The Privacy Act 1988 plus the 2022 amendments set the floor. We've raised it. No tracking pixels, no resold contact lists, no profiling, no offshore call centre that "may use your data". One acknowledgement, one reply, one person on the file. Read what we collect, why, and how to ask for it back.
This statement aligns with the thirteen Australian Privacy Principles. The framing is plain English, the obligations are statutory.
Whatever you give us in a form, on a phone call, or at the showroom counter, plus the IP address of the device that sent it for fraud and spam reasons. Nothing more.
Reply to your enquiry. Match you with the right person on the floor. Forward finance applications to the broker panel with your written consent. Keep the records the Motor Dealer regulations require.
Sell your details. Pass them to ad networks. Hand them to a CRM vendor for retargeting. Build behavioural profiles. Run third-party analytics on the public site. Place a cookie banner that nags you into accepting tracking we don't have anyway.
Almost no-one. Workshop staff for service. Finance manager and consenting lender panel for finance applications. Marketplace platforms for listings of cars you're selling on consignment. The list ends there.
Income, deposit, employment, identity documents, anything you put on a finance application is sensitive information under APP 3.3. Stored on restricted columns, forwarded only with your written consent, never used for cross-reference or enrichment.
A salesperson preparing for your visit may cross-reference public sources, the Australian Business Register for company context, public LinkedIn for occupation, RedBook for vehicle history. Some of that runs through an AI assistant (Claude, by Anthropic) using a web-search tool. Public information only, citations recorded, no training on your input.
Every public form has a "Don't research my enquiry against public sources" tick box. Tick it and the cross-reference step is skipped end-to-end. Your reply still goes out. The flag stays on your customer record forever unless you ask us to lift it.
Email and SMS from us are limited to acknowledging your enquiry and following up on that same enquiry. No newsletters, no campaign blasts, no "you might also like". Opt-out instructions in every message footer.
Enquiries that don't lead to a sale: 24 months, then anonymised. Sale records: seven years (Motor Dealer regulation minimum). Service records: life of the workshop file on that vehicle, because service history is the asset. After that, destroyed.
Sealed HTTP-only session cookies, scrypt password hashing, CSRF, HSTS, content security policy. Postgres on private network. Audit trail per write. Notifiable Data Breach process if anything goes wrong, with OAIC notification inside 30 days where required.
Send an email. We acknowledge, review, action, and close. Ten business days end-to-end. No ticket numbers, no round-robin.
An email to privacy@nicktheodossi.com.au gets a human acknowledgement before close of business. You'll know it landed.
The request is matched to your customer record. Every write to that record is in the audit log, so we know exactly what we hold.
Access requests get a CSV of everything we hold. Correction requests get the field updated and re-confirmed. Deletion requests get destruction, subject to statutory retention on sale records.
A confirmation email summarises what was done, when it was done, and what stays on file under statutory retention. An audit row records the closure.
The Australian Privacy Principles guarantee four rights against any organisation that holds personal information about you. Here's how to exercise each one with us.
Email privacy@nicktheodossi.com.au from the email address you used on the form. We respond within ten business days with a CSV of everything we hold under that record. Free of charge.
Same channel. Tell us which field is wrong and what it should be. We update the record, send a confirmation, and the audit log records the change. Within ten business days.
Same channel. We destroy what we can; statutory retention on sale records (seven years from delivery) is the only thing we cannot delete on request. Confirmation by email when it's done.
If our reply doesn't satisfy you, contact the Office of the Australian Information Commissioner. Online at oaic.gov.au or by phone on 1300 363 992. We cooperate fully with their process.
If we change how we handle data in a way that affects what we collect, who we share with, or how long we keep it, we update this page and date the change. Substantial changes are emailed to anyone who has given us their address. The date in the privacy contact card on this page is always current.