PRIVACY POLICY
Our Commitment:
Your privacy is important to us. This Privacy Policy outlines our ongoing commitment to protecting your personal information in accordance with applicable privacy laws, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as well as the European Union General Data Protection Regulation (EU GDPR) where applicable. It explains how we collect, use, store, manage, and disclose your personal information, and sets out your rights and our obligations under both the Privacy Act and the GDPR, where relevant.
What Personal Information do we collect and why?
Under the Privacy Act, personal information is ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable’. Under the GDPR, ‘personal data’ is similarly defined as any information relating to an identified or identifiable natural person, including names, identification numbers, location data, or online identifiers (“Personal Information”).
We only collect Personal Information where it is reasonably necessary for us to perform our functions and activities as a technology solutions service provider, digital agency, and any other business services and activities we may undertake from time to time.
In order to provide our services to you, and undertake our functions and activities, we may collect the following types of Personal Information: (a) Information you provide: if you submit a request for any of our services (for example – a website built for your business), write reviews, contact us, or use other services on the website that requires input, we will store and save the information you provide. This information may include personally identifiable information such as your name, telephone number, job title, postal address, email address, etc. and will be used for the purpose submitted to us, which is usually to contact you and otherwise undertake administrative and business activities related to the services we provide.
(b) Financial information you provide: if you engage us to provide services, for billing and invoicing purposes this information may include payment card details and bank account details, whether to us directly or any third party payment processor.
(c) Cookies (“Cookies”) and other technical and analytical technology: These are text files with small amounts of data, which may include an anonymous unique identifier. They are meant to improve the site’s functionality and the user’s experiences with it.
Like many sites, we use Cookies to collect information. There are various types of Cookies, including (1) analytical cookies, (2) performance cookies, and (3) functional or necessary cookies.
- Analytical cookies – Used for collecting anonymous information about the use of our website. The information is used only to improve our website’s quality and functionality.
- Performance cookies – Used to determine which advertisement affects a consumer’s purchase decision.
- Functional cookies – Used to make our website function properly, for example by recording the contents of a shopping cart. When you use Our Website, one or more Cookies may be sent and stored on your computer. These Cookies are used to save certain preferences on Our Website and identify you on future visits. You can instruct your browser to limit or prohibit the storage of Cookies on your computer when accessing Our Website; however, doing so may affect the usability of the website services.
(d) Log information – All information sent by your web browser and computer when you visit Our Website may be stored by our servers. This information may include your IP address, browser type, URL accessed, cookie information, the date and time of your request, and other information that may uniquely identify you and may also be considered as part of your Personal Information.
In addition, we may use third party services such as Google Analytics (discussed further below) that collect, monitor and analyse this data.
(e) Marketing preferences: We may collect details regarding your marketing preferences and requests.
The above is a non-exhaustive list, however, provides a general summary of the nature of personal information we may collect from you, or concerning you, from time to time.
This Privacy Policy does not apply to the processing of personal data in the context of delivering our services, for instance when personal data of website visitors is processed when they visit a website which you commissioned and which is hosted by us. Such processing activities are covered by our Data Processing Terms, part of the Terms of Service, which you can find at: https://spotzerdigital.com/terms-of-service/
Your Information:
You are responsible for ensuring the accuracy and consent for use of any Personal Information you submit to us. Inaccurate information will affect our ability to provide you with services as well as to contact you as contemplated in this Privacy Policy.
If you give us Personal Information about other people (e.g. a member of your organisation, or a supplier, customer or affiliate of your organisation), we rely on you to inform those people that you are sharing their Personal Information with us. We also expect that you will have sufficient authority to provide the relevant information on their behalf, that you will provide information which is accurate and complete, and you must also let them know about this Privacy Policy and how to access it.
In addition, please note that this Privacy Policy does not cover information which is not considered as Personal Information such as: (i) Information about a legal entity (e.g. corporate information, business contact details, company accounting information, etc.); or (ii) Anonymized data – that is, information or an opinion which does not concern an identified individual, or an individual who is reasonably identifiable and/or which has been made anonymous in a way that the individual is not or no longer identifiable or reasonably identifiable.
We do not Collect Sensitive Information
Sensitive information is a subset of Personal Information that is generally afforded a higher level of privacy protection. Sensitive information includes information or opinions about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, criminal convictions, sexual preferences, membership of a trade union or other professional body, criminal record or health information.
We do not in the ordinary course collect any sensitive information as this is not usually required for the provision of our services to you. To the extent we do collect sensitive information about you, we will obtain your consent unless it is unreasonable or impractical to do so, or where otherwise permitted under the Privacy Act or GDPR.
Our Use of Personal Information
We collect Personal Information mainly to provide our services to you, conduct statistical analysis, provide customer support or meet certain business requirements, to the extent reasonably necessary to carry out our business. We may also from time to time use it for marketing purposes to contact you with newsletters or promotional materials to the extent related to our business and the services we offer from time to time. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing at [email protected].
We may also use Personal Information to track the use of our services and/or for other internal purposes, such as evaluating and improving the services.
We will process Personal Information as mentioned above and only in accordance with the provisions of this Privacy Policy. Our personnel are obligated to maintain the security, and secrecy of any Personal Information as provided in this Privacy Policy and this obligation continues even after their engagements end.
We do not provide your Personal Information to third parties except to third party service providers that are reasonably necessary to undertake any services we provide you, with your knowledge and consent, or as required by law. In certain circumstances where you provide us sensitive information, we will generally require your consent to collect that information. You may withdraw your consent at any time by contacting us using our contact details below. Please note if you withdraw your consent, we may not be able to provide services to you, and you may no longer have access to any products or services we provide.
Sharing/Transferring Personal Information
We do not give, sell, licence, transfer or otherwise share any Personal Information to, or with, any third party except for the cases listed in this Privacy Policy.
Disclosure of Personal Information to Third Parties
Your Personal Information may be disclosed in a number of circumstances including the following:
- Third parties where you consent to the use or disclosure for fulfillment of our services to you;
- Where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so;
- If you have requested and/or agreed that the Personal Information will be provided to third parties;
- If disclosure is to external service providers such as third party data storage providers, IT and other software and systems providers, companies who provide administrative services, advertising and marketing agencies who assist us with our campaigns and programs; and
- Where required or authorised by law.
Recipients of your Personal Information may include third-party service providers selected by you for inclusion in a product or service that you request from us or a regulator or to otherwise comply with the law. Where we do so, we will require third parties to comply with the security of your Personal Information and to treat it in accordance with the law, including under the Privacy Act and GDPR.
Where you select third party providers as part of the product or services you request from us, please note that you will be bound by their end user terms including their privacy policy and use of sub-processors, whether located within or outside of the EU. It is your choice whether you wish to use such third-party services and you consent to processing of your information by sub-processors located outside of the EU.
A current list of our third party sub-processors can be found below.
Third Party Sub-Processors
Our carefully selected partners and service providers may process personal information about you on our behalf. Some or all of these may apply to you, depending on whether you are a direct customer, an enterprise reseller or an agency reseller, the specific services you utilize and the jurisdiction in which you are located. Data Processing Addendums (DPAs) are in place with all sub-processors as well as, where necessary, Data Transfer Impact Assessments to ensure compliance with the various global data protection laws and regulations.
Table of Sub-processors
Data and Personal Information from Third Parties
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties or from publicly available sources. In such a case, we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party. Such Third Parties used by us include (but are not limited to):
Google Analytics
Our Website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses Cookies which allow your use of Our Website to be analyzed. The information generated by the Cookie on your use of Our Website (including your IP address) is transmitted to, and stored by, Google. Google uses this information on our behalf to analyze your use of the website and compile reports on website activity. However, IP anonymization is activated on Our Website, which means that your IP address will be abbreviated and stored in an anonymized form by Google.
You may adjust the settings in your browser software to prevent Cookies from being saved; however, if you do so, you may not be able to benefit from the full functionality of Our Website. You can also prevent the data generated by the Cookie relating to your use of Our Website (including your IP address) from being recorded and processed by Google by downloading and installing the browser plugin that is available by following this link: https://tools.google.com/dlpage/gaoptout.
Data collection and transmission
- Firewalls are in place exposing only the necessary ports through the internet and between different servers. Intrusion protection system (IPS) software is in place as a second layer of security, which will block access as soon as any suspicious login activity is detected.
- Protocols and ciphers suite are used to encrypt data in transit.
Digital Marketing Service Providers
Additionally, we periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:
– Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: sopro.io. Sopro are registered with the ICO Reg: Z123456 their Data Protection Officer can be emailed at: [email protected].
Other Sources
We may also collect Personal Information about individuals from other third parties or from publicly available sources, including:
- your organisation, or individuals affiliated with your organisation;
- government agencies;
- publicly available records, including those maintained by the Australian Securities and Investments Commission;
- ratings and search agencies, including credit reporting agencies; and
- online searches.
Data Security
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of Personal Information, we have put in place physical, electronic, and managerial procedures to safeguard and secure the information we collect online. However, we cannot guarantee the security of your data, which may be compromised by unauthorized entry or use of the Website.
We implemented and will maintain and follow appropriate technical and organizational measures intended to protect information that we collect against accidental, unauthorized or unlawful access, disclosure, alteration, loss, or destruction.
We also take reasonable steps to destroy or de-identify your Personal Information once it is no longer needed for any purpose for which it was collected, used, or disclosed.
Security Incident Notification
If we become aware of any unlawful access to any information we stored, or unauthorized access to it, resulting in loss, disclosure, or alteration of the information that is likely to result in serious harm to an individual whose Personal Information is involved, we will promptly (1) notify you of this security incident; (2) investigate this security incident and provide you with detailed information about the security incident; and (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the security incident. In these circumstances, we will comply with our obligations under the Notifiable Data Breaches (NDB) Scheme set out in the Privacy Act, and, where applicable, our obligations under the GDPR, including the duty to notify the relevant supervisory authority and affected individuals of a personal data breach without undue delay.
Notification(s) of any security incident will be delivered to you by any means we select, subject to our obligations under the Privacy Act, including via email. Our obligation to report or respond to such security incident is not an acknowledgement by us of any fault or liability with respect to a security incident.
You must notify us promptly about any possible misuse of your accounts or authentication credentials or any security incident related to the services that we provide to you as soon as practicable after becoming aware of any such security incident.
Children’s Privacy
Protecting the privacy of the very young is especially important. For that reason, our services are not directed towards and may not be used by persons under 16, and no part of our website is structured to attract anyone under 16.
Links to other sites
Our Website may contain links to other sites. Other sites may also reference or link to Our Website. We are not responsible for the privacy practices or the content of such other online sites, and any information collected by these third party online sites is not governed by this Privacy Policy, and we assume no responsibility or liability whatsoever for the policies (including privacy policies), practices, actions or omissions of such third parties.
Retention/Deletion of Personal Information
We may retain your information for as long as needed to provide you with the services and the uses described in this Privacy Policy. This often means that we will keep information for the duration of your account. We take reasonable steps to destroy or de-identify your Personal Information once it is no longer needed for any purpose for which it was collected, used, or disclosed. Please note, however, that where applicable legislation requires us to do so, it may be required to keep records of your Information even after such termination.
How You Can Access or Correct Your Information
In certain circumstances, under the Privacy Act and GDPR, you have rights in relation to the Personal Information we collect, use, store, and disclose, including the right to:
- seek access to your Personal Information handled by us;
- ask us to update or correct your Personal Information when it is inaccurate, incomplete or out of date; and
- opt-out of receiving direct marketing communications from us.
The table below sets out an outline of those rights, and further rights as they relate to the GDPR, and how to exercise them:
Please note that we will require you to verify your identity before responding to any requests to exercise your rights. To exercise any of your rights, please email [email protected]. Please note that for each of the rights below, we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.
| Right | Description |
|---|---|
| Access | You have the right to know whether we process Personal Information about you, and if we do, to access Personal Information we hold about you and certain information about how we use it and who we share it with. You can request a copy of this Personal Information. |
| Portability | You have the right to receive a subset of the Personal Information you provide us in a structured, commonly used and machine-readable format and a right to request that we transfer such Personal Information to another party if we process it on the bases of (i) our contract with you or (ii) with your consent and when the processing is carried out by automated means. |
| Correction | If you believe that the Personal Information we hold about you is inaccurate or incomplete, you have the right to request its correction or modification. |
| Erasure | You may request that we erase the Personal Information we hold about you in the following circumstances: (i) where you believe it is no longer necessary for us to hold the Personal Information, (ii) we process it on the basis of your consent and you wish to withdraw your consent, (iii) we process your Personal Information on the basis of Spotzer’s legitimate interest and you object to such processing, (iv) you no longer wish us to use your Personal Information to send you marketing or (v) you believe that Spotzer is unlawfully processing your Personal Information. |
| Restriction of Processing | You have a right to require us to restrict processing of the Personal Information we hold about you in the following circumstances: (i) if you dispute the accuracy of your Personal Information, (ii) if the processing is unlawful and you object to its deletion, (iii) if you believe that we no longer need your Personal Information but that it is still necessary for you to establish, exercise or defend your legal rights or, (iv) if you have objected to our processing of Personal Information we hold about you. |
| Objection | You have the right to object to the processing of the Personal Information we hold about you and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such Personal Information or we need to process it in relation to legal claims. |
Additional Processing Terms – Europe
These Additional Terms apply only if you reside in the European Union (“EU”) and are in addition to all other provisions in this Privacy Policy to which Spotzer is bound.
For this section, the following are important definitions:
- GDPR : Means the European Union General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
- Personal Information : Means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
For the services provided by Spotzer, Spotzer is a data processor acting on your behalf. As data processor, Spotzer will only act upon your instructions.
The duration of data processing shall be for the term designated under an agreement (which refers to this Privacy Policy) between you and Spotzer. The objective of the data processing is the performance of the services and as specified above in the “Use of Information” section above.
The scope and purpose of processing your data, including any Personal Information is described in this Privacy Policy.
This section does not limit or reduce any data protection commitments Spotzer makes to you in a services agreement between you and Spotzer and in this Privacy Policy.
Spotzer shall not engage another processor without your prior specific or general written authorization. In the case of general written authorization, Spotzer shall inform you of any intended changes concerning the addition or replacement of other processors, thereby giving you the opportunity to object to such changes.
Processing by Spotzer shall be governed by the GDPR terms in the EU. The subject matter and duration of the processing, the nature and purpose of the processing, the type of Personal Information, the categories of data subjects and your rights are set forth in your agreement, including these GDPR terms. In particular, Spotzer shall:
(a) process the Personal Information only on documented instructions from you (if you are “Controller” according to the GDPR), including with regard to transfers of Personal Information to a third country or an international organization, unless required to do so by Union law to which Spotzer is subject; in such a case, Spotzer shall inform you of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
(b) ensure that persons authorized to process the Personal Information have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
(c) take all measures required pursuant to Article 32 of the GDPR;
(d) ensure compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to Spotzer;
(g) at your choice, delete or return all the Personal Information to you after the end of the provision of services relating to processing, and delete existing copies unless Union law requires storage of the Personal Information;
(h) make available to you all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR.
Spotzer shall immediately inform you if, in its opinion, an instruction infringes the GDPR or other Union or Member State data protection provisions.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Spotzer shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
(a) the pseudonymisation and encryption of Personal Information;
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c) the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident; and
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
In assessing the appropriate level of security, account shall be taken of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Information transmitted, stored or otherwise processed.
Spotzer shall take steps to ensure that any natural person acting under the authority of Spotzer who has access to Personal Information does not process them except on instructions from Spotzer, unless he or she is required to do so by Union law.
Spotzer shall notify you without undue delay after becoming aware of a Personal Information breach.
Lawful Bases for Processing We will only collect and process Personal Information about you where we have one of the following 6 lawful bases:
(i) Consent (where you have given consent), (ii) contract (where processing is necessary for the performance of a contract with you (e.g. to deliver the services you have requested), (iii) legal obligation (to comply with a common law or statutory obligation), (iv) vital interest (to protect someone’s life), (v) public task (to perform a specific task in the public interest that is set out in law) and (vi) for legitimate interests.
Where we rely on your consent to process Personal Information, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. This consent may be withdrawn by you at any time (with effect for the future) by notifying us in writing. You do not need to provide us with a reason for your decision however you should bear in mind that this may affect our ability to provide our services to you.
If you have any questions about the lawful bases upon which we collect and use your Personal Information, please contact us (contact information provided below).
If you have any questions about the lawful bases upon which we collect and use your Personal Information, please contact us (contact information provided below).
Transfer of Personal Information to Third Countries
We may transfer your Personal Information to third parties located at destinations outside the European Economic Area. The data protection and privacy laws of the jurisdictions to which the Personal Information will be transferred may not be as comprehensive as those in the European Union (if applicable to you); in which case we will take measures to ensure a similar level of protection is provided to your Personal Information according to one of the following safeguards:
(a) Personal Information is transferred to countries that the European Commission has identified as the countries ensuring an adequate level of protection of Personal Information;
(b) In the case of recipients based in the United States of America, we may transfer Personal Information if recipients participate in the Privacy Shield program, which aims at ensuring the same level of protection of Personal Information as that applicable in Europe;
(c) We apply relevant standard contractual clauses approved by the European Commission or we rely on binding corporate rules which guarantee the security of your data.
Your Acceptance of this Policy By submitting a request for our services or by continuing to browse Our Website, you agree to this Privacy Policy, and to any changes we may make to this Privacy Policy from time to time – without the need to notify you about such changes.
Changes to This Privacy Policy We reserve the right to alter the Privacy Policy at any time. We will post any changes to the Privacy Policy on this page. It is recommended that you revisit this Privacy Policy regularly so as to be kept apprised of the updated Privacy Policy. Your continued use of the services following changes to this Privacy Policy means you accept these changes. If you do not agree to the altered privacy policy, you may stop using the services.
How To Contact Us Should you have other questions or concerns about this Privacy Policy and if you believe that we are not adhering to our privacy or security commitments, please send us an email at [email protected].
Last updated: 4th July 2025.
