Purpose
Legal basis
Providing services and processing payments
Performance of a contract
Customer support
Performance of a contract / legitimate interests
Marketing communications
Consent
Service improvement and analytics
Legitimate interests, or consent where required (e.g., non-essential cookies)
Fraud prevention and security
Legitimate interests / legal obligation
Compliance with law
Legal obligation
Sensitive/health-related information
Explicit consent
Where we rely on legitimate interests, we have considered that these interests are not overridden by your data protection interests or fundamental rights and freedoms. You may object to processing based on legitimate interests at any time — see Section 8.3.
3. INFORMATION SHARING AND DISCLOSURE
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.
We may share your personal information in the following limited circumstances:
3.1 Service Providers
We may share personal information with trusted third-party service providers who assist us in operating our business, including:
• Payment processors (Stripe, PayPal) for transaction processing
• Cloud storage providers (AWS) for data hosting
• Email service providers (Mailchimp) for communications
• Analytics providers (Google Search Console, Google Analytics) for website analysis
• Customer support platforms (Tally, FacePop) for service delivery
These service providers are contractually obligated to protect your information and may only use it to provide services to us. Where required by the GDPR, we enter into data processing agreements with these providers.
3.2 Legal Requirements
We may disclose personal information if required by law, or if we have a good faith belief that disclosure is necessary to:
• Comply with legal obligations, court orders, or government requests
• Protect our rights, property, or safety, or that of our Users
• Prevent or investigate fraud, security breaches, or illegal activities
• Respond to emergency situations
3.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy.
3.4 Aggregated Data
We may share aggregated, de-identified statistical information that does not identify individual Users with business partners for analytical purposes.
4. INTERNATIONAL DATA TRANSFERS
Your personal information may be transferred to and processed in countries other than the one in which you reside, including Australia, the United States, and other jurisdictions where our service providers operate.
• Australian Users: Under the Privacy and Other Legislation Amendment Act 2024, the Government may prescribe certain jurisdictions and certifications as having substantially similar privacy protections to Australia. Where such regulations are made, we will prioritise transfers to these 'whitelisted' jurisdictions where possible.
• EEA/UK Users: Where we transfer your personal data outside the EEA or UK to a country that has not been recognised by the European Commission or the UK Government as providing an adequate level of protection, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses (SCCs) or the UK's International Data Transfer Addendum, together with supplementary technical and organisational measures.
• All Users: We take steps designed to ensure that personal information transferred internationally continues to receive an appropriate level of protection, wherever it is processed.
You may contact our Privacy Officer (Section 13) for further information about the safeguards applicable to a specific transfer, or to request a copy of the relevant transfer mechanism.
5. DATA SECURITY
We implement security measures designed to protect your personal information, including:
• Encryption of data in transit and at rest using industry-standard protocols
• Secure Socket Layer (SSL)/TLS encryption for data transmissions
• Access controls limiting employee access to personal information on a need-to-know basis
Despite these measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information using reasonable and appropriate security practices, and to notifying you in accordance with Section 7 if a breach affecting your information occurs.
6. DATA RETENTION
We retain personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:
• Account information: Retained for the duration of your account plus 7 years after closure, for legal and business purposes
• Transaction records: Retained for 7 years to comply with tax and accounting obligations
• Marketing communications: Retained until you unsubscribe or request deletion
• Customer support records: Retained for 3 years for service improvement purposes
Where you exercise an erasure/deletion right described in Section 8, we will delete or anonymise your personal information sooner, except to the extent we are required or permitted by law to retain it (for example, tax and accounting records). When personal information is no longer needed, we will securely delete or anonymise it.
7. DATA BREACH NOTIFICATION
• Australia: Under the Notifiable Data Breaches (NDB) scheme in Part IIIC of the Privacy Act 1988 (Cth), we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) of any eligible data breach likely to result in serious harm.
• EEA/UK: Where required by the GDPR, we will notify the competent supervisory authority within 72 hours of becoming aware of a breach affecting EEA/UK personal data, where feasible, and will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
• Other jurisdictions: We will comply with applicable breach notification laws in the jurisdictions where affected Users are located.
8. YOUR PRIVACY RIGHTS
8.1 All Users — General Rights
• Right to Access: You can request access to the personal information we hold about you
• Right to Correction: You can request correction of inaccurate, incomplete, or out-of-date information
• Account Management: You can update your account information and preferences at any time
• Marketing Opt-out: You can unsubscribe from marketing communications at any time
• Account Closure: You can request closure of your account and deletion of associated data, subject to Section 6
8.2 Australian Users — Privacy Act 1988 and APPs
• You have the right to access and seek correction of your personal information under APPs 12 and 13.
• You may make a complaint about our handling of your personal information directly to us (Section 13), or to the OAIC if you are not satisfied with our response.
8.3 EEA/UK Users — GDPR Rights
If the GDPR applies to you, you have the right to:
• Access the personal data we hold about you
• Rectify inaccurate or incomplete personal data
• Erasure of your personal data (the “right to be forgotten”), in certain circumstances
• Restrict our processing of your personal data, in certain circumstances
• Data portability, i.e., receive a copy of your personal data in a structured, commonly used, machine-readable format
• Object to processing based on legitimate interests, including profiling, and to processing for direct marketing purposes at any time
• Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal
• Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects (see Section 9)
• Lodge a complaint with your local supervisory authority (e.g., the UK Information Commissioner's Office, or your national Data Protection Authority in the EEA)
8.4 California Residents — CCPA/CPRA Rights
If you are a California resident, you have the right to:
• Know/Access the categories and specific pieces of personal information we have collected about you
• Delete personal information we have collected from you, subject to certain exceptions
• Correct inaccurate personal information
• Opt out of the sale or sharing of personal information — we do not sell personal information, and do not knowingly share it for cross-context behavioural advertising without consent
• Limit the use of sensitive personal information to purposes permitted by the CPRA
• Non-discrimination for exercising any of these rights
• Designate an authorised agent to make a request on your behalf
We honour opt-out preference signals, including the Global Privacy Control (GPC), as a valid consumer request under the CCPA/CPRA.
8.5 How to Exercise Your Rights
You can exercise any of the above rights by contacting us using the details in Section 13. We may need to verify your identity before responding. We aim to respond:
• Within 30 days, for Australian Users and general requests
• Within 1 month, for EEA/UK Users (extendable by two further months for complex requests, with notice to you)
• Within 45 days, for California residents (extendable by a further 45 days, with notice to you)
9. AUTOMATED DECISION MAKING
In accordance with the Privacy and Other Legislation Amendment Act 2024, we are required to inform you about our use of automated decision making (ADM), i.e., where computer programs make or assist in making decisions that could reasonably be expected to significantly affect your rights or interests. This includes decisions made by algorithms, artificial intelligence, or other automated systems.
We do not currently use automated decision making on the Website. If this changes, we will update this Policy and, for EEA/UK Users, will not subject you to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects concerning you, except where permitted by law and subject to appropriate safeguards, including the right to obtain human intervention, in accordance with Article 22 of the GDPR.
10. CHILDREN'S PRIVACY
Our Website and services are intended only for individuals aged 18 years and over. We do not knowingly collect personal information from anyone under 18.
This age threshold is more protective than the minimum ages set by comparable laws (for example, 16 under the GDPR in some EEA member states, and 13 under the US Children's Online Privacy Protection Act), so it applies to all Users regardless of location.
If you are a parent or guardian and believe your child has provided personal information to us, please contact us immediately so we can investigate and delete such information.
11. THIRD-PARTY WEBSITES
The Website may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to third-party websites or services. We encourage you to review the privacy policies of any third-party websites or services before providing personal information to them. We are not responsible for the privacy practices or content of third-party websites or services.
12. MODIFICATION OF THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
• Update the “Last updated” date at the top of this Policy
• Post a prominent notice on the Website at least 30 days before the changes take effect
• Obtain additional consent where required by law (for example, from EEA/UK Users where consent is our legal basis for processing)
We encourage you to periodically review this Privacy Policy. Your continued use of the Website following the posting of changes will be deemed acceptance of those changes.
13. CONTACT INFORMATION AND COMPLAINTS
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or would like to make a complaint, please contact our Privacy Officer:
MINDVISION PTY LTD — Privacy Officer
PO Box 3086, North Turramurra, Sydney NSW 2074, AUSTRALIA
Or via the Contact Form on www.ondemandhypnosis.com
We will investigate all complaints promptly and aim to respond within the timeframes set out in Section 8.5.
Supervisory Authorities
If you are not satisfied with our response, you may also contact the relevant supervisory authority for your location:
• Australia: Office of the Australian Information Commissioner (OAIC) — GPO Box 5218, Sydney NSW 2001; www.oaic.gov.au; 1300 363 992
• United Kingdom: Information Commissioner's Office (ICO) — www.ico.org.uk
• European Economic Area: Your national Data Protection Authority
• California, USA: Office of the California Attorney General — www.oag.ca.gov/privacy