General fitness information for education only — not medical advice. We are not a registered Australian health service. Consult a qualified professional before exercising. Individual experiences vary.
Some editorial content on this site is created or assisted by artificial intelligence and reviewed by our team. We do not operate a live AI chat. AI & Data Disclosure
Elbowsvital.ddd logo

Privacy Policy

Last updated: 21 June 2026

This Privacy Policy describes how Elbowsvital.ddd (“we”, “us”, “our”) manages personal information as defined in the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) in Schedule 1 of that Act. We operate from Victoria, Australia, and this policy is provided free of charge in plain language as required under APP 1.

Where applicable, we also respect the rights of individuals in the European Economic Area under the General Data Protection Regulation (GDPR). This policy should be read with our Cookie Policy and Terms of Use.

Legal Framework (Australia)

We comply with relevant Australian laws including:

  • Privacy Act 1988 (Cth) and the APPs — collection, use, disclosure, storage, and access to personal information.
  • Privacy and Data Protection Act 2014 (Vic) — where Victorian public sector or state-specific requirements apply to our operations.
  • Spam Act 2003 (Cth) — commercial electronic messages (see Section 5).
  • Notifiable Data Breaches (NDB) scheme — Part IIIC of the Privacy Act (see Section 14).
  • Competition and Consumer Act 2010 (Cth) and the Australian Consumer Law (ACL) — fair and transparent dealings with consumers.

Nothing in this policy limits your non-excludable rights under the ACL or other mandatory Australian laws.

AI & Algorithm Transparency Disclosure (2026)

In line with 2026 expectations for algorithmic transparency in Australia and internationally, we disclose the following:

  • Editorial content: Workout guides, articles, and page text on this website may be drafted or edited using artificial intelligence (AI) tools, then reviewed and adjusted by our team before publication. AI assists with structure and language only — it does not replace professional exercise or health advice.
  • Illustrative images: Photographs displayed on this site (for example, home workout scenes) are used for illustrative purposes. They may originate from stock libraries or licensed sources. We do not present AI-generated product or interior mock-ups as real photographs without clear labelling. Custom graphics such as our logo and favicon are designed assets, not photographs of real products.
  • Contact enquiries: When you email us via the contact form, your message may be processed using automated tools to categorise or draft a preliminary response. A human team member reviews outbound replies. We do not use AI to make decisions that produce legal or similarly significant effects about you.
  • No live AI chat: This website does not currently offer a real-time AI chat for fitness, lifestyle, or medical consultations. Do not rely on automated systems for personalised health guidance.
  • Analytics: If you consent to analytics cookies, aggregated usage data may be processed by third-party platforms that may use automated analysis. See our Cookie Policy.

Questions about our use of AI or automated processing: serviceteam@elbowsvital.world

1. Who We Are (APP 1 — Open and Transparent Management)

We are committed to managing personal information openly and transparently. This policy explains what we collect, why, how we protect it, your rights, and how to contact us or make a complaint.

Trading name / website operator: Elbowsvital.ddd
Physical address: Fl 1/62-70 Johnston St, Fitzroy VIC 3065, Australia
Telephone: +61 3 5222 1690
Privacy officer / contact: serviceteam@elbowsvital.world

We will not charge you a fee for making a privacy request unless the Privacy Act permits a reasonable charge for providing access (we will advise you first).

2. Anonymity and Pseudonymity (APP 2)

Where lawful and practicable, you may interact with our website anonymously (for example, browsing pages without submitting a form). If you contact us, we generally need your name and email to respond. You may request use of a pseudonym; we will assess whether this is practicable for your enquiry.

3. What Personal Information We Collect (APP 3 & APP 5)

3.1 Information you provide directly

  • Name, email address, and message content when you use the contact form.
  • GDPR/privacy consent confirmation and timestamp.

3.2 Information collected automatically

  • IP address, browser type, device identifiers, operating system, referring URLs, pages viewed, session duration, and approximate location derived from IP.
  • Cookie and localStorage data as described in our Cookie Policy.

3.3 Sensitive information

Under the Privacy Act, sensitive information includes health information, biometric data, racial or ethnic origin, political opinions, and other categories listed in the Act. We do not actively solicit sensitive information through our website forms.

If you voluntarily include health-related or other sensitive details in a contact message, we will only collect it where you consent or another permitted exception under APP 3 applies. We will use it solely to respond to your enquiry unless you consent to a further purpose. We do not use sensitive information for direct marketing.

3.4 Unsolicited personal information (APP 4)

If we receive personal information we did not solicit and we could not have collected it under the APPs, we will destroy or de-identify it as soon as practicable, provided it is lawful and reasonable to do so.

3.5 Notification at or before collection (APP 5)

When we collect personal information directly from you (for example via the contact form), we notify you through this Privacy Policy and the form itself of:

  • our identity and contact details;
  • the purposes for which we collect the information;
  • the main consequences if you do not provide information needed to respond to your enquiry;
  • whether we disclose information overseas and, where practicable, the countries involved;
  • how to access our Privacy Policy; and
  • whether your information will be included in a Commonwealth or other government identifier scheme (it will not).

3.6 How we collect

We collect information directly from you, automatically through your device when you use the site, and from cookie/localStorage technologies with your consent where required.

4. Why We Collect and How We Use Information (APP 6)

Purpose Typical information Legal basis under APPs
Respond to contact enquiries Name, email, message Primary purpose; your consent where required
Operate and secure the website Technical logs, security data Primary and reasonably expected secondary purposes
Analytics and site improvement Usage statistics, device data Your consent via cookie banner (APP 6 & APP 7)
Marketing communications Email, preferences Express consent only (APP 7; Spam Act 2003)
AI-assisted enquiry handling (internal) Message content, metadata Primary purpose; human review; see AI disclosure
Legal compliance and dispute resolution Records as required Required or authorised by law (APP 6)

We only use or disclose personal information for the primary purpose of collection, for a related secondary purpose you would reasonably expect, or where an exception under APP 6 applies (including with your consent, where required or authorised by law, or to lessen a serious threat to life, health, or safety).

4.1 Who we may disclose information to

We may disclose personal information to:

  • IT hosting, website maintenance, and cloud storage providers (Australia or overseas).
  • Email and communication service providers that deliver responses to your enquiries.
  • Analytics providers, only if you consent to analytics cookies.
  • Professional advisers (lawyers, accountants) under confidentiality obligations.
  • Law enforcement, regulators, or courts when required or authorised by Australian law.

We do not sell, rent, or trade your personal information. We do not adopt, use, or disclose government related identifiers (such as Medicare numbers) for our own purposes (APP 9).

5. Direct Marketing and Commercial Electronic Messages (APP 7 & Spam Act 2003)

We do not send commercial electronic messages (emails or SMS with a commercial purpose) unless:

  • you have given express consent, or
  • a permitted exception under the Spam Act applies (for example, certain existing business relationships with clear opt-out).

Every commercial email we send will include accurate sender identification, our contact details, and a functional unsubscribe facility. We honour unsubscribe requests within five working days, as required by the Spam Act. You may also opt out by emailing us directly.

We do not use sensitive information for direct marketing. You may request that we not use your information for direct marketing even where general contact is otherwise permitted.

6. Cross-Border Disclosure (APP 8)

Our hosting, email, analytics, or AI tool providers may process personal information in Australia or overseas (including the United States, European Union, or other countries where our service providers operate).

Before we disclose personal information to an overseas recipient, we take reasonable steps under APP 8 to ensure the recipient does not breach the APPs in relation to your information — for example through contractual clauses, provider certifications, or your consent after we inform you of the countries involved and that APP 8.1 may not apply if you consent.

If an overseas recipient acts in breach of the APPs, we remain accountable under APP 8.1 unless an exception applies (including that you consented after being informed).

7. Data Quality (APP 10)

We take reasonable steps to ensure personal information we collect, use, and disclose is accurate, up to date, complete, and relevant. Please notify us if your details change or if you believe information we hold is incorrect.

8. Data Security and Destruction (APP 11)

We implement reasonable technical and organisational safeguards proportionate to the nature of the information we hold, including:

  • HTTPS/TLS encryption for data in transit.
  • Access controls limiting staff and contractor access on a need-to-know basis.
  • Secure hosting environments and confidentiality obligations for personnel and processors.
  • Regular review of retention and secure destruction or de-identification when information is no longer needed for any permitted purpose.

When personal information is no longer required, we take reasonable steps to destroy or de-identify it in accordance with APP 11, unless we are required by law to retain it (for example, for tax or dispute records).

No online system is completely secure. You are responsible for maintaining the security of your own devices and email accounts.

9. Data Retention

We retain personal information only for as long as necessary for the purposes described in this policy or as required by Australian law:

  • Contact form enquiries: up to twenty-four months, then securely deleted or de-identified unless a legal hold applies.
  • Analytics data: typically up to twenty-six months where you have consented to analytics cookies.
  • Cookie consent records: stored locally on your device until you clear browser data.
  • Checklist preferences: stored locally on your device; resets daily or when cleared.
  • Complaint and legal records: retained as long as needed to resolve disputes or meet legal obligations.

10. Access to Personal Information (APP 12)

You may request access to personal information we hold about you by emailing serviceteam@elbowsvital.world or writing to our Fitzroy address. We will acknowledge your request promptly and respond within 30 days, as recommended by the OAIC, unless an extension is reasonably required.

We may require proof of identity before releasing information. If we refuse access, we will provide written reasons and information about your complaint options, as permitted under APP 12 and the Privacy Act.

11. Correction of Personal Information (APP 13)

If you believe personal information we hold is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request correction free of charge. We will take reasonable steps to correct the information within a reasonable period or, if we disagree, provide written reasons and allow you to associate a statement of the correction you requested.

We will also notify relevant third parties of corrections where APP 13 requires and it is practicable to do so.

12. Automated Decision-Making and Profiling

We do not use solely automated decision-making that significantly affects your legal rights or similar interests. Any AI-assisted processing related to contact enquiries is subject to human review, as described in the AI disclosure above.

13. GDPR Rights (EEA Visitors)

Where GDPR applies, you may have rights to access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Contact us to exercise these rights. You may lodge a complaint with your local EU/EEA supervisory authority.

14. Notifiable Data Breaches (NDB Scheme)

Under Part IIIC of the Privacy Act, we assess suspected eligible data breaches. If we reasonably believe a breach is likely to result in serious harm to affected individuals, we will:

  • prepare a statement describing the breach, the kinds of information involved, and recommended steps for individuals;
  • notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable; and
  • notify affected individuals as soon as practicable with the contents of the statement.

We aim to complete an assessment of a suspected breach within 30 days. If you believe your personal information held by us has been compromised, contact us immediately using the details in Section 18.

15. Complaints and Dispute Resolution

If you believe we have interfered with your privacy, please contact our privacy officer first. We will:

  1. Acknowledge your complaint within 7 business days.
  2. Investigate the matter and respond within 30 days with our findings and proposed resolution.
  3. Take reasonable steps to remedy any confirmed interference with your privacy.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

You may also contact the Victorian Information Commissioner for certain Victorian public sector matters at ovic.vic.gov.au, though our private-sector website operations are primarily regulated under the Commonwealth Privacy Act.

16. Children and Young People

Our website is intended for adults. We do not knowingly collect personal information from children under 15 years without verified parental or guardian consent, consistent with OAIC guidance. If you are a parent or guardian and believe your child has provided us personal information, contact us and we will take reasonable steps to delete it.

17. Changes to This Policy

We may update this Privacy Policy to reflect changes in Australian law, OAIC guidance, our practices, or AI transparency requirements. The “Last updated” date at the top will change accordingly. Where changes materially affect how we handle your personal information, we will take reasonable steps to notify you (for example, a notice on our homepage).

18. Contact

Elbowsvital.ddd
Fl 1/62-70 Johnston St, Fitzroy VIC 3065, Australia
Email: serviceteam@elbowsvital.world
Phone: +61 3 5222 1690

Return to Home