Privacy Policy

ZUNOQ PTY LTD
Effective Date: 9 July 2025

This Privacy Policy (“Policy”) is issued by ZUNOQ PTY LTD, a proprietary limited company duly incorporated pursuant to the Corporations Act 2001 (Cth) and registered under the laws of the Commonwealth of Australia, having its Australian Company Number (ACN) 688 900 781 and Australian Business Number (ABN) 89 688 900 781, with its registered office located at 470 St Kilda Road, Melbourne, Victoria 3004, Australia (“Zunoq”, “we”, “our” or “us”).

This Policy constitutes Zunoq’s formal and binding declaration concerning the manner and legal basis upon which it collects, stores, uses, discloses, and otherwise processes Personal Information, as that term is defined in section 6(1) of the Privacy Act 1988 (Cth) (“Privacy Act”), in the course of its commercial operations and in connection with your access to or interaction with the company’s online infrastructure, including but not limited to the website located at www.zunoq.com (the “Website” or “Site”).

This Policy is published and maintained in accordance with the obligations imposed upon Zunoq as an “APP entity” under the Privacy Act and the Australian Privacy Principles (“APPs”) as set forth in Schedule 1 to the Act. It is intended to comply with and give effect to:

• APP 1.3 and APP 1.4, regarding open and transparent management of Personal Information;
• APP 5, concerning notification of the collection of Personal Information;
• APP 6, governing the use and disclosure of Personal Information for primary and permitted secondary purposes;
• APP 11, which mandates the adoption of reasonable security safeguards;
• and all related provisions applicable to data breaches, access, correction, and complaint mechanisms.

Zunoq affirms its unwavering commitment to the protection of privacy and data sovereignty by ensuring that all data handling practices conform to the principles of lawfulness, fairness, necessity, and proportionality, as required under Australian law. All Personal Information collected by Zunoq is treated as strictly confidential and is processed only to the extent reasonably necessary to support lawful business activities, maintain client communications, comply with statutory obligations, and deliver our professional services.

The purpose of this Policy is to ensure that individuals whose Personal Information is collected by Zunoq are fully informed of:

• The nature and categories of Personal Information collected;
• The purposes for which such information is collected, stored, used, and disclosed;
• The legal bases that justify such processing;
• The entities (if any) with whom such data may be lawfully disclosed;
• The rights and remedies available to individuals under Australian law;
• The procedures for lodging access, correction, or complaint requests;
• And the security measures implemented by Zunoq to preserve data integrity and confidentiality.

This Policy applies to all persons who access or use the Website, submit enquiries or information through it, or otherwise provide Personal Information to Zunoq, whether as prospective clients, contractors, business partners, or third-party correspondents.

By accessing the Website or otherwise engaging with Zunoq through digital or physical means, you signify your acknowledgement and acceptance of the terms and conditions set out in this Policy. If you do not agree to the terms of this Policy, you should immediately refrain from using the Website or submitting any Personal Information to us.

Zunoq expressly reserves the right to amend, update, or revise this Policy at any time, in its sole and absolute discretion, to reflect changes in its practices, operational requirements, or applicable laws. Such modifications shall take effect upon publication of the revised Policy to the Website or, where required by law, upon provision of direct notice to affected individuals. Your continued use of the Website following any such change constitutes your deemed acceptance of the updated Policy.

I. DEFINITIONS

For the purposes of this Privacy Policy, and unless the context otherwise requires, the following terms shall have the respective meanings ascribed below. These definitions are intended to align with applicable Commonwealth legislation, including the Privacy Act 1988 (Cth), the Corporations Act 2001 (Cth), and relevant interpretive principles under Australian data protection jurisprudence.

1. “Personal Information” means information or an opinion (including whether true or false and whether recorded in material form or not) about an identified individual, or an individual who is reasonably identifiable, as defined under section 6(1) of the Privacy Act 1988 (Cth). This includes names, email addresses, contact numbers, or any combination of data points from which identity may be ascertained.

2. “Sensitive Information” is a subcategory of Personal Information and includes information or opinion about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of trade unions or professional associations, sexual orientation or practices, criminal record, health information, genetic or biometric data, in accordance with Part II, Division 1 of the Privacy Act 1988 (Cth). Sensitive Information is subject to heightened handling and consent requirements.

3. “You” or “User” refers to any natural person who accesses, uses, navigates, or otherwise engages with the Website or submits Personal Information to Zunoq, either on their own behalf or in a representative capacity.

4. “Third Party” means any natural or legal person, entity, agency, contractor, authority, or service provider that is not directly controlled by Zunoq within the meaning of section 50AA of the Corporations Act 2001 (Cth). This includes external data processors, hosting platforms, outsourced vendors, and independent consultants.

5. “Data Breach” shall have the meaning of “eligible data breach” as provided in section 26WE of the Privacy Act 1988 (Cth) and refers to an event involving unauthorised access to, unauthorised disclosure of, or loss of Personal Information held by Zunoq, where such event is reasonably likely to result in serious harm to any of the individuals to whom the information relates.

6. “Website” or “Site” means the official online platform of Zunoq Pty Ltd, currently accessible at www.zunoq.com, through which the Company offers digital services, disseminates information, and facilitates electronic communication with Users.

7. “Processing” means any operation or set of operations that is performed on Personal Information, whether or not by automated means, including but not limited to collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.

8. “Consent” means any freely given, specific, informed, and unambiguous indication by which the User, by a clear affirmative act, signifies agreement to the processing of their Personal Information by Zunoq for one or more specified purposes, consistent with APP 3.3 and common law principles of informed authorisation.

9. “Collection” refers to the gathering, acquisition, or receipt of Personal Information by Zunoq, including information provided directly by the User (e.g., via enquiry forms) or indirectly (e.g., through correspondence or third-party referrals), as contemplated under APP 3 of the Privacy Act 1988 (Cth).

10. “Disclosure” means making Personal Information available outside Zunoq, including to a Third Party, whether by deliberate release, publication, transmission, or otherwise, such that the recipient is no longer within Zunoq’s effective control, pursuant to APP 6.

11. “Use” means the handling or dealing with Personal Information within Zunoq, including internal review, data organisation, decision-making, analytics, and communications, consistent with its business functions and the purposes for which the information was collected.

12. “Applicable Law” refers to all laws, regulations, orders, directions, and binding guidelines applicable in the Commonwealth of Australia and the State of Victoria, including but not limited to the Privacy Act 1988 (Cth), Corporations Act 2001 (Cth), Spam Act 2003 (Cth), and any privacy-related regulatory instruments issued by the Office of the Australian Information Commissioner (OAIC).

13. “Zunoq” or “Company” refers to Zunoq Pty Ltd, an Australian proprietary company limited by shares, duly incorporated under the Corporations Act 2001 (Cth), bearing ACN 688 900 781 and ABN 89 688 900 781, with its principal place of business and registered office located at 470 St Kilda Road, Melbourne VIC 3004, Australia.

II. CORPORATE INFORMATION

This Privacy Policy is issued by the Data Controller identified as follows, in accordance with the Privacy Act 1988 (Cth), the Corporations Act 2001 (Cth), and other applicable Commonwealth and State legislation governing corporate entities and data protection within Australia:

1. Legal Entity Name:
    Zunoq Pty Ltd
    A proprietary limited company duly formed and existing under the laws of the Commonwealth of Australia, and registered as a body corporate in accordance with the provisions of the Corporations Act 2001 (Cth).

2. Australian Company Number (ACN):
    688 900 781

3. Australian Business Number (ABN):
    89 688 900 781
    As issued under the A New Tax System (Australian Business Number) Act 1999 (Cth).

4. Registered Office Address:
    470 St Kilda Road
    Melbourne, State of Victoria, 3004
    Commonwealth of Australia
    This address is maintained in accordance with section 142 of the Corporations Act 2001 (Cth) as the designated official service address for legal and regulatory correspondence.

5. Place of Incorporation and Domicile:
    Australia
    Zunoq Pty Ltd is domiciled within and governed by the laws of the Commonwealth of Australia.

6. Governing Law and Jurisdiction:
    This Privacy Policy and any dispute or claim arising out of or in connection with it (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of the Commonwealth of Australia, with exclusive jurisdiction conferred upon the courts of the State of Victoria, save where otherwise mandated by overriding Commonwealth jurisdiction.

7. Supervisory Authority for Data Protection Matters:
    Office of the Australian Information Commissioner (OAIC)
    Website: www.oaic.gov.au
    Contact: GPO Box 5218, Sydney NSW 2001, Australia
    The OAIC exercises oversight and enforcement powers pursuant to Parts III and V of the Privacy Act 1988 (Cth)z.

III. SCOPE OF APPLICATION

1. This Privacy Policy (“Policy”) governs the manner in which Zunoq Pty Ltd (the “Company”) collects, uses, stores, discloses, and otherwise processes Personal Information, as defined under section 6(1) of the Privacy Act 1988 (Cth), specifically in relation to individuals who interact with or submit data via the Company’s official website located at www.zunoq.com (“Website” or “Site”), including through embedded contact forms, enquiry mechanisms, and any associated online submission channels.

2. This Policy is binding upon all Users who access, browse, or otherwise utilise the Site and voluntarily provide Personal Information through the same, and it outlines the rights and obligations of both the data subject and the Company with respect to such Personal Information under the Australian Privacy Principles (APPs) prescribed in Schedule 1 of the Privacy Act 1988 (Cth).

3. This Policy does not apply to:

   a. Any information processed by the Company in the capacity of a data processor or sub-processor on behalf of third-party clients pursuant to bespoke confidentiality agreements, commercial contracts, or service-level agreements;

   b. Personal Information collected or transmitted via external websites, platforms, applications, or services that may be accessible via hyperlinks embedded on the Site, which are not owned, operated, or controlled by Zunoq Pty Ltd;

   c. Any third-party cookies, tracking technologies, or plugins originating from external sources over which Zunoq exercises no technical or operational control.

4. To the extent Zunoq is required to process Personal Information as a service provider or processor on behalf of a client, such processing shall be governed by the terms and conditions of the relevant contractual instrument, and the client shall be deemed the data controller for purposes of that processing.

5. Users are advised that engagement with third-party platforms linked from the Site is subject to the independent privacy policies and practices of those third parties, and Zunoq disclaims any liability or responsibility for the data handling practices of such external entities.

IV. NATURE OF INFORMATION COLLECTED

1. Zunoq Pty Ltd (“Zunoq” or “the Company”) collects only such Personal Information as is voluntarily and knowingly submitted by Users through designated electronic forms available on its official website, www.zunoq.com (“Website” or “Site”), in accordance with Australian Privacy Principle (APP) 3 – Collection of Solicited Personal Information under the Privacy Act 1988 (Cth).

2. The categories of Personal Information collected by Zunoq through its Website are strictly limited to the following:

   a. Full Name – for purposes of identification and addressing communications;

   b. Email Address – for the purpose of correspondence, confirmation of receipt, and service follow-up;

   c. Message Content – any written information voluntarily entered into the free-text or message fields of contact or enquiry forms, which may include further identifying or contextual information.

3. Zunoq does not collect, solicit, or process any of the following categories of information via its Website:

   a. Financial Information (e.g., credit card numbers, bank account details, tax file numbers);

   b. Biometric Data (e.g., facial recognition, fingerprints, retinal scans);

   c. Geolocation Data (e.g., GPS coordinates, IP-based location, mobile triangulation metadata);

   d. Health or Medical Information, as defined under section 6FA of the Privacy Act 1988 (Cth);

   e. Behavioural or Tracking Data (e.g., user preferences, site interaction logs, clickstream analytics);

   f. Sensitive Information, as defined in section 6(1) of the Act, unless explicitly permitted by law and subject to the User’s express and informed consent under APP 3.3.

4. Zunoq does not engage in profiling, behavioural analysis, automated decision-making, or tracking activities such as the deployment of cookies, session replays, browser fingerprinting, or third-party behavioural marketing tools on its Website.

5. All Personal Information collected is limited to that which is reasonably necessary for the Company’s lawful functions and activities, consistent with the principle of data minimisation, and will not be retained or repurposed for unrelated uses without the express consent of the User.

6. Any unsolicited information received by Zunoq through the Website, which does not fall within the categories explicitly outlined in this Clause, shall be managed in accordance with APP 4 – Dealing with Unsolicited Personal Information, and, where appropriate, permanently de-identified or securely destroyed.

V. MINORS’ PRIVACY

1. Zunoq Pty Ltd (“Zunoq” or “the Company”) expressly states that its Website, www.zunoq.com (the “Site”), is not designed for, directed to, or intended for access or use by individuals under the age of eighteen (18) years.

2. In accordance with Australian Privacy Principle (APP) 3.5, the Company does not knowingly solicit, collect, store, or otherwise process any Personal Information from persons known to be minors (i.e., persons under 18 years of age), nor does it intend for such individuals to use the Site, submit enquiries, or otherwise engage with its services through digital means.

3. Should Zunoq become aware, by any means, that it has inadvertently received or retained Personal Information belonging to a minor, such information shall be:

   a. Promptly reviewed and assessed for legitimacy;

   b. Deemed unsolicited for the purposes of APP 4; and

   c. Permanently de-identified or securely destroyed in accordance with APP 11.2, unless retention is required by law or a legal guardian’s consent is obtained under section 16B(3) of the Privacy Act 1988 (Cth).

4. Zunoq disclaims all liability for the submission of information by individuals misrepresenting their age or failing to obtain parental or legal guardian consent prior to engaging with the Website.

5. Parents or legal guardians who become aware that their child has submitted Personal Information to Zunoq are encouraged to immediately contact the Company’s Privacy Officer at 📧 support@zunoq.com to request deletion or review of such data in accordance with applicable law.

VI. LEGAL BASES FOR PROCESSING

1. Zunoq Pty Ltd (“Zunoq” or “the Company”) processes Personal Information in accordance with the legal bases set forth under the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), and well-established principles of lawful and fair data processing.

2. The legal bases upon which Zunoq collects, uses, stores, or otherwise processes Personal Information include, but are not limited to, the following:

a. Consent of the Individual
Where the User has voluntarily and affirmatively submitted Personal Information via the Website, such submission constitutes informed and unambiguous consent within the meaning of APP 3.3. Zunoq relies on this consent to collect and process the data strictly for the stated and lawful purposes. Consent may be withdrawn at any time in accordance with Clause XV of this Policy.

b. Contractual Necessity
Where Personal Information is submitted in connection with a potential or actual service engagement or commercial relationship, such processing is necessary to:

• Enter into a service agreement or proposal;

• Respond to User-initiated enquiries related to professional services;

• Provide pre-contractual communications or documentation;

• Comply with any express or implied terms of contract formation under common law or the Australian Consumer Law (Schedule 2 to the Competition and Consumer Act 2010 (Cth)).

c. Compliance with Legal Obligations
Zunoq may process and retain Personal Information as necessary to comply with mandatory legal obligations under applicable Commonwealth and State laws, including but not limited to:

• The Corporations Act 2001 (Cth)

• The Income Tax Assessment Act 1997 (Cth)

• The Taxation Administration Act 1953 (Cth)

• Recordkeeping, audit, and reporting requirements imposed by regulators such as the Australian Taxation Office (ATO) or Australian Securities and Investments Commission (ASIC)

d. Legitimate Interests of the Company
Zunoq may process Personal Information where it is reasonably necessary for the legitimate business operations of the Company, provided such processing does not override the fundamental rights and freedoms of the individual. Legitimate interests include:

• Internal business administration and governance;

• Maintaining records of correspondence for continuity of service;

• Ensuring compliance with data integrity, audit, or insurance obligations;

• Preventing or detecting unlawful activity or misconduct.

3. Zunoq does not process Personal Information for any purpose that is unrelated to its stated functions or inconsistent with the reasonable expectations of the User, and always in compliance with APP 6 – Use or Disclosure of Personal Information.

VII. PURPOSES OF COLLECTION

1. Zunoq Pty Ltd (“Zunoq”, “we”, “our”) collects, holds, and uses Personal Information strictly in accordance with the principles of lawful and fair data processing as set out in Australian Privacy Principle 3 (APP 3) and APP 6, Schedule 1 to the Privacy Act 1988 (Cth).

2. The purposes for which Personal Information is collected, whether directly through our Website or indirectly via authorised communications, are expressly limited to functions that are legitimate, proportionate, and reasonably necessary for our business operations. These purposes include, but are not limited to:

a. Responding to Enquiries and Service Requests
To enable us to respond to communications, service enquiries, quotation requests, or other legitimate forms of contact initiated by the User, including but not limited to those submitted via our contact form or direct email correspondence.

b. Scheduling Consultations, Scoping Calls, or Professional Engagements
To facilitate scheduling of meetings, virtual consultations, discovery sessions, or pre-engagement discussions necessary for the consideration or provision of professional services.

c. Maintaining Statutory and Corporate Records
To establish, maintain, and safeguard internal records, client interaction logs, correspondence archives, and other documentation required under applicable legislation, including:

• Corporations Act 2001 (Cth)

• Income Tax Assessment Act 1997 (Cth)

• Australian Securities and Investments Commission Act 2001 (Cth)

• Electronic Transactions Act 1999 (Cth)

d. Compliance with Lawful Requirements and Regulatory Directives
To comply with mandatory obligations imposed by law, regulation, or competent authority, including:

• Responding to subpoenas, court orders, or statutory notices under the Evidence Act 1995 (Cth);

• Participating in audits, reviews, or data access requests initiated by government agencies or regulators such as the OAIC, ASIC, or ATO;

• Cooperating with investigations into alleged breaches of law, contract, or ethical duty.

e. Risk Management and Legal Safeguards
Where reasonably necessary, to establish or defend legal claims, manage business risks, and ensure compliance with contractual undertakings or professional standards.

3. Zunoq affirms that it does not collect or process Personal Information for the purposes of profiling, automated decision-making, marketing, or cross-context behavioural advertising, unless otherwise consented to and disclosed in writing.

4. Personal Information is not collected for speculative, excessive, or irrelevant purposes, and Zunoq upholds the principle of data minimisation under APP 3.2.

VIII. METHOD OF COLLECTION

1. Zunoq Pty Ltd (“Zunoq”) collects Personal Information through lawful and transparent means, in strict adherence to APP 3 and APP 5 of Schedule 1 to the Privacy Act 1988 (Cth), ensuring that individuals are adequately informed of the collection context and purpose at or before the time such information is obtained.

2. The primary method by which Zunoq collects Personal Information is direct and voluntary submission by the User through the designated enquiry or contact forms made available on the official website at www.zunoq.com (“Website” or “Site”).

3. The specific data collection mechanism involves the User manually inputting information into structured fields, which may include:

• Full name

• Email address

• Written content submitted in free-text or message fields

4. Zunoq does not collect Personal Information by means of:

   a. Browser cookies or HTTP tracking identifiers
   b. Device fingerprinting or behavioural analytics
   c. Internet Protocol (IP) address logging for geolocation or session tracking
   d. Web beacons, pixels, or third-party analytics integrations (e.g., Google Analytics, Meta Pixel)
   e. Automated data scraping or background scripts

5. By eschewing these indirect or opaque methods of data capture, Zunoq affirms its commitment to transparency, minimalism, and informed consent under APP 1.4, APP 5.1, and relevant OAIC guidelines.

6. In the event that new collection technologies or third-party integrations are adopted in the future, Zunoq undertakes to:

   a. Update this Policy accordingly and prominently notify Users via the Website
   b. Obtain express, specific, and informed consent from Users in compliance with APP 3.3 (for Sensitive Information)
   c. Implement appropriate safeguards and privacy disclosures consistent with the OAIC’s Guide to Data Analytics and Privacy

IX. LIMITATION ON COLLECTION

1. Principle of Data Minimisation
   Zunoq Pty Ltd (“Zunoq”) strictly complies with the principle of data minimisation as mandated by APP 3 under the Privacy Act 1988 (Cth). This principle prohibits the collection of Personal Information unless it is reasonably necessary for one or more of the entity’s lawful functions or activities.

2. Permissible Scope of Collection
   Zunoq only collects Personal Information that:

   a. Is directly and voluntarily provided by the User through lawful means (e.g., the Website’s contact forms)
   b. Is expressly required to perform a legitimate business purpose, including responding to enquiries or maintaining internal records
   c. Is collected in a manner that is fair, lawful, and not unreasonably intrusive

3. Exclusion of Unnecessary Information
   Zunoq expressly refrains from collecting any Personal Information that is not relevant, necessary, or proportionate to its business objectives. The following categories are not collected, requested, or retained:

• Biometric identifiers or facial recognition data

• Geolocation or GPS tracking data

• IP addresses or browser/device metadata

• Inferred behavioural profiles or automated decision-making outputs

• Data gathered through cookies, third-party trackers, or analytics platforms

4. Non-Collection of Sensitive Information
   Zunoq does not actively solicit or store any Sensitive Information as defined under section 6(1) of the Privacy Act 1988 (Cth). This includes:

• Health or genetic data

• Racial or ethnic origin

• Political opinions or affiliations

• Religious or philosophical beliefs

• Trade union or professional association membership

• Sexual orientation or practices

• Criminal convictions or pending charges

5. Protocol for Inadvertent Submission
   If Sensitive Information is unintentionally provided:

   a. Zunoq will assess whether the collection was lawful or reasonably necessary
   b. If unjustified, the data will be securely and permanently destroyed per APP 11.2
   c. No part of the data will be used or disclosed for any secondary purpose

6. Prohibition of Indirect Collection via Surveillance or Analytics
   Zunoq does not use automated surveillance, social listening, or browser fingerprinting technologies.

7. Lawful and Transparent Collection Methods
   All Personal Information is collected via clearly labeled forms on the Website, with consent statements and notice provided per APP 5.

8. Data Collection Governance and Review
   Zunoq's internal governance framework mandates:

• Periodic audits of data collection practices

• Documentation of processing records

• Oversight by privacy officers for compliance

9. Reaffirmation of Lawful and Ethical Conduct
   Zunoq upholds its duty to respect informational self-determination and does not engage in surveillance or deceptive data practices.

X. USE AND DISCLOSURE OF PERSONAL INFORMATION

1. General Commitment
   Zunoq Pty Ltd (“Zunoq”) does not sell, rent, lease, trade, or otherwise monetise Personal Information. All uses and disclosures are compliant with APP 6 and APP 7, as outlined in Schedule 1 of the Privacy Act 1988 (Cth).

2. Permitted Use and Disclosure
   Personal Information may only be used or disclosed:

   a. With the individual’s express written consent
   b. Where reasonably expected by the individual and directly related to the original purpose
   c. As required or authorised by law or court/tribunal order (e.g., under Corporations Act, Taxation Law)
   d. To prevent or lessen a serious threat to life, health, or safety
   e. For establishing or defending legal claims or confidential dispute resolution

3. Specific Scenarios for Disclosure
   Zunoq may disclose data:

• To legal counsel, regulators, or law enforcement

• To third-party service providers (e.g., cloud, IT support) under strict confidentiality

• To courts, tribunals, or mediation/arbitration bodies in legal matters

4. Absence of Direct Marketing Use
   Zunoq does not use Personal Information for direct marketing unless explicit opt-in consent is obtained per APP 7.2.

5. Non-Disclosure to Overseas Recipients
   Zunoq does not currently transfer Personal Information overseas. If required in future, Zunoq will fully comply with APP 8 and seek prior informed consent.

6. De-Identified or Aggregated Data
   Zunoq may use de-identified or aggregated data (not classed as Personal Information) for business or statistical purposes.

7. Confidentiality and Legal Safeguards
   All disclosures are governed by confidentiality agreements and legal safeguards equivalent to the Australian privacy regime.

8. Records of Disclosure
   Zunoq maintains detailed disclosure logs, including legal basis and purpose, which are auditable and subject to regulatory review.

XI. CROSS-BORDER DATA DISCLOSURE

1. General Position on Overseas Disclosure
   As of the Effective Date of this Privacy Policy, Zunoq Pty Ltd (“Zunoq”) does not disclose, transmit, or otherwise transfer any Personal Information outside the jurisdiction of the Commonwealth of Australia. All data processing activities are conducted exclusively within Australia, using secure infrastructure hosted in domestic data centres subject to Australian law.

2. Prospective International Data Transfers
   Should Zunoq find it necessary to disclose Personal Information to a foreign recipient (e.g., use of overseas cloud services, customer support outsourcing, or legal compliance), such transfer shall occur only if one or more of the following conditions under Australian Privacy Principle 8.1 (APP 8.1) are met:

   a. Equivalence of Legal Protection
   The overseas recipient is subject to privacy laws or binding schemes that offer substantially similar protections to the APPs.

   b. Binding Contractual Safeguards
   The recipient is bound by contractual terms (e.g., data processing agreements) requiring compliance with the APPs and prohibiting unauthorised use or disclosure.

   c. Informed and Voluntary Consent
   The individual has been explicitly informed in writing that APP 8.1 will not apply and has provided unambiguous, informed consent to the disclosure.

   d. Permitted Exception under APP 8.2
   The disclosure is required or authorised by law or tribunal order, or falls within other APP 8.2 exceptions, such as serious threats to life, enforcement activities, or contractual necessity.

3. Accountability for Overseas Acts or Omissions
   Unless exempt under section 16C of the Privacy Act 1988 (Cth), Zunoq remains legally accountable for any act or omission of an overseas recipient that would breach the APPs.

4. Due Diligence Measures
   Before any cross-border transfer, Zunoq will conduct a formal risk assessment, including:

   • Review of the recipient country's privacy laws

   • Evaluation of the recipient’s technical and organisational safeguards

   • Verification of secure data transfer procedures

   • Documentation of the legal basis or consent for transfer

5. Data Subject Notification
   Zunoq will provide clear notice to the User regarding:

   • The nature of the information being transferred

   • The identity and location of the overseas recipient

   • Applicable privacy protections in the recipient jurisdiction

6. No Offshore Storage or Mirroring
   Zunoq does not engage in data mirroring, caching, or third-party hosting arrangements involving indirect cross-border data transfers, including content delivery networks (CDNs) or shadow IT.

7. Future Policy Changes
   Any future change involving cross-border data processing will be disclosed in an updated Privacy Policy and Users will be notified as required by law.

XII. DATA STORAGE AND SECURITY

1. Zunoq implements physical, technical, administrative, and procedural safeguards to ensure the confidentiality, integrity, and availability of Personal Information, in compliance with APP 11.

2. These measures mitigate the risks of:

   • Unauthorised or unlawful access, use, or disclosure

   • Accidental or deliberate destruction, loss, or corruption

   • Misuse or interference by unauthorised parties

3. Security Protocols include:

   • Data Hosting: Exclusively in Australian-based, ISO 27001-certified data centres

   • Access Controls: Role-Based Access Controls (RBAC) with Multi-Factor Authentication (MFA)

   • Encryption: TLS for data in transit and AES-256 for data at rest

   • Network Security: Firewalls, intrusion prevention systems, and monitored endpoint protection

   • Audits and Testing: Regular security reviews, vulnerability scans, and third-party penetration testing

   • Confidentiality Agreements: Binding NDAs for all staff and third-party providers

4. Incident Response and Breach Management
   Zunoq maintains a comprehensive Breach Management Policy. In the event of a data breach, Zunoq will:

   • Assess the scope and impact of the breach

   • Notify affected individuals if there is a risk of serious harm

   • Notify the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches (NDB) Scheme

   • Implement remedial and preventative measures

XIII. DATA RETENTION

1. Zunoq retains Personal Information only for periods that are:

   • Necessary to fulfil the purposes for which the data was collected

   • Required by statutory obligations (e.g., taxation, audit, corporate law)

   • Justifiable for legal or compliance purposes

2. As a general rule, Personal Information is retained for up to seven (7) years from the date of last activity, in accordance with:

   • Taxation Administration Act 1953 (Cth)

   • Income Tax Assessment Act 1997 (Cth)

   • Corporations Act 2001 (Cth)

   • Applicable industry regulations

3. Upon expiry of the retention period, or when information is no longer required, Zunoq will:

   • Securely destroy the data using certified erasure or destruction protocols; or

   • Irreversibly de-identify the data so it no longer constitutes Personal Information under the Privacy Act

4. Where retention is required due to legal disputes, court orders, or regulatory investigations, relevant data will be retained for the duration of such proceedings.

XIV. ACCESS AND CORRECTION RIGHTS

1. Under APP 12 and APP 13, individuals have the right to:

   • Confirm whether Zunoq holds their Personal Information

   • Access such information in an intelligible format

   • Request corrections to data that is inaccurate, outdated, irrelevant, or misleading

2. Requests must be submitted in writing to:

   📧 Email: support@zunoq.com

3. Zunoq will:

   • Acknowledge the request within ten (10) business days

   • Respond within thirty (30) calendar days, either by:
     ▪ Providing access to the requested information (where no exemption applies); or
     ▪ Issuing a written explanation of any refusal under APP 12.3 or 13.3

4. Identity verification may be required. In some cases, Zunoq may apply a reasonable administrative fee, which will be disclosed before processing.

5. If access or correction is denied, Zunoq will:

   • Issue a written notice explaining the grounds for refusal (unless prohibited by law)

   • Inform the individual of their right to lodge a complaint with the OAIC

   • Associate a written statement of requested correction with the relevant data record

XV. WITHDRAWAL OF CONSENT

1. Where the lawful basis for Zunoq’s collection, use, or processing of Personal Information is contingent on the User’s informed, voluntary, and unambiguous consent, such consent may be withdrawn at any time without affecting the lawfulness of processing prior to withdrawal.

2. Requests for withdrawal of consent must be made in writing and sent to:
   o 📧 Email: support@zunoq.com

3. Upon receipt of a valid withdrawal notice:
   o Zunoq shall cease any processing activities that rely solely on the consent basis, unless:
   ▪ The information must be retained to comply with legal obligations;
   ▪ The data is required to protect public interests, enforce contractual rights, or defend legal claims.

4. Zunoq shall notify the User:
   o Of the actions taken pursuant to the consent withdrawal;
   o Whether any statutory or regulatory grounds prevent complete erasure or anonymisation of the Personal Information;
   o Of any consequences that may arise from the cessation of data processing, including limitations on services or communications.

5. Consent withdrawal shall not operate retroactively and does not invalidate lawful processing already conducted based on prior consent, in accordance with APP 6.1(a) and relevant OAIC interpretative guidelines.

XVI. AUTOMATED DECISION-MAKING AND PROFILING

1. Zunoq Pty Ltd (“Zunoq”) affirms that it does not engage in any processing of Personal Information through automated decision-making mechanisms or algorithmic profiling which produces legal effects or similarly significant outcomes concerning the individual, as defined under evolving regulatory frameworks and comparable standards, including Article 22 of the EU General Data Protection Regulation (GDPR) as persuasive guidance.

2. All evaluations, eligibility determinations, or service-related decisions are made by natural persons exercising professional judgment, ensuring full compliance with the principles of natural justice, human oversight, and procedural fairness.

3. In the event that Zunoq intends in the future to introduce any form of automated processing, it shall:
   o Conduct a Privacy Impact Assessment (PIA) pursuant to the OAIC’s Guide to Undertaking PIAs;
   o Ensure that such systems are designed with transparency, auditability, and fairness;
   o Provide affected individuals with meaningful information about the logic and potential consequences of automated processing;
   o Implement opt-in consent and ensure individuals have the right to contest any automated outcome.

XVII. DATA BREACH NOTIFICATION

1. Zunoq maintains a comprehensive and proactive Data Breach Response Plan, consistent with Part IIIC of the Privacy Act 1988 (Cth) and the Notifiable Data Breaches (NDB) Scheme administered by the Office of the Australian Information Commissioner (OAIC).

2. An “eligible data breach” occurs when:
   o There is unauthorised access to or disclosure of Personal Information, or loss of information in circumstances likely to give rise to unauthorised access or disclosure; and
   o A reasonable person would conclude that the breach is likely to result in serious harm to any of the individuals to whom the information relates.

3. Upon detection or suspicion of a data breach, Zunoq shall:
   o Promptly initiate an assessment of the breach within the 30-day timeframe required under section 26WH of the Act;
   o Take all necessary containment, mitigation, and recovery steps, including notifying affected third parties or processors if applicable;
   o Where an eligible breach is confirmed, prepare a section 26WK Data Breach Statement and:
   ▪ Notify affected individuals via email or public notice (if direct contact is not practicable);
   ▪ Lodge the statement with the OAIC.

4. The notification shall outline:
   o The nature and timing of the breach;
   o The categories of information involved;
   o The steps taken by Zunoq in response;
   o Measures users should take to protect themselves.

5. Zunoq retains breach documentation for accountability and audit purposes and cooperates fully with the OAIC or other regulators in breach investigations.

XVIII. THIRD-PARTY LINKS AND EXTERNAL SERVICES

1. The Zunoq Website may, from time to time, include hyperlinks, plug-ins, or references to third-party websites or services that are not operated or controlled by Zunoq.

2. Zunoq makes no representations or warranties as to the privacy, data handling, or cybersecurity practices of such third-party platforms and disclaims all liability for any Personal Information submitted, processed, or otherwise affected through such third-party systems.

3. Users are strongly advised to:
   o Exercise caution when navigating to external websites;
   o Read and understand the privacy policies, cookie policies, and terms of use of any third-party websites or tools they engage with;
   o Refrain from submitting sensitive data unless adequate safeguards are assured.

4. The inclusion of third-party links does not constitute an endorsement, partnership, or agency relationship unless expressly stated in writing.

XIX. COMPLAINTS HANDLING PROCEDURE

1. Zunoq recognises the right of all individuals to lodge complaints regarding alleged interferences with privacy under APP 1.6 and the OAIC’s Privacy Complaint Handling Policy.

2. Complaints should be submitted in writing and must clearly state the factual basis, relevant dates, and any supporting documentation. Complaints may be directed to:
   Privacy Officer – Zunoq Pty Ltd
   📧 Email: support@zunoq.com
   📬 Mail: 470 St Kilda Road, Melbourne VIC 3004, Australia

3. Zunoq undertakes to:
   o Acknowledge receipt of the complaint within ten (10) business days;
   o Conduct a fair, impartial, and confidential investigation;
   o Respond in writing within thirty (30) calendar days outlining:
   ▪ The outcome of the investigation;
   ▪ Any corrective action taken or proposed;
   ▪ Information about escalating the matter if the individual remains dissatisfied.

4. If the complainant is not satisfied with the outcome, they may submit a complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au, which may initiate a regulatory investigation or conciliation.

XX. POLICY AMENDMENTS AND REVISIONS

1. Zunoq reserves the unilateral right to revise, update, or replace this Privacy Policy at any time, to ensure alignment with:
   o Amendments to the Privacy Act 1988 (Cth) or any successor legislation;
   o New or revised guidelines issued by the OAIC;
   o Material changes in Zunoq’s internal operations, technology stack, or third-party partnerships.

2. Where changes materially alter the scope or purpose of processing, Zunoq will provide:
   o Advance notice via Website publication;
   o A prominently displayed “Effective Date”;
   o The ability for Users to withdraw consent if required.

3. Continued use of the Website following any such modifications constitutes affirmative acceptance of the revised Policy, unless otherwise objected to in writing.

XXI. PRIVACY CONTACT INFORMATION

All privacy-related enquiries, access or correction requests, consent withdrawals, complaints, or data protection concerns should be directed to:

Zunoq Pty Ltd
ACN: 688900781
ABN: 89688900781
📧 Email: support@zunoq.com 
Postal Address: 470 St Kilda Road, Melbourne VIC 3004, Australia
The Company encourages responsible privacy communication and remains committed to full compliance with Australian privacy laws and ethical data handling standards.