COAST & KIN
Privacy Policy
At COAST&KIN, we believe that how we handle your information matters just as much as the images we create for you. This Privacy Policy explains what personal information we collect, why we collect it, how we protect it, and your rights as a client.
COAST&KIN PTY LTD (ABN: 57 685 660 637) is a professional photography business based on the NSW Central Coast. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) and are committed to being transparent about our data practices.
If you have any questions about this policy at any time, please reach out — our contact details are in Section 13.
1. The Information We Collect
We collect personal information that is reasonably necessary to provide our photography services. Depending on the nature of your booking, this may include your name, email address, and phone number; address or shoot location details; children's names and ages for family, newborn, and daycare sessions; booking and session details; payment information processed via secure third-party platforms; images and video footage of you, your family, or your team; email communication preferences and marketing consent; and website usage data via cookies and analytics (see Section 8).
We only collect what we need and will not ask for information that is irrelevant to providing our services.
2. How We Collect Your Information
We collect information through a number of channels, including enquiry and contact forms on our website, booking and onboarding through our client management system (Studio Ninja), direct email, phone, or social media communication, online gallery access and image downloads via Pic-Time, purchase transactions via Stripe processed through Studio Ninja or Pic-Time, our Wix website which may collect standard usage data when you visit, email marketing subscription via Klaviyo, and cookies and analytics tools when you visit our website.
3. Why We Collect and Use Your Information
We use your personal information to respond to your enquiries and manage your booking, deliver photography services and fulfil your session, provide secure access to your online image gallery, process payments and issue receipts, communicate with you before, during, and after your session, send occasional updates, offers, or relevant content with your consent (you can opt out at any time), improve the quality and experience of our services, and meet our legal obligations. We will not use your personal information for purposes beyond those listed above without first notifying you and, where required, obtaining your consent.
4. Photography and Image Handling
As a photography business, images are at the heart of what we do — and we take their handling seriously.
Delivery and access. Your images are delivered via a secure, password-protected online gallery hosted through Pic-Time. Watermarked previews are available prior to purchase, and full-resolution images are provided once downloaded or purchased. Gallery access links are personal to you and should not be shared publicly.
Use in marketing and promotion. We will not use your images — or those of your family — in any marketing, social media, or promotional material without your explicit written consent. This consent is sought as part of our booking process, and you are always free to decline or withdraw it. Where you have given consent for image use, we may use selected photographs on our website, Instagram, or other promotional channels. We will never tag you without your permission.
Image retention. We retain edited images for one month after delivery, after which they may be archived or deleted. We recommend downloading and storing your images securely as soon as they are received. If you require copies beyond this period, please contact us and we will do our best to assist.
5. Children's Privacy and Daycare Photography
We work regularly with families and young children, and we treat this responsibility with the utmost care. Children's personal information — including their images — is treated as sensitive information under the Privacy Act and is handled with a higher standard of protection.
Family and newborn sessions. For family and newborn sessions, consent is provided by the parent or legal guardian as part of the booking process. Children's names and ages are collected only where necessary to tailor the session. Children's images will never be used in promotional material without explicit written parental consent.
Daycare and early childhood centre photography. When we photograph children on behalf of an early childhood centre or daycare provider, the consent and privacy processes are managed in partnership with the centre. Typically, the centre is responsible for obtaining parental consent prior to photography sessions. We photograph only those children for whom the centre has confirmed consent is in place. Images are delivered to the centre or directly to parents via a secure gallery and are not distributed publicly. Children's images are not used in any COAST&KIN promotional content without separate written consent from the parent or guardian, and we do not retain children's identifying information beyond what is operationally necessary.
If you are a parent with questions about how your child's images are handled through a centre, we encourage you to speak with the centre in the first instance. You are also welcome to contact us directly.
6. Third-Party Platforms and Overseas Data Storage
To run our business effectively, we use a small number of trusted third-party platforms. Each of these may store data on servers located outside of Australia — primarily in the United States. Under the Australian Privacy Principles (APP 8), we are required to disclose this.
Studio Ninja is used for client relationship management, bookings, enquiries, and contracts, with data stored on Australian and/or US-based servers. Pic-Time handles online gallery delivery and image sales, with images and client access data stored on Pic-Time's international servers. Klaviyo manages email marketing and client communications, with contact details and communication preferences stored on US-based servers. Stripe processes all payment transactions securely, either through Studio Ninja or Pic-Time. Stripe is a PCI-DSS compliant payment processor and we do not store your payment card details directly — this is handled entirely by Stripe on their secure international infrastructure. Wix hosts our website and may collect standard usage data including IP addresses and browser information, with data potentially stored on international servers.
We take reasonable steps to ensure these providers maintain appropriate privacy and security standards. By engaging our services, you acknowledge that your data may be transferred to and stored overseas as described above. Each platform maintains its own privacy policy, which we encourage you to review if you have specific concerns.
7. How We Protect Your Information
We take the security of your personal information seriously. We use secure, password-protected access to all client management and gallery platforms, reputable industry-standard third-party platforms with built-in security protocols, and we limit access to personal information to only those who need it to deliver our services. We do not store payment card details directly — all payment processing is handled by secure third-party providers — and we regularly review our data practices and platform access.
While we take all reasonable steps to protect your information, no method of online transmission or storage is completely secure. If you have concerns about data security, please contact us.
8. Cookies and Website Analytics
Our website may use cookies and analytics tools to help us understand how visitors use our site and to improve your experience. This may include session cookies that allow the site to function properly, analytics tools such as Google Analytics that help us understand traffic patterns and visitor behaviour (this data is aggregated and does not personally identify you), tracking pixels or tags from platforms such as Meta (Facebook/Instagram) or Google used to measure the performance of our advertising, and third-party embeds or widgets that may set their own cookies.
You can manage or disable cookies through your browser settings at any time, though note that disabling some cookies may affect the functionality of our website. Where required by law, we will request consent before setting non-essential cookies.
9. Marketing Communications
With your consent, we may send you occasional emails about session offerings, promotions, or content we think you'll find useful. We use Klaviyo to manage these communications. You can unsubscribe from marketing emails at any time by clicking the unsubscribe link at the bottom of any email, or by contacting us directly. Unsubscribing from marketing does not affect your ability to receive transactional emails related to your booking.
10. How Long We Keep Your Information
We retain personal information for as long as it is needed to fulfil the purposes described in this policy, or as required by law. Booking and client records are kept for seven years in line with our obligations under the Corporations Act 2001 and ATO record-keeping requirements. Edited images are retained for one month following delivery. Marketing contact preferences are retained until you unsubscribe or request removal, and enquiry data from non-converting leads is deleted after 12 months. When information is no longer required, we will take reasonable steps to delete or de-identify it securely.
11. Your Rights
Under the Australian Privacy Principles, you have the right to request access to the personal information we hold about you, request that we correct any information that is inaccurate, out of date, or incomplete, withdraw your consent to marketing communications at any time, request that your personal information be deleted subject to our legal obligations to retain certain records, and lodge a complaint about how we have handled your information. To exercise any of these rights, please contact us using the details in Section 13. We will respond to all requests within a reasonable timeframe.
12. Complaints
If you have a complaint about how we have handled your personal information, we ask that you contact us in the first instance so we have the opportunity to address your concern directly. If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au, by phone on 1300 363 992, or by post to GPO Box 5218, Sydney NSW 2001.
13. Contact Us
We're always happy to hear from our clients. If you have any questions, concerns, or requests relating to this Privacy Policy or how your information is handled, please get in touch.
COAST&KIN PTY LTD
ABN: 57 685 660 637
Email: jess@coastkin.com.au
Location: Central Coast, NSW, Australia
Website: www.coastkin.com.au
14. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our business, technology, or legal obligations. The current version will always be available on our website, with the effective date noted at the top. We encourage you to review it periodically. Where changes are material, we will take reasonable steps to notify current clients.