Privacy Policy

1. INTRODUCTION

1.1 About This Policy

This Privacy Policy sets out how ANSOW PENDURTHI PTY LTD (ABN 64 690 470 805) trading as Nyburbs (we, us, our, Nyburbs) collects, uses, discloses, stores and otherwise handles personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act).

1.2 Nature of the Platform

Nyburbs operates a digital marketplace platform that facilitates connections between customers seeking professional services and qualified service providers. Our platform currently would start to offer services in the following categories: home chef and cooking services, home salon services, pest control, gardening, and photography. Additional service categories may be introduced from time to time.

1.3 Acceptance and Consent

By accessing or using the Nyburbs platform, whether as a customer or service provider, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree with this Privacy Policy, you must not access or use our platform.

2. DEFINITIONS AND INTERPRETATION

2.1 Definitions

In this Privacy Policy, unless the context otherwise requires:

• Customer means an individual who uses the platform to search for, book, or receive services from Service Providers;
• Personal Information has the meaning given in the Privacy Act and includes information or an opinion about an identified individual, or an individual who is reasonably identifiable;
• Platform means the Nyburbs website, mobile applications, and all related digital services and infrastructure;
• Service Provider means an individual or business entity registered on the platform to offer professional services to Customers;
• User means any person who accesses or uses the Platform, including both Customers and Service Providers.

3. COLLECTION OF PERSONAL INFORMATION

3.1 Information Collected from Customers

We may collect and hold the following categories of personal information from Customers:

• identification information including full name, email address, and telephone number;
• location data including service delivery address and general geolocation information;
• payment and financial information processed through our third-party payment provider Stripe;
• service preferences, booking history, and transaction records;
• reviews, ratings, and feedback provided by you regarding Service Providers;
• communications and correspondence with Service Providers and our support team.

3.2 Information Collected from Service Providers

We may collect and hold the following categories of personal information from Service Providers:

• identification and contact information including full name, business name, email address, and telephone number;
• business verification information including Australian Business Number (ABN) and business registration details;
• professional credentials including certifications, licenses, permits, and qualification documents;
• portfolio materials including photographs, work samples, and service descriptions;
• service area information, specialisations, availability, and pricing details;
• financial information including bank account details for payment processing through Stripe;
• customer reviews, ratings, and performance metrics;
• communications and correspondence with Customers and our support team.

3.3 Automatically Collected Technical Information

When you access or use the Platform, we automatically collect certain technical and usage information, including:

• device information including device type, operating system, and browser type;
• network information including IP address and general geographic location;
• usage data including pages viewed, features accessed, time spent on the Platform, and navigation patterns;
• cookies and similar tracking technologies as described in our Cookie Policy.

3.4 Methods of Collection

We collect personal information through the following methods:

• directly from you when you register an account, complete forms, or communicate with us;
• automatically through your use of the Platform via cookies and similar technologies;
• from third parties including payment processors, identity verification services, and publicly available sources;
• from other users through reviews, ratings, and communications on the Platform.

4. PURPOSE AND USE OF PERSONAL INFORMATION

4.1 Primary Purposes

We collect, hold, use, and disclose your personal information for the following primary purposes:

• to provide, operate, maintain, and improve the Platform and its functionality;
• to facilitate connections, bookings, and transactions between Customers and Service Providers;
• to verify the identity, credentials, and qualifications of Service Providers through ABN validation, license verification, and document authentication;
• to process payments, refunds, and financial transactions through our payment processor Stripe;
• to send transactional communications including booking confirmations, payment receipts, and service notifications via Brevo;
• to display Service Provider profiles, portfolios, credentials, and reviews to prospective Customers;
• to facilitate the review and rating system for service quality assurance;
• to provide customer support and respond to inquiries, complaints, and requests;
• to detect, prevent, and address fraud, security issues, and violations of our Terms and Conditions.

4.2 Secondary Purposes

We may also use your personal information for the following secondary purposes:

• to conduct analytics and research to improve our services and develop new features;
• to send marketing communications about new services, features, and promotions (with your consent where required);
• to comply with legal and regulatory obligations including record-keeping requirements;
• to enforce our rights and resolve disputes, including the collection of debts.

4.3 Planned Analytics and Marketing

We plan to implement additional analytics and marketing tools including Google Analytics, Google Ads, and LinkedIn Insight Tag. When implemented, these tools will collect and analyse usage data to improve user experience and deliver targeted advertising. You will be notified of these implementations and provided with appropriate opt-out mechanisms in accordance with applicable law.

5. DISCLOSURE OF PERSONAL INFORMATION

5.1 Disclosure Between Platform Users

To facilitate service bookings and delivery, we disclose relevant personal information between Customers and Service Providers. This includes contact details, service requirements, location information, and portfolio materials as necessary for the performance of services.

5.2 Third-Party Service Providers

We engage the following categories of third-party service providers who may receive or have access to your personal information:

• Payment Processing: Stripe processes all payment transactions and may collect and store payment card information, banking details, and transaction records;
• Email Communications: Brevo sends transactional emails and notifications on our behalf and may track email engagement;
• Cloud Hosting: Currently Render, with planned migration to Amazon Web Services (AWS), provides cloud infrastructure and data storage;
• Analytics (Planned): Google Analytics will analyse website usage and user behavior;
• Advertising (Planned): Google Ads and LinkedIn Insight Tag will facilitate targeted advertising campaigns.

All third-party service providers are required to comply with the APPs or equivalent data protection standards and may only use your personal information for the specific purposes for which it was disclosed.

5.3 Legal and Regulatory Disclosure

We may disclose your personal information where required or authorized by law, including:

• to comply with legal process, court orders, or government requests;
• to establish, exercise, or defend legal rights or claims;
• to prevent, detect, or investigate fraud, security breaches, or illegal activities;
• to protect the rights, property, or safety of Nyburbs, our users, or the public.

5.4 Business Transfers

In the event of a merger, acquisition, reorganisation, sale of assets, or insolvency, your personal information may be disclosed to potential or actual purchasers, successors, or assignees. Any such party will be required to maintain the confidentiality of personal information and use it only for purposes consistent with this Privacy Policy.

6. OVERSEAS DISCLOSURE

6.1 Overseas Recipients

Some of our third-party service providers are located outside Australia or may store data on servers located overseas. Your personal information may be disclosed to recipients in the following jurisdictions:

• United States: Stripe operates data centers in the United States and other jurisdictions globally;
• European Union: Brevo operates from France and is subject to the General Data Protection Regulation (GDPR);
• Multiple Jurisdictions: AWS (planned) operates data centers globally and we will use Australian or Asia-Pacific regions where practicable.

6.2 Safeguards for Overseas Disclosure

Before disclosing personal information overseas, we take reasonable steps to ensure that overseas recipients handle personal information in a manner consistent with the APPs. This includes contractual arrangements requiring compliance with data protection standards equivalent to those under Australian law.

7. DATA SECURITY AND STORAGE

7.1 Security Measures

We implement reasonable technical and organisational security measures to protect personal information from misuse, interference, loss, unauthorized access, modification, or disclosure. These measures include:

• encryption of data in transit using industry-standard protocols (TLS/SSL);
• encryption of sensitive data at rest including payment information and verification documents;
• secure storage infrastructure provided by Render with planned migration to AWS;
• access controls restricting personnel access to personal information on a need-to-know basis;
• regular security assessments, vulnerability testing, and system monitoring;
• use of Payment Card Industry Data Security Standard (PCI DSS) compliant payment processors.

7.2 Limitations of Security

While we take reasonable steps to protect your personal information, no method of transmission or electronic storage is completely secure. We cannot guarantee absolute security of your personal information. You are responsible for maintaining the confidentiality of your account credentials and for all activities under your account.

7.3 Data Breach Response

In the event of a data breach that is likely to result in serious harm to affected individuals, we will comply with the mandatory data breach notification requirements under the Privacy Act, including notification to the Office of the Australian Information Commissioner (OAIC) and affected individuals.

8. DATA RETENTION AND DELETION

8.1 Retention Periods

We retain personal information for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. Specific retention periods include:

• Account Information: retained for the duration of your active account and for 30 days after account closure unless legal requirements mandate longer retention;
• Transaction Records: retained for 7 years from the date of transaction to comply with taxation and financial reporting obligations;
• Verification Documents: ABN records, licenses, and certifications retained while Service Provider account remains active and for 3 years thereafter;
• Communications: customer support records and platform communications retained for 3 years;
• Reviews and Ratings: retained indefinitely unless deletion is requested or content violates our policies.

8.2 Deletion and Anonymization

Upon expiration of the applicable retention period, or upon your request where legally permissible, we will securely delete or anonymize your personal information. Anonymized data that cannot reasonably identify an individual may be retained indefinitely for analytics and business purposes.

9. YOUR RIGHTS AND CHOICES

9.1 Access to Personal Information

Under APP 12, you have the right to request access to the personal information we hold about you. To make an access request, please contact us using the details in clause 13. We will respond to your request within 30 days. We may charge a reasonable fee for providing access in accordance with applicable law.

9.2 Correction of Personal Information

Under APP 13, you have the right to request correction of personal information we hold about you if it is inaccurate, out-of-date, incomplete, irrelevant, or misleading. You can update certain information directly through your account settings. For other corrections, please contact us using the details in clause 13.

9.3 Deletion of Personal Information

You may request deletion of your personal information, subject to our legal and regulatory obligations to retain certain records. To request deletion, please close your account through the Platform or contact us using the details in clause 13. We will process deletion requests within 30 days except where retention is required by law.

9.4 Withdrawal of Consent

Where we rely on your consent to process personal information, you may withdraw that consent at any time by contacting us. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal but may limit your ability to use certain Platform features.

9.5 Marketing Communications

You may opt out of receiving marketing communications at any time by using the unsubscribe mechanism in emails or by contacting us. Note that you cannot opt out of transactional communications necessary for Platform operation, such as booking confirmations and payment receipts.

10. COMPLAINTS AND DISPUTES

10.1 Internal Complaint Process

If you believe we have breached the APPs or this Privacy Policy, you may lodge a complaint by contacting our Privacy Officer using the details in clause 13. Your complaint should include:

• your contact details;
• details of the alleged breach;
• any supporting documentation.

We will acknowledge receipt of your complaint within 7 days and aim to provide a substantive response within 30 days. If we require additional time to investigate, we will notify you of the reasons for the delay.

10.2 Office of the Australian Information Commissioner

If you are not satisfied with our response to your complaint, or if you prefer not to lodge a complaint directly with us, you may lodge a complaint with the Office of the Australian Information Commissioner:

• Website: www.oaic.gov.au
• Email: enquiries@oaic.gov.au
• Telephone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001

11. CHILDREN'S PRIVACY

The Platform is not intended for use by persons under the age of 18 years. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a person under 18 years of age, we will take steps to delete that information as soon as practicable. If you believe we have collected information from a child, please contact us immediately using the details in clause 13.

12. CHANGES TO THIS PRIVACY POLICY

12.1 Right to Amend

We reserve the right to amend this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors. Any amendments will be effective immediately upon posting the revised Privacy Policy on the Platform.

12.2 Notification of Material Changes

If we make material changes that significantly affect how we collect, use, or disclose your personal information, we will notify you by email (where we hold your email address) or by displaying a prominent notice on the Platform at least 30 days prior to the changes taking effect. The 'Last Updated' date at the beginning of this Privacy Policy indicates when it was most recently revised.

12.3 Continued Use

Your continued use of the Platform after the effective date of any amendments to this Privacy Policy constitutes your acceptance of those amendments. If you do not agree with the amended Privacy Policy, you must cease using the Platform and may close your account.