PRIVACY POLICY
Effective as at 1st May 2023

In this Privacy Policy, ‘us’ ‘we’ or ‘our’ means Sunbird Consulting Services Pty Ltd (ACN 658 990 866) and its wholly owned subsidiaries from time to time, if any. We are committed to respecting your privacy.

This Privacy Policy sets out how we collect, use, store, disclose, retain and protect your personal
information. It applies to the information provided to us whether in person, via our website and to any other website, application and/or platform operated by us (collectively, the Services) where this Privacy Policy is referenced, regardless of how you access or use them, including through mobile devices.

We are committed to complying with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (collectively, Privacy Law), in respect of the collection, storage, use and disclosure of personal information.

By providing personal information to us, you consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us, for as long as we consider necessary to fulfil the purpose for which such personal information was collected, or as required by relevant laws. In this context, “collect” or “collection” means gather, acquire or obtain by any means, information in circumstances where the individual is
identifiable or identified.

This Privacy Policy applies, among other things, to your use of the Services. If you do not accept this Privacy Policy, you must not use the Services.

We reserve the right to change our Privacy Policy from time to time, by publishing updates to it on our website with an updated effective date. Please make sure that you have the latest version. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.

1. What is personal information?
Personal information includes information or an opinion about an individual that is reasonably
identifiable. For example, this may include your name, age, gender, address and contact details. It may also include financial information, including your credit card information.
Occasionally, we may ask you for personal information about other people. If you choose to disclose this information to us, you confirm that you have informed these parties that you are providing their personal information to us for the purposes of providing our products and services either directly or by providing such disclosure in your own privacy policy.

2. What personal information do we collect?
We may collect the following types of personal information:
 name;
 job title;
 billing, mailing and/or street address;
 email address;
 telephone number and other contact details;
 age or date of birth;
 gender;
 health or clinical-related information requested by us and/or provided by you or a third party –
including, but not limited to, information related to historic and current health diagnoses;
 time zone information;
 financial, bank and/or credit card information;
 your device ID, device type, geo-location information, computer and connection information,
statistics on page views, traffic to and from the sites, ad data, IP address and standard web log
information;
 details of the products and services we have provided to you or that you have enquired about,
including any additional information necessary to deliver those products and services and respond
to your enquiries;
 preferences and interests;
 details of enquiries or complaints you make;
 any additional information relating to you that you provide to us directly through the Services
(including our website) or indirectly through your use of our Services or online presence or
through other websites or accounts from which you permit us to collect information;
 information you provide to us through customer surveys; or
 any other personal information that may be required in order to facilitate your dealings with us.
We may collect these types of personal information either directly from you, or from third parties. We
may collect this information when you:
 register to use the Services (including via our website);
 complete registration or enquiry forms, order any products or services from us or third party
merchants, publish reviews, upload content, participate in message boards, blogs and/or any
other user-generated content facilities or send emails to us;
 request, book, process, enquire and/or order and confirm any services and products in connection
with the Services from us and/or any of our related bodies corporate, agents, suppliers,
contractors and/or merchants; or
 communicate with us and/or any of our related bodies corporate, agents, suppliers, contractors
and/or merchants and/or any of the users of the Services through correspondence, chats, email,
or when you share information with such persons from other applications, services or websites.
We will generally collect personal information directly from you. We may also collect personal
information from third parties (including third-party data analytic service providers) and publicly
available sources of information. We may use personal information supplied by you or a third party to
source additional personal information from publicly available sources of information.
Where lawful and practical, you have the right to remain anonymous or to make use of a pseudonym,
however, if you choose to remain anonymous or to use a pseudonym, we and our third-party contractors
and merchants may not be able to provide you with access to some or all of our products or services.
Please do not submit your personal information to us if you do not wish for us to collect it.

3. Sensitive information
Some personal information (for example, race, ethnicity, and health information) is sensitive and
requires a higher level of protection under the Privacy Law. We will not generally collect any sensitive
information from you which we consider are unnecessary to our services. We will only collect such
sensitive information when we have your express consent for us to do so and the collection is
reasonably necessary for us to provide our products and/or services or pursue one or more of our
functions or activities, or where the information is required or authorised by law or necessary for the
establishment, exercise or defence of a legal claim.

4. Why do we collect, use and disclose personal information?
The primary purpose that we may collect, hold, process, use and disclose your personal information is so
that we can:

 provide you with products, services and information, and manage our relationship with you;
 contact you, for example, to respond to your queries or complaints, or if we need to tell you
something important;
 comply with our legal obligations and assist government and law enforcement agencies or
regulators and/or enforce our agreements with third parties;
 identify and tell you about other products or services that we think may be of interest to you;
 send you marketing and promotional messages and other information that may be of interest to
you, including information sent by, or on behalf of, our business partners that we think you may
find interesting;
 inform you about the latest changes to our website, products, services or promotional offers that
you may be interested in;
 administer our newsletter and any rewards, surveys or other promotional activities or events
sponsored or managed by us or our business partners;
 personalise your use of our website;
 operate, protect, improve and optimise products and services along with our Services, including
to perform analytics, conduct research and for advertising and marketing;
 send you service, support and administrative messages, reminders, technical notices, updates,
security alerts, and information requested by you; and
 for other purposes to which you, either expressly or impliedly, consent to, and for the purposes
set out in this Privacy Policy, we may provide this information to our agents, contractors, service
providers, joint venture and commercial partners and regulatory authorities and may transfer
your personal information to others in countries outside Australia (including to those that may
operate our cloud servers outside of Australia from time to time).

If you do not provide us with your personal information we may not be able to provide you with our
services, communicate with you or respond to your enquiries.
Personal information and other data collected by us may be shared with related bodies corporate within
our group.

We may also disclose your personal information to trusted third party suppliers who also holds other
information about you. These third parties may combine that information in order to enable it and us to

develop anonymised consumer insights so that we can better understand your preferences and
interests, personalise your experience and enhance the products and services that you receive.
If we receive unsolicited personal information about or relating to you and we determine that such
information could have been collected in the same manner if we had solicited the information, then we
will treat it in the same way as solicited personal information and in accordance with the Privacy Law.
Otherwise if we determine that such information could not have been collected in the same manner as
solicited personal information, and that information is not contained in a Commonwealth record, we
will, if it is lawful and reasonable to do so, destroy the information or de-identify the information.

5. Who collects the personal information?
Personal information may be collected directly by us, our agents or by our trusted business partners
acting on our behalf, such as technology providers and trusted data service providers.
Information may also be collected by us on behalf of other people as set out in notices given to
individuals, or consents given by individuals, at or prior to the time the personal information is collected.

6. How do we collect your personal information?
We will only collect personal information by lawful and fair means.

If it is reasonable and practical to do so, we will collect your personal information directly from you. We
may also collect personal information from other companies that are able to disclose it to us, if it’s not
practical to collect it from you. For example, we may obtain personal information from trusted data
sources to help us identify additional information about people who might be interested in hearing
about particular products and services.

We may collect information from third parties including where you:
(a) request, book and confirm services and products from us and/or any of our related bodies
corporate, agents, suppliers, contractors and/or merchants;
(b) communicate with us and/or any of our related bodies corporate, agents, suppliers, contractors
and/or merchants through correspondence, chats, email, or when you share information with
such persons from other social applications, services or websites; or
(c) interact with the websites, services, content and advertising of us and/or any of our related
bodies corporate, agents, suppliers, contractors and/or merchants.

7. Do we use your personal information for direct marketing?
We and/or our related bodies corporate, business partners, agents, suppliers, contractors and/or
merchants may send you direct marketing communications and information about our services and/or
products. This may take the form of emails, SMS, mail or other forms of communication, in accordance
with the Spam Act 2003 (Cth) and the Privacy Law. You will be given the option to sign up for our email
newsletter. You may opt-out of receiving marketing materials from us by contacting us using the details
set out below or by using the opt-out facilities provided (for example, an unsubscribe link).

8. To whom do we disclose your personal information?
We may disclose personal information for the purposes described in this Privacy Policy to:
 our employees, related bodies corporate, agents and contractors;
 our third party suppliers, merchants and service providers (including providers for the operation
of the Services, and/or our website and/or our business or in connection with providing goods
and services to you);
 professional advisers, dealers and agents;
 payment systems operators (for example, merchants receiving card payments);
 our existing or potential agents, business partners or partners;
 our sponsors or promoters of any competition that we conduct via our Services;
 anyone to whom our assets or businesses (or any part of them) are transferred;
 organisations to whom we outsource functions (including information technology providers, print
service providers and mail houses);
 with your consent (express or implied), to specific third parties to receive information held by us;
 specific third parties authorised by you to receive information held by us; and/or
 other persons, including government agencies, regulatory bodies and law enforcement agencies,
or as required, authorised or permitted by law.
We may share information about you with suppliers that we engage to help us provide certain services
and/or functionality – for example online payment processing. We will use commercially reasonable
endeavours to take steps to control and be responsible for the use of your information by such
suppliers. While we cannot guarantee the security of this information, we will use all reasonable
endeavours to ensure the third party protects the personal information from unauthorised use or
disclosure (Data Breach). If we become aware of a Data Breach from the third party, we will notify you
of the Data Breach and will endeavour to work with you to limit the potential impact.
We reserve the right to disclose your personal information without your consent if the disclosure is:
 to comply with applicable laws and government or regulatory bodies’ lawful requests for
information;
 required in order to investigate an unlawful activity;
 required by an enforcement body for investigative activities; or
 necessary to prevent a serious and imminent threat to a person’s life, health or safety, or to
public health or safety.

We may transfer, sell or assign any of the information described in this Privacy Policy to third parties as
a result of a sale, merger, consolidation, change of control, transfer of assets or reorganisation of our
business.

Subject to obtaining your consent, we may also supply personal information about you to third parties
other than as set out above.

9. Disclosure of personal information outside Australia
We may disclose personal information outside of Australia to related bodies corporate, employees,
agents, contractors and/or merchants, third party suppliers, service providers and information
technology and cloud services providers located in countries other than Australia. These may include
Japan, New Zealand, the United Kingdom and the United States of America, among others.

When you provide your personal information to us, you consent to the disclosure of your information
outside of Australia and acknowledge that we are not required to ensure that overseas recipients handle
that personal information in compliance with the Privacy Law. Further, the overseas recipient of
personal information may be subject to a foreign law that could compel the disclosure of personal
information to a third party, such as an overseas authority. In such case, we will not be responsible for
that disclosure. We will, however, take reasonable steps to ensure that any overseas recipient will deal
with such personal information in a way that is consistent with the Australian Privacy Principles.

10. Cookies and third party websites
We may collect personal information about you when you use and access our website and social media
accounts.

While we do not use browsing information to identify you personally, we may record certain
information about your use of our website, such as which pages you visit, the time and date of your visit
and the internet protocol address assigned to your computer.

When you visit our website, the server may attach a ‘cookie’ to your computer or other device’s
memory. A cookie assists us to store information on how visitors to our website use it and the pages
that may be of most interest. We may use cookies to identify you between multiple visits, to better
understand how our website is used, to provide users of your computer or device with information that
we think may interest the users of your computer or device to improve our communications and service
delivery, to provide you information which may be of interest to you based on your previous visits to our
website, and to provide targeted advertising to you (including through ad servers and other third party
advertisers) when you visit our website and certain other websites where advertising is found from time
to time.

We may provide the information we gather from cookies to third parties for the above purposes and for
other purposes connected with our website. If cookie information is linked with personal information
we hold about you as set out above, this cookie information becomes personal information and will be
treated in the same manner as the personal information to which it has been linked.

11. Keeping your personal information secure
We may hold your personal information in either electronic or hard copy form. We will take reasonable
steps to protect your personal information from misuse, interference and loss, as well as unauthorised
access, modification or disclosure and we use a number of physical, administrative, personnel and
technical measures to protect your personal information. We will use reasonable efforts to employ best
practice to protect all data held or protected by us, for example, we conduct regular audits to assess our
security measures. However, as our website and mobile application are linked to the internet, and the
internet is vulnerable to penetration by nefarious actions, we cannot guarantee the security of the
personal information you provide us online.

In the unlikely event that there is an unauthorised use or disclosure of your personal information, we
will notify you of the data breach and will undertake an investigation into how the data breach occurred
and its likely severity. As part of this, we will endeavour to work with you and the Office of the
Australian Information Commissioner to limit the impact, and any reoccurrence, of the breach.

12. Accessing or correcting your personal information

You can access the personal information we hold about you by contacting us using the information
below. Sometimes, we may not be able to provide you with access to all of your personal information
and, where this is the case, we will tell you why.

We may also need to verify your identity when you request your personal information.
If you think that any personal information we hold about you is inaccurate, please contact us and we will
take reasonable steps to ensure that it is corrected.

13. Making a complaint
If you think we have breached the Privacy Law, or you wish to make a complaint about the way we have
handled your personal information, you can contact us using the details set out below. Please include
your name, email address and/or telephone number and clearly describe your complaint. We will
acknowledge your complaint and respond to you regarding your complaint within a reasonable period
of time.

If you believe we have not adequately dealt with your complaint, you may complain to the Office of the
Australian Information Commissioner about the way we handle your personal information. The
Commissioner can be contacted at:
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Email: enquiries@oaic.gov.au

14. Changes to this Privacy Policy
This privacy policy is displayed on our website and is also available on request.
We reserve the right to change our Privacy Policy from time to time, by publishing updates to it on our
website with an updated effective date. Please make sure that you have the latest version. We
encourage you to check our website periodically to ensure that you are aware of our current Privacy
Policy. If we make significant changes to our Privacy Policy, we may also notify you by other means such
as sending an email or posting a notice on our home page.

15. Contact Us
For further information about our Privacy Policy or practices, or to access or correct your personal
information, or make a complaint, please contact us using the details set out below:

Attention: The Privacy Officer
Sunbird Consulting Pty Ltd (ACN 658 990 866)
PO Box 4
Yorkeys Knob Qld 4878
Phone: 1300 452 408
Email: privacyofficer@sunbirdconsulting.com.au