Privacy Policy

Effective: 14 March 2023
Updated: 18 September 2025

1. Overview

This Privacy Policy explains how Adaca Projects Pty Ltd (ABN 81 169 440 859) ("Adaca", "we", "us", "our") collects, uses, stores, and shares your Personal Information when you visit our website and content, and when you use our services, visit our website, use our applications, or access our services (collectively, the Services). It also explains your rights in relation to your personal information.

By using our Services, you agree to the terms of this Privacy Policy.

2. Scope

This privacy policy covers the Personal Information collected by us when you use, access or interact with our website or content, and when you use or apply to use any of our Services.

This Policy does not apply to:

customer data, where you or your organisation remain the Data Controller;
employee data, being personal information relating to our employees or prospective employees;
third-party data, being data collected directly by third-party platforms or services integrated with the any of our Services, which is governed by their respective privacy policies; and
processor activities, where we only act as the Data Processor on behalf of a customer who remains the Data Controller.

3. Information We Collect

For the purposes of this Privacy Policy, "personal information" refers to any information or opinion about an identified individual or an individual who is reasonably identifiable.

We may collect personal information in various ways, depending on your interactions with our Services. Below is a breakdown of what we collect, how we collect it, and why.

Information you provide to us

Examples of what we may collect:

Account Information: Email address, password, and authentication credentials
Contact Details: Name, address, phone number, and email
Payment Information: Credit card or bank account details used for transactions
Communication Data: Feedback, queries, or complaints shared with us
Marketing Preferences: Interests, communication preferences, and preferred products or services
Third-Party Integration Data: Information you grant us access to from third-party applications (if any)

How we collect it:

When you:

Complete forms on our website
Create an account or use our Services
Interact with our support team

Information collected automatically

Examples of what we may collect:

Usage Data: Pages visited, date/time of access, interaction behaviours (e.g., clicks, scrolling), and search activity
Device and Log Data: IP address, browser type/version, operating system, access logs, and diagnostic reports
Location Data: General location inferred from your IP address or precise location when permission is granted (via GPS or Bluetooth)
Cookies: Persistent and session cookies to enhance functionality, remember preferences, and improve the user experience. You can manage cookie settings in your browser.

How we collect it:

Via tracking technologies (cookies, web beacons, analytics tools) while you use our Services

Information from public and third-party sources

Examples of what we may collect:

Social media profiles (such as LinkedIn)
Contact details (such as email addresses and phone numbers)
Professional information for marketing purposes

How we collect it:

From:

Publicly available sources
Third-party partners
Marketing databases

4. Why We Collect and Use Personal Information

We process your personal information for the following purposes:

Purpose of processing	Legal basis	Types of Personal Information processed
Providing the Services	Contractual necessity	Account Information, Contact Details, Payment Information, and Third-Party Integration Data
Processing payments and managing debtor communications	Contractual necessity	Payment Information, Contact Details, and Third-Party Integration Data
Compliance with legal and regulatory obligations	Legal Obligation	Device and Log Data, Communication Data, and Payment Information
Fraud prevention and security measures	Legitimate Interest	Device and Log Data, Usage Data, and Authentication Credentials
Improving user experience and service performance	Legitimate Interest	Usage Data, Interaction Data, and Communication Data
Marketing and customer engagement	Consent	Contact Details, Marketing Preferences, and Public/Third-Party Data
Analysing payment trends and financial behaviour	Legitimate Interest	Usage Data and Third-Party Integration Data
Internal audits and risk management	Legal Obligation	Device and Log Data, Communication Data, and Transaction Records

The legal bases for processing are outlined below:

Consent: where you have explicitly provided your consent or agreed to the integration of third-party software accounts with the Services;
Contractual necessity: where processing is required to fulfill our obligations under the terms of service, including to provide the Services;
Legitimate interest: where processing is necessary for our legitimate business interests, including improving Service functionality, detecting fraud, and securing our systems, provided their interests are not overridden by your fundamental rights and freedoms;
Legal obligation: where processing is required for us to comply with legal obligations, such as financial record keeping or responding to lawful requests.

We use your data for primary purposes (to deliver Services and meet contracts) and ancillary purposes (supporting functions such as analytics, fraud prevention, or marketing). We only process for ancillary purposes if compatible with the primary purpose, is reasonably expected by the user in the context, or is explicitly consented to.

In accordance with the GDPR's Purpose Limitation Principle (Article 5(1)(b)), we do not process personal information for new purposes that are incompatible with the original purpose without first obtaining a new legal basis.

We generally do not collect sensitive personal information (such as health, biometrics, government IDs) (SPI). If required, we only process with your explicit consent or where legally permitted, and only for limited purposes (such as compliance, fraud prevention, or essential service delivery). To understand your rights in relation to SPI, please refer to section 9.

5. Disclosure of Personal Information

We may disclose your information to the following parties, provided such disclosure is necessary and consistent with applicable privacy laws:

employees, contractors, and related entities;
professional advisers, such as lawyers, accountants, or auditors;
service providers and vendors who assist in delivering the Services, such as cloud hosting providers, payment processors, analytics services, and customer support platforms;
law enforcement agencies, regulatory authorities, or government bodies if required by law, legal process, or to protect our legal rights;
successors in business transactions (such as in the event of a merger, acquisition, restructuring, sale, or other transfer of assets);
business partners where collaboration is required;

We may also disclose your information to third parties where you have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances (such as to your professional advisors).

We do not sell personal information in the traditional sense. However, under certain laws (such as California law (CCPA/CPRA)), certain data-sharing arrangements (e.g., sharing usage data with advertising networks) may be considered a "sale" or "sharing" of personal data. If you are a California resident, you may opt out of such data sharing by submitting a "Do Not Sell or Share My Personal Information" request as outlined in section 9 below.

6. International Data Transfers

Your data may be stored or processed in Australia, the U.S., UK, EU, and the Philippines. We use safeguards such as Standard Contractual Clauses (SCCs), adequacy decisions, Binding Corporate Rules, and Australian Privacy Principles (APP) compliance to ensure protection. For details, contact [email protected].

7. Data Retention and Deletion

We retain personal information only as long as necessary for:

providing the Services,
legal/regulatory requirements, and
resolving disputes.

We assess data retention periodically to ensure that personal information is retained only for as long as necessary. Once personal information is no longer required, we will securely delete or deidentify it.

8. Data Security

We implement robust security measures, including encryption, multi-factor authentication, access controls, and monitoring systems, to protect your personal information from unauthorised access, disclosure, or loss.

In the event of a data breach, we will notify affected individuals and relevant authorities as required by the Australian Notifiable Data Breaches scheme, GDPR Article 33, and relevant U.S. state laws.

9. Your Rights and Choices

9.1. General Rights

Depending on your jurisdiction, you may have the right to:

access a copy of your personal information;
request corrections or updates to inaccurate or incomplete personal information;
request a structured, commonly used, and machine-readable copy of your personal information (such as your account information, preferences, and transaction history);
request the deletion of your personal information where permitted by law;
opt out of targeted advertising, behavioural profiling, or similar activities;
withdraw your consent at any time;
request human review of automated decision-making.

To exercise your rights, please contact us at [email protected].

9.2. Rights in Relation to SPI

With respect to any SPI we may hold, you may have the right to:

Restrict the use of SPI for non-essential purposes such as targeted advertising;
Request that SPI is deleted or anonymised when no longer necessary for legal or service-related purposes;
Opt-out of the sale or sharing of SPI for commercial purposes.

To exercise your rights, please contact us at [email protected].

9.3. Opting-Out

You have the right to opt out of certain uses of your personal information.

General opt-outs (apply globally):

Marketing communications: You may opt out of receiving marketing emails or SMS by following the unsubscribe link in our messages or by contacting us at [email protected].
Cookies and tracking technologies: You can adjust your cookie preferences through your browser or device settings. Please note that disabling cookies may limit the functionality of some features of our Services.
Interest-based advertising: You may opt out of interest-based advertising from participating companies via the Digital Advertising Alliance (DAA) or the Network Advertising Initiative (NAI)

U.S.-specific opt-outs (California CCPA/CPRA):

Certain types of data sharing (such as with advertising networks) may be considered a "sale" or "sharing" of personal information under California law. If you are a California resident, you may opt out of such data sharing by submitting a request to us at [email protected] with the subject line "Do Not Sell or Share My Personal Information."

10. Children's Privacy

Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children and, if discovered, we will delete.

11. Complaints

If you have concerns, please contact us at [email protected].

We aim to resolve complaints promptly, however if your concern remains unresolved, you may contact your local regulator:

Australia: Office of the Australian Information Commissioner (OAIC)
EU/UK: Your national Data Protection Authority
U.S.: Relevant state privacy regulator

12. Policy Updates

We may make changes to this Privacy Policy from time to time to reflect changes in the applicable laws, or our practices, Services, or operational requirements. If material, we will notify you via email, banner, or in-app notice ahead of the changes taking effect.

Please review this page periodically, and especially before you provide any personal information to us.

13. Contact Us

For further information about our Privacy Policy or practices, or to access or correct your personal information, or to make a complaint, please contact us using the details set out below:

Office Manager
Adaca Projects Pty Ltd
L8, 2 Bligh Street
Sydney NSW 2000
Australia

Email: [email protected]