Effective Date: 2 April 2026

This Privacy Policy (Policy) sets out, in accordance with:

  1. the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs) (if applicable);
  2. for UK, EU & EMEA Residents: The European General Data Protection Regulation (GDPR); and
  3. for California Residents: California Consumer Privacy Act of 2018 (CCPA)

the way in which Quiip (collectively, our, us, or we) may collect, store, use, disclose, manage and protect your Personal Information.

Quiip owns and operates a website located at https://quiip.com.au/ and its associated sub-domains (Site). We take your security very seriously and have put in place suitable procedures to safeguard the information we collect from the Site and online. In addition, our business involves us  moderating or managing platforms owned and operated by third parties, and providing our products or services using third party communication and social media platforms (Platforms). Where we do so, and collect Personal Information, this policy will also apply.

By doing any of the following:

  • accessing the Site,
  • requesting information on, enquiring about, or providing feedback in relation to, our services (online, in writing, by telephone or in person), or
  • otherwise providing, or consenting to the collection of, personal information by Quiip, its officers, agents or employees, after this policy has been brought to your attention,

you acknowledge and consent to the use, collection, storage or disclosure of your personal information by us in accordance with this policy. If you do not agree to us handling your personal information in the manner set out in this policy, we will not be able to provide our services to you and you should not provide us with any personal information.

From time to time we may make changes to this policy. When we do, we will highlight those changes in yellow highlight for a period of 14 days. Please make sure you review the Privacy Policy each time you visit the Site to keep up to date on any changes.

What happens if you want to deal with us anonymously or using a pseudonym?

When contacting us, you can do so either anonymously or by using a pseudonym. If you do so, we may not be able to provide you with accurate or useful information, and you may not be able to access a full range of our services. Further, we may not be able to investigate incidents or complaints you have made.

What is personal information?

We follow the definition of Personal Information given in the Privacy Act:

“Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.”

And the GDPR definition of Personal Data:

“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”

In the course of providing services to our clients, we may be required to collect and process Sensitive Information. According to the Privacy Act, Sensitive Information includes but is not limited to:

“personal information, health, racial or ethnic origin, political opinions, membership of a political association, professional or trade association or trade union, religious beliefs or affiliations, philosophical beliefs, sexual orientation or practices, criminal record, biometric information that is to be used for certain purposes.”

Where this happens, additional rules apply to how we handle that information.

What kinds of Personal Information might we collect and hold?

The Personal Information we may collect, hold and process about you depends upon your relationship with us, the service you have requested from us and how you interact with us, or our clients. This information may vary depending on your specific needs.

For our clients and prospective clients:

When you enquire about our services or when you become a client, we will collect information about you, and members of your organisation, including personal information. We may collect the following kinds of personal information:

  1. your name and contact details (address, email, telephone number etc) or those of your staff;
  2. your job title;
  3. how you interact with us and/or the Site and/or information you enter into or upload to the Site or a Platform;
  4. your business or associated companies or entities;
  5. messages, emails, voicemail and other correspondence and frequency of enquiries as well as comments and feedback and responses to surveys;
  6. recordings or transcripts of calls, meetings or other interactions that we have with you;
  7. your IP address and / or other device identifying data;
  8. other information required to provide a service or information you have requested from us;
  9. any information relating to you, your organisation or its staff, that you provide to us directly.

Prospective employees or applicants:

We collect personal information when recruiting staff, such as your name, contact details, qualifications and employment history. Generally, we will collect this information directly from you.

We may also collect personal information from third parties in ways which you would reasonably expect (for example, from referees you have nominated or recruitment agencies). Before offering you a position, we may collect additional details such as your tax file number (TFN) and superannuation information and other information necessary to conduct background checks to determine your suitability for certain positions (for example, positions which involve working with children).

We will manage your TFN (if recorded) in accordance with the Privacy (Tax File Number) Rule 2015 and the Taxation Administration Act 1953. A breach of the Privacy (Tax File Number) Rule 2015 Employee Records is considered an interference with privacy under the Privacy Act.

Platform Users:

Quiip’s business involves us moderating digital communications platforms for our clients. When this occurs, we will be exposed to content posted by third parties, as well as personal information about those individuals. Under the Privacy Act, if we access your personal information to provide moderation services, this counts as us ‘collecting’ that personal information. When we collect personal information from our client’s communities, we do so for the purpose of providing those moderation services, for the purpose of quality assurance and training, or to comply with our legal obligations arising from the work we perform. We may also collect personal information about individuals who use client Platforms in circumstances in which it is necessary for us to do so to provide our services, or to follow up on an enquiry or complaint.

Whilst collecting Sensitive Information is not part of our normal business, where we are moderating a client’s Platforms, we may be exposed to Sensitive Information, and need to manage it. This could happen where a user on a Platform we are moderating discloses Sensitive Information, or where we are required to manage a situation where a user is in distress and we need to refer them for assistance. We will use Sensitive Information to the limited extent necessary to provide our Services and to ensure that we meet all legal and ethical obligations. We will only share your Sensitive Information internally where necessary, and to our clients where appropriate and ethical to do so.

Other Individuals:

We may collect personal information about other individuals who are not our clients such as people who contact us about the moderation of a client’s Platform, members of the public who participate in events we are involved with, service providers and contractors, and other individuals who interact with us on a commercial basis. The kinds of personal information we collect will depend on the capacity in which you are dealing with us. Generally, it would include your name, contact details, bank details, postal address and information regarding our interactions and transactions with you.

Visitors to the Site:

You may visit the Site without identifying yourself. If you identify yourself (for example, by providing your contact details in an enquiry), your Personal Information will be managed in accordance with this Policy.

Do we collect your sensitive information?

Health information, information about your race, gender, sexuality or political opinions and affiliations are a special type of personal under the Privacy Act called sensitive information. You have additional rights in relation to sensitive information. If we collect your sensitive information, we will only keep it whilst you consent to us doing so, or if we are required to by law or to protect a legal right. If you want us to delete your sensitive information you may request we do so in writing.

How do we collect your personal information?

We collect personal information directly from you, for example when you provide that information to us, we contact you or when you contact us. We also collect personal information when providing you with our services, you participate in our services, including marketing activities or from publicly available sources such as the internet and social media.

Why do we collect, hold, use and disclose your personal information?

We collect your personal information for a number of reasons, including:

  • providing services to our clients, or providing people with information about our services and activities;
  • to promote and drive engagement with our services, including the use of targeted online advertising;
  • sending communications you request or contacting you and responding to your enquiries;
  • providing third parties with information about you and your activities to assist us in providing the services;
  • cooperating with law enforcement bodies and government agencies where required by law or the terms of any relevant licence or industry code of practice;
  • communicating with you and providing you with information about your use of the services;
  • ensuring consistency of service across our business and other internal business purposes;
  • developing or refining our services and activities as well as tailoring our services;
  • internal business and corporate purposes, corporate governance, auditing and record keeping.

Our use of personal information may extend beyond the uses described above but will be restricted to purposes that we consider to be related to our functions and activities.

We do not collect your Personal Information for the purpose of selling or providing it to third parties to directly market their services to you. Where we moderate a client’s Platforms, we will generally share the Personal Information we have collected from that Platform with the client as part of our Services to them.

We may however disclose your personal information as part of a corporate restructure or sale of business; we will however post a notification on the Site 14 days prior to any sale or restructure event completing.

Who do we disclose your personal information to?

We may disclose your personal information to:

  • our clients;
  • entities we work with, associated organisations, business partners or affiliates
  • third parties who provide products or services to us (including our accountants, auditors, lawyers, IT contractors, and other service providers)
  • third parties as required or allowed by law
  • artificial intelligence services to assist us to provide our services as efficiently as possible. We currently use artificial intelligence software ‘Google Gemini’ as part of our standard operating environment; the way Google Gemini functions is explained at: www.gemini.google/overview/. We may also use other AI tools as necessary or directed by our clients. In circumstances where we use artificial intelligence for automated decision making  (e.g. blocked word filters on social media platforms or forum software), we use human oversight to review platform actions.

We may also disclose your de-identified information to third parties for analysis, research and quality assurance purposes.

How do we hold and secure your personal information?

We store your personal information digitally (unless legally required to retain in hard copy format). All digital material is secured using password-protected computers and databases. We mandate use of an enterprise password manager to generate and securely store strong, unique passwords for all systems. Any digital transfer of Personal Information is via secure channels such as HTTPS where possible. Any database we manage is appropriately secured behind firewalls.

We primarily use data storage providers located inside Australia, however we may, in some instances, use providers that are based outside of Australia. For example, we may use the following providers to store data (among others): Google Workspace, Dropbox, Blink, Slack and/or WhatsApp.

Some of your data may potentially be stored overseas, most likely the United States, as well as the European Union, Great Britain and Asia, due to the use of third-party services from businesses that originate in those countries.

Our Data Breach Policy is a component of, and supports, our Privacy Policy. The Data Breach Policy explains how we will manage any loss or unauthorised access or disclosure of your personal information should it ever occur. We conduct regular audits of our compliance with this policy to ensure that our privacy framework is in line with industry best-practice.

We destroy or de-identify Personal Information in a secure manner when we no longer need it.  For example, we generally destroy a record about a complaint after 7 years from when the complaint was resolved.

We conduct regular audits of our compliance with this Policy and the Privacy Act to ensure that our privacy framework is in line with industry best-practice.

Do we send your personal information overseas?

Quiip is an organisation based in New South Wales, Australia with a team that operates across Australia and overseas including Scotland, Canada, the United States of America, Germany and Spain. Our data may be stored in cloud back-up software (such as Google Workspace, Dropbox, Blink) which may be potentially be stored overseas, most likely in the United States or UK/EU.

We may upload images and / or footage to the Site or social media accounts from time to time. The Site and our social media accounts may be hosted on an overseas server. Where applicable, in the event that your information is sent overseas, we will use our best endeavours to ensure that any overseas service provider will keep all personal information secure and confidential.

Do we use your personal information for direct marketing?

We may use your personal information to communicate directly with you to promote our services. We use direct marketing to provide you with information about our services. If you receive direct marketing material from us, and do not wish to continue receiving it, please contact us by any of the methods stated in this Policy, asking to be removed from all future direct marketing programs. Once we have received your opt-out request, we will remove you from our direct marketing programs as soon as reasonably practicable. Please be aware that unsubscribing from one part of our services (for example, an e-newsletter) will not automatically remove you from all other services.

How do you access or correct personal information we hold about you?

You may request access to the personal that we hold about you by contacting us. Upon receiving an access request we may request further details from you to verify your identity.

We reserve the right not to provide you with access to your personal information if we are unable to verify your identity to our reasonable satisfaction. An administrative fee may be charged to cover our costs in providing you with access. We will notify you of the administrative fee before it has been incurred. We will respond to your access request within a reasonable period of time by either providing you with access, or if we refuse your access request, we will provide you with reasons. Generally, access requests may be denied where: we believe your request is frivolous or vexatious, we are entitled to reject a request by law, we are unable to verify your identity; or you have not paid the administrative fee (if any).

If you believe that your personal information held with us is inaccurate or otherwise requires correction, you may send us a correction request by contacting us. We will review your request and respond to the request within a reasonable period of time.

What about the General Data Protection Regulation?

The GDPR is the European Union (EU) data protection law. Australian-based organisations that offer goods or services to persons in the EU or target or monitor the behaviour of persons in the EU may be required to comply with the GDPR regulatory regime.

While we are an Australian-based organisation, we provide services both within Australia and internationally. From time to time, we may capture or collect personal information that passes through the EU. This will occur where:

  1. We provide services to EU residents
  2. If a person in the EU accesses the Site and we collect analytical data about them
  3. If a person enquires about our services from the EU
  4. If one of our customers gives us information about a person in the EU

If this occurs, we will treat the personal information received in accordance with this policy.

Where data is processed or monitored in the EU, you may have additional rights, such as:

  • The right to request that we delete your personal information (unless we require that information to comply with a legal obligation, or need it to bring or defend a legal claim)
  • The right to restrict our processing of your personal information (where it is inaccurate, would be unlawful to process, or where it has not been deleted due to us needing it to meet a legal obligation)
  • Right to data portability (the right to receive your personal information in a readable format); and
  • The right to object to the processing of personal information.

A complete list of your rights may be viewed here: General Data Protection Regulation (GDPR) – Official Legal Text (gdpr-info.eu).    

We also have certain obligations in relation to the management of a data breach, including:

  1. We must advise the relevant statutory authority of a data breach within 72 hours of becoming aware of the breach; and
  2. We must advise affected individuals without undue delay where there is a high risk to their rights and freedoms.  

What about the California Consumer Privacy Act?

This notice is to California residents and is supplementary to our Privacy Policy to explain your additional or specific rights as a Californian resident (if we’re deemed a CCPA Business). This provision will not apply to a significant portion of the persons who use our site or services.

You have the following rights:

  1. right to request access to personal information we collect, use, disclose and if relevant sell up to two times per year;
  2. right to request we delete personal information we collect from you, subject to applicable legal exceptions;
  3. (if relevant) right to opt-out of sale of personal information.

To make an access or deletion request please contact us.

What to do if you have a complaint?

If you have a question or complaint, you can contact us:

Email: privacy@quiip.com.au or

Post: Quiip Privacy Officer, 15 Laird Drive, Avoca Beach, NSW, 2251

We take all complaints seriously and will respond to you within a reasonable period of time, usually 30 days, unless we consider your complaint to be frivolous or vexatious or if we are unable to verify your identity. If you are not satisfied with the way we have handled your complaint, you can make a complaint to the Office of the Australian Information Commissioner at http://oaic.gov.au.