PRIVACY POLICY

Effective date: 11 May 2026

Last updated: 10 May 2026

Version: 1.0

1. ABOUT THIS POLICY

This privacy policy explains how we collect, hold, use, disclose, and protect personal information through drbeelim.com and associated tools, including The Homecoming Profile ("the website" and "the assessment").

We are committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy is written in plain English. Where capitalised terms appear, they have the meanings set out in section 2.

2. DEFINITIONS

In this policy:

- "Personal information" has the meaning given in the Privacy Act 1988 (Cth): information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether recorded in a material form or not.

- "Sensitive information" includes information about your health, racial or ethnic origin, religious beliefs, sexual orientation, criminal record, and certain other categories defined in the Privacy Act 1988 (Cth).

- "The assessment" means The Homecoming Profile, the free 16-item self-assessment hosted at homecoming.drbeelim.com.

- "The website" means drbeelim.com and associated subdomains.

- "Process" means any operation performed on personal information, including collection, recording, storage, use, disclosure, and destruction.

3. WHAT INFORMATION WE COLLECT

3.1 Information you provide directly

Through The Homecoming Profile (assessment):

- Email address (only if you choose to enter it on the result page; optional)

- Your responses to the 16 assessment items

- Your computed scores per archetype and your dominant archetype result

- Your consent to receive your reflection and the Welcome Home email series

Through general email signup, contact forms, or correspondence on drbeelim.com:

- Email address

- Name (if you choose to provide it)

- Message content

- Any other information you voluntarily provide

3.2 Information collected automatically

When you visit the website or take the assessment, our hosting platforms (Netlify for the assessment; Squarespace for the broader website) automatically collect:

- IP address

- Browser type and version

- Device type and operating system

- Date and time of visit

- Pages visited and time spent

- Referring website (where you came from)

This information is collected for security, fraud prevention, and aggregate analytics purposes, and is generally not used to identify individual users.

3.3 Sensitive information

The assessment is positioned as an educational self-reflection tool, not a clinical instrument. We do not consider your assessment responses to constitute health information about you for the purposes of the Privacy Act 1988 (Cth). However, if you provide information that could reasonably be construed as sensitive information (for example, in the message field of a contact form), we will treat that information with the heightened protections required for sensitive information under APP 3.3, including obtaining your express consent for any use beyond responding to your immediate enquiry.

3.4 What we do not collect

- Financial information (book purchases are handled directly by Hardie Grant or the bookseller; we do not store payment details)

- Information from anyone under 16

- Anything we have not asked you for

4. HOW WE COLLECT INFORMATION

We collect personal information directly from you when you:

- Enter your email address on the assessment result page

- Submit a contact form on drbeelim.com

- Subscribe to our email list

- Email us directly

We collect technical information automatically when you access the website or assessment, through our hosting providers' standard server logs.

We do not collect personal information about you from third parties.

5. WHY WE COLLECT IT (LAWFUL BASES)

We collect, hold, use, and disclose personal information for the following purposes, with the legal basis specified in each case:

5.1 To deliver your detailed Homecoming Profile reflection by email

- Lawful basis: your express consent (provided when you tick the consent checkbox and submit your email)

5.2 To send the Welcome Home email series and related educational content

- Lawful basis: your express consent (provided when you tick the consent checkbox and submit your email)

- You may withdraw this consent at any time using the unsubscribe link in any email or by contacting us

5.3 To analyse aggregate, de-identified patterns in how the assessment is completed (for example, archetype distribution across our audience)

- Lawful basis: our legitimate interest in improving the assessment and understanding our audience, balanced against your reasonable expectations

- All such analysis uses de-identified data; no individual is identifiable in aggregate reports

5.4 To respond to your enquiries and correspondence

- Lawful basis: necessity for the performance of a request you have made

5.5 To comply with our legal obligations

- Lawful basis: compliance with Australian law

We do not use your personal information for any purpose you have not been notified of. We do not sell, rent, or trade your personal information to any third party.

6. AUTOMATED PROFILING

The Homecoming Profile assigns you a "dominant archetype" (Rabbit, Ox, Wolf, or Crane the Distant Observer) based on a computer algorithm that sums your responses to the 16 items and identifies the highest-scoring archetype subscale.

This is an automated process. The algorithm is deterministic and transparent: each response (1-6) is added to the relevant archetype subscale; the highest sum is identified as your dominant archetype.

The result is intended for educational reflection only. It is not a clinical diagnosis, does not produce a personality assessment, and does not affect any legal rights or obligations.

You have the right to:

- Request information about how the algorithm works (above paragraph)

- Object to automated processing of your data by not completing the assessment

- Have any record of your assessment results deleted by emailing us

If the European Union General Data Protection Regulation (GDPR) applies to your data (because you are an EU resident), you also have the right under GDPR Article 22 to obtain human review of any automated decision that produces legal or similarly significant effects. The Homecoming Profile result does not produce such effects, but we will respect your right to request human review of any related processing.

7. HOW WE HOLD AND PROTECT INFORMATION

7.1 Storage location

Personal information collected through the assessment is stored on Netlify's infrastructure (United States). Personal information collected through the broader drbeelim.com website is stored on Squarespace's infrastructure (United States). Email subscriber records are stored with our email automation provider (United States; current provider details available on request).

7.2 Security measures

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. These steps include:

- Encrypted transmission: all data sent between your browser and our hosting platforms is protected by HTTPS / TLS encryption

- Access controls: only Dr Bee Lim and authorised contractors with a need to access the data are granted access

- Strong authentication: hosting and email accounts are protected by strong passwords and, where available, multi-factor authentication

- Secure providers: we choose hosting and email providers with industry-standard security certifications (Netlify is SOC 2 Type II compliant; Squarespace maintains comparable standards)

- Regular review: we periodically review our data handling practices

No security system is perfect. We cannot guarantee absolute security of your information, but we will continue to take reasonable steps to protect it.

7.3 Data accuracy

We take reasonable steps to ensure the personal information we hold is accurate, up to date, complete, and relevant to the purposes for which it is used. You may request correction of any inaccurate information by contacting us.

8. RETENTION

We retain personal information only for as long as necessary for the purposes described in this policy, or as required by law.

- Email subscriber records: retained while you are subscribed and for up to 12 months after you unsubscribe, then de-identified or destroyed

- Assessment response data linked to your email: retained for as long as you remain on our list or until you request deletion

- Assessment response data without an email (anonymous): retained indefinitely in de-identified form for aggregate analysis

- Contact-form messages and email correspondence: retained for up to 7 years to enable continuity of communication and to comply with any legal obligations

- Server logs (IP addresses, technical data): retained for up to 12 months for security and fraud prevention purposes

You may request deletion of your individual record at any time by emailing drbeelim@gmail.com.

9. DISCLOSURE OF YOUR INFORMATION

We disclose personal information to:

9.1 Our service providers

- Netlify (form-hosting service, United States): stores assessment form submissions on our behalf

- Squarespace (website hosting service, United States): hosts drbeelim.com

- Our email automation provider (United States; current provider details on request): stores subscriber records and sends emails

These providers are bound by contractual obligations to handle your information only as instructed by us, in compliance with applicable privacy laws.

9.2 Where required by law

We may disclose personal information without your consent where required or authorised by Australian law, including:

- In response to a court order, subpoena, or other lawful request

- To regulatory authorities (such as AHPRA) where required by law or professional obligation

- To prevent or investigate suspected fraud or unlawful activity

- To protect the rights, safety, or property of Dr Bee Lim, our clients, or the public

9.3 With your consent

We may disclose personal information to other third parties only with your express consent.

9.4 What we do not do

- We do not sell, rent, or trade your personal information to advertisers or data brokers

- We do not use your information for any purpose unrelated to the Welcome Home framework or the operation of drbeelim.com

10. INTERNATIONAL TRANSFERS

Some of our service providers (Netlify, Squarespace, and our email automation tool) host data in the United States. By using this website and the assessment, you consent to your information being transferred to and stored in the United States.

We choose providers with industry-standard security practices. Legal protections for personal information in the United States may differ from those in Australia. The Australian Privacy Act 1988 (Cth) continues to apply to our handling of your information regardless of where it is stored.

If you are located in the European Union, the United Kingdom, or another jurisdiction with restrictions on international transfers, please contact us for further information about safeguards in place.

11. DIRECT MARKETING

If you have opted in to the Welcome Home email series, we will send you periodic educational content, updates about the Welcome Home framework, the book Welcome Home: Healing Trauma & Reclaiming Wholeness, the Homecoming Profile, and related products and services.

Each marketing email will:

- Clearly identify Dr Bee Teng Lim as the sender

- Contain a functional unsubscribe link

- Comply with the Spam Act 2003 (Cth) and the Australian Privacy Principles

You may withdraw your consent at any time by clicking the unsubscribe link in any email or by emailing drbeelim@gmail.com. We will action your unsubscribe request within 5 business days.

12. CHILDREN AND YOUNG PEOPLE

This service is not directed at people under 16 years of age. We do not knowingly collect personal information from anyone under 16. If you are under 16, please do not enter your email address or use the assessment.

If you become aware that a child has provided us with personal information, please contact drbeelim@gmail.com so we can delete the relevant data.

For users between 16 and 18: we recommend that you speak with a parent or guardian before using the assessment or providing your email address.

13. COOKIES AND TRACKING TECHNOLOGIES

13.1 The Homecoming Profile

The assessment itself does not use tracking cookies. Your responses are processed locally in your browser and submitted only when you click the submit button. No third-party analytics or tracking scripts are loaded.

13.2 The broader drbeelim.com website

drbeelim.com is hosted on Squarespace, which uses functional cookies (necessary for website operation) and may use analytics cookies to understand site usage. Please refer to Squarespace's cookie policy at squarespace.com/cookie-policy for details.

You may control cookies through your browser settings. Disabling cookies may affect the functionality of the website.

14. YOUR RIGHTS

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

- Access the personal information we hold about you

- Correct any inaccurate, incomplete, or out-of-date personal information

- Request deletion of your personal information (subject to any legal obligation we have to retain it)

- Withdraw your consent to processing at any time

- Object to specific uses of your information

- Receive a copy of your personal information in a structured, commonly used format

- Lodge a complaint with us or with the Office of the Australian Information Commissioner (OAIC)

If GDPR applies to your data, you have additional rights including the right to object to automated decision-making, the right to data portability, and the right to restriction of processing.

To exercise any of these rights, email drbeelim@gmail.com. We will respond within 30 days. If we cannot provide what you have requested (for example, if we are legally required to retain certain information), we will explain why.

There is no charge for exercising your rights, except in unusual circumstances where the request is excessive or repetitive.

15. COMPLAINTS

If you believe we have mishandled your personal information or breached the Australian Privacy Principles, we want to hear from you.

Step 1: Contact us first

Email drbeelim@gmail.com with the subject line "Privacy Complaint." Describe the issue clearly. We will:

- Acknowledge receipt within 5 business days

- Investigate and respond within 30 days

- Take reasonable steps to remedy any breach we identify

Step 2: External complaint

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

- Website: oaic.gov.au

- Phone: 1300 363 992

- Mail: GPO Box 5288, Sydney NSW 2001

If GDPR applies to your data, you may also lodge a complaint with your local data protection authority in the European Union or United Kingdom.

16. DATA BREACHES

We are required by the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act 1988) to notify affected individuals and the OAIC of any "eligible data breach" that is likely to result in serious harm.

If we become aware of an eligible data breach affecting your personal information, we will:

- Contain the breach as quickly as possible

- Assess the likely consequences

- Notify you and the OAIC as required by law, generally within 30 days

- Take reasonable steps to mitigate any harm caused

- Review and improve our security practices to reduce the likelihood of recurrence

17. CLINICAL CONTEXT

If you are or have been a clinical client of Dr Bee Lim through Mind Health Collective or any other clinical practice, your clinical records are held separately under our clinical record-keeping system (Zanda). Clinical records are governed by:

- The Privacy Act 1988 (Cth)

- The AHPRA Code of Conduct for Registered Health Practitioners

- The APS Code of Ethics

- Relevant state-based health records legislation

The data collected through this website is held independently of clinical records. Completing The Homecoming Profile or subscribing to the Welcome Home email series does not create a clinical or therapeutic relationship with Dr Bee Lim.

If you are uncertain about whether information you have provided is held under clinical or website privacy frameworks, please email drbeelim@gmail.com for clarification.

18. CHANGES TO THIS POLICY

We may update this policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The current version will always be available at drbeelim.com/privacy.

If we make material changes (changes that affect how your personal information is used), we will:

- Update the "Effective date" and "Last updated" fields at the top of this policy

- Notify email subscribers in advance, by email

- Provide at least 14 days' notice before the changes take effect

By continuing to use the website or assessment after the effective date of any change, you consent to the updated policy.

19. CONTACT

For privacy questions, complaints, requests to access or correct your information, or to exercise any of your rights:

Email: drbeelim@gmail.com

Subject line: "Privacy: [your question]"

For matters involving identifiable clinical information, please contact your clinical practice directly rather than through this email address.

This privacy policy is effective as of 11 May 2026 and was last updated on 10 May 2026.