What This Document Covers

This framework describes ruvendalos's approach to handling identifying details that emerge when you interact with our educational platform at ruvendalos.sbs. We're based in Bathurst, NSW, and everything we do reflects Australian privacy principles alongside broader international standards.

We've structured this differently than most privacy documents you've encountered. Rather than moving through collection-use-sharing in that familiar sequence, we've organized content around user interaction moments — the specific points where information appears in your relationship with our budgeting education services.

When You First Make Contact

The moment you reach out through our contact form or send an email to contact@ruvendalos.sbs, certain details become available to us. Your name arrives first — we need something to call you. Your email address follows naturally since that's how we'll respond.

Sometimes people include their phone numbers, particularly when they want faster resolution to a question about upcoming programs. That's optional. Your message content itself contains whatever you've chosen to share — questions about curriculum, requests for schedule information, or concerns about accessibility needs.

Why These Details Matter

Contact information serves one immediate purpose: enabling conversation. Without an email address, we can't answer your question. Without your name, our response feels impersonal and disconnected. We don't gather contact details for any separate marketing purpose beyond responding to what you've initiated.

The content of your message guides our response approach. Someone asking about payment options needs different information than someone requesting technical support. We read what you write to understand what you need, then we provide that specific thing.

Registration and Program Enrollment

When you decide to participate in one of our budgeting education programs — typically scheduled six to twelve months after initial inquiry — the information requirement expands. Name and email remain foundational. We add postal address because some materials ship physically to your location in Australia.

Payment details emerge at this stage, though we handle those through external processors rather than storing card numbers ourselves. What we retain includes transaction dates, amounts, and payment status — enough to manage your enrollment and address any billing questions that might surface later.

The Registration Necessity

Every piece of information requested during registration connects to a specific operational requirement. We ask for your mailing address because workbooks ship to participants in weeks three and seven of most programs. Without accurate location details, those materials don't arrive.

Your phone number becomes relevant if we need to reach you urgently about schedule changes or technical problems affecting access to learning materials. Some participants prefer SMS notifications for upcoming live sessions — that option requires a mobile number, but remains entirely optional throughout.

Information That Arrives Automatically

Certain technical details appear without conscious sharing on your part. When you access our platform, your device reveals its IP address — that's how internet communication functions. We see which browser you're using, what operating system runs on your device, and what screen size you're working with.

These technical elements serve practical purposes rather than surveillance ones. If someone in Sydney reports that a video won't load, knowing they're on an older iPad using Safari helps us diagnose the problem faster. When we're optimizing content display, screen resolution data shows us how many participants access materials on mobile versus desktop.

Platform Interaction Patterns

As you move through learning modules, your activity creates a trail: which lessons you've completed, how long you spent on particular exercises, whether you downloaded supplementary worksheets. We monitor this not to judge your pace but to understand where participants commonly struggle or disengage.

If seventy percent of participants abandon Module Four halfway through, that signals a content problem we need to address. Your individual activity contributes to aggregate patterns that drive curriculum improvements, but we're not scrutinizing personal completion rates for any punitive purpose.

How We Work With Your Information Internally

Within ruvendalos, access follows role requirements. The education coordinator who manages program schedules can view enrollment lists and contact details — she needs those to send session reminders and manage cohort composition. The content developer who builds learning modules sees aggregated activity data but doesn't access individual participant identities.

Our finance administrator handles payment records and processes refund requests when circumstances require enrollment withdrawal. Support staff access contact information when responding to technical questions or access problems. Nobody views information beyond what their specific function demands.

Operational Decision-Making

Aggregate enrollment patterns inform scheduling decisions. When we notice strong regional interest from Queensland participants, we might schedule more sessions at times that suit eastern time zones. Geographic distribution data helps us decide where to hold occasional in-person workshops.

Completion rates and assessment performance guide content revision. A module with consistently low engagement gets restructured. Topics that generate lots of follow-up questions might need clearer explanation or additional examples. Your usage patterns shape these improvements without anyone examining your personal learning journey in isolation.

When Information Moves Outside Our Organization

Several operational necessities require us to share specific information with external entities. These aren't casual transfers — each serves a defined purpose and occurs under contractual constraints that mirror our own privacy commitments.

Service Infrastructure Partners

Our learning platform sits on servers managed by an Australian hosting provider. That company receives participant account information — email addresses, names, learning activity records — because the platform itself resides on their infrastructure. They're prohibited contractually from using this information for any purpose beyond providing hosting services to us.

Email communications flow through a messaging service that handles delivery, bounce management, and basic engagement tracking. This partner receives your email address and name, plus message content when we send program updates or respond to inquiries. They don't access this information for their own purposes and can't contact you directly.

Payment Processing Reality

When you pay for program enrollment, your card details go directly to our payment processor — we never see full card numbers. What comes back to us includes transaction confirmation, the amount paid, and basic payment method information (Visa ending in 1234, for example). The processor maintains card details under their own security protocols, separate from our systems entirely.

Legal and Compliance Requirements

Australian law sometimes requires information disclosure. Tax authorities might request transaction records during audits. If we receive a valid subpoena or court order, we comply with the scope specified in that legal demand. These situations arise rarely, but you should understand they represent circumstances beyond our usual privacy protocols.

Should we ever suspect fraudulent enrollment or payment activity, we may share relevant details with law enforcement. That's happened once in our operating history, involved clear credit card fraud, and we disclosed only information specifically relevant to the investigation.

Protection Measures and Remaining Risks

We employ multiple safeguarding layers. All platform access requires encrypted connections — that's basic transport security. Authentication uses strong password requirements plus optional two-factor verification for participants who want additional protection. System access for staff members requires unique credentials, never shared logins.

Database storage includes encryption for particularly sensitive elements like payment transaction records. Regular backups occur daily, stored in geographically separated locations within Australia. We test restoration procedures quarterly to confirm we could recover information if primary systems failed.

What Protection Cannot Guarantee

Despite these measures, perfect security doesn't exist. Sophisticated attacks could potentially breach our systems. A staff member could mishandle information despite training. Third-party services we depend on might experience their own security failures that cascade to our operations.

We're transparent about this reality: determined adversaries with significant resources might find vulnerabilities we haven't identified. We work continuously to minimize that possibility, but honesty requires acknowledging it exists. Should a breach occur, we'd notify affected participants within 72 hours of discovering the incident, detail what information was exposed, and explain remedial steps we're taking.

Your Control Options

Several capabilities exist for managing information we hold about you. The implementation varies depending on what you want to accomplish and where you are in your relationship with our programs.

Viewing What We Hold

You can request a complete copy of information associated with your account. Submit that request to contact@ruvendalos.sbs with "Information Access Request" in the subject line. We'll compile everything within 30 days and deliver it as a downloadable file. This includes account details, enrollment records, payment history, learning activity logs, and any support correspondence.

The 30-day timeframe reflects compilation complexity rather than reluctance to provide access. Gathering information from multiple systems, verifying your identity to prevent unauthorized access, and formatting everything in readable form takes time. If you have urgent needs, mention that — we'll prioritize accordingly.

Correction Authority

Incorrect information should be fixed. If your address changed and materials are shipping to the wrong location, update that directly through account settings. For corrections requiring manual intervention — fixing a misspelled name throughout historical records, for example — contact our support team. Most corrections happen within five business days.

Deletion Requests

You can request complete account deletion at any time. This removes your name, contact information, learning activity records, and correspondence history. Some elements persist beyond deletion due to legal requirements: transaction records stay in financial systems for seven years to comply with tax law. Anonymized activity data that already contributed to aggregate statistics can't be retroactively removed from those compilations.

Deletion requests take effect within 60 days. That duration allows us to verify identity, process any outstanding refunds or certificate requests, and ensure deletion propagates through backup systems. Once complete, we confirm via email sent to your last known address.

Communication Preferences

You control whether you receive program announcements, curriculum updates, and educational tips beyond essential transactional messages. Every non-essential email includes unsubscribe functionality. Opting out doesn't affect your ability to complete enrolled programs — you'll still receive session reminders, access credentials, and certificate notifications.

Retention Logic and Deletion Triggers

Different information categories have different lifespans in our systems. These durations reflect legal requirements, operational needs, and reasonable expectations about when data stops serving legitimate purposes.

• Active enrollment period: Everything stays accessible while you're participating in programs. That includes all account details, learning progress, communication history, and support interactions.
• Post-completion phase: After program completion, we retain core account information for two years. This allows returning participants to re-enroll without recreating accounts and lets us address any delayed questions about certificates or learning materials.
• Financial records: Transaction details persist for seven years from the date of payment. Australian taxation law drives this requirement — we can't delete financial records on shorter timelines without creating compliance problems.
• Support correspondence: Messages exchanged with support staff remain available for three years. This helps us provide consistent responses if you return with related questions and aids quality assessment of our support operations.
• Marketing interactions: If you never enroll but remain on our announcement list, we keep basic contact information (email and name) until you unsubscribe or until five years of complete inactivity pass.

Automated processes review accounts quarterly and flag records meeting deletion criteria. Final deletion requires manual verification to prevent errors — we don't want to accidentally erase someone's account due to a technical glitch. Once confirmed, deletion executes within 30 days.

Legal Foundations for Information Handling

Australian Privacy Principles provide our primary regulatory framework. As an Australian organization serving primarily Australian participants, these principles govern what we collect, how we use it, and what rights you hold regarding information about you.

For participants outside Australia, we apply similar standards even when not strictly required by local law. Someone enrolling from New Zealand or Singapore receives the same privacy protections as a Sydney-based participant. This simplifies our operations and ensures consistent treatment regardless of where you live.

Consent and Contractual Necessity

Some information handling occurs because you've explicitly consented — ticking the box during registration that acknowledges these privacy terms, for example. Other processing happens because it's necessary to deliver services you've requested. We can't run your enrollment without knowing your identity and contact details.

This distinction matters legally but might feel abstract in practice. The practical reality: information handling directly connected to providing education services doesn't require separate consent beyond your decision to enroll. Optional activities like receiving marketing emails or participating in feedback surveys require specific opt-in consent.

Legitimate Interests

Sometimes we process information based on legitimate operational interests that benefit both ruvendalos and participants. Fraud prevention falls into this category — we have a legitimate interest in preventing enrollment fraud, and participants benefit from a trustworthy platform free from abuse.

Platform improvement driven by usage analytics represents another legitimate interest. Analyzing how participants interact with content helps us create better learning experiences. We balance this interest against privacy impacts by working primarily with aggregated data rather than individual tracking.

Information About Minors

Our programs target adults managing their own finances. We don't knowingly enroll participants under 18 years of age. If a parent enrolls on behalf of an older teenager (16-17), parental consent is required and the parent's contact information becomes the primary account reference.

Should we discover that someone under 18 enrolled without parental involvement, we'd suspend access immediately and contact the email address on file to verify age and arrange either parental consent or enrollment cancellation with full refund.

Changes to This Framework

Privacy practices evolve as our services change, regulations update, or new technologies emerge. When we modify this document, the revision date at the top changes and we notify active participants via email at least 30 days before new terms take effect.

Significant changes — like introducing entirely new categories of information collection or materially different sharing practices — trigger more prominent notification. We'd announce those through multiple channels and provide clear options for participants who prefer not to continue under revised terms.

Minor clarifications, updated contact information, or corrections of typos don't necessarily warrant individual notification. We'd update the document and note the revision date, but wouldn't send mass emails about purely administrative changes.

Cross-Border Information Movement

Our infrastructure operates within Australia. Servers physically reside in Sydney and Melbourne data centers. Backups stay within Australian borders. This geographic containment means your information doesn't routinely cross international boundaries during normal operations.

Two exceptions exist. First, some technical support tools we use have US-based parent companies, though Australian data centers handle actual information storage. Second, if you're enrolling from outside Australia, your information enters Australia when you register. That's unavoidable given our location.

Should operational needs require moving information outside Australia in the future, we'd implement legal mechanisms like standard contractual clauses that ensure recipient countries provide adequate protection. This hasn't proven necessary yet but remains a possibility if our service infrastructure changes.

Automated Decision-Making

We don't use automated systems to make significant decisions about your enrollment or learning experience. No algorithms determine whether you can join a program, what price you pay, or whether you receive a certificate. Human staff members make those decisions based on established criteria.

Automated processes do handle routine functions: sending session reminder emails at scheduled times, marking modules complete when you finish required activities, flagging payment failures that need follow-up. These mechanical operations don't involve judgment or interpretation — they simply execute predefined rules.