👁 Privacy Policy

Zitcha (we, us or our), understands that protecting your personal information is important. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or collected by us, when interacting with you (whether when providing services to you, or when interacting with you via our website or platform). 

It is important that you read this Privacy Notice together with any other detailed privacy notices we may provide when we are collecting or processing personal data about you so that you understand our privacy practices in relation to your data.

This Privacy Policy covers the following Zitcha entities:

• Zitcha Pty Ltd ABN 84 656 936 597 – a company incorporated in Australia
• Zitcha UK Ltd with company number 15407994  – a company incorporated in England and Wales; and 
• Zitcha US Inc – a company incorporated under the laws of Delaware.

This Privacy Policy takes into account the requirements of the Privacy Act 1988 (Cth) and the Australian Privacy Principles, as well as the New Zealand Privacy Act 2020 and the Information Privacy Principles. In addition to the Australian laws, individuals located in the European Union or European Economic Area (EU) may also have rights under the General Data Protection Regulation 2016/679 and individuals located in the United Kingdom (UK) may have rights under the General Data Protection Regulation (EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018) (together, the GDPR). Appendix 1 outlines the details of the additional rights of individuals located in the EU and UK as well as information on how we process the personal information of individuals located in the EU and UK. With respect to individuals located in the United States of America, please refer to Appendix 2.

This Privacy Policy was last updated on 23^rd May 2025

Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

We may collect, use, store and disclose different kinds of personal data about you which we have listed below:

• Identity Data including your full name, company you work for and position. 
• Contact Data including your telephone number, address and email.
• Financial Data including bank account (through our third-party payment processor, which stores such information, and we do not have access to that information).
• Transaction Data including details about payments to you from us and from you to us and other details of products and services you have purchased from us, or we have purchased from you.
• Technical and Usage Data when you access any of our websites or platforms, details about your internet protocol (IP) address, login data, browser session and geo-location data, statistics on page views and sessions, device and network information, acquisition sources, search queries and/or browsing behaviour, access and use of our website (including through the use of Internet cookies), and communications with our website.
• Profile Data including your email address and password for Zitcha, online sales data, offline sales data exports (i.e. a unique personal identifier such as a loyalty identification number), purchases you have made with us, content you post, send receive and share through our platform and support requests you have made.  
• Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
• Professional data including where you are a worker of ours or applying for a role with us, your professional history such as your previous positions and professional experience. 
• Sensitive information is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information. We do not actively request sensitive information about you, nor do we collect any information about criminal convictions and offences. If at any time we need to collect sensitive information about you, unless otherwise permitted by law, we will first obtain your consent and we will only use it as required or authorised by law. 

We collect personal information in a variety of ways, including:

Directly:

• when you provide it directly to us, including over the phone, over email, or online;
• when you complete a lead form or request to book a demo;
• when you use any website we operate (including from any analytics and cookie providers or marketing providers. See the “Cookies” section below for more detail on the use of cookies); 

Indirectly:

• We may collect personal data which you indirectly provide to us while interacting with us, such as; when you use our website, in emails, over the phone and in your online enquiries.

From publicly available sources:

• such as LinkedIn; or
• from publicly available sources.

We have set out below, in a table format, a description of the purposes for which we plan to collect, hold, use and disclose your personal information.

Please see Appendix 2 for the additional rights and information for individuals located in the EU or the UK. For individuals located in the EU and UK, we are only allowed to collect and process data that we have a legal basis for doing so under applicable laws. 

Personal information: We may disclose personal information to:

• our employees, contractors and/or related entities;
• IT service providers, data storage, web-hosting and server providers;
• Marketing, CRM or advertising providers, including Hubspot;
• professional advisors, bankers, auditors, our insurers and insurance brokers;
• payment systems operators or processors;
• our existing or potential agents or business partners;
• if we merge with, or are acquired by, another company, or sell all or a portion of our assets, your personal information may be disclosed to our advisers and any prospective purchaser’s advisers and may be among the assets transferred;
• courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
• courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
• third parties to collect and process data, such as analytics providers and cookies; and
• any other third parties as required or permitted by law, such as where we receive a subpoena.

Google Analytics: We have enabled Google Analytics Advertising Features. We and third-party vendors may use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together. These cookies and identifiers may collect Technical and Usage Data about you.

You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin here.  To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device.

To find out how Google uses data when you use third party websites or applications, please see here.

We retain your information as long as we have a legitimate business interest to process it or as long as you have not withdrawn your consent. This includes data you or others provided to us and data generated or inferred from your use of our website and services. If you would like us to delete your information upon termination of your Agreement, please contact us at privacy@zitcha.com.

Australian Residents

We store your personal information in Australia. Where we disclose your personal information to third parties, those third parties may store, transfer or access personal information outside of Australia, including but not limited to, the European Union and the United States. We will only disclose your personal information overseas in accordance with the Australian Privacy Principles.

New Zealand Residents

Where we disclose your personal information to third parties, those third parties may store, transfer or access personal information outside of New Zealand, which may not have an equivalent level of data protection laws as those in New Zealand. Before disclosing any personal information to an overseas recipient, we will comply with Information Privacy Principle 12 and only disclose the information if:

• you have authorised the disclosure after we expressly informed you that the overseas recipient may not be required to protect the personal information in a way that, overall, provides comparable safeguards to those in the Privacy Act 2020;
• we believe the overseas recipient is subject to the Privacy Act 2020;
• we believe that the overseas recipient is subject to privacy laws that, overall, provide comparable safeguards to those in the Privacy Act 2020;
• we believe that the overseas recipient is a participant in a prescribed binding scheme;
• we believe that the overseas recipient is subject to privacy laws in a prescribed country; or
• we otherwise believe that the overseas recipient is required to protect your personal information in a way that, overall, provides comparable safeguards to those in the Privacy Act 2020 (for example pursuant to a data transfer agreement entered into between us and the overseas recipient).

Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to do business with you.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us. 

Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information (depending on the jurisdiction). Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (if you are an Australian resident), or the Office of the New Zealand Privacy Commissioner (if you are a New Zealand resident). See Appendix 1 for UK or EU residents.

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.

We may use cookies on our website from time to time. Cookies are text files placed in your computer's browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online website and allow third parties to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online website with personal information, this information may be linked to the data stored in the cookie.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

For more information about the cookies we use, please see Cookie Policy

Our website may contain links to other party’s websites. We do not have any control over those websites, and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy.

For any questions or notices, please contact our Privacy Officer at:

Zitcha Pty Ltd (ABN 84 656 936 597)

Email: privacy@zitcha.com

Phone: +61 03 7068 9245 (Australia)

Under the GDPR individuals located in the EU and the UK have extra rights which apply to their personal information. Personal information under the GDPR is often referred to as personal data and is defined as information relating to an identified or identifiable natural person (individual). This Appendix 1 sets out the additional rights we give to individuals located in the EU and UK, as well as information on how we process the personal information of individuals located in the EU and UK. Please read the Privacy Policy above and this Appendix carefully and contact us at the details at the end of the Privacy Policy if you have any questions.

What personal information is relevant? 

This Appendix applies to the personal information set out in the Privacy Policy above. This includes any Sensitive Information also listed in the Privacy Policy above which is known as ‘special categories of data’ under the GDPR.

Purposes and legal bases for processing

We collect and process personal information about you only where we have legal bases for doing so under applicable laws. We have set out below, in a table format, a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please reach out to us if you need further details about the specific legal ground, we are relying on to process your personal information where more than one ground has been set out in the table below.  

If you have consented to our use of data about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your data because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer doing business with us. Further information about your rights is available below.

Customer Data

Where we act as a data processor and process Customer Data on behalf of our clients, we may collect, use, store and

disclose your identity data, contact data, and transaction data, including online sales data (i.e. e-commerce transactions, not including any payment details), offline sales data exports (i.e. a unique personal identifier such as a loyalty identification number), CRM data including customer and lead lists, IP addresses, and browser user agent string. 

Our clients are responsible for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining your consent prior to transferring Customer Data to us to process on their behalf. You should contact the relevant business who collected your personal data to understand their privacy practices in relation to your Customer Data.

Data Transfers 

The privacy protections available in the countries to which we send data for the purposes listed above may be less comprehensive than what is offered in the country in which you initially provided the information. Where we transfer your personal data outside of the United Kingdom or European Union, we will perform those transfers using appropriate safeguards in accordance with the requirements of applicable data protection laws and we will protect the transferred personal data in accordance with this Privacy Policy. This includes:

• only transferring your personal information to countries that have been deemed by applicable data protection laws to provide an adequate level of protection for personal information; or
• including standard contractual clauses (as approved by the relevant Data Protection Authority) in our agreements with third parties that are overseas.

Data retention

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. 

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Extra rights for EU and UK individuals

You may request details of the personal information that we hold about you and how we are process it (commonly known as a “data subject request”). You may also have a right in accordance with applicable data protection law to have your personal information rectified or deleted, to restrict our processing of that information, to object to decisions being made based on automated processing where the decision will produce a legal effect or a similarly significant effect on you, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to you or another organisation. 

If you are not happy with how we are processing your personal information, you have the right to make a complaint at any time to the relevant Data Protection Authority based on where you live. For residents of the United Kingdom, this is the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Authority, so please contact us in the first instance using the contact details set out below. 

California Residents

Under the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act ("CPRA"), California residents have rights which may impact how your information is being processed: 

As described in Section 2 “The information we collect”, Zitcha collects various types of personal information about you in order to fulfil specific business, legal, and compliance needs.

The manner in which we collect your information may be found in Section 3 “How we collect your personal information”.

We use your information as described in Section 4 “Why we collect, hold, use and disclose personal information”.

We disclose your information as described in Section 5 “Our disclosures of personal information to third parties”.

We retain your information as described in Section 6 “Data Retention”.

Your California Rights

If you are a California resident, you may have the following rights with respect to the personal information we process about you:

• Right to Know. You may have the right to request information about the categories of personal information we have collected about you, the categories of sources from which we collected the personal information, the purposes for collecting, selling, or sharing the personal information, and the categories of third parties to whom we have disclosed your personal information, and the specific pieces of personal information we have collected about you.
• Right to Delete. You may have the right to request that we delete personal information that we have collected from you.
• Right to Correct. You may have the right to request that we correct inaccurate personal information that we maintain about you.
• Right to Opt-out of Sales or Sharing. You may have the right to opt-out of the “sale” or “sharing” of your personal information as such terms are defined by the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act ("CPRA").
• Right to Non-Discrimination. Should you choose to exercise any of these rights, we will not discriminate against you in any way. If you exercise certain rights, understand certain features of our website and mobile applications may be unavailable to you.

Submitting a California Request

You can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable law.

You may make these requests by emailing us at privacy@zitcha.com.

Zitcha does not sell your personal information.

We may need to ask you for additional information to identify you. If we can’t identify you, we may not be able to fulfill your request. We will only use any information you provide in order to verify your request. 

Please note that if you request that we remove your information, we may retain some of the information for specific reasons, such as to resolve disputes, troubleshoot problems, and as required by law.

Furthermore, some information is never completely removed from our databases due to technical constraints and the fact that we regularly back up our systems. Therefore, some of your personal information may never be completely removed from our databases.

We will respond to you on these requests as quickly as we can, but it may take us up to 45 days. If we need more time than that, we will let you know.

We will not discriminate against you for submitting a rights request.

Other U.S. States

For residents of Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia.

You may have the following rights, subject to any applicable exemptions or limitations:

• Right to Access. You have the right to confirm whether we are processing your personal information and to access such personal information.
• Right to Correct. You have the right to request that we correct inaccurate your personal information that we maintain about you.
• Right to Delete. You have the right to request that we delete your personal information under specific circumstances.
• Right to Opt-out. You have the right to object or opt-out of certain types of processing, including: (1) processing for the purpose of targeted advertising, (2) processing for the purpose of the sale of personal information, and (3) processing for the purpose of certain types of profiling and automated decision-making.
• Right to Data Portability. You have the right to request a copy of your personal information in an accessible format.
• Right to Equal Service. If you choose to exercise any of these rights, we will not discriminate against you in any way. If you exercise certain rights, understand that you may be unable to use or access certain features of our websites, services, or properties.
• Right to Appeal. If we do not grant your consumer request, you may have the right to appeal that denial.

You can exercise your privacy rights as described in “Submitting a Privacy Rights Request,” below.

Submitting a Privacy Rights Request

To exercise any of the state rights above, please submit a request to us by emailing us at privacy@zitcha.com. Making a consumer request does not require you to create an account with us. Applicable law may limit the number of times that you may submit a particular request within a 12-month period.

You can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable law.

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g. phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.

We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. If, however, we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity, and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we verify you.

For any questions or notices, please contact us at:

UK Data Privacy Manager: privacy@zitcha.com

EU Representative: privacy@zitcha.com

USA Privacy Manager: privacy@zitcha.com