Privacy Policy | Common Good Castlemaine

Overview

This Privacy Policy explains:

what personal information we collect and hold
how we collect it
why we collect, use, and share it
where we store it and how we protect it
how you can access or correct your information
how to make a privacy complaint

Who this policy applies to

This policy applies to people who interact with us in connection with:

coworking bookings, passes, and memberships
sauna, plunge, bathing services and related recreational services
classes, workshops, events, and venue hire
our websites and online services
enquiries, mailing lists, and communications
visits to our premises (including safety measures such as CCTV)

The types of personal information we collect

The kinds of personal information we may collect include:

Identity and contact details

name
email address
phone number
emergency contact details (where relevant)

Booking and service information

bookings and attendance (including check-ins)
pass/membership type, credits, cancellations and refunds
class participation, event registrations, and venue hire details
communications and preferences related to your bookings (for example, accessibility needs)

Payments and transactions

payment status and transaction references
receipts and invoicing details

Note: We generally do not store full card details. Card payments are handled by our payment providers.

Safety, risk and incident information

For sauna/plunge/recreational services and classes, we may collect information you provide for safety purposes, such as:

acknowledgements you make in waivers/terms
incident reports, first aid records, or safety-related notes
information you choose to provide about health considerations relevant to safe participation

Online and technical information

IP address, device and browser information
pages viewed and interactions on our site
cookies and analytics identifiers (where enabled)

CCTV footage

video footage of people in and around our premises captured by CCTV for safety and security

Sensitive information

Some information collected for safety (for example, health-related information you choose to provide) may be "sensitive information". We only collect sensitive information when it is reasonably necessary for our functions/activities, and we handle it with extra care.

How we collect personal information

We collect personal information in a few ways, including:

directly from you (in person, by email/message, or when you complete forms)
through our booking platform (for example, when you create an account or make a booking)
through payments and accounting systems (for example, transaction and invoice records)
through online forms and applications (for example, expression-of-interest forms, membership applications)
through our websites (cookies, analytics, and server logs)
on site (for example, CCTV footage and incident reports)

Why we collect, use, and hold personal information

We collect, use, and hold personal information to:

provide and administer our services (coworking, sauna/plunge access, classes, events, venue hire)
manage bookings, capacity, access, attendance, waitlists, credits, and cancellations
process payments, issue receipts/tax invoices, and manage accounts
communicate with you about your bookings, changes, operational updates, and important service notices
provide customer support and respond to enquiries and feedback
manage safety and security in shared spaces (including incident response and CCTV)
improve our services and understand usage (reporting and analytics)
comply with legal, regulatory, tax and insurance obligations
send marketing and community updates where permitted (you can opt out at any time)

Marketing, mailing lists, and unsubscribe

If you join a mailing list or we are otherwise permitted to send you marketing communications:

you can unsubscribe at any time using the unsubscribe link (where provided) or by emailing contact@commongood.social
even if you opt out of marketing, we may still send important service communications (for example, booking confirmations, changes, safety notices, and operational updates)

Who we disclose personal information to

We may share personal information with trusted third parties where necessary to run our services, including:

booking and membership providers (for example, Momence)
payment providers (for example, Stripe or other processors we use from time to time)
accounting and invoicing providers (for example, Xero)
communication providers (email, SMS and newsletter tools)
online form providers (for example, Tally, Google Forms, or similar tools we use)
IT and security providers (hosting, analytics, backups, support, and system administration)
professional advisers (accountants, insurers, legal advisers)
government agencies or law enforcement where required or authorised by law
emergency services or medical responders where there is a serious and imminent threat to health or safety

We do not sell personal information.

Overseas disclosure

Some of our service providers may store or process personal information outside Australia (for example, where their servers, support teams, or infrastructure are located).

Where we disclose personal information overseas, we take reasonable steps to use reputable providers and apply appropriate protections where available.

CCTV

We use CCTV in and around our premises for safety and security in shared spaces and to help respond to incidents.

We aim to use clear signage to let people know CCTV is in operation.
Access to CCTV footage is restricted to authorised personnel and service providers who need access for security/maintenance purposes.
Footage is generally retained for a limited period and then overwritten, unless we need to keep it longer to investigate an incident, respond to a complaint, or meet legal/insurance obligations.
We may disclose CCTV footage to police, emergency services, insurers, or other authorised parties where required or permitted by law.

Cookies and analytics

Our websites may use cookies and similar technologies to:

keep the site working properly
understand how people use our site (analytics)
improve performance and content

You can usually control cookies through your browser settings. Disabling cookies may affect some site functionality.

Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. This includes a mix of physical, technical, and organisational measures appropriate to our operations.

No method of transmission or storage is completely secure. You should also take care to protect your own devices and accounts.

Retention

We keep personal information only as long as needed for the purposes described in this policy, unless we are required or permitted by law to keep it longer (for example, tax, accounting, or insurance records). When no longer needed, we take reasonable steps to delete or de-identify it.

Access and correction

You may request access to the personal information we hold about you and request corrections if you believe it is inaccurate, out of date, incomplete, irrelevant, or misleading.

To request access or correction, contact us at contact@commongood.social. We may need to verify your identity before responding.

Anonymity and pseudonymity

Where practical, you may interact with us anonymously or using a pseudonym (for example, browsing our website). However, for bookings, passes, waivers, and payments, we generally need identifying and contact details.

Complaints

If you have a concern or complaint about how we handle personal information, please contact us at contact@commongood.social and include details of your concern.

We will acknowledge your complaint and aim to resolve it within a reasonable timeframe.

If you are not satisfied with our response, you may be able to contact the Office of the Australian Information Commissioner (OAIC).

Changes to this policy

We may update this policy from time to time. The latest version will be published on our website. The "Last updated" date at the top indicates when changes were made.