Privacy Policy

About This Policy

This Privacy Policy applies to all personal information collected, used, and disclosed by Forged Creative ("we", "us", "our") in connection with our website located at forgedcreative.com.au, our marketing services, and all related activities.

This policy is drafted to comply with:

• The Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs)
• The Spam Act 2003 (Cth)
• The Do Not Call Register Act 2006 (Cth)
• Meta Platforms' Business Tools Terms and Data Policy requirements
• Applicable state-level privacy guidelines (NSW)

Where Forged Creative acts as a service provider managing advertising on behalf of clients, we also operate under obligations as a data processor and require clients to have their own compliant privacy policies in place.

Who We Are

Forged Creative is a sole trader operating as a digital marketing and advertising agency specialising in the fitness industry.

Information We Collect

We may collect the following categories of personal information:

Contact & Identity Information

• Full name
• Email address
• Phone number
• Business name and ABN (for business enquiries)
• Postal or business address

Enquiry & Engagement Information

• Details you provide in contact forms, consultation requests, or audit bookings
• Communications records (emails, calls, messages)
• Service preferences, business goals, and background information

Technical & Usage Data

• IP address and approximate geolocation
• Browser type and operating system
• Pages visited, time on site, referral source
• Device identifiers
• Cookie and pixel data (see Section 10)

Advertising & Analytics Data

• Aggregated or pseudonymised audience data from Meta advertising platforms
• Ad interaction events (clicks, impressions, conversions)
• Custom audience data processed for client campaigns (subject to separate client agreements)

Sensitive Information

We do not intentionally collect sensitive information (as defined under the Privacy Act) unless you expressly provide it and consent to its use. If sensitive information is inadvertently received, we will handle it in accordance with APP 3 and seek to delete it where it is not necessary.

How We Collect Information

We collect personal information in the following ways:

• Directly from you — when you complete a contact form, book a consultation, download a lead magnet, respond to an ad, or correspond with us
• Automatically — when you visit our website, via cookies, tracking pixels (including the Meta Pixel), and analytics tools
• From third-party platforms — including Meta Platforms (Facebook/Instagram), Google, and our CRM platform (GoHighLevel) when you interact with our advertising campaigns
• From publicly available sources — such as LinkedIn or business directories, where we have a legitimate interest in doing so

Why We Use Your Information

We collect and use personal information for the following purposes (consistent with APP 6):

Primary Purposes

• Responding to enquiries and providing requested services
• Delivering consultation bookings, audits, and client onboarding
• Sending requested lead magnets, resources, or downloads
• Managing our client relationships and delivering contracted services
• Processing invoices and payments

Secondary Purposes (with consent or legitimate interest)

• Sending marketing communications about our services (where you have consented or have an existing business relationship with us)
• Improving and optimising our website and service offerings
• Running and measuring the performance of advertising campaigns (including retargeting)
• Complying with our legal and regulatory obligations
• Defending against or investigating legal claims

We will only use your personal information for purposes you would reasonably expect, or where we have obtained your consent or are otherwise permitted by law.

Meta Platforms & Advertising Tools

We use Meta Business Tools — including the Meta Pixel (now Meta Pixel / Conversions API) — on our website and in our service delivery. This section explains how we use these tools in compliance with Meta's Business Tools Terms and the Privacy Act 1988.

What the Meta Pixel Does

The Meta Pixel is a piece of code installed on our website that:

• Tracks visitor actions (page views, form submissions, button clicks)
• Matches website visitor data against Meta user profiles to measure ad performance
• Enables retargeting — showing ads to people who have previously visited our website
• Powers lookalike audience creation — finding new users similar to existing visitors or customers

Data Shared with Meta

Through the Pixel and Conversions API, the following event data may be transmitted to Meta:

• Page views and URL paths
• Standard Events (e.g., Lead, Contact, ViewContent)
• Hashed customer data (e.g., hashed email, phone number) where provided — Meta hashes this before matching; we do not send raw identifiable data
• IP address and browser/device identifiers (handled by Meta's systems)

Client Campaign Data

When we manage Meta advertising campaigns for clients, we act as a data processor on behalf of the client. Any customer data used in those campaigns is governed by our client agreements and the client's own privacy policy. We do not use client customer data for our own marketing purposes.

Your Controls

You can opt out of Meta's use of your data for advertising through:

• Your Facebook Ad Preferences
• The Your Online Choices opt-out tool
• Adjusting your browser cookie settings (see Section 10)

For more information, see Meta's Privacy Policy.

Disclosure to Third Parties

We may disclose personal information to the following categories of third parties, where necessary to provide our services or comply with our obligations:

Service Providers & Platforms

• GoHighLevel — CRM, marketing automation, and SMS platform (US-based; see Section 8)
• Meta Platforms Inc. — advertising, pixel tracking (US-based)
• Google LLC — analytics and advertising tools (US-based)
• Hostinger — web hosting provider
• Xero — accounting and invoicing
• PandaDoc — proposals and contract execution
• Email service providers — for sending communications

Professional Advisers

• Accountants, lawyers, and other professional advisers, where necessary

Legal & Regulatory

• Government agencies, courts, or law enforcement where required or permitted by law

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

Overseas Disclosure (APP 8)

Some of our service providers are based outside Australia, including in the United States. By using our website and services, you acknowledge that your personal information may be transferred to, stored in, or processed in countries outside Australia, including the United States.

Before disclosing personal information to overseas recipients, we take reasonable steps to ensure that those recipients handle your information in a manner consistent with the Australian Privacy Principles, either through contractual obligations or by relying on the recipient's participation in an approved certification framework.

Key overseas recipients include Meta Platforms (US), GoHighLevel (US), Google (US), and Xero (New Zealand/US).

Direct Marketing (APP 7)

We may use your personal information to send you marketing communications about our services if:

• You have consented to receive such communications; or
• You are an existing client and the communication relates to similar services, and you have not opted out

All marketing emails include a clear and functional unsubscribe link in compliance with the Spam Act 2003 (Cth). You may opt out at any time by:

• Clicking "unsubscribe" in any marketing email we send
• Contacting us directly at privacy@forgedcreative.com.au

We will action opt-out requests within 5 business days. Opting out of marketing does not affect transactional communications (e.g., invoices, service updates, responses to your enquiries).

We do not send unsolicited commercial SMS messages except where you have provided prior express or inferred consent, in compliance with the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).

Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to improve functionality, analyse usage, and deliver relevant advertising.

Types of Cookies We Use

• Essential cookies — necessary for the website to function correctly
• Analytics cookies — used by Google Analytics to measure website traffic and usage patterns (data is aggregated and anonymised)
• Advertising cookies — used by the Meta Pixel to track ad performance and enable retargeting (see Section 6)

Managing Cookies

You can control and delete cookies through your browser settings. Disabling cookies may affect the functionality of our website. For detailed instructions, visit aboutcookies.org.

To opt out of Google Analytics tracking, you can use the Google Analytics Opt-out Browser Add-on.

Security of Your Information (APP 11)

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:

• SSL/TLS encryption for all data transmitted via our website
• Password-protected access controls for internal systems
• Limited access to personal data on a need-to-know basis
• Use of reputable, security-certified third-party platforms
• Regular review of our information handling practices

While we take all reasonable precautions, no data transmission over the internet or electronic storage system is completely secure. We cannot guarantee absolute security of any information you transmit to us.

In the event of a data breach that is likely to result in serious harm, we will comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act, including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) where required.

Retention & Destruction (APP 11.2)

We retain personal information only for as long as it is needed for the purpose for which it was collected, or as required by law. Our general retention approach:

• Client records — retained for 7 years after the end of the business relationship, in compliance with Corporations Act 2001 (Cth) and tax obligations
• Enquiry / lead data — retained for up to 2 years if no engagement results, then deleted or anonymised
• Marketing opt-outs — suppression records retained indefinitely to honour opt-out requests
• Website analytics data — retained in aggregated/anonymised form; individual sessions as per platform defaults

When personal information is no longer required, we take reasonable steps to destroy or de-identify it securely.

Your Rights — Access & Correction (APP 12 & 13)

Under the Australian Privacy Principles, you have the right to:

Access (APP 12)

Request access to the personal information we hold about you. We will provide access within a reasonable timeframe (generally within 30 days). We may charge a reasonable fee for providing access, which will be disclosed to you before we proceed.

Correction (APP 13)

Request that we correct any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading. We will correct the information within 30 days, or provide written reasons if we decline.

Opt-Out of Direct Marketing

Request that we cease using your personal information for direct marketing purposes. See Section 9 for how to do this.

Anonymity

Where lawful and practicable, you may choose not to provide your name or identifying information when engaging with us. Note that certain services cannot be provided anonymously.

Privacy Complaints (APP 1.2)

If you believe we have breached the Australian Privacy Principles or otherwise mishandled your personal information, we encourage you to contact us first so we can attempt to resolve the issue.

Step 1 — Contact Us Directly

Submit your complaint in writing to:

Step 2 — Office of the Australian Information Commissioner (OAIC)

If you are not satisfied with our response, or if we fail to respond within 30 days, you may lodge a complaint with the OAIC:

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last Updated" date at the top of this page.

We encourage you to review this policy periodically. Your continued use of our website or services after any changes constitutes your acceptance of the updated policy.

Contact Us

For any privacy-related questions, requests, or concerns, please contact us: