top of page

Privacy Policy

ABN 12 649 077 163  |  ACN 649 077 163

Effective Date: 24 March 2026  |  Last Updated: 24 March 2026

In this Privacy Policy, Zephyr (ABN 12 649 077 163, ACN 649 077 163) is referred to as we, our and us.

The Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and binding codes issued under the Privacy Act govern the way we manage your personal information. Personal information is any information or opinion about a person who is identified or reasonably identifiable, whether or not that information or opinion is true.

This policy sets out how we collect, use, disclose and otherwise manage personal information. By using the Zephyr website, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.

Information We Might Collect

Information You Provide Directly

  • Name and contact details (email address, phone number, mailing address)

  • Account registration information (username, password)

  • Communications you send to us (support requests, feedback, enquiries)

  • Payment information processed securely via third-party payment providers

Information Collected Automatically

When you visit our website, we may automatically collect:

  • IP address and approximate geographic location

  • Browser type, version, and operating system

  • Pages visited, links clicked, and time spent on pages

  • Referring URLs and search terms

  • Device identifiers and session data

Information from Third Parties

We may receive information about you from third-party services such as social media platforms, analytics providers, or advertising partners, where you have permitted those services to share your data.

Employee and Contractor Information

If you are employed by or engaged as a contractor with Zephyr, we collect additional information necessary to administer that relationship. This may include emergency contact details, bank account information for payroll purposes, tax file number (TFN), and superannuation details. Such information is collected using our secure Citation HR platform, and handled in accordance with applicable employment, taxation and superannuation laws.

Unsolicited Information

Occasionally we may receive personal information about you that we did not request and that falls outside the scope of our usual activities. Where this occurs, we will assess whether we would have been permitted to collect that information in the ordinary course of business. If we would not have been, we will destroy or permanently de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.

How We Use Your Information

We use the information we collect for the following purposes:

To provide, operate, and improve our website and services

To process transactions and send related communications

To respond to your enquiries and provide customer support

To send you service updates, security notices, and administrative messages

To send marketing and promotional communications (where you have opted in)

To personalise your experience on our website

To analyse usage trends and measure the effectiveness of our services

To comply with legal obligations and enforce our terms

To detect, prevent, and address fraud, security issues, or technical problems

Legal Basis for Processing (Australian & International Users)

We process your personal information on the following legal grounds:

Contractual necessity: to fulfil our obligations when you use our services or make a purchase.

Legitimate interests: to improve our services, prevent fraud, and communicate with you effectively.

Consent: where you have explicitly opted in (e.g. marketing communications).

Legal obligation: where we are required to process data to comply with applicable law.

For users in the European Economic Area (EEA) or United Kingdom, we process data in accordance with the General Data Protection Regulation (GDPR). For Australian users, we comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Applicable Australian Legislation

Where relevant, we collect and handle personal information to meet our obligations under a range of Australian laws, including but not limited to:

Fair Work Act 2009 (Cth) and Migration Act 1958 (Cth) — employment-related obligations

Income Tax Assessment Act 1936 (Cth) — taxation obligations

Superannuation Industry (Supervision) Act 1993 (Cth) — superannuation obligations

Corporations Act 2001 (Cth) and Competition and Consumer Act 2010 (Cth) — corporate record keeping

A New Tax System (Goods and Services Tax) Act 1999 (Cth) — GST compliance

Tax File Numbers

Where we collect your Tax File Number (TFN) — for example, in the context of an employment or contracting arrangement — we do so strictly in accordance with the TFN Rule under the Privacy Act. Your TFN will only ever be used for the specific purpose for which it was collected and as required by law. We will not use your TFN as an internal identifier, and we will not share it with any third party except where the law expressly requires or permits us to do so.

Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to enhance your experience and gather analytics. These may include:

Essential cookies: required for the website to function properly.

Analytics cookies: to understand how visitors interact with our website (e.g. Google Analytics).

Marketing cookies: to deliver relevant advertisements and measure campaign effectiveness.

You can manage your cookie preferences through your browser settings or our cookie consent tool. Please note that disabling certain cookies may affect website functionality.

Sharing of Your Information

We do not sell your personal information. We may share your data with:

Service providers: trusted third parties who assist us in operating our website and services (e.g. hosting, payment processing, email delivery, analytics).

Business partners: with your consent, where relevant to delivering a service you have requested.

Legal authorities: where required by law, court order, or to protect the rights and safety of Zephyr, our users, or the public.

Business transfers: in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

All third parties with whom we share data are required to handle it in accordance with applicable privacy laws and our data protection standards.

Please note: any mobile opt-in data you provide to us will not be passed on to third-party organisations for their own marketing or other purposes.

Data Retention

We retain your personal information for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required or permitted by law. When your data is no longer needed, we securely delete or anonymise it.

The retention period will vary depending on the type of data and the purpose for which it was collected. For example:

  • Account data is retained for the duration of your account plus a reasonable period thereafter.

  • Transaction records may be retained for up to 7 years for tax and legal compliance.

  • Marketing preferences are retained until you withdraw consent or unsubscribe.

Data Security

We take reasonable technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure servers, access controls, and regular security assessments.

While we strive to use commercially acceptable means to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security and encourage you to use strong passwords and keep your account credentials confidential.

Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: request a copy of the personal data we hold about you.

  • Correction: request that we correct inaccurate or incomplete data.

  • Deletion: request that we delete your personal data (subject to legal obligations).

  • Restriction: request that we limit how we use your data in certain circumstances.

  • Portability: receive your data in a structured, machine-readable format.

  • Objection: object to the processing of your data for direct marketing or legitimate interests.

  • Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please submit a written request to us using the contact details in Section 13. We will acknowledge your request promptly and respond within 30 days.

We may charge a reasonable fee to cover the administrative cost of processing an access request (though not for the act of making the request itself). We will advise you of any applicable fee before proceeding.

In limited circumstances, we may decline an access or correction request where permitted under the Privacy Act. If we do so, we will provide you with a written explanation of the reasons (unless it would be unreasonable to do so) and advise you of the avenues available to escalate the matter, including lodging a complaint with the OAIC.

International Data Transfers

Zephyr operates primarily in Australia. If we transfer your personal data outside of Australia, we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent protections recognised under Australian law.

Children's Privacy

Our website and services are not directed to children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with their information, please contact us immediately and we will take steps to delete it.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of significant changes by posting the updated policy on our website with a revised effective date. We encourage you to review this policy periodically.

Complaints and Feedback

If you believe we have mishandled your personal information or breached the Privacy Act or the APPs, we encourage you to reach out to us directly in the first instance. We take all privacy concerns seriously and will work with you to investigate and resolve the matter in a timely way.

Please contact us using the details in Section 13 below. We will acknowledge your complaint and aim to provide a substantive response within 30 days.

If you remain unsatisfied after we have responded (or if we have not responded within a reasonable timeframe), you can escalate your complaint to the Office of the Australian Information Commissioner (OAIC).

Complaint forms and further information are available at: https://www.oaic.gov.au/privacy/privacy-complaints

For broader information on privacy rights in Australia, visit: https://www.privacy.gov.au

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us at  info@zephyr.com.au

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Aerial View of Coast
bottom of page