Who we are?
We are Yesterdays Photo®, a photography, photo restoration and digitisation business based in Perth, Western Australia. Our website address is https://yesterdays.com.au.
We are committed to protecting your privacy and the confidentiality of your personal information. This policy explains what we collect, why, how we store it, who we share it with, and the rights you have. It is written to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
Contact for privacy matters: po*****@************om.au | +61 497 859 034 | 2A Talbot Way, Woodlands WA 6018
Last updated: July 13, 2026
Aboriginal and Torres Strait Islander
cultural material
Warning: Historical photographs may contain images, names or voices of Aboriginal and Torres Strait Islander people who have passed away.
We restore and digitise historical photographs, and some of this material may depict Aboriginal and Torres Strait Islander people, places, ceremonies or cultural practices. We recognise that this material may carry cultural significance and sensitivities that go beyond ordinary questions of copyright or personal privacy.
We recognise Indigenous Cultural and Intellectual Property (ICIP) rights, and that these rights may sit with a community rather than with the person who holds the physical photograph.
Ownership of a print does not necessarily carry the right to reproduce, publish or display what it shows.
Where we identify material that appears to be culturally sensitive, we will:
- Handle it with care and discuss it with you before proceeding.
- Not publish, display or use the material for marketing or portfolio purposes without appropriate consent
- Support you in seeking guidance from the relevant community, family or organisation where that is appropriate
- Return or securely delete material at the request of a community or family with a legitimate cultural interest in it
If you are an Aboriginal or Torres Strait Islander person, a family member, or a community representative with concerns about material we hold, please contact us at po*****@************om.au. We will respond respectfully and promptly.
We acknowledge the Whadjuk people of the Noongar nation as the Traditional Custodians of the land on which we work, and pay our respects to Elders past and present.
What personal data we collect
and why we collect it?
We collect personal information when you engage our services or use our website. This may include:
- Contact details: name, email address, postal address, phone number
- Billing information: processed by our payment providers; we do not store full card numbers
- Photographs, negatives, slides and documents you supply for restoration or digitisation
- Family and historical context you choose to share to help us understand the significance of an image
- Technical data: IP address, browser type and pages visited, collected when you use our website
- We collect this information to quote and invoice, deliver the services you have asked for, provide customer support, maintain archival records where you have asked us, and to improve our services.
Dealing with us anonymously: Where it is lawful and practicable, you may deal with us anonymously or under a pseudonym , for example, when making a general enquiry. This is not practicable where we need to identify you to deliver a service, invoice you, or return your originals.
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
Media, Photographs & Metadata
When you upload or send us images, they may contain embedded metadata (EXIF), which can include the date, camera details and in some cases GPS location data. We treat this metadata as part of your personal information.
Contact forms
When you leave a comment, we collect the data shown in the comments form, along with your IP address and browser user agent string. This assists with spam detection. Comment data is processed by CleanTalk, an anti-spam service, which may involve transfer outside Australia.
When you submit a contact form, we collect the information you provide in order to respond to your enquiry. We use this information only to communicate with you and to provide the services you have requested.
Cookies
We use cookies to operate the website and to understand how it is used. You can manage your cookie preferences at any time through the consent banner on our site.
If you leave a comment, you may opt in to saving your name, email address and website in cookies for your convenience. These last for one year.
If you have an account and log in, we set cookies to store your login information and screen display choices. Login cookies last two days; screen options cookies last a year. Selecting “Remember Me” extends your login to two weeks. Logging out removes these cookies.
Embedded content from
other websites
Pages on this site may include embedded content such as videos or images from other websites. Embedded content behaves exactly as if you had visited the other website directly. These websites may collect data about you, set cookies, embed third-party tracking, and monitor your interaction with that content.
Analytics
We use analytics tools to understand how visitors use our website, which pages are read, how people arrive, and where we can improve. [We use Google Analytics via Google Site Kit.] Analytics data helps us make informed decisions about our content and services.
Analytics involves the transfer of data outside Australia. See “Sending data overseas” below.
How long we retain your data?
We keep personal information only for as long as we need it, and we distinguish between different types:
- Archival and restoration work: Where you have engaged us to restore or digitise your images, we retain the images and associated records for as long as necessary to provide the service and to maintain an archival record for you. Many clients specifically want us to hold their family archive. You may ask us to delete your images and records at any time, and we will do so.
- Enquiries that do not become jobs: Retained for [12 months], then deleted.
- Financial records: Retained for [7 years] as required by Australian taxation law.
- Website comments: None captured
If you would like your data deleted, email po*****@************om.au. We will confirm deletion in writing, subject to any records we are legally required to keep.
Who we share your data with?
We do not sell or rent your personal information. We never will.
We share data only with service providers who help us operate the business:
- Payment processing: PayPal, Square
- Accounting and invoicing: Xero
- Website security and performance: Cloudflare, Wordfence, Perfex CRM
- Spam filtering : Elementor pro CleanTalk
- Analytics: Google
- Email delivery: Zoho mail
These providers vowed to handle your information consistently with this policy and with Australian privacy law. We may also disclose information where required or authorised by law.
Sending data overseas
Some of the service providers listed above store or process data outside Australia, including in the United States and the European Union. This applies in particular to Cloudflare, CleanTalk, Google and our payment providers.
Before disclosing personal information overseas, we take reasonable steps to ensure the recipient handles it in a way consistent with the Australian Privacy Principles. By using our website and services, you acknowledge that your information may be processed outside Australia.
How we protect your data?
We use a range of measures to keep your information secure, including firewalls, encryption in transit, the Wordfence security plugin, Cloudflare protection, and regular vulnerability scanning. Access to your personal information is limited to those who need it to deliver our services to you.
Physical originals you send us are stored securely and returned to you on completion.
No system is completely secure. While we take security seriously and act promptly on any incident, transmission of information over the internet carries inherent risk. We encourage you to use strong, unique passwords and to keep your own devices up to date.
How we protect your data
We use a range of measures to keep your information secure, including firewalls, encryption in transit, the Wordfence security plugin, Cloudflare protection, and regular vulnerability scanning. Access to your personal information is limited to those who need it to deliver our services to you.
Physical originals you send us are stored securely and returned to you on completion.
No system is completely secure. While we take security seriously and act promptly on any incident, transmission of information over the internet carries inherent risk. We encourage you to use strong, unique passwords and to keep your own devices up to date.
Your contact information
We collect personal information when you engage our services or visit our website. This includes your name, contact information, billing information, and any other relevant details needed to provide you with our services. We use this information to fulfill your requests, provide customer support, and improve our services.
As a photo restoration and photography business, we collect personal information from our clients in order to provide our services. This includes basic contact information such as name, email address, residential address and phone number to name a few. In addition, we may collect family photos, documents and historical information in order to better understand the context and significance of the photos being restored or taken.
We take the privacy and security of our clients’ personal information seriously, and we use appropriate measures to protect this information from unauthorised access or disclosure. We do not share this information with third parties unless it is necessary to provide our services or as required by law.
We may also use your personal information to contact you with marketing or promotional materials. If you wish to opt-out of receiving such communications, please let us know.
How we protect your data?
To ensure the security of your data, we use various measures, including firewalls, antivirus software, and encryption. In addition, we use the Wordfence security plugin to protect our website from unauthorized access, malware, and other security threats. With Wordfence, we regularly scan our website for vulnerabilities and implement necessary security measures to safeguard your data. We also limit access to your personal information to only those employees who need to know the information to provide services to you. Our commitment to data protection is unwavering, and we strive to maintain the highest level of security standards to protect your information.
What data breach procedures we have in place?
Accessing and correcting your information
You have the right to ask what personal information we hold about you, and to ask us to correct it if it is inaccurate, out of date or incomplete.
To make a request, email po*****@************om.au with “Privacy request” in the subject line. We will respond within 30 days. There is no charge for making a request, though we may charge a reasonable fee for the cost of providing access in some circumstances. If we refuse a request, we will explain why in writing.
What third parties we receive data from?
As a photography and photo editing company, we may receive data from various third-party sources to help us provide better services to our clients. This data may include information from social media platforms, search engines, and other digital marketing channels. Additionally, we may receive data from third-party software tools that we use to manage and store our clients’ information. We take the utmost care to ensure that any data we receive from third-party sources is secure and protected in accordance with our privacy policy. We only use this data to provide better services to our clients and do not share it with any other parties.
Direct marketing
We may contact you with information about our services. Every marketing email we send contains a working unsubscribe link, and we honour unsubscribe requests within 5 business days as required by the Spam Act 2003 (Cth).
You can also opt out at any time by emailing po*****@************om.au. We will not use your photographs, family history or other material you have entrusted to us in any marketing or portfolio without your express written consent.
Data Privacy and Security Disclaimer:
We highly value your privacy and take every reasonable measure to ensure the security of your data. However, it’s important to understand that the internet environment is inherently risky, and despite our dedicated efforts, we cannot guarantee an absolute safeguard against data breaches.
We implement stringent security protocols, employ up-to-date encryption techniques, and continually update our systems to enhance the protection of your personal information. Nonetheless, due to the evolving nature of cybersecurity threats, there exists a possibility, however remote, of unauthorized access to your data.
By engaging with our services, you acknowledge and accept the inherent risks associated with data transmission over the internet. We encourage you to take precautions on your end, such as using strong and unique passwords, keeping your access credentials confidential, and regularly updating your device’s security software.
Rest assured, we are committed to promptly addressing any security incidents that may arise and will take appropriate action to mitigate their impact. Your trust is of utmost importance to us, and we remain dedicated to upholding the highest standards of data privacy and security.
Industry regulatory disclosure requirements
We adhere to The Privacy Act 1988 which is an Australian law that regulates the handling of personal information about individuals. The Act sets out the requirements for collecting, using, disclosing, securing, and providing access to personal information. It also outlines the obligations of organisations in relation to the handling of personal information. Under the Privacy Act, individuals have the right to access and correct their personal information held by organisations, and organisations must take reasonable steps to protect personal information from misuse, interference, and loss, as well as unauthorised access, modification, or disclosure. Additionally, the Privacy Act establishes the role of the Office of the Australian Information Commissioner (OAIC), which oversees the handling of personal information and enforces compliance with the Act. As a company that handles personal information, we are committed to complying with the Privacy Act and protecting the privacy of our customers.
Making a complaint
If you believe we have mishandled your personal information, please tell us first. Email po*****@************om.au with “Privacy complaint” in the subject line. We will acknowledge your complaint within 7 days and aim to resolve it within 30 days.
If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner:
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5218, Sydney NSW 2001
Changes to this policy
We may update this policy from time to time. The current version is always available at this address, and the date it was last updated appears at the top of this page. Material changes will be notified to clients we hold data for.
Regulatory framework
We handle personal information in accordance with the Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles. The Privacy Act sets out how personal information must be collected, used, disclosed, secured and made available, and gives individuals the right to access and correct information held about them. The Office of the Australian Information Commissioner oversees compliance.
Where we send marketing communications, we comply with the Spam Act 2003 (Cth).