Our privacy policy

Kinde Australia Pty Ltd (ABN 11 655 096 263) (we, us or our), understands that protecting your personal information is important.

This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or collected by us, when interacting with you.

In this Privacy Policy, we may refer to you as our direct customer (Customer) or you as a customer of our customer (External User).

Information about Australia’s privacy guidance can be found from the Office of the Australian Information Commissioner (OAIC).

Kinde’s UK Company Reference Number (CRN) is 13920496. Information about the UK’s privacy guidance can be found with the Information Commissioner’s Office (ICO).

This Privacy Policy takes into account the requirements of the Privacy Act 1988 (Cth). In addition to the Australian laws, individuals located in the European Union or European Economic Area (EU) may also have rights under the General Data Protection Regulation 2016/679 and individuals located in the United Kingdom (UK) may have rights under the General Data Protection Regulation (EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018) (together, the GDPR).

This document also details the additional rights of individuals located in the EU and UK, as well as information on how we process the personal information of individuals located in the EU and UK.

The information we collect

Personal Information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

Where you are a Customer, the types of personal information we may collect about you include:

Identity Data including your first and last name.
Contact Data including your telephone number and email.
Financial Data including bank account and payment card details (through our third party payment processor, who stores such information and we do not have access to that information).
Transaction Data including details about payments to you from us and from you to us and other details of products and services you have purchased from us or we have purchased from you.
Technical and Usage Data when you access any of our websites or platforms, details about your internet protocol (IP) address, login data, browser session and geo-location data, statistics on page views and sessions, device and network information, acquisition sources, search queries and/or browsing behaviour, access and use of our website (including through the use of Internet cookies), and communications with our website.
Profile Data including your username and password for the Kinde platform, purchases or orders you have made with us and support requests you have made.
Interaction Data including information you provide to us when you participate in any interactive features, including surveys, contests, promotions, activities or events.
Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
Professional data including where you are a worker of ours or applying for a role with us, your professional history such as your previous positions and professional experience.
Sensitive information is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information. We do not actively request sensitive information about you. If at any time we need to collect sensitive information about you, unless otherwise permitted by law, we will first obtain your consent and we will only use it as required or authorised by law.

Where you are an External User

Identity Data including your first and last name.
Contact Data including your telephone number and email.
Financial Data including bank account and payment card details.
Transaction Data including details about payments to you from us and from you to us and other details of products and services you have purchased from us or we have purchased from you.
Technical and Usage Data when you access any of our websites or platforms, details about your internet protocol (IP) address, login data, browser session and geo-location data, statistics on page views and sessions, device and network information, acquisition sources, search queries and/or browsing behaviour, access and use of our website (including through the use of Internet cookies), and communications with our website.
Profile Data including your username and password for the Kinde platform, purchases or orders you have made with us and support requests you have made.

How we collect personal information

We collect personal information in a variety of ways, including:

when you interact directly with us, including face-to-face, over the phone, over email, or online
when you complete a form, such as registering for any events or newsletters, or responding to surveys
when you apply for a job with us
from third parties, such as details of your use of any website we operate (from our analytics providers and marketing providers) or
from publicly available sources, such as social media or the Australian Securities and Investment Commission (ASIC).

Why we collect, hold, use and disclose personal information

We have set out below, in a table format, a description of the purposes for which we plan to collect, hold, use and disclose your personal information.

Purpose of use / disclosure	Type of Personal Information
To enable you to access and use our software, including to provide you with a login.	Identity Data, Contact Data
As a Customer, to assess whether to take you on as a new client, including to perform anti-money laundering, anti-terrorism, sanction screening, fraud and other background checks on you.	Identity Data, Contact Data
To do business with you, including to deliver our products and services to you, to respond to your requests and to register your attendance at our events.	Identity Data, Contact Data, Financial Data
As a Customer, to contact and communicate with you about our business, including in response to any support requests you lodge with us or other enquiries you make with us.	Identity Data, Contact Data, Profile Data
To contact and communicate with you about any enquiries you make with us via any website we operate.	Identity Data, Contact Data
For internal record keeping, administrative, invoicing and billing purposes.	Identity Data, Contact Data, Financial Data, Transaction Data
As a Customer, for analytics, market research and business development, including to operate and improve our business, associated applications and associated social media platforms.	Profile Data, Technical and Usage Data
As a Customer, for advertising and marketing, including to send you promotional information about our events and experiences and information that we consider may be of interest to you.	Identity Data, Contact Data, Technical and Usage Data, Profile Data, Marketing and Communications Data
As a Customer, to run promotions, competitions and/or offer additional benefits to you.	Identity Data, Contact Data, Profile Data, Interaction Data, Marketing and Communications Data
If you have applied for employment with us, to consider your employment application.	Identity Data, Contact Data, Professional Data
To comply with our legal obligations or if otherwise required or authorised by law.	Any relevant Personal Information

Our disclosures of personal information to third parties

Personal information:

Where you are a Customer, we may disclose personal information to:

our employees, contractors and/or related entities
IT service providers, data storage, web-hosting and server providers
marketing or advertising providers
professional advisors, bankers, auditors, our insurers and insurance brokers
payment systems operators or processors
our existing or potential agents or business partners
anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred
courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you
courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights
third parties to collect and process data, such as analytics providers and cookies
any other third parties as required or permitted by law, such as where we receive a subpoena.

Where you are an External User, we may disclose personal information to:

our employees, contractors and/or related entities
IT service providers, data storage, web-hosting and server providers
professional advisors, bankers, auditors, our insurers and insurance brokers
payment systems operators or processors
anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred and
courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights.

Third-Party Analytics: We have enabled analytics advertising features and use third-party analytics, such as Plausible. You can access Plausible’s Privacy Policy here.

We and third-party vendors may use first-party cookies or other first-party identifiers, and third-party cookies or other third-party identifiers together. These cookies and identifiers may collect Technical and Usage Data about you.

To opt out of interest-based ads on mobile devices, please follow the instructions for your mobile device.

Payment card details

While we collect and display your payment methods and, if chosen, your payment card details for payment, your details are stored in a secure PCI DSS compliant payment gateway provider. Where we provide your details to our third-party payment processors, such processors will adhere to the standards set by PCI DSS. PCI DSS requirements help ensure the secure handling of payment card details.

The payment processors we work with are:

Stripe: Their Privacy Policy can be viewed at: https://stripe.com/au/privacy

Overseas disclosure

We may store personal information in Australia and overseas, including in Ireland, the United Kingdom, and the United States. Where we disclose your personal information to the third parties listed above, these third parties may also store, transfer or access personal information inside and outside of Australia, including but not limited to, the United States. We will only disclose your personal information overseas in accordance with the Australian Privacy Principles.

Your rights and controlling your personal information

Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to do business with you.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.

If you are a client of ours, we may keep your personal data for as long as we have a contract with you and then for a further 7 years.

Cookies

We may use cookies on our website from time to time. Cookies are text files placed in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

For more information about the cookies we use, please see our Cookie Policy below.

We use the following cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our online Services. They include, for example, cookies that enable you to log into secure areas of our online Services, use a shopping cart or make use of online payment services.
Social media cookies. These cookies are used when you share information using a social media sharing button or “like” button on our websites or you link your account or engage with our content on or through a social media site. The social network will record that you have done this. This information may be linked to targeting/advertising activities.
Targeting cookies. These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. If you do not allow these cookies, you will experience less targeted advertising.
Anonymized analytical cookies. These cookies ensure that anonymous data about your surfing behavior is collected every time you visit the website. This way we can see how visitors use the website and improve on that basis. We use anonymized analytical cookies for:
- tracking the number of visitors to our web pages;
- tracking the amount of time each visitor spends on our web pages;
- keeping track of the order in which a visitor visits the different pages of our website;
- assessing which parts of our site need updating;
- measuring and optimizing the performance of our marketing campaigns;
- redirecting traffic from different channels.

Use of web beacons and other technologies

Some of our websites, applications and electronic communications contain electronic tags known as web beacons, gifs or pixel tags, unique identifiers and similar technologies that help deliver cookies, measure online activity, provide more relevant advertising, or analyze the effectiveness of our promotional campaigns or other operations.

Links to other websites

Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Additional rights and information for individual located in the EU or UK

Under the GDPR individuals located in the EU and the UK have extra rights which apply to their personal information. Personal information under the GDPR is often referred to as personal data and is defined as information relating to an identified or identifiable natural person (individual). This Appendix 1 sets out the additional rights we give to individuals located in the EU and UK, as well as information on how we process the personal information of individuals located in the EU and UK. Please read the Privacy Policy above and this Appendix carefully and contact us at the details at the end of the Privacy Policy if you have any questions.

What personal information is relevant?

This Appendix applies to the personal information set out in the Privacy Policy above. This includes any Sensitive Information also listed in the Privacy Policy above which is known as ‘special categories of data’ under the GDPR.

Purposes and legal bases for processing

We collect and process personal information about you only where we have legal bases for doing so under applicable laws. We have set out below, in a table format, a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please reach out to us if you need further details about the specific legal ground, we are relying on to process your personal information where more than one ground has been set out in the table below.

Purpose of use / disclosure	Type of Data	Legal Basis for processing
To enable you to access and use our software, including to provide you with a login.	Identity Data, Contact Data	Performance of a contract with you
To do business with you, including to deliver our products and services to you, to respond to your requests and to register your attendance at our events.	Identity Data, Contact Data	Performance of a contract with you
To contact and communicate with you about our business including in response to any support requests you lodge with us or other enquiries you make with us.	Identity Data, Contact Data, Profile Data	Performance of a contract with you
To contact and communicate with you about any enquiries you make with us via our website.	Identity Data, Contact Data	Legitimate interests: to ensure we provide the best client experience we can offer by answering all of your questions.
For internal record keeping, administrative, invoicing and billing purposes.	Identity Data, Contact Data, Financial Data , Transaction Data	Performance of a contract with youTo comply with a legal obligationLegitimate interests: to recover debts due to us and ensure we can notify you about changes to our [terms of business] and any other administrative points.
As a Customer, for analytics including profiling on our website, market research and business development, including to operate and improve our business, associated applications and associated social media platforms.	Profile Data, Technical and Usage Data	Legitimate interests: to keep our website updated and relevant, to develop our business, improve our business and to inform our marketing strategy
As a Customer, for advertising and marketing, including to send you promotional information about our events and experiences and information that we consider may be of interest to you.	Identity Data, Contact Data, Technical and Usage Data, Profile Data, Marketing and, Communications Data	Legitimate interests: to develop and grow our business
As a Customer, to run promotions, competitions and/or offer additional benefits to you.	Identity Data, Contact Data, Profile Data, Interaction Data, Marketing and Communications Data	Legitimate interests: to facilitate engagement with our business and grow our business
If you have applied for employment with us, to consider your employment application.	Identity Data, Contact Data, Professional Data	Legitimate interests: to consider your employment application
To comply with our legal obligations or if otherwise required or authorised by law.		To comply with a legal obligation

If you have consented to our use of data about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your data because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer doing business with us. Further information about your rights is available below.

Data Transfers

The countries to which we send data for the purposes listed above may be less comprehensive that is what is offered in the country in which you initially provided the information. Where we transfer your personal information outside of the country where you are based, we will perform those transfers using appropriate safeguards in accordance with the requirements of applicable data protection laws and we will protect the transferred personal information in accordance with this Privacy Policy and Appendix 1. This includes:

only transferring your personal information to countries that have been deemed by applicable data protection laws to provide an adequate level of protection for personal information
standard contractual clauses in our agreements with third parties that are overseas.

Data retention

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Extra rights for EU and UK individuals

You may request details of the personal information that we hold about you and how we are process it (commonly known as a “data subject request”). You may also have a right in accordance with applicable data protection law to have your personal information rectified or deleted, to restrict our processing of that information, to object to decisions being made based on automated processing where the decision will produce a legal effect or a similarly significant effect on you, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to you or another organisation.

If you are not happy with how we are processing your personal information, you have the right to make a complaint at any time to the relevant Data Protection Authority based on where you live. We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Authority, so please contact us in the first instance using the details set out below.

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Kinde Australia Pty Ltd has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
by writing to EDPO at Regus Block 1, Blanchardstown Corporate Park, Ballycoolen Road, Blanchardstown, Dublin, D15 AKK1, Ireland

For any other questions or feedback, please contact us at privacy@kinde.com.

Additional rights and information for individuals located in California

Under the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA), individuals located in California have extra rights which apply to their personal information. The table below sets out the additional rights we give to individuals located in California.

Rights	Legal basis
Disclosure of Personal Information We Collect About You	You have the right to know: The categories of Personal Information we have collected about you; The categories of sources from which the Personal Information is collected; Our business or commercial purpose for collecting or selling Personal Information; The categories of third parties with whom we share Personal Information, if any; and The specific pieces of Personal Information we have collected about you. Please note that we are not required to: Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained; Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or Provide the personal information to you more than twice in a 12-month period.
Personal Information Sold or Used for a Business Purpose	In connection with any Personal Information we may sell or disclose to a third party for a business purpose, you have the right to know: The categories of Personal Information about you that we sold and the categories of third parties to whom the Personal Information was sold; and The categories of Personal Information that we disclosed about you for a business purpose. You have the right under the CCPA and the CPRA, as well as certain other privacy and data protection laws, as applicable, to opt-out of the sale or disclosure of your Personal Information. If you exercise your right to opt-out of the sale or disclosure of your Personal Information, we will refrain from selling your Personal Information, unless you subsequently provide express authorization for the sale of your Personal Information. To opt-out of the sale or disclosure of your personal information, please contact us at privacy@kinde.com.
Right to Deletion	Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will: Delete your Personal Information from our records; and Direct any service providers to delete your Personal Information from their records. Please note that we may not delete your Personal Information if it is necessary to: Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us; Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity; Debug to identify and repair errors that impair existing intended functionality; Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law; Comply with the California Electronic Communications Privacy Act; Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent; Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us; Comply with an existing legal obligation; or Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
Right to Correction	You have the right to request the correction of inaccurate personal information maintained by us.
Right to Know About Automated Decision-Making	You have the right to know about and opt-out of automated decision-making, including profiling.
Right to Access Information about Automated Decision-Making	You have the right to request information about the logic involved in automated decision-making processes and the potential consequences of those processes.
Expanded Right to Access	You have the right to access personal information collected beyond the previous 12-month period, provided that doing so would not involve a disproportionate effort.
Right to Limit Use of Sensitive Personal Information	You have the right to limit the use and disclosure of sensitive personal information to that which is necessary to perform the services or provide the goods reasonably expected by an average consumer.
Protection Against Discrimination	You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA or CPRA. This means we cannot, among other things: Deny goods or services to you; Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; Provide a different level or quality of goods or services to you; or Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services. Please note that we may charge a different price or rate or provide a different level or quality of goods or services to you, if that difference is reasonably related to the value provided to our business by your Personal Information.

Amendments

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy.

For any questions or notices, please contact us at privacy@kinde.com.

Last updated September 2, 2024.

Kinde Australia Pty Ltd (ABN 11 655 096 263)

General data protection regulation (GDPR)

Trust center

Join the community

Get support from the Kinde team and expert users in the Kinde community

Join via Slack or Discord
Contact support

Chat to support through the Kinde help widget, or send a question via email

Send an email