Privacy-Policy - Code Counsel

1. Introduction and Scope

Code Counsel Australia (ABN [to be registered]) (‘we’, ‘our’, ‘us’) is an APP entity as defined under the Privacy Act 1988 (Cth). This Privacy Policy explains how we manage personal information, including how we collect, hold, use, disclose, and protect it.

This Privacy Policy applies to: (a) individuals who visit our Website; (b) current and prospective clients; (c) job applicants; (d) contractors and subcontractors; and (e) any other person whose personal information we hold.

By providing us with your personal information, you consent to the collection, use, and disclosure of that information in accordance with this Privacy Policy and the APPs.

2. What Personal Information We Collect

2.1 Types of Personal Information

We may collect the following types of personal information:

Identity information: full name, job title, position, employer/company name.
Contact information: email address, telephone number, mailing or business address.
Financial information: billing address, payment details (processed securely through compliant payment processors), and invoicing details.
Technical information: IP address, browser type and version, operating system, referring URL, and cookies data when you visit our Website.
Communications: records of correspondence, enquiries, feedback, or complaints you send to us.
Employment information: resume/CV, employment history, qualifications, and references (for job applicants).
Project and technical data: information necessary to deliver contracted Services.

2.2 Sensitive Information

We do not generally collect sensitive information (as defined under the Privacy Act, including health information, racial or ethnic origin, religious beliefs, criminal records, etc.) unless it is necessary for our Services and you have expressly consented to its collection. Any sensitive information is handled with additional safeguards.

2.3 Anonymity and Pseudonymity (APP 2)

Where lawful and practicable, we will allow individuals to interact with us on an anonymous or pseudonymous basis. However, providing incomplete information may limit our ability to deliver certain Services.

3. How We Collect Personal Information

We collect personal information through:

Direct interactions: when you contact us, complete enquiry forms, request a quote, or engageour Services
Our Website: through contact forms, cookies, analytics tools, and other digital tracking
technologies.Services
Service delivery: information exchanged in the performance of contracted work
Third parties: referrals, publicly available sources (such as LinkedIn or company websites), and background check providers (for employment purposes, with your consent).
Automated technologies: server logs, cookies, web beacons, and similar technologies.

Cookie Notice

We use cookies and similar tracking technologies on our Website to enhance functionality and analyseusage.

Types of cookies we use: essential (necessary for website operation), analytics (understanding usagepatterns), and functional (personalisation).

You may manage your cookie preferences through your browser settings. Disabling certain cookies
may affect your experience.

For more information about cookies, visit www.oaic.gov.au

4. Purposes for Which We Hold, Use and Disclose Personal
Information (APP 6)

4.1 Primary Purpose

We collect personal information primarily to: (a) provide, administer, and improve our Services; (b)
communicate with you about our Services, projects, and enquiries; (c) issue invoices and processpayments; (d) fulfil our contractual obligations; and (e) meet our legal and regulatory obligations.

4.2 Secondary Purposes

We may also use personal information for the following secondary purposes, where reasonably
expected or where you have consented:

Marketing and promotional communications about our services and updates (you may opt out
at any time in accordance with the Spam Act 2003 (Cth)).
Conducting research and improving our products and services.
Responding to complaints and resolving disputes.
Complying with applicable legal obligations, court orders, or government requests.
Enforcing our Terms and Conditions and other agreements..

4.3 Direct Marketing (APP 7)

We may use or disclose your personal information for direct marketing purposes only if: (a) the
information was collected from you directly; (b) you would reasonably expect the use for direct
marketing; and (c) we provide you with a simple means to opt out.

Every direct marketing communication will include an unsubscribe mechanism. If you opt out, wewill
action your request within five (5) business days in accordance with the Spam Act 2003 (Cth)

5. Disclosure of Personal Information

5.1 Third-Party Disclosures

We may disclose personal information to:

Subcontractors and technology service providers who assist in delivering our Services, boundby confidentiality and data handling obligations.
IT service providers, cloud hosting providers, and software vendors necessary to operateour
business.
Professional advisors including lawyers, accountants, and auditors, subject to confidentialityobligations.
Debt collection agencies where payment obligations are unfulfilled.
Law enforcement agencies, government bodies, or courts where required or authorisedbylaw.

5.2 Cross-Border Disclosure (APP 8)

We may disclose personal information to overseas recipients, including to our related entities inNewZealand. Before doing so, we will take reasonable steps to ensure that the overseas recipient
complies with the APPs or is subject to a substantially similar privacy law, or we will seek your
consent, or one of the exceptions under APP 8.2 applies.

Currently, information may be transferred to: New Zealand (subject to the Privacy Act 2020 (NZ), which provides comparable privacy protections). We will update this policy if additional overseas
disclosures become necessary.

5.3 Sale or Restructure

In the event of a business sale, merger, or restructure, personal information may be transferredtotheacquiring entity, subject to equivalent privacy protections.

6. Security of Personal Information (APP 11)

We take reasonable steps to protect personal information from misuse, interference, loss, and
unauthorised access, modification, or disclosure. Our security measures include:

Industry-standard encryption (TLS/SSL) for data in transit.
Access controls and authentication requirements for internal systems.
Regular security assessments and staff training on privacy obligations.
Physical security measures for any premises where records are stored.

If we no longer require personal information for any purpose, we will take reasonable steps to destroyor de-identify it, unless we are required by law to retain it (for example, under the Australian TaxationAdministration Act 1953 (Cth) or Corporations Act 2001 (Cth)).

Data Breach Response

We have a Data Breach Response Plan in place consistent with the Notifiable Data Breaches (NDB)
scheme under Part IIIC of the Privacy Act 1988 (Cth).

If we become aware of an eligible data breach, we will conduct an assessment within 30 days and, where required, notify the Office of the Australian Information Commissioner (OAIC) and affected
individuals.

Notifications will include a description of the breach, the type of information involved, and
recommended steps you can take to protect yourself.

7. Your Rights Under the Privacy Act

7.1 Access to Your Personal Information (APP 12)

You have the right to request access to personal information we hold about you. To make an accessrequest, please contact us using the details in clause 12. We will respond within a reasonable time(generally within 30 days) and may charge a reasonable fee for complex requests.

Access may be refused on limited grounds including where access would pose a serious threat tolifeor safety, or where it would have an unreasonable impact on the privacy of others. If we refuse
access, we will provide written reasons.

7.2 Correction of Personal Information (APP 13)

If you believe that personal information we hold about you is inaccurate, out of date, incomplete,
irrelevant, or misleading, you may request that we correct it. We will respond within 30 days. If wedonot make the correction, we will provide written reasons and information about how to make a
complaint.

7.3 Complaints (APP 1.4)

If you believe we have breached the APPs or an applicable privacy code, you may make a complaint
to us. Please see clause 11 for our complaints handling process.

8. Website Analytics and Third-Party Services

Our Website may use third-party analytics services such as Google Analytics. These services usecookies and similar technologies to collect information about your use of the Website. The informationgenerated is transmitted to and stored by the service provider on its servers, which may be locatedoverseas.

We have taken steps to configure these services to anonymise IP addresses where possible. Youcanopt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on availableat
tools.google.com/dlpage/gaoptout.

Our Website may contain links to third-party websites. We are not responsible for the privacy
practices of those websites and encourage you to read their privacy policies.

9. Children’s Privacy

Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal
information from children without verifiable parental consent. If we become aware that we haveinadvertently collected personal information from a child under 18, we will take prompt steps to deletethat information.

10. Retention of Personal Information

We retain personal information for as long as necessary to fulfil the purposes for which it was
collected, including:

Client records: 7 years after the end of the business relationship (consistent with Australiantaxation and company law obligations)..
Job applicant records: 12 months after the conclusion of the recruitment process, unless
otherwise consented to.
Website analytics data: as per the retention policies of the applicable third-party analyticsprovider.
Legal records: as required by applicable legislation.

After the applicable retention period, personal information will be securely destroyed or permanentlyde-identified.

11. Complaints and Dispute Resolution

If you have a complaint about our handling of your personal information:

Contact us in writing using the details in clause 12. Please provide your name, contact details, and a description of your complaint.
We will acknowledge receipt of your complaint within 5 business days.
We will investigate and provide a response within 30 days. If we require more time, wewill
notify you of the expected timeframe.
If you are not satisfied with our response, you may lodge a complaint with the Office of theAustralian Information Commissioner (OAIC):

12. Contact Us — Privacy Enquiries

Code Counsel — Contact Details

Website: www.codecounsel.co

Email: sales@codecounsel.co

Phone: +61 424 901 707

Post: Woolloongabba, QLD 4102

ABN: [To be registered with the Australian Business Register]

ACN: [To be assigned upon incorporation]

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology,
legal requirements, or other factors. We will notify you of material changes by posting the updatedpolicy on our Website and, where appropriate, by direct notification. The effective date at the topof
this policy indicates when it was last updated.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect
your personal information

Change Location