1. Introduction

BUDMORE PTY LTD (ABN 49 640 917 362, ACN 640 917 362) ("Company", "we", "us", or "our") operates the Cockato digital loyalty and wallet pass platform (the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services.

We are committed to protecting your privacy and complying with applicable data protection laws, including:

The Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs)
The General Data Protection Regulation (GDPR) for European users
The California Consumer Privacy Act (CCPA) for California residents
Other applicable international privacy laws

2. Information We Collect

2.1 Merchant Account Information

When you register as a Merchant, we collect:

Business name, ABN/ACN, and registration details
Contact information (name, email address, phone number)
Billing information and payment details
Account credentials
Business address and location data
Branding materials (logos, images, colors)

2.2 End User Information

When End Users interact with loyalty programs created by Merchants, we may collect:

Name and contact information (as provided by the Merchant or End User)
Loyalty program activity (stamps, points, rewards redeemed)
Transaction history related to loyalty programs
Device identifiers for wallet pass functionality
Location data (if enabled for location-based features)

2.3 Technical and Usage Information

We automatically collect certain information when you use our Services:

IP address and approximate location
Browser type and version
Device type and operating system
Pages visited and features used
Date and time of access
Referring website or application
Error logs and performance data

3. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery: To provide, maintain, and improve our Services
Account Management: To create and manage your account
Billing: To process payments and send billing communications
Communication: To respond to inquiries and provide customer support
Loyalty Programs: To facilitate loyalty program operations on behalf of Merchants
Wallet Passes: To generate and distribute digital wallet passes
Analytics: To analyze usage patterns and improve our Services
Security: To detect, prevent, and address technical issues and fraud
Legal Compliance: To comply with legal obligations and enforce our Terms
Marketing: To send promotional communications (with your consent)

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data on the following legal bases:

Contract Performance: Processing necessary to perform our contract with you
Legitimate Interests: Processing for our legitimate business interests, such as fraud prevention, network security, and service improvement
Legal Obligation: Processing necessary to comply with legal requirements
Consent: Processing based on your explicit consent (e.g., marketing communications)

We may share your information with:

5.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf, including:

Cloud hosting and infrastructure providers
Payment processors
Analytics services
Customer support tools
Email service providers

5.2 Wallet Providers

To distribute digital passes, we share necessary information with:

Apple Inc.: For Apple Wallet passes, subject to Apple's privacy policy
Google LLC: For Google Wallet passes, subject to Google's privacy policy

5.3 Merchants and End Users

Merchants have access to End User data collected through their loyalty programs. Merchants are responsible for their own privacy practices and compliance with applicable laws.

5.4 Legal Requirements

We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including:

Active Accounts: For the duration of your account and business relationship
Terminated Accounts: For a reasonable period after termination to comply with legal obligations and resolve disputes
Transaction Records: For seven (7) years as required by Australian tax law
Marketing Preferences: Until you withdraw consent

When data is no longer required, we securely delete or anonymize it.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

Encryption of data in transit and at rest (TLS 1.3, AES-256)
Regular security assessments and penetration testing
Access controls and authentication measures
Secure development practices
Employee training on data protection
Incident response procedures

While we strive to protect your information, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

8. International Data Transfers

We are based in Australia and process data primarily in Australia. However, we may transfer personal information to countries outside Australia or the EEA for the purposes described in this policy.

When transferring data internationally, we ensure appropriate safeguards are in place:

Standard Contractual Clauses approved by the European Commission
Transfers to countries with adequate data protection laws
Binding Corporate Rules where applicable
Your explicit consent where required

9. Your Privacy Rights

9.1 Australian Privacy Principles (APPs)

Under the Privacy Act 1988 (Cth), you have the right to:

Access your personal information
Request correction of inaccurate information
Complain about breaches of the APPs

9.2 GDPR Rights (EEA Residents)

If you are in the European Economic Area, you have additional rights:

Right of Access: Obtain a copy of your personal data
Right to Rectification: Correct inaccurate data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a structured format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time

9.3 CCPA Rights (California Residents)

If you are a California resident, you have the right to:

Know what personal information is collected, used, shared, or sold
Delete personal information held by us
Opt-out of the sale of personal information (we do not sell personal information)
Non-discrimination for exercising your rights

9.4 Exercising Your Rights

To exercise any of these rights, please contact us through our Contact page. We will respond to your request within the timeframes required by applicable law.

10. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe we may have collected information from a child, please contact us through our Contact page.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information and improve our Services. Types of cookies we use include:

Essential Cookies: Required for the Services to function properly
Analytics Cookies: Help us understand how users interact with our Services
Preference Cookies: Remember your settings and preferences
Marketing Cookies: Used to deliver relevant advertisements (with consent)

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Services.

12. Marketing Communications

With your consent, we may send you marketing communications about our products, services, and promotions. We comply with the Spam Act 2003 (Cth) and applicable anti-spam laws.

You can opt-out of marketing communications at any time by clicking the "unsubscribe" link in our emails or by contacting us through our Contact page. Please note that you may still receive transactional communications related to your account.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. Your continued use of our Services after the effective date of any changes constitutes acceptance of the revised policy.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us through our Contact page.

BUDMORE PTY LTD
ABN: 49 640 917 362
ACN: 640 917 362
Australian Capital Territory, Australia

15. Complaints

If you are not satisfied with our response to a privacy complaint, you may lodge a complaint with the relevant supervisory authority:

Australia

Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992

European Union

You may lodge a complaint with your local data protection authority. A list of EU data protection authorities is available at: edpb.europa.eu

California

California Attorney General
Website: oag.ca.gov/privacy

Privacy Policy