Terralytics (Aust) Pty Ltd – Privacy Policy

1. About this Policy

This Privacy Policy explains how Terralytics (Aust) Pty Ltd (ACN 681 043 327) (“Terralytics”, “we”, “us”, “our”) handles Personal Information in connection with our software‑as‑a‑service land‑market intelligence platform, websites, and related support and billing activities. We are bound by the Privacy Act 1988 (Cth) (the “Privacy Act”) and the Australian Privacy Principles (“APP”s) provided under the Privacy Act.

This Policy applies to Personal Information about our customers and users, prospective customers, website visitors and other individuals who interact with us. It does not apply to information about companies or other organisations where that information does not include Personal Information.

This Privacy Policy is available free of charge on our website and can be provided in an alternative format (for example, large print or hard copy) on request.

The purpose of our Privacy Policy is to:

  • Give you a better and more complete understanding of the kinds of Personal Information that we collect
  • Clearly and concisely communicate how and when we collect, disclose, use, store and otherwise handle Personal Information
  • Inform you about the purposes for which we collect, hold, use and disclose Personal Information
  • Provide you with information about how you may access your Personal Information, and seek correction of your Personal Information
  • Provide you with information about how you may make a complaint, and how we will deal with any such complaint
  • Advise you of the circumstances in which we are likely to disclose Personal Information to overseas recipients; and
  • Enhance the transparency of our operations in relation to your Personal Information.

2. Key definitions

  • “Personal Information” has the meaning in the Privacy Act namely, information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in material form or not. Examples of Personal Information include your name, date of birth, telephone number, email address and home address
  • “Sensitive Information” includes information about health, biometric templates, racial or ethnic origin, political opinions, religious beliefs, sexual orientation and criminal records.
  • “Customer Data” means data our customers upload to or generate when using the Services. Customer Data may include limited Personal Information (e.g., business contact details of Users).
  • “Services” means access to and use of Terralytics’ land‑market intelligence platform and associated support.

3. Types of Personal Information we collect

The Personal Information we collect depends on how you interact with us. We will only collect Personal Information from you to the extent it is reasonably necessary for, or directly related to, one or more of our functions or activities including when we are providing the Services to you.

When you are using the Services, we will collect from you the following information:

  • Account and billing: your name, business contact details, employer/role, billing address, your Australian Business Number (ABN) where applicable, payment method tokens (processed by our payment processor), and your transaction history.
  • Platform use and support: account identifiers, login activity, usage telemetry (query counts, feature use, page views), device/browser information, session IDs, support communications and attachments, preferences and settings.
  • Website and analytics: cookie identifiers and similar technologies, IP address, browser/OS type, pages viewed, links clicked, referral information and timestamps.
  • Marketing: your marketing preferences and interactions (opens, clicks) when you use the Services or subscribe to our updates.

We generally do not need or require you to provide Sensitive Information. However, there may be circumstances where the information provided by you reveals Sensitive Information.

We will only collect Sensitive Information in circumstances where:

  • It is reasonably necessary for one or more of the services we provide or functions we carry out, and you consent to the collection of the Sensitive Information; or
  • We are required or authorised by law to collect the Sensitive Information.

4. How we collect Personal Information

We collect Personal Information by the following ways:

  • Directly from you: when you register or contract with us to receive the Services, create an account, request a demonstration of the Services, contact our support team, participate in research or events that we may organise from time to time or otherwise interact with our team.
  • Automatically: through cookies and similar technologies when you use our websites and Services (see “Cookies & Analytics”).
  • From your organisation: where your employer or client authorises you to access the Services as a User or they pay invoices on your behalf that include your contact details.
  • From service providers that provide services in relation to identity verification, payment processing, analytics and customer support.

Where it is lawful and practical, you may interact with us anonymously or using a pseudonym (for example, when browsing our website). However, as a practical matter in order for us to provide you with the Services and manage your account with us, we will usually need your name and business contact details.

When collecting your Personal Information directly from you, we will provide you with a Privacy Collection Notice explaining the specific purposes for collection, use, and disclosure of your information in accordance with this Privacy Policy. These notices appear when you log into our platform.

If we receive Personal Information that we did not solicit from you ourselves, we will determine as soon as reasonably practicable, whether we could have lawfully collected that information as part of our functions or activities. If we are not satisfied that we could have lawfully collected the information, then we will (if it is lawful and reasonable to do do) destroy the information or ensure that the information is de-identified.

5. Why we collect, use and disclose Personal Information

We collect, use and disclose Personal Information for the following purposes:

  • Provide, operate and support the Services, including authentication, authorisation and securing accounts.
  • Process orders, subscriptions, payments, renewals and related billing/administration.
  • Communicate with you about your account, the Services, updates and changes to our terms and policies.
  • Provide customer support; investigate, prevent and remediate incidents or misuse.
  • Improve and develop the Services, including usage analytics, troubleshooting and quality assurance.
  • Comply with the law, court orders and to enforce our agreements.
  • Send service announcements and—where permitted—marketing communications with an easy opt‑out.

We may create aggregated or de‑identified statistics from the use of our Services. Aggregated/de‑identified information is not Personal Information.

We will only use or disclose Personal Information for the primary purpose for which it was collected, or for a secondary purpose where permitted by law.

Typical secondary purposes for which we may use or disclose Personal Information include conducting analytics to improve our services, providing internal training to staff and contractors, ensuring compliance with legal and regulatory obligations, managing risk and legal liabilities (such as liaising with insurers and legal representatives), and responding to subpoenas or other lawful requests.

6. Direct marketing

We may send you marketing communications about us if you are a customer or user of the Services or if you have opted in to receive this information.

You can opt out at any time using the unsubscribe link in the marketing communications message or by contacting us. We will not send to you marketing communications if you have not provided consent or if such use of Personal Information would not be expected by you. We will not use your Sensitive Information in any marketing communications unless we have your written consent.

7. Cookies & analytics

We may, from time to time, use analytics services to assist us in understanding our website and Services users, to better monitor the performance of our platform and services, to undertake data analysis and trend analysis to better understand our customers' preferences, to personalise our website, and to offer services of greater interest to you.

By accessing our website and our platform, you consent to the collection and processing of your non-identifiable information or data for the above purposes, including the association of such information or data with visitation information analytics may collect from our website and our platform.

When you access our website or platform, we may use tracking technologies such as cookies to make a record of your visit by logging your internet protocol address, device name, operating system version, the date and time of your visit to our site, the pages that you have accessed and the type of browser you were using. We use this information for statistical purposes and for the purposes of improving our services. This type of statistical information does not identify you. You have the option to either accept or refuse cookies. If you do not wish to receive any cookies you may set your browser to refuse them. However, this may result in you being unable to use all or part of our website and or Services.

8. Disclosing Personal Information

We may disclose your Personal Information to the persons or organisations described below:

  • RPM Real Estate Group Pty Ltd (“RPM”) for subscription and billing management and under our Data Sharing Agreement with RPM (see below).
  • Your organisation (e.g., your account owner or administrator) in connection with the Services and billing.
  • Technology service providers who assist in maintaining our platform and services including (IT hosting, cloud infrastructure, customer support, analytics, email delivery, payment processing)
  • Customer support service providers
  • Organisations involved in maintaining, reviewing and developing our business systems, procedures and infrastructure including maintaining or upgrading our computer systems
  • Persons or organisations involved in selling/purchasing part or all of our business
  • Organisations involved in the payments systems, including financial institutions, merchants and payment organisations.
  • Professional advisers, auditors and insurers (for our legitimate business and compliance purposes).
  • Prospective purchasers and their advisers in connection with a sale or corporate transaction, subject to confidentiality.
  • Government agencies, courts or law enforcement where required by law or to protect our legal rights.

We require our service providers to handle Personal Information in accordance with the Privacy Act, this Privacy Policy and our instructions.

A formal Data Sharing Agreement is in place between RPM Real Estate Group Pty Ltd (ACN 067 034 262) and us. This agreement governs how your Personal Information is handled between our organizations, ensuring that the same privacy standards set out in this policy are maintained by RPM.

9. Cross‑border disclosure

We will not directly transfer your Personal Information overseas. However, we use programs, software, and online tools that may be based in and/or housed overseas. Our use of such products may involve disclosure of your Personal Information to such organisations overseas.

In using such products, we will take all reasonable steps to ensure all privacy settings in our agreements with such parties are set to the highest possible level of confidentiality and privacy. However, use and disclosure of your Personal Information by such overseas organisations is generally in accordance with the terms and conditions and privacy policies of such organisations.

We use reasonable endeavours to review such terms and conditions and privacy policies and to satisfy ourselves that such platforms are reputable and that their policies indicate they will treat your Personal Information in a manner that is consistent with the requirements of this Privacy Policy.

We use reputable cloud and SaaS providers that may process Personal Information in the following locations:

  • Salesforce (CRM): United States, Japan
  • Microsoft Azure (hosting): Australia, United States, and other regions depending on failover
  • Google Analytics: United States and other locations
  • Payment processors: Various, depending on provider

HAVING BEEN INFORMED OF THE POSSIBILITY THAT THE ABOVE DISCLOSURES MAY OCCUR, YOU CONSENT TO THAT DISCLOSURE BY CONTINUING TO PROVIDE US WITH YOUR PERSONAL INFORMATION AND CONTINUING TO USE THE PLATFORM AND THE SERVICES.

10. Security

We use a layered security program designed to protect Personal Information from misuse, interference and loss, and from unauthorised access, modification or disclosure.

These measures include least‑privilege access controls, multi‑factor authentication for administrative access, encryption in transit and at rest for production data stores, security monitoring, vulnerability management, staff privacy training, penetration testing, supply-chain risk management and regular backups that are proportionate to business continuity needs.

11. Retention and deletion

We retain Personal Information for as long as necessary to provide the Services and otherwise fulfil the purposes described in this Policy, including for legal, accounting or reporting requirements. When Personal Information is no longer required, we take reasonable steps to destroy or de‑identify it.

12. Access and correction

We will take reasonable steps to ensure that all Personal Information we collect, use, or disclose is accurate, complete, and up-to-date.

You may request access to the Personal Information we hold about you, by sending your request by email or mail using the contact details set out below.

If you wish to amend the Personal Information because it is inaccurate, out of date, incomplete, irrelevant or misleading, or if you wish your Personal Information to be deleted, you can update many details directly through your Services account portal or send your request by email or mail using the contact details set out below.

We will provide you with access to your Personal Information on request within a reasonable period after the request is made (usually within 30 days) except in the

circumstances where we are not required to do so, pursuant to the Privacy Act. If we deny your request for access, we will let you know why.

We will, prior to providing access, require you to provide evidence of your identity.

No fee will be charged for standard access requests made through your account portal. For complex access requests requiring manual processing, we may charge a reasonable fee for expenses incurred in providing any information (such as search and administrative costs). We will inform you of any fees before processing your request.

We will correct your Personal Information if you request that we make the change, within a reasonable time of the request being made. Many corrections can be made immediately through your account portal. If you ask us to, we will take reasonable steps to notify third parties to whom we have previously disclosed the Personal Information, that corrections are required. However, we will only comply with such request if such notification is not impracticable or unlawful.

If we are asked to correct Personal Information and we do not agree that it is incorrect, we will provide a written explanation of the reasons for our refusal to correct the information, and the mechanisms available to you to make a complaint if you are unsatisfied. In these circumstances, we will keep a record of the information regarded as inaccurate or out-of-date.

13. Notifiable Data Breaches (NDB) scheme

If we experience a data breach that is likely to result in serious harm to individuals, we will assess the situation and, if it is an eligible data breach under the Privacy Act, notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable and in accordance with requirements of the Privacy Act. We will also take steps to contain and remediate the breach.

14. Children

Our Services are intended for business use. We do not knowingly collect Personal Information about children. If you believe a child has provided us with Personal Information, please contact us and we will take appropriate steps.

15. Links to other sites

Our websites may contain links to third‑party sites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before you use or access such third party sites.

16. Government-related identifiers

We do not adopt, use or disclose government-related identifiers (such as Medicare or tax-file numbers) as our own identifiers of an individual except where required or authorised by law or in accordance with the Privacy Act.

17. Changes to this Policy

We may update this Privacy Policy from time to time. The updated version will be posted on our website and will take effect when posted, unless otherwise stated.

18. Contact Details

If you have questions, concerns or complaints about how we handle Personal Information, or if you wish to exercise your privacy rights, please contact our team using the form on our website.

19. Complaints

Upon you making a complaint we will acknowledge your complaint promptly and aim to resolve it within 30 days. Where it is anticipated that this timeframe is not achievable, we will contact you to provide an estimate of how long it will take to investigate and respond to the complaint.

If we decide that your complaint is justified, we will then decide what action we should take in response. We will always try to match our response to the nature of your complaint and your desired outcome, but this may not always be possible.

Some of the things that we may decide to do include: take steps to rectify the problem or issue you have raised; provide you with additional information or advice so that you can understand what happened and how we have dealt with it; or take steps to change our policies or procedures if your complaint identifies a problem in the way we are doing things.

It will not always be possible to resolve a complaint to everyone's satisfaction. In that case, you might want to escalate the matter to the Privacy Commissioner via an online privacy complaint form which can be found at: https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us/.