Privacy and terms

Definitions and key terms

• ◆Company: when this policy mentions "Company," "we," "us," or "our," it refers to Ongkrong Consulting (ABN 70 543 844 199), 260 Spencer Street, Melbourne, VIC 3000, Australia, that is responsible for your information under this Privacy Policy.
• ◆Country: where Ongkrong Consulting or its founders are based, in this case Australia.
• ◆Device: any internet-connected device such as a phone, tablet, or computer that can be used to visit Ongkrong Consulting and use the services.
• ◆IP address: every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the location from which a device is connecting to the Internet.
• ◆Personal Data: any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
• ◆Service: refers to the website and consulting services provided by Ongkrong Consulting as described on this platform.
• ◆Third-party service: refers to service providers we engage to support the operation of our website, such as hosting providers and analytics services.
• ◆Website: the Ongkrong Consulting site, which can be accessed at https://www.ongkrong.com/
• ◆You: a person or entity that uses the Ongkrong Consulting website or engages with our services.

Information collected

We collect information from you when you submit our contact form or visit our website. The specific information we collect is:

• ◆Name (provided via contact form)
• ◆Email address (provided via contact form)
• ◆Phone number (optional; provided via contact form only if you prefer a call back)
• ◆Message content (provided via contact form)
• ◆IP address (collected temporarily for rate-limiting purposes; not stored persistently)
• ◆Cookieless analytics data via Vercel Analytics (page views, referrer URL, browser type, operating system, and country-level geolocation — no cookies are set and no personally identifiable information is collected)
• ◆Privacy preference (stored in your browser’s localStorage; not transmitted to our servers)

How collected information is used

• ◆To respond to your enquiry submitted via the contact form, including by phone only if you provide a phone number
• ◆To improve our website based on aggregated, anonymised analytics data
• ◆To protect the website from abuse through rate limiting

Email address use

We use your email address solely to respond to the enquiry you submitted through our contact form. We do not send marketing emails, newsletters, or any unsolicited communications. We do not use your email address for audience targeting, advertising, or remarketing on any platform.

Information shared with third parties

We do not sell, trade, or share your personal information with third parties for marketing or advertising purposes. Your contact form submissions are processed through the following service providers, who act as data processors on our behalf:

• ◆Google Sheets: contact form submissions (name, email, optional phone number, message) are stored in Google Sheets for the purpose of managing and responding to enquiries.
• ◆Vercel: our website is hosted on Vercel. Vercel Analytics collects cookieless, anonymised usage data (page views, referrer, browser, OS, country-level geolocation). Vercel may also process your IP address transiently as part of standard web hosting operations.
• ◆Stripe: if you start the AI opportunity diagnostic, payment is processed by Stripe. We never see or store your full card details; Stripe handles payment data under its own privacy terms as a PCI-DSS Level 1 provider.

Information retention

Contact form submissions are retained for 12 months and then reviewed for deletion. Anonymised analytics data collected by Vercel Analytics is retained in accordance with Vercel’s data retention policies. IP addresses used for rate limiting are ephemeral and are not stored persistently.

Information protection

We implement appropriate security measures to maintain the safety of your personal information. Our website is served over HTTPS (TLS encryption) to protect data in transit. Contact form data is transmitted securely to Google Sheets via authenticated API connections. We do not collect or store payment card details, financial information, or government identifiers. While we take reasonable steps to protect your information, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

Cookies

Ongkrong Consulting does not use tracking cookies, advertising cookies, or third-party cookies. The only data stored locally is your privacy preference, which is saved in your browser’s localStorage (not a cookie) and is never transmitted to our servers. If you accept analytics, Vercel Analytics collects cookieless usage data for website insights and does not set advertising cookies.

Overseas data processing

Ongkrong Consulting is based in Australia. As our website is hosted on Vercel and contact form data is stored in Google Sheets, your information may be processed in countries outside Australia, including the United States. Where your personal data is disclosed to overseas recipients, we take reasonable steps to ensure that those recipients comply with the Australian Privacy Principles, consistent with Australian Privacy Principle 8 (APP 8) regarding cross-border disclosure of personal information under the Privacy Act 1988 (Cth). Vercel, Google, and Stripe each maintain documented data protection and security practices.

Security of collected information

We take precautions to protect the security of your information. We have technical and organisational procedures to help safeguard your information, prevent unauthorised access, maintain data security, and correctly use your information. However, neither people nor security systems are foolproof, including encryption systems. Therefore, while we use reasonable efforts to protect your personal information, we cannot guarantee its absolute security.

Access, correction and deletion

You have the right to request access to, correction of, or deletion of the personal information we hold about you. To exercise any of these rights, please contact us at motta.thong@ongkrong.com. We will respond to your request within a reasonable timeframe, and within 30 days where legally required.

Sale of business

We reserve the right to transfer information to a third party in the event of a sale, merger, or other transfer of all or substantially all of the assets of Ongkrong Consulting, or in the event that we discontinue our business or file (or have filed against us) a petition in bankruptcy, reorganisation, or similar proceeding, provided that the third party agrees to adhere to the terms of this Privacy Policy.

Affiliates

We may disclose information (including personal information) about you to our Corporate Affiliates. For purposes of this Privacy Policy, "Corporate Affiliate" means any person or entity which directly or indirectly controls, is controlled by, or is under common control with Ongkrong Consulting, whether by ownership or otherwise. Any information relating to you that we provide to our Corporate Affiliates will be treated by those Corporate Affiliates in accordance with the terms of this Privacy Policy.

Governing law

This Privacy Policy is governed by the laws of Australia, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). You consent to the exclusive jurisdiction of the courts of the State of Victoria, Australia, in connection with any action or dispute arising between the parties under or in connection with this Privacy Policy.

Consent

By using the Ongkrong Consulting website, you acknowledge this Privacy Policy. Where consent is required, we will request it separately.

Links to other websites

This Privacy Policy applies only to the Ongkrong Consulting website. Our website may contain links to other websites not operated or controlled by us. We are not responsible for the content, accuracy, or opinions expressed on such websites, and they are not investigated, monitored, or checked for accuracy or completeness by us. When you use a link to leave our website, our Privacy Policy is no longer in effect. Your browsing and interaction on any other website is subject to that website’s own rules and policies.

Children's privacy

We do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information from our systems.

Changes to this privacy policy

We may change our Service and policies, and we may need to update this Privacy Policy so that it accurately reflects our Service and policies. Unless otherwise required by law, we will update this page with any changes and note the revised date. If you continue to use the Service after changes are posted, you will be bound by the updated Privacy Policy.

Third-party services

Our website relies on the following third-party services: Vercel (website hosting and cookieless analytics), Google Sheets (contact form data storage), and Stripe (payment processing for the AI opportunity diagnostic). We may also link to external websites or services. You acknowledge and agree that Ongkrong Consulting shall not be responsible for any third-party services beyond our direct service providers, including the accuracy, completeness, timeliness, or validity thereof.

General Data Protection Regulation

If you are located in the European Economic Area (EEA), the General Data Protection Regulation (GDPR) may apply to your personal data. Ongkrong Consulting processes minimal personal data and does so on the following lawful bases:

• ◆Legitimate interest: we collect cookieless, anonymised analytics data to improve our website.
• ◆Consent: when you submit our contact form, you consent to us processing the information you provide in order to respond to your enquiry.
• ◆Personal data should be held no longer than necessary to fulfil its purpose.
• ◆People covered by the GDPR have the right to access their own personal data. They can also request a copy of their data, and that their data be updated, deleted, restricted, or moved to another organisation.

Data access, portability and deletion

We are committed to respecting your data subject rights. If you wish to access, export, or delete the personal data we hold about you (such as your contact form submission), please email us at motta.thong@ongkrong.com. We will respond to your request within 30 days.

Australian privacy law

Ongkrong Consulting handles personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). You have the right to access and correct personal information we hold about you. If you believe we have breached the APPs, you may lodge a complaint with us at motta.thong@ongkrong.com. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.