Last updated 7th December, 2025. Please review this Privacy Policy to see how I handle your information.

1. Welcome to my Privacy Policy

Name: Hugo Ménard

Address: 49 Rochester rd, Canterbury, Vic, 3126 Australia

ABN: 57 505 601 903

Whether you’re visiting my website, joining my email list, or working with me as a client, I’m committed to protecting your personal and sensitive information. I take this responsibility seriously and treat your data with care.

For the purposes of data protection laws, I am what’s known as the data controller — the person responsible for deciding how and why your data is collected and used.

I comply with the Australian Privacy Principles in the Privacy Act 1988 (Cth) and aim to meet the requirements of the EU General Data Protection Regulation (GDPR). You have important rights over your personal data, including the right to access it, correct it, or ask for it to be deleted. If you’d like to exercise any of these rights, you can reach me using the contact details above.

2. Legal Basis for Processing Your Information

I only collect and use your information where I have a valid legal reason to do so under data protection laws. The legal bases I rely on are listed below.

To provide coaching and related services: Most of the information you share with me (like contact details, info on your intake form, or session notes) is necessary so I can deliver the services you’ve asked for and keep our work together running smoothly.
To meet my legal obligations: I need to keep and sometimes disclose certain records for tax purposes and meet other professional requirements, as well as comply with relevant court orders. I also use your contact information to keep you informed about updates to this Privacy Policy and other important notices, as required by data protection laws.
With your consent: In some cases, I will ask for your explicit agreement before using your information — for example, joining my mailing list, sharing a testimonial, or asking me to contact another professional on your behalf. You can withdraw this consent at any time.

To protect vital interests: In rare and serious circumstances, I may need to share information without your consent, such as to protect you or someone else from imminent harm. This would only occur in exceptional situations, for example, where there is a serious risk to health, safety, or welfare.
To run and improve my business: I also process some information in ways that are useful but not essential — such as keeping records of enquiries, using secure third-party tools to manage bookings or emails, or reviewing how my website is used so I can make it clearer and more helpful. I only do this where it doesn’t override your rights or freedoms.

Each time I collect or use your information (as described below), it is done under one of these legal bases.

3. Personal and sensitive Information I Collect and Why

I collect different types of personal information depending on how you interact with me and my website. Each category below explains what I collect, why, and (where relevant) what my third party service providers automatically record.

(a) Email Newsletter (via MailerLite)

When you join my email list, I collect a few details so I can send you newsletters you actually want to read and improve your experience:

Name – so I know who I’m writing to.
Email address – so I can send the newsletters you signed up for.
Automatically recorded by MailerLite – IP address, date/time of signup and confirmation, and engagement details (like opens, clicks, and subscription status). This helps me manage subscriptions, ensure security, and see how my content is being used so I can make it better for you.

To stop receiving emails, click “unsubscribe” in any newsletter. If that ever doesn’t work, please send me an email and I’ll manually remove you from my mailing list.

(b) Hiring me to support your employees

If you’re bringing me in to work with you or your employees, I’ll collect a few key details so we can work together smoothly, meet legal and tax requirements, and make sure important information goes to the right place.

Business name, address, and ABN (if Australian) – so I can clearly identify the organisation, prepare accurate invoices, meet tax requirements, keep proper records of our agreement, send formal correspondence to the correct address, verify the legitimacy of the business, and provide information if required by law or for dispute resolution.

Key contact person(s) details – name, role, phone, and email (including for invoices) – so I can communicate with the right person, send invoices to the correct place, provide updates, ask questions, and keep a clear record of who acted as the main point of contact for contractual and administrative purposes.

Name, role, date, and signature of the person signing the agreement – so I can confirm who authorised the agreement, understand their role within the organisation, ensure the contract is legally binding, record the date it was signed, and retain proof of the agreement in case of legal, audit, or compliance requirements.

(c) 1-1 sessions

When you work with me one-on-one, either as a participant from an organisation that has hired my services, or as an individual client, I collect certain personal and sensitive information to make our sessions effective, safe, and legally compliant.

Name, signature, and date of agreement – this allows me to clearly identify you, confirm who signed the agreement, ensure it is legally binding, and retain records for legal, audit, or compliance purposes.
Organisation name (only for participants from organisations) – so I can invoice correctly, contact the right representative from the organisation if needed, and understand the context behind our work together.
Contact information – your email and phone number help me send session confirmations and reminders, re-schedule if necessary, and share resources that you request or I think may be helpful.
Personal address and emergency contact – provides essential information in case of an emergency, helps me clearly identify you and supports billing if you are working with me directly.
Mental health care provider information (if applicable) – collected only if you choose to share it, to confirm you are receiving appropriate support, have useful contact details in case of an emergency, and correspond with your mental health provider if requested.
Intake and session information – includes what you share on intake forms (goals, dreams, challenges, fears, etc.), any optional notes you provide when booking sessions via OnceHub (such as preferred meeting method, context about your organisation, or other information you wish to share), and handwritten notes I take during sessions. These help me tailor sessions to your needs, track progress, and better facilitate sessions. A detailed description of confidentiality, including any legal exceptions, is provided in the agreement each client / participant signs.
Sensitive organisation information – may be collected if an organisation representative or participating employee shares insights about the organisation’s challenges, goals, or internal matters. This context helps me better understand what is going on which makes our work together more effective.

(d) Testimonials

When you share a testimonial, I collect only the details you choose to provide. I ask for your name so I know who submitted the form, but I’ll only publish the version of your name you’d like to appear alongside your words (you can even use a pseudonym if you prefer).

Your testimonial may appear on my website, social media, or in other materials to help others understand the experience of working with me.
Testimonials are always kept separate from any other personal or sensitive information you share.
I’ll keep your testimonial indefinitely, as they help others understand the experience of working with me. But you stay in control — you can ask me to update or remove it at any time by emailing me, and I’ll take care of it promptly.

(e) Website, Social Media, and Contact Information

When you interact with me online or reach out directly, I may collect certain information to provide a safe, effective, and personalised experience.

Comments and posts – if you leave a comment on my website or social media (e.g., YouTube, LinkedIn), I collect only the information you choose to share, such as your name, profile name, and the content of your comment, so it can be displayed, engaged with, and responded to.
Technical information for website comments – my website platform (Wix) automatically collects details like IP address (which can indicate approximate location), browser type and version, device type and operating system, and date/time of the comment. This helps prevent spam, moderate content, and maintain security (see the Cookies section below for more info).
Direct contact – if you contact me via email, phone, text, Signal, LinkedIn, or other platforms, I collect only the personal or sensitive information you choose to share so I can respond to your requests or questions.
Third-party or public sources – I may collect information about you or your organisation from your website, social media, or a referral, to help determine if working together is a good fit.

Information collected from third-party providers is subject to the privacy policies of those platforms.

4. Handling Your Personal and Sensitive Information

(a) How your information is stored and protected

I take your privacy very seriously and treat your personal information with care.

Handwritten notes are kept securely in my private office.
Electronic information (e.g. intake forms, billing details) is stored in my paid Google Workspace account and backed up on a password-protected computer that only I use.
In some cases, some information may be automatically stored by third-party providers I use to run my practice, such as details you provide when booking a session (see below for more info).

Access to your information is strictly limited to me, unless sharing is necessary for the purposes described below.

(b) How long I keep information

I only keep your information for as long as needed to:

provide services to you,
meet professional or legal obligations, or
protect my legal rights.

For most clients and people who contact me directly (such as via email), this means information is retained for up to 7 years after we finish working together. In rare situations, I may need to retain it longer if required by law or if there is a reasonable, lawful reason, such as to defend against a potential legal claim.

I use third party providers. You can find a list of them below. Information automatically collected by the third party providers I use (such as IP address, browser type, device, operating system, name, contact information etc) is stored according to the retention policies of the service providers. I do not manually retain this data beyond what is needed to maintain security, prevent spam, and improve site usability.

Comments made on my website and social media are kept indefinitely as that is the nature of those platforms. In most cases, you can delete any comment you make. If you are unable to delete a comment yourself, feel free to contact me directly and I’ll see if I can delete it.

(c) How information is deleted

When the time comes:

Paper notes are destroyed responsibly (e.g. by shredding, burning, or composting).
Electronic files are deleted from Google Workspace and my computer in ways that prevent recovery.
Expired backups are also cleared. I keep a simple record of deletions so I can demonstrate that your information has been handled with care.

(d) When information may be shared

I never sell your information. I only share it when truly needed, and always with care, on a strict need-to-know basis. Examples include:

With your consent: for example, if you ask me to communicate with another professional. I’ll only share what we’ve agreed to.
Mentoring: If I seek supervision/mentoring, I avoid sharing unnecessary detail — the focus is on how I can best support you.
Employer-funded sessions: If your employer is funding sessions, they may be told basic details: that sessions are taking place, how many you’ve had, and whether you cancelled within 24 hours (as this may affect billing). They do not get to know the content of sessions.
Billing and financial records: Basic details (e.g. name, payment info) may be shared with secure payment processors (such as PayPal or banks), accounting software, or an accountant, so that payments, invoicing, and tax obligations are handled correctly.
Technical service providers: I use third-party services (see below) who may process your data to help me provide services to you.
Safety concerns: If I believe there is a serious risk of harm to you or someone else, I may share relevant information with appropriate professionals or authorities. Where reasonably possible I will communicate with you first.
Legal obligations: I may need to share information where required by law — for example, in response to a subpoena, discovery request or court order. I may also disclose information in situations allowed under the Privacy Act – for example, where I have reasonable grounds to suspect unlawful activity or serious misconduct related to our work together.

(e) Third-party providers I use

Your information may be stored or processed through the following providers, who apply their own security and privacy measures. (Note: Basic communication services like phone networks and email infrastructure are not listed but are covered by separate telecom regulations.)

Google Workspace
MailerLite
OnceHub
PayPal
Dropbox
Zoom
ING Bank

Youtube

Linked In

Signal

International Transfers of Your Data

Some of the third-party services I use may store or process your information outside your home country. This is necessary for things like email communication, video calls, secure data storage, and processing payments.

These providers are responsible for their own privacy and security practices which can typically be found on their website.

Please note that if your information is processed outside the EU/EEA, not all countries provide the same level of legal protection as under the GDPR. This means that while I expect providers to handle your data responsibly, I cannot guarantee that all GDPR rights will be enforceable in every jurisdiction.

2. Communication and security

If we communicate via email, video conferencing, or other online platforms, I will take reasonable steps to protect your information — but please note I cannot control the security of these platforms. By using them, you accept the inherent risks of electronic communication. If you’d prefer, we can discuss alternative arrangements for particularly sensitive information.

3. Combining information

Sometimes I may combine information you provide with publicly available sources (such as your website or social media) to better understand your context and ensure we’re a good fit to work together.

4. Cookies

When you visit my website (hosted by Wix), small files called cookies may be stored on your device. These help the website work properly, make your experience smoother, and keep it secure. The cookies I use include:

Session cookies (like bSession, server-session-bind, svSession) – these remember your session while you browse the site, so things like forms or navigation work properly. They usually expire when you close your browser or after a short period.

Security cookies (like XSRF-TOKEN) – these help protect the website from security threats and keep your data safe.

Performance cookies (like SSR-caching) – these help the website load efficiently and provide a smoother experience.

Functional cookies (like _wixAB3|*, fedops.logger.sessionId, TS*) – these remember basic information about your visit, such as which page you are on, track errors, or support site experiments.

Some third-party cookies may be set when you use embedded services, such as email subscription forms, social media embeds, or payment providers. These cookies are managed by the third parties and are used for things like tracking engagement, sending newsletters, or improving service functionality.

Embedded YouTube videos: Some pages may include embedded YouTube videos (provided by Google/YouTube). When played, YouTube may set cookies for analytics and advertising purposes. These cookies are only activated if you have given consent for “Advertising Cookies” through the cookie consent banner displayed on the site. If you do not provide consent, the YouTube player will not load and no cookies will be set by YouTube.

I use cookies only to help my website function properly and to understand how people use it, so I can improve the content and make it more useful. I don’t use cookies to track you for advertising or targeted marketing beyond what is required for embedded third-party services you choose to use. Some cookies may collect personal data, and you can manage or delete cookies via your browser settings. You can also withdraw your cookie consent at any time by selecting “Cookie Settings” at the bottom of the website.

By continuing to use the website, you agree to cookies being stored on your device, in accordance with your consent choices. Most cookies expire at the end of your session or within 12 months, depending on their type.

5. Access to Information and complaints

You have rights over your personal information — including the right to access it, request corrections, or deletion. Exercising these rights is part of your legal rights under data protection laws (GDPR, Australian Privacy Principles, etc.).

If you’d like to exercise these rights, or if you ever feel your privacy hasn’t been respected, please get in touch by email. I’ll acknowledge your request or concern within 7 days and aim to resolve it within 30 days, unless there’s a lawful reason I can’t.

If you’re not satisfied with my response, and through further emails we are not able to come to an agreeable solution, you can raise your concern with:

The Office of the Australian Information Commissioner (OAIC) via oaic.gov.au/privacy/privacy-complaints
The health ombudsman in your state or territory
Or, if you’re outside Australia, your local data protection authority (for example, the ICO in the UK, or your national supervisory authority in the EU).

6. Notification of Change

I may update this Privacy Policy from time to time. The latest version, with its date of revision, will always be available here on my website. If any changes are significant, I’ll also highlight them on this page and notify you by email if you’re on my mailing list.

7. Notification of Breach

If I become aware of a data breach affecting your personal or sensitive information, I will assess the situation promptly and, where required by law, notify you and the relevant authorities within 72 hours of becoming aware of the breach. If there is a risk of harm or loss, I will take immediate remedial action and ensure you are informed directly whenever possible. If direct notification isn’t possible, a notice will be posted on this website.

8. Children’s Privacy

My services and website are intended for adults and not for children under the age of 16. I do not knowingly collect personal information from children. If I become aware that I have inadvertently collected personal data from a child under 16, I will take reasonable steps to delete it promptly.

9. The writing of this Privacy Policy

This Privacy Policy was created with the marvellous support of Carefree Counsel. If you wish to write your own policy that genuinely serves its purpose of looking after you, your business and your clients, and is written in clear, understandable language, I encourage you to reach out to Carefree Counsel.