Privacy Policy

2. Information We Collect

We collect personal information in the following ways:

Contact Form

When you submit the contact form, we collect your name, email address, and message content. This information is used solely to respond to your enquiry.

Registration Enquiries

The "Get Involved" page collects expressions of interest including name, email, phone number, and details about the player (age group, experience). This is used to follow up about registration with the Club.

Admin Accounts

Club administrators have individual login accounts. We store usernames, display names, and securely hashed passwords. Admin actions are logged for security and audit purposes, including IP addresses, timestamps, and the action performed.

Cookies

We use a single session cookie (phantoms_session) for administrator login sessions. This cookie is essential for the admin area to function and is not used for tracking or advertising. No cookies are set for general visitors unless you log in to the admin area.

3. How We Use Your Information

Personal information is used only for:

• Responding to your contact form enquiries
• Following up on registration expressions of interest
• Administering the Club's website and operations
• Security monitoring and audit logging of admin activity

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Data Storage and Security

Your data is stored securely using Cloudflare's infrastructure, which includes encrypted storage and global edge security. Specifically:

• Passwords are hashed using PBKDF2 with unique salts — we never store plaintext passwords
• Admin sessions are signed with HMAC-SHA256 and automatically expire
• All traffic is encrypted via HTTPS
• Admin actions are logged with timestamps and IP addresses for security auditing

Data may be processed in Cloudflare data centres globally. Cloudflare's infrastructure complies with international security standards. For more information, see Cloudflare's privacy commitment.

5. Data Retention

• Contact form submissions: Retained until the enquiry is resolved, then deleted
• Registration enquiries: Retained for the current season, then deleted unless you register as a member
• Admin accounts: Active while the person holds a Club role; deactivated when no longer required
• Audit logs: Retained for up to 12 months for security purposes
• Session cookies: Expire automatically after 7 days or on logout

6. Your Rights

Under the Australian Privacy Act 1988, you have the right to:

• Access the personal information we hold about you
• Correct any inaccurate or out-of-date information
• Request deletion of your personal information
• Complain to the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

To make a request, contact us via the contact page. We will respond within 30 days.

7. Children's Privacy

As a junior rugby club, we recognise the importance of protecting children's personal information. We do not knowingly collect personal information directly from children under 16. All registration and contact form submissions for junior players should be made by a parent or guardian.

Photos of junior players may appear on the website or social media only with the consent of a parent or guardian, obtained through the Club's registration process.