enable JavaScript

Privacy Policy

Last reviewed March 21, 2025

We are committed to protecting your privacy. We comply with our privacy obligations under the Australian Privacy Principles in the Privacy Act 1988 (Cth) (the “Privacy Act”) and the General Data Protection Regulation (“GDPR”).

This Privacy Policy explains how we collect, use, share, and protect Personal Information on the Platform, and how you can exercise your privacy rights.

This Privacy Policy, together with our Platform Services Description, User Terms, Service Level Agreement, Cookie Policy, Acceptable Use Policy, Copyright and Trademark Policy, Security Policy, and Browser/Mobile Support Policy form a legally binding agreement between you and us. Capitalised terms not defined in this Privacy Policy have the meaning given to them in the Platform Services Descriiption.

Please carefully read this Privacy Policy because it affects your rights under the law. By using the Platform, you confirm that you understand and agree with this Privacy Policy and our applicable terms and policies. If you do not agree, you may not use the Platform.

We summarised the different clauses below. However, the summaries are not legally binding and do not limit this Privacy Policy. They are only for convenience and do not substitute reading the entire contract.

1. Personal Information

Personal Information is any information that identifies a natural person.

The Privacy Act defines “Personal Information” as information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Under the GDPR, “Personal Information” or “Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Personal Information that we Collect

We collect only the Personal Information that you provide.

Our policy is to minimise the amount of Personal Information that we collect. We only collect Personal Information that is adequate, relevant, and limited to what is reasonably necessary for the purposes for which it is processed. If you opt not to provide any Personal Information or not register as a User, you may only browse limited pages of our Platform. If you enter, upload, and/or otherwise provide us with the Personal Information of any person other than you, please notify us so that we can ensure that we can provide them with the information required by the Privacy Act.

We do not collect or store information from third-parties. We collect only the following Personal Information when you use the Platform:

a. Account Information

We collect the following Account Information when you register for an Account: first name, last name, and email address. We use Account Information to set up Accounts, provide our Users the Platform, enforce our applicable terms and policies, maintain backups of our databases, detect unauthorised use and faults within the Platform, provide you with professional services, and whenever required for the use of the Platform.

b. Client Content Information

The Client is the person, company, or organisation that granted you a User instance in the Platform. The Client may collect and store your Account Information and other Client Content to manage your Account, correspond with you, assist you, or provide you with technical support.

3. Non-Personal Information

We collect Non-Personal Information about the use of the Platform.

Non-Personal Information is information that does not personally identify a person; but may include tracking information about the use of the Platform such as devices, location, and demographics. When you interact with the Platform, we collect and store the following Non-Personal Information: analytics data, log files, device identifiers, and location data.

4. Use of Information

We use information only for the reasons they are collected.

We process information only for the purposes specifically stated in this Privacy Policy. We process the information we collect about you for the purposes set out below:

• Provide the Platform. We use the information that you directly give us to operate and maintain the Platform. We also use it to remember your information so that you do not have to re-enter it when you login to the Platform.

• Data analytics. We use information about you to help us improve the Platform and our Users’ experience, including aggregate metrics which allow the Client to observe User engagement and refine communications.

• Communicating with the Client. We use contact information to communicate with the Client about critical elements of the Platform such as technical issues, security alerts, or administrative matters.

• Security measures. We use Non-Personal Information to monitor activity that we think is suspicious or potentially fraudulent, and to identify violations of this Privacy Policy.

• Matters that you specifically consent to. From time to time, we may seek your consent to use your information for a particular purpose. Where you consent to our doing so, we will use it for that purpose. Where you no longer want us to use your information for that purpose, you may withdraw your consent.

We will not process Personal Information that was collected in a manner incompatible with these purposes. We never sell Personal Information.

5. Sharing of Personal Information

We share Personal Information to provide the Platform and protect our legitimate business interests.

a. Client

The Client controls your Personal Information and User data.

If you access the Platform using a User instance issued by the Client, your Personal Information and User data will be encrypted. Only the Client can access and control your Personal Information and User data. We do not and will never have access or control, unless with express permission and under the direct control of the Client. We neither use, aggregate, or anonymise your Personal Information and User data nor share it with any other person or third-parties.

b. Platform Providers and Contractors

We may share some Personal Information with our business partners and service providers.

We share your Personal Information with our third-party service providers to provide the Platform to you and protect our legitimate interests. The service providers with whom we may share your Personal Information assist us with the following:

• Billing;

• Customer support and customer management;

• Email services;

• Hosting and storage;

• Data analytics;

• Security; and

• Other service providers.

The service providers will only be provided with access to your information as reasonably necessary for the purpose for which we have engaged the service provider.

c. Merger, Acquisition or Reorganization

If we sell our business, the Personal Information we have collected may be part of the sale.

We may share or transfer your Personal Information to third-parties in connection with any merger, acquisition, reorganization, financing, sale of assets, bankruptcy, or insolvency event involving us or any portion of our assets, services, or businesses. In such case, we will handle your Personal Information in accordance with our Software as a Service Agreement with the Client. If your Personal Information will be shared, transferred, or handled differently than under the privacy practices in this Privacy Policy, we will notify you through email and/or the Platform.

d. Authorities

We may share data with the authorities when we think it is reasonably necessary.

We will use or disclose your information when we reasonably believe that it is necessary (a) to comply with the law and the reasonable requests of law enforcement; (b) to enforce our Platform Services Description, User Terms, Acceptable Use Policy, and Security Policy; and/or (c) to exercise or protect our rights, property, or personal safety, of our users, or of other persons.

6. Security of Personal Information

We implement industry-recognized measures to protect your Personal Information, but we can’t guarantee it is 100% secured.

We process Personal Information in a manner that ensures its appropriate security, including by protecting the Personal Information with the technical or organisational measures against unauthorised or unlawful processing and accidental loss, destruction, or damage.

We have prepared a response plan for addressing data breaches that may occur and have allocated responsibility for managing breaches to a relevant individual or team. We will notify you of any data breach that may affect you where we are required to do so under our legal obligations.

However, no system is 100% secure. We cannot ensure or warrant the security of any information you transmit through the Platform or guarantee that information on the Platform may not be accessed, disclosed, altered, or destroyed. Please see our Security Policy for more information about the security measures we take to protect Personal Information.

7. Storing, Retention, and De-Identification of Personal Information

We do not keep Personal Information longer than necessary. Within 30 days after the purpose for which your Personal Information is processed has ended, we will delete it or return it to the Client; except if we need to retain the Personal Information to comply with our legal obligations or to protect any person's vital interests.

If any applicable law requires us to retain the Personal Information after the 30-day period, we will notify the Client of that requirement and use only such retained Personal Information for the purposes of complying with those applicable laws.

When allowed by applicable law, within the 30-day period, we will take reasonable steps to de-identify and store your Personal Information.

8. Transfer of Personal Information

To run the Platform, your Personal Information may be transferred to our affiliates and service providers in the US and other countries.

Subject to the GDPR Offshore Transfers clause below, and provided that we comply with the provisions of the Australian Privacy Principle 8 (Cross-border disclosure of Personal Information), your information collected through the Platform may be stored and processed in Australia, the United States of America, and any other countries where we or our subsidiaries, affiliates or service providers maintain facilities or employ staff or contractors. As a result, we may transfer information, including Personal Information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction. Nevertheless, we always take steps to ensure that your information remains protected wherever it is stored and processed in accordance with applicable laws.

Where required under applicable laws, by using the Platform, you consent to the transfer of information to Australia, the United States of America, and any other country in which we or our subsidiaries, affiliates, or service providers maintain facilities. Further, by using the Platform, you consent to the use and disclosure of information about you as described in this Privacy Policy.

For the complete list of potential regions and countries where your Personal Information may be transferred to or from, please see our AWS Global Infrastructure list of regions and availability zones here: https://aws.amazon.com/about-aws/global-infrastructure/.

Before the User instances have been commissioned, the Client may request that Personal Information and Client Content be hosted in a specific country or region where we have available data centres. After the User instances have been commissioned, the transfer will incur costs. You may contact the Client for further information.

9. Your Rights

You have rights over your Personal Information.

Subject to the provisions and exceptions set out in the Privacy Act 1988 (Cth) and GDPR, you have the following rights with respect to your Personal Information:

• to access, correct, or erase;

• to restrict the processing;

• to object to the processing;

• to data portability;

• to withdraw consent;

• to lodge a complaint with the appropriate supervisory authority;

• to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or it similarly significantly affects you.

If you want to exercise any of your rights, please contact us at support@communic8.com. We will handle all such requests per our legal obligations.

We will do our best to resolve any privacy complaint within 30 business days following receipt of your complaint.

In some circumstances, we will not be able to comply with your request regarding your Personal Information. If we are unable to remove any of your information, we will explain why. For example, we may not be able to provide a copy of your information where it infringes on the rights of another user. In that case, we will not be able to delete the information, and you will need to contact that third-party directly.

If, as a result of the exercise of the above rights, it would not be possible or practical for us to continue providing you the Platform, we or the Client may terminate your Account.

If you are not satisfied with the outcome of a complaint, or if you are concerned about a potential violation, you also have the option to report the issue or make a complaint to the data protection authority in your jurisdiction.

You may refer the complaint to the Office of the Australian Information Commissioner (OAIC), which can be contacted at Address: GPO Box 5218, Sydney NSW 2001, Phone: 1300 363 992, Email: enquiries@oaic.gov.au.

10. Users in California

If you are a resident of California, the CCPA and CPRA give you certain rights with respect to your Personal Information.

a. Your Rights

The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give California residents additional rights, including (subject to certain limitations) the rights to:

• request to access the Personal Information that we have;

• request deletion of that Personal Information;

• opt-out from the "sale" of that Personal Information;

• opt-out from the "sharing" of that Personal Information for cross-context behavioural advertising.

If you are a California resident and a user of the Platform, you may exercise your rights by contacting us at support@communic8.com. We will authenticate your request by providing the Client with the Personal Information associated with your Account, confirming whether you use the Platform with the Client’s instance, and requiring proof of residency, if necessary.

b. Categories of Personal Information

For more details, please see clauses ‎2 - PERSONAL INFORMATION THAT WE COLLECT on the categories of Personal Information we collect, ‎4 - USE OF INFORMATION on how we use that information, ‎5 - SHARING OF PERSONAL INFORMATION on who we share it with, and 7 - STORING, RETENTION, AND DE-IDENTIFICATION OF PERSONAL INFORMATION on how long we keep it.

11. Users in Europe

The Client is the controller of your Personal Information. We may transfer your information outside Europe subject to appropriate safeguards.

This clause applies to users located in the European Economic Area (EEA), Switzerland or the United Kingdom (UK). We process your Personal Information in accordance with European laws and regulations, such as the General Data Protection Regulation (GDPR) and UK General Data Protection Regulation (UK GDPR).

a. Controller's Details

For purposes of the GDPR and UK GDPR, the Client is the controller of your Personal Information. Under these laws, the Client is responsible for identifying and informing you of the bases for its control of your Personal Information. If you have questions or concerns about how your Personal Information is handled by the Client, please contact the Client and/or refer to its separate privacy policies.

b. Legal Bases for Processing

In certain circumstances, we, Communic8 Group Pty Ltd (ABN 26 139 494 054), may process Personal Information as a processor on behalf of the Client. In these cases, it is still the Client who is responsible for controlling your Personal Information, and our processing will be governed by the terms of the Data Processing Agreement with the Client.

Our lawful bases to collect, use and disclose your Personal Information as a processor will depend on the Personal Information concerned and the context in which it is processed. Generally, we will collect and use your Personal Information on the following bases:

• Consent. By creating an Account, you consent to us or have a reasonable expectation of us using your Personal Information to provide you the Platform, for example, to update you about its new features or offers.

• Contractual Necessity. We process your Personal Information to provide the Platform to you and fulfill our obligations under the User Terms and Platform Services Description. This includes creating and maintaining your Account, providing you with access to the Platform, and resolving issues you may experience with the Platform.

• Legitimate Interests. Our legitimate interests include providing a useful and customized Platform; obtaining payment for our Platform; sending you relevant marketing messages; making more informed predictions, decisions and offers for our users; and enhancing our Platform via research and development and data analytics. We do not rely on this lawful basis where our legitimate interest is overridden by your interest in protecting your Personal Information.

• Legal Obligations. We will process your Personal Information when necessary for compliance with our legal obligations, such as to disclose information in response to law enforcement requests and to retain your information for our record-keeping purposes.

If you gave consent to our use of your Personal Information, you can withdraw your consent at any time by contacting support@communic8.com or the Client. You also have the right to object to the use of your Personal Information where we use it for our legitimate interests. However, your access to the Platform may be limited.

c. Cross-border Transfers

You understand and agree that we may transfer your Personal Information to other countries where our affiliates and service providers are located. Please note that some of these countries may have data protection laws that are different from your country (and, in some cases, may not be as protective). Where we transfer your information to a third-party provider outside the European Union, and is not in a country that benefits from an adequacy decision by the European Commission, we will require from those third-party providers an agreement with the appropriate safeguards for your information.

We do not transfer your Personal Information to any country or organisation outside of the European Union, except as reasonably necessary for us to provide the Platform or if instructed by the Client.

12. No Spam Emails

We do not send spam emails.

We do not send “junk” or unsolicited emails in contravention of the Spam Act 2003 (Cth).

We will, however, use email in some cases to respond to inquiries or contact our users. These transaction-based emails are automatically generated.

If you want to opt out of any communications from our Platform, please contact the Client.

13. Marketing

We would like to send you information about our products and services that we think you might like. If you have agreed to receive these marketing materials, you can always opt-out. You have the right at any time to stop us from contacting you for marketing purposes.

14. Links to Third-Party Websites and Services

If you share Personal Information with third-parties linked on the Platform, the use of your Personal Information will be governed by their privacy policies.

We are not responsible for the information, content, or practices of sites or services linked to or from the Platform. When you use a link to go from the Platform to another site, our Privacy Policy does not apply to their third-party sites or services, and your browsing and interaction would be subject to the third-party’s own rules and policies. You acknowledge that we are not responsible for and we do not exercise control over any third-parties that you authorize to access your Personal Information.

15. No Personal Information from Children

We do not collect the Personal Information of children.

The Platform is not directed at children. We do not knowingly collect or solicit Personal Information from children. If we learn that we have collected Personal Information from a child, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child, please contact us at support@communic8.com.

16. Changes to this Privacy Policy

This policy may be changed or updated.

We may periodically change this Privacy Policy to reflect our current practices and ensure compliance with applicable laws. The most updated version is posted on this page. We recommend that you check this page from time to time for any changes. If you are a User, we will send a notification to the email address in your Account.

17. Contact Us

If you have any questions about this Privacy Policy or the Platform or wish to make a complaint, please contact us at Communic8 Group Pty Ltd (ABN 26 139 494 054), Attn: Privacy Representative Level 1/315 Brunswick St, Fortitude Valley, QLD 4006 Australia, support@communic8.com.