Privacy Policy

Identity and contact details

• Name, address, email address and phone number

Professional details

• Service related information
• Payment and transaction details for products and services you have purchased from us or enquiries about our products and services
• Your preferences for our services and your marketing preferences
• Feedback and survey responses

Digital information

• IP address and general location information derived from your IP address
• Search and browsing behaviour
• Website usage patterns
• Cookie preferences

Recordings

• Call recordings
• Records of meetings and decisions

Professional information (for job applicants and workers)

• Employment history
• Professional experience
• Required authorisations and licences
• Professional registrations
• Information about your right to work in the relevant jurisdiction

If you use any platform or service we operate, you may upload, input or otherwise provide data relating to your own business operations, processes, and clients (Platform Data). Please note the following in relation to Platform Data:

We do not own Platform Data. It remains yours at all times.

We process Platform Data only to provide and improve our platforms and services, as described in this policy and in any agreement between us.

You are responsible for ensuring that any Platform Data you upload, including any personal information relating to your own clients or end users, has been collected lawfully and that you hold all necessary consents or authorisations for its use on our platforms.

We are not responsible for the content of Platform Data or for any obligations you may have to your own clients or end users in relation to that data.

• Directly from you when you interact with us, contact us, or fill out forms.
• Automatically when you visit our website, use our technologies, or interact with our online services.
• From third parties such as service providers, business partners, public sources, government organisations, and organisations or people authorised by you.
• From publicly available sources such as ASIC and other regulatory bodies and professional networking sites such as LinkedIn.

We collect and use your personal information to run our business and provide our services as set out below.

Business operations

• To manage our relationship with you as a customer or supplier
• To process and deliver our products and services

To handle your inquiries, support requests, and communications

To maintain accurate records for billing and administration

To verify your identity when required or permitted by law

Communication and support

• To respond to your questions and support requests
• To communicate important updates about our services
• To handle inquiries made through our website or platforms

To manage your participation in surveys, feedback sessions, or events

Service improvement

• To conduct analytics and market research
• To improve our business operations and services
• To develop and enhance our applications and platforms
• To understand how our services are used

Marketing and promotions

• To send you promotional information about our services and events
• To inform you about products or services that may interest you
• To manage your marketing preferences
• To run competitions, promotions, and special offers
• To provide additional benefits to our customers

Employment purposes

• To assess employment applications
• To evaluate candidate qualifications
• To manage professional certifications and licences
• To maintain employment records

Legal and compliance

• To comply with our legal obligations
• To respond to court orders or legal processes
• To maintain required business records
• To fulfill regulatory requirements or reporting obligations

To protect our legal rights and interests or as authorised by law

We may disclose personal information to:

Service providers

• IT service providers
• Data storage providers
• Web hosting and server providers
• Payment processors
• Marketing and advertising providers
• Analytics providers

Professional advisers

• Bankers
• Auditors
• Insurers and insurance brokers
• Legal advisers

Business partners

• Our existing or potential agents
• Our business partners or contractors

Corporate transactions

• If we merge with or are acquired by another company, or sell our business assets, your information may be disclosed to our advisers
• Your information may be disclosed to the potential purchaser's advisers
• Your information may be included in the transferred assets

Legal and regulatory bodies

• Courts and tribunals
• Regulatory authorities including as required for reporting obligations
• Law enforcement officers

Other parties

• Third parties you have authorised
• Emergency services when necessary
• Any other parties as required or permitted by law

Storage and access

• We store your personal information in Australia. However, your information may be accessed from or transferred to locations outside Australia in these circumstances:
• When our service providers are located overseas
• When we work with overseas business partners
• When using cloud-based services or data storage solutions

Our approach to overseas disclosure

Before disclosing your personal information overseas, we take reasonable steps to ensure that the recipient treats your information in accordance with applicable law by only sending what is necessary, requiring recipients to protect your information through contractual agreements which require the recipient to comply with the privacy standards in applicable law or through other mechanisms that provide comparable safeguards and by monitoring how recipients handle your information.

Providing information

You can choose whether to provide personal information to us, however, if you don’t provide certain information, we may not be able to provide some services. Let us know if you don’t want to provide information and we will let you know when information is required versus optional.

You can request access to the personal information we hold about you and we will respond to your request within a reasonable time. We may charge a reasonable administrative fee for providing access and if we cannot provide access, we will explain why and explore alternative ways to share relevant information.

Correction rights

You can ask us to correct any information that is inaccurate, out of date, incomplete, irrelevant or misleading and we will take reasonable steps to correct your information promptly. If we cannot make the correction, we will explain why and discuss alternatives. You can ask us to add a statement to your information noting your requested correction.

You can opt-out of receiving marketing communications at any time. Each marketing communication will include an unsubscribe option. You can change your marketing preferences by contacting us. We will process your request as soon as practicable.

Step 1: Contact our privacy officer

What to include: Your full name, contact details, clear details about your request or complaint, and any relevant dates or reference numbers.

Step 2: Our response

• Verify your identity before processing your request
• Investigate thoroughly (for complaints) or process your request (for rights)
• Respond to you in writing within reasonable timeframes and as required by law
• Explain what actions we will take and keep you updated on progress
• Not charge you for making a request (except for reasonable access fees if applicable)
• Help you understand and exercise your rights

Step 3: If you’re not satisfied (complaints only)

• Ask for a review by our senior management, or
• Contact external bodies:
• Australian residents: Office of the Australian Information Commissioner (Phone: 1300 363 992, Website: www.oaic.gov.au)
• New Zealand residents: Office of the New Zealand Privacy Commissioner
• UK residents: Information Commissioner’s Office (Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, helpline number: 0303 123 1113, website: https://www.ico.org.uk/make-a-complaint)

You don’t have to contact us first before going to the ICO, but we’d appreciate the opportunity to try to resolve your concerns directly with you.

This is the same process whether you want to access your information, correct mistakes, change marketing preferences, or make a complaint about our privacy practices.

We use multiple layers of security to protect your information.

Technical safeguards

• Enterprise-grade encryption for data storage and transmission
• Regular security testing and monitoring
• Automated threat detection systems

Operational security

• Staff training on security and privacy
• Strict access controls based on job requirements

Regular security audits and incident response procedures testing

Physical security

• Secure premises with controlled access
• Secure disposal of physical documents
• Equipment security protocols

Public information

Please note that any information you choose to share publicly on online platforms (such as comments or reviews) can be accessed and used by others. We cannot control or protect information that you make publicly available.

We keep your personal information only as long as we need it for the purposes we collected it, or as required by law. When we no longer need it, we securely destroy or de-identify it.

What We Use

We use cookies, tracking pixels, and similar technologies on our website and in our emails to improve your experience and our services.

Cookies

• Small text files stored on your device
• Help remember your preferences
• Enable certain website functions
• Make your interactions with our website more efficient

Tracking Pixels

• Tiny, invisible images in web pages and emails
• Help us understand how you interact with our content
• Allow us to measure email engagement
• Enable more relevant content delivery

How we use these technologies

Essential Functions

• Remember your login status
• Maintain your session security
• Store your preferences
• Enable core website features

Analytics and Performance

• Understand how our website is used
• Measure page views and traffic
• Analyse user navigation patterns
• Identify areas for improvement

Personalisation

• Remember your preferences
• Tailor content to your interests
• Improve your browsing experience
• Provide relevant recommendations

Your control

• You can manage these technologies by:
• Adjusting your browser settings to block or delete cookies
• Using privacy-focused browser extensions
• Configuring your email client to block images
• Using our cookie preference settings

Note: Blocking all cookies may affect website functionality and your user experience.

Google Analytics

We use Google Analytics to understand how people use our website. This involves cookies that collect information about your browsing activity. You can opt out of Google’s advertising features through your Google account settings, browser add-ons, or your device’s privacy settings. Google provides various tools and options to control how your data is used for advertising purposes. You can learn more about how Google uses your data and your available options on Google’s privacy pages.

Meta advertising tools

We use Meta's advertising tools (such as Meta Pixel) to understand how our ads perform and to show you more relevant advertisements on Meta platforms like Facebook and Instagram when you visit our website or app. You can manage whether we connect information from our website with your Meta account for advertising purposes by adjusting your settings within your Meta account preferences.

Overview

We use artificial intelligence and machine learning technologies in our business operations and services, including AI tools provided by third parties. We only use these technologies when legally permitted and necessary for our business.

We may use AI technologies to:

Conduct analysis and data processing

Generate and modify content and coding

Improve and optimise our services and operations

Automate routine tasks and communications

Personalise your experience with our services

Support quality assurance processes

Assist with customer support and queries

Data protection and security

When we work with third-party AI providers, we ensure they handle your personal information in accordance with privacy laws through contractual requirements and appropriate safeguards.

Any information generated or inferred about you by AI technologies is treated as personal information, and you maintain all the rights outlined in this privacy policy. When using AI with your personal information, we commit to:

Transparency and control

We’ll inform you when AI is used to make decisions that may significantly affect you

Our staff are trained to understand AI limitations and verify outputs before relying on them

We implement processes to verify the accuracy of AI-generated outputs

Security

We use appropriate technical and organisational measures to maintain the security and integrity of your personal information

Risk mitigation

• We regularly assess and document risks associated with using AI to process personal information
• We implement appropriate measures to address these risks

We continuously monitor AI performance and regularly review their impact

We may update this policy at any time by posting the revised version on our website. We recommend that you review our website regularly to stay current with any policy changes.

Legal bases for processing personal information

European Data Protection Law requires us to have proper legal reasons for using your personal data. We can only use your information when we have one or more of these legal bases.

Consent - You have clearly agreed to us using your personal data for a specific purpose.

Performance of a contract - We need to use your information to fulfil a contract with you, or because you’ve asked us to do something before entering into a contract.

Legal duty - We must use your information to comply with the law.

Vital interests - We need to use your information to protect someone’s life.

Public interest - We need to use your information to perform a task in the public interest or carry out official functions that have a clear legal basis.

Legitimate interests - We have a genuine business reason to use your information, or a third party does, but only if this doesn’t unfairly override your rights and interests. Where we rely on legitimate interests as our legal basis, we have conducted balancing tests to ensure our interests do not override your fundamental rights and freedoms. These assessments consider:

The nature of our legitimate interest

The impact on you

Any safeguards we can implement

Your reasonable expectations

The broader context of our relationship

Note that we may process your personal data for more than one legal basis depending on the specific purpose for which we are using your data. We have listed the reasons we process your data and the legal basis below. Please reach out to us if you need further details about the specific legal basis we are relying on to process your personal data.

The full purposes of processing are set out in the policy above under “Why we collect, hold, use and disclose personal information” and the legal basis for this processing is set out below.

Purposes and legal bases

Overseas transfers

Your information may be transferred to locations outside the EU or United Kingdom in these circumstances:

When required as part of providing our services

When our service providers are located overseas

When we work with overseas business partners

When using cloud-based services or data storage solutions

When required by law or legal proceedings

Our approach to overseas transfers

When we transfer your personal data outside the EU or United Kingdom, we ensure it receives appropriate protection by:

Only transferring your information to countries that European Data Protection Laws recognise as providing adequate protection for personal information,

Putting in place a contract with the third party that means they must protect personal data to the same standards as the EU or UK, or

Transferring personal data to organisations that are part of specific agreements on cross-border data transfers with the EU or UK.

Data retention

• We only keep your personal data for as long as we need it to provide our services to you, meet our legal, tax, accounting or regulatory obligations, and handle any complaints or legal issues that may arise.
• We may keep your information for longer if you make a complaint we need to investigate, if we reasonably believe legal action might occur, or if the law requires us to keep it for specific timeframes.
• Once we no longer need your personal data, we will securely delete or destroy it in accordance with our data retention policies and legal requirements.
• You can request information about retention periods for your data and ask for early deletion where legally possible.

Rights in relation to personal data

In addition to the rights you have in our policy above, you also have the below rights.

Right to Erasure

You can request deletion of your personal data in certain limited circumstances as set out in European Data Protection Law, such as where the data is no longer necessary or has been unlawfully processed. This right is not absolute and we may be required or entitled to retain your data for legal, regulatory or legitimate business reasons.

Right to Restrict Processing

• You can ask us to suspend processing where you contest the accuracy of the data
• Processing is unlawful but you do not want erasure
• We no longer need the data but you need it for legal claims
• You have objected to processing pending verification of our legitimate grounds

You contest the accuracy of the data

Processing is unlawful but you don’t want erasure

We no longer need the data but you need it for legal claims

You’ve objected to processing pending verification of our legitimate grounds

Right to Data Portability

• Where technically feasible, you can receive your personal data in a structured, commonly used format or have it transmitted to another controller where:
• Processing is based on consent or contract
• Processing is automated

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

Contact details for GDPR matters

For any questions about how we process your personal information under GDPR, please contact us at privacy@zindecah.com.

For privacy questions, requests, or complaints, contact Zindecah Pty Ltd (ABN 64 654 079 562), Sydney, Australia, or email privacy@zindecah.com.