Privacy Policy

Privacy and Cookie Policy

Esphere Consulting Pty Ltd (ABN 87 663 464 757), trading as BA Unfiltered, is committed to protecting your personal information. This policy explains what information we collect, why we collect it, how we use and protect it, and what your rights are. It applies to all visitors, enquirers, waitlist subscribers, and purchasers — covering your use of the BA Unfiltered marketing website, the Thinkific-hosted learning platform, any purchases you make, and all other interactions with BA Unfiltered, whether or not a purchase is made. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. What Information We Collect

When you create an account or enrol

Name and email address
Password (stored encrypted — we cannot access it)
Country of residence
Job title and company name (where provided at enrolment or checkout)

When you make a purchase

Billing name and address
Payment details — processed and stored by Thinkific Payments, not by us. We receive only a transaction confirmation and the last four digits of your card. Where you are a non-Australian consumer, the transaction record reflects the GST-free price.
Purchase amount, course details, and tax invoice information
Additional checkout verification data that Thinkific may collect for fraud prevention and payment security purposes — such as billing address verification signals and device session data. Refer to Thinkific's privacy policy at thinkific.com/privacy-policy for details.

When you use the course

Course progress, lesson completion, and time spent on content (tracked by Thinkific)
Quiz results and scores (for mock exam packs delivered via standalone examination environments, only lesson-completion marking is captured — individual attempt data and scores are not recorded by the platform)
Resource downloads

When you contact us

The content of your message and any attachments
Your contact details as provided

Automatically collected information

IP address and general location (country/region)
Browser type, device type, and operating system
Pages visited and navigation behaviour on our site(s) — this applies to both the BA Unfiltered marketing website and, where applicable, the Thinkific-hosted course platform
Referral source

2. Why We Collect It and How We Use It

We collect only what we need for a specific, stated purpose:

To provide course access — your name, email, and payment confirmation are needed to set up and maintain your learner account.

To process payments — Thinkific Payments handles payment processing on our behalf. We use the transaction record to issue your tax invoice and manage your enrolment.

To track your progress — Thinkific records course progress so you can resume where you left off and access resources gated behind quiz completion.

To communicate with you — we contact you about your enrolment, course updates, technical issues, or in response to your enquiries.

To improve our courses — we use aggregate, non-identifiable usage data to understand content effectiveness.

For marketing — only if you have opted in at checkout or joined our waitlist (see Section 9). You can withdraw consent and unsubscribe at any time.

3. Who We Share It With

We do not sell your personal information. We share it only with service providers who help us deliver our courses, and in limited circumstances described below:

Thinkific Labs Inc.

Our course platform. Thinkific hosts our site, stores your learner account data, tracks your progress, and issues completion certificates. Thinkific may store and process your data on servers located outside Australia. For information on how Thinkific stores, protects, and transfers data internationally, refer to their privacy policy at thinkific.com/privacy-policy.

Thinkific Payments

Our payment processor. Thinkific Payments handles all payment card data to PCI-DSS standards. We do not store your card details. Thinkific Payments may process your payment data on servers located outside Australia. For BNPL transactions (Afterpay, Klarna, or other available BNPL providers), those providers also process your data under their own privacy policies.

MailerLite

Our email marketing platform. We use MailerLite to manage our subscriber list and send marketing communications. Your name and email address are shared with MailerLite only where you have consented to receive marketing communications — either by opting in at checkout or by joining our waitlist. MailerLite may process your data on servers located outside Australia. For information on how MailerLite handles data, refer to their privacy policy at mailerlite.com/legal/privacy-policy. We use MailerLite for marketing purposes only. Transactional emails related to your enrolment and account are sent through Thinkific.

IIBA (International Institute of Business Analysis)

Where a completion certificate is issued and subsequently invalidated — for example, following a refund — we may notify IIBA of the invalidation. This disclosure is limited to the learner's name, course name, and certificate status. This disclosure is made in accordance with our obligations as an IIBA Essential Training Partner.

Other disclosures

If you visit external links from our course site or communications, those third-party sites have their own privacy policies. We are not responsible for the privacy practices of third-party sites.

We may also disclose your information if required by Australian law or by a lawful request from a government or regulatory authority.

4. Storing and Protecting Your Information

Your data is stored on Thinkific's servers and processed by Thinkific Payments. Both services use industry-standard encryption and security controls. We access your data only where necessary to manage your enrolment or respond to a support request. We encourage you to review Thinkific's privacy policy at thinkific.com/privacy-policy for details of their data storage practices and security measures.

We retain personal information only for as long as necessary for the purpose it was collected, or as required by law. Our retention periods are as follows:

Financial and transaction records — retained for a minimum of 5 years, as required under the Income Tax Assessment Act 1997 (Cth) s.286-25.
Course progress, quiz results (where captured by the platform), and completion certificates — retained for 5 years after your last account activity or account deletion, to support any IIBA CDU or PD hour audit requirements.
Email correspondence and support records — retained for 3 years after the last interaction.
Marketing consent records — retained for the duration of your subscription to our marketing communications, and for 6 years after you unsubscribe, in accordance with the civil penalty limitation period under the Spam Act 2003 (Cth) and the Regulatory Powers (Standard Provisions) Act 2014 (Cth).
IP address and platform access logs — retained for 90 days for security and fraud detection purposes.
Account data (name, email address) — deleted within 30 days of a valid deletion request, subject to the retention obligations above.

Where you exercise a right to deletion, financial and transaction records subject to legal retention obligations will be retained for the required period but will not be used for any other purpose. We will confirm in writing what has been deleted and what has been retained and why.

We comply with our obligations under the Notifiable Data Breaches (NDB) scheme in the Privacy Act 1988 (Cth). If a data breach occurs that is likely to result in serious harm to you, we will notify you as soon as practicable and provide guidance on steps you can take to protect yourself. We will also notify the Office of the Australian Information Commissioner (OAIC) as required by the NDB scheme.

5. International Transfers

Some of the third-party providers we use — including Thinkific, Thinkific Payments, MailerLite, and where applicable, BNPL providers such as Afterpay and Klarna — may store and process your personal data on servers located in countries outside Australia, including the United States and Canada. We do not have direct control over where these providers store data, and we cannot independently verify that each provider's cross-border data handling arrangements fully meet the standard required by Australian Privacy Principle 8 (APP 8).

We have selected these providers based on their market standing, their published privacy policies and security certifications, and their compliance with applicable data protection laws in their own jurisdictions. We encourage you to review the privacy policies of Thinkific (thinkific.com/privacy-policy) and MailerLite (mailerlite.com/legal/privacy-policy) for details of the specific countries and safeguards applicable to each provider.

By using our site and making a purchase or joining our waitlist, you consent to the transfer of your personal data to the third-party providers named in this policy, and acknowledge that their servers may be located in countries whose data protection laws differ from those in Australia. Where this applies, Australian Privacy Principle 8.1 (which requires overseas recipients to handle your information in accordance with the APPs) may not apply to the overseas recipient. If you do not wish to consent to these transfers, do not use our site or services.

6. Your Rights Under the Australian Privacy Principles

Under the Privacy Act 1988 (Cth), you have the right to:

Access the personal information we hold about you
Ask us to correct information that is inaccurate, incomplete, or out of date
Ask us to delete your personal information (subject to our legal retention obligations)
Make a complaint if you believe we have handled your personal information in breach of the Australian Privacy Principles

To exercise any of these rights, email [email protected]. We will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or call 1300 363 992.

7. Additional Rights for EU and UK Learners

If you are located in the European Union (EU), European Economic Area (EEA), or United Kingdom (UK), the General Data Protection Regulation (GDPR) or UK GDPR may apply to the processing of your personal data, in addition to Australian privacy law. Where GDPR or UK GDPR applies, you have the following rights:

Right of access (Article 15) — you have the right to obtain a copy of the personal data we hold about you and information about how it is processed.
Right to rectification (Article 16) — you have the right to have inaccurate or incomplete personal data corrected.
Right to erasure (Article 17) — you have the right to request deletion of your personal data where it is no longer necessary for the purpose it was collected, where you withdraw consent, or where processing is unlawful. This right is subject to our legal retention obligations.
Right to restriction of processing (Article 18) — you have the right to request that we limit how we process your personal data in certain circumstances, for example while we verify the accuracy of data you have contested.
Right to data portability (Article 20) — where processing is based on your consent or on a contract, you have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit it to another controller.
Right to object (Article 21) — you have the right to object to processing of your personal data for direct marketing purposes. You may also object to processing based on our legitimate interests, though we may be able to demonstrate overriding grounds.
Rights related to automated decision-making (Article 22) — access to sequential course content is determined automatically by the Thinkific platform based on your lesson completion data. This is a contractual feature you have accepted as part of the course design, not a decision with legal or similarly significant effects. No other automated decision-making affecting your rights is carried out by us.

The legal basis for our processing of your personal data is primarily the performance of a contract (delivering the course you have purchased), compliance with legal obligations (tax and financial record-keeping), consent for marketing communications, and consent for international data transfers to our third-party providers as described in Section 5.

To exercise any of the above rights, contact [email protected]. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority — for EU learners, this is the data protection authority in your country of residence; for UK learners, this is the Information Commissioner's Office (ICO) at ico.org.uk.

Please note: we are a small Australian business. We do not have a designated EU or UK representative or a Data Protection Officer (DPO) at this time. If the volume of EU or UK learner enrolments increases significantly, we will review our obligations and update this section accordingly.

8. Cookies

What cookies are

Cookies are small text files stored on your device when you visit a website. They help the site remember your preferences and how you interact with it. BA Unfiltered operates two digital environments — the BA Unfiltered marketing website and the Thinkific-hosted course platform — each with their own cookie practices, described below.

BA Unfiltered website

The BA Unfiltered marketing website uses a cookie consent banner in accordance with applicable privacy law. When you first visit the site, you will be asked to accept or reject non-essential cookie categories. The following cookies may be used:

Essential cookies — required for the website to function correctly. These cannot be rejected.
Functional cookies — used to remember your preferences and improve your experience.
Analytics cookies — used to understand how visitors navigate the site. We use aggregated, anonymised data only. No personal profile is built without your consent.
Marketing and retargeting cookies — used to show relevant content, only if you have opted in via the cookie consent banner.

Thinkific course platform

When you click through to the Thinkific-hosted course platform to purchase or access your course, Thinkific manages its own cookie environment independently. BA Unfiltered does not control these cookies. The following cookie types may be set by Thinkific and its payment partners:

Essential platform cookies — required for the Thinkific platform to function. These keep you logged in, maintain your course progress, and enable checkout. You cannot opt out of these without losing platform functionality.
Analytics cookies — used by Thinkific to understand platform usage (aggregated and anonymised). Refer to Thinkific's privacy policy at thinkific.com/privacy-policy for details.
Payment cookies — set by Thinkific Payments during checkout to enable secure payment processing.
BNPL cookies — if you select Afterpay or Klarna at checkout, those providers may set their own cookies subject to their own cookie policies.

How to manage cookies

BA Unfiltered website: You can accept or reject non-essential cookies using the cookie consent banner displayed on your first visit. You can change your preferences at any time by clearing your browser cookies and revisiting the site.

Thinkific platform: You can manage Thinkific's cookies through your browser settings. Blocking essential platform cookies will prevent you from accessing the course. Blocking payment or BNPL cookies may affect checkout functionality.

9. Marketing Communications

We will only send you marketing communications if you have opted in — either by selecting the marketing consent option at checkout, or by joining our waitlist, in which case you will receive course announcements and updates. Each marketing communication includes a clear and functional unsubscribe mechanism. Unsubscribe requests will be processed within 5 business days, in accordance with the Spam Act 2003 (Cth). You can also opt out at any time by emailing [email protected] or by clicking the unsubscribe link in any marketing email. Opting out of marketing does not affect transactional emails about your enrolment or account. Marketing emails are sent through MailerLite.

10. Children

Our courses are intended for adult professional learners. We do not knowingly collect personal information from anyone under the age of 18. If you believe a minor has created an account on our site, please contact [email protected] and we will delete the account promptly.

11. Changes to This Policy

We may update this policy from time to time. The current version with its date will always be posted on our course site. If we make a significant change, we will notify enrolled learners by email.

12. Governing Law

This policy is governed by the laws of the State of Victoria, Australia and the Privacy Act 1988 (Cth).

13. Contact Us

For privacy-related questions, access requests, corrections, or complaints:

Email: [email protected]
Entity: Esphere Consulting Pty Ltd (trading as BA Unfiltered) ABN 87 663 464 757
Address: Point Cook, Victoria, Australia

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner at oaic.gov.au or call 1300 363 992.

Last updated: June 2026 · Esphere Consulting Pty Ltd (trading as BA Unfiltered) ABN 87 663 464 757 · [email protected]