Privacy Policy

Linkby Pty Ltd (ABN 88 630 191 927) (we, us or our), understands that protecting your personal information is important. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or otherwise collected by us when providing our Linkby platform and website (Services) or when otherwise interacting with you.

This Privacy Policy takes into account the requirements of the Privacy Act 1988 (Cth) and the Australian Privacy Principles. In addition to the Australian laws, individuals located in the European Union or European Economic Area (EU) may also have rights under the General Data Protection Regulation 2016/679 and individuals located in the United Kingdom (UK) may have rights under the General Data Protection Regulation (EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018) (together, the GDPR). This Privacy Policy also applies to individuals located in the United States. We are committed to complying with applicable U.S. federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and other state privacy legislation as enacted and amended from time to time. Appendix 1 outlines the details of the additional rights of individuals located in the EU and UK as well as information on how we process the personal information of individuals located in the EU and UK.

‍

The information we collect

Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

The types of personal information we may collect about you include:

• Identity Data including first name, last name, and the company you work for (and sign up for the Services).‍
• Contact Data including billing address, email address and telephone number.‍
• Financial Data including payment card details (through our third-party payment processor, through Stripe or Xero.
• Transaction Data including details about payments to you from us and from you to us and other details of services you have purchased from us.
• Technical and Usage Data including internet protocol (IP) address, your login data, when you have clicked a Linkby link embedded in our client’s website, your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour, information about your access and use of our website, including through the use of Internet cookies, your communications with our website, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider.
• ‍Profile Data including your username and password for our Services, your primary brand, purchases you have made with us, support requests you have made, any Campaign information you provide, content you post, send receive and share through our platform, information you have shared with our social media platforms, your interests, preferences, feedback and survey responses. 
• ‍Marketing and Communications Data including your preferences in receiving marketing from us and your communication preferences.‍

Sensitive information is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information. We do not actively request sensitive information about you. If at any time we need to collect sensitive information about you, unless otherwise permitted by law, we will first obtain your consent and we will only use it as required or authorised by law. 

‍

How we collect personal information

We collect personal information in a variety of ways, including:

• Directly: We collect personal information which you directly provide to us, including when you register for an account, through the ‘contact us’ form on our website or when you request our assistance via email, or over the telephone.
• Indirectly: We may collect personal information which you indirectly provide to us while interacting with us, such as when you use our website, in emails, over the telephone and in your online enquiries.
• From third parties: We collect personal information from third parties, such as when you click our link embedded in our publisher’s website, details of your use of our website from our analytics and cookie providers and marketing providers. See the “Cookies” section below for more detail on the use of cookies.
• From publicly available sources: We collect personal data from publicly available resources such as the Australian Securities and Investment Commission (ASIC), Business to Business databases and professional networking sites such as LinkedIn.

Why we collect, hold, use and disclose personal information

We have set out below, in a table format, a description of the purposes for which we plan to collect, hold, use and disclose your personal information.

‍

Our disclosures of personal information to third parties

We may disclose personal information to:

• our employees, contractors and/or related entities;
• IT service providers, data storage, web-hosting and server providers such as Amazon Web Services;
• marketing or advertising providers;
• professional advisors, bankers, auditors, our insurers and insurance brokers;
• payment systems operators such as Stripe;
• our existing or potential agents or business partners;
• anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
• courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
• courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; and
• third parties to collect and process data, such as Google Analytics (To find out how Google uses data when you use third party websites or applications, please see www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time), Facebook Pixel or other relevant analytics businesses; and
• any other third parties as required or permitted by law, such as where we receive a subpoena.
  
  Google Analytics: We have enabled Google Analytics Advertising Features including Remarketing Features, Advertising Reporting Features, Demographics and Interest Reports, Store Visits, Google Display Network Impression reporting etc. We and third-party vendors use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together. 
  
  You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin here. To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device.

‍

Overseas disclosure

We primarily store personal information on servers located in Australia. If you are located in the United States, please be aware that your personal information will be transmitted to and stored on servers located in Australia. By using our Services, you consent to this transfer, storage, and processing of your personal information in Australia. Where we disclose your personal information to the third parties listed above, these third parties may store, transfer or access personal information outside of Australia.

Unless we seek and receive your consent to an overseas disclosure of your personal information, we will only disclose your personal information to countries with laws which protect your personal information in a way which is substantially similar to the Australian Privacy Principles and/or we will take such steps as are reasonable in the circumstances to require that overseas recipients protect your personal information in accordance with the Australian Privacy Principles.

Please note that personal information stored in Australia may be subject to lawful access requests by both U.S. and Australian government authorities. Under the Agreement between the Government of Australia and the Government of the United States of America on Access to Electronic Data for the Purpose of Countering Serious Crime (the Australia-U.S. CLOUD Act Agreement), law enforcement agencies in either country may issue production orders to obtain electronic data held by service providers in the other country, subject to the safeguards and conditions set out in that agreement. By using our Services, you acknowledge that your data may be subject to such lawful access requirements.

‍

EU-U.S. Data Privacy Framework (DPF)

When we transfer personal information from the European Union (EU) or the United Kingdom (UK) to our U.S. affiliate, Linkby Pty Ltd, that entity participates in, and complies with, the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce.

Linkby Pty Ltd has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the EU and the UK in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between this Privacy Policy and the EU-U.S. DPF Principles, the EU-U.S. DPF Principles will govern.

To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit: https://www.dataprivacyframework.gov/.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Access and choice obligations

Pursuant to the EU-U.S. DPF Principles, EU and UK individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States in reliance on the DPF Program should direct their query to [email protected]. If requested to remove data, we will respond within a reasonable timeframe. Additionally, we will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to [email protected].

HR data - cooperation with EU DPAs and the UK ICO

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Linkby Pty Ltd commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources (HR) data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.

Non-HR data - independent recourse mechanism (BBB National Programs)

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Linkby Pty Ltd commits to refer unresolved complaints concerning our handling of personal data (other than HR data in the context of the employment relationship) received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to BBB National Programs, an independent alternative dispute resolution provider based in the United States.

If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit: https://bbbprograms.org/programs/all-programs/dpf-consumers for more information or to file a complaint. The services of BBB National Programs are provided to you at no cost.

Regulatory oversight

Our commitments under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Binding arbitration

Under certain conditions, and after other dispute resolution mechanisms have been exhausted, you may be able to invoke binding arbitration for complaints regarding our compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. The binding arbitration mechanism is described in Annex I of the EU-U.S. DPF Principles, available via the Data Privacy Framework (DPF) Program website at https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.

Onward transfers and liability

Where we transfer personal data covered by our EU-U.S. DPF and UK Extension to the EU-U.S. DPF commitments to a third-party agent or service provider, we remain responsible and liable under the EU-U.S. DPF Principles if the third party processes such personal data in a manner inconsistent with those Principles, unless we prove that we are not responsible for the event giving rise to the damage.

How to contact us about DPF

If you have a question or complaint about our DPF-related practices, please contact us first using the details in the “Contact Us” section of this Privacy Policy and indicate that your request relates to the EU-U.S. Data Privacy Framework.

‍

Your rights and controlling your personal information

Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, we are unable to register you for an account with Linkby.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us. 

Anonymity: Where practicable we will give you the option of not identifying yourself or using a pseudonym in your dealings with us. 

Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you also have the right to contact the Office of the Australian Information Commissioner. If you are a U.S. resident, you may also contact your state’s Attorney General to lodge a complaint or seek further information about your privacy rights under applicable state law.

Additional rights for U.S. residents: If you are located in the United States, you may have additional rights under applicable state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), and other state privacy legislation. These rights may include: (a) the right to know what personal information we collect, use, disclose, and sell or share; (b) the right to request deletion of your personal information held on our Australian servers; (c) the right to correct inaccurate personal information; (d) the right to opt out of the sale or sharing of your personal information to third parties for targeted advertising or analytics purposes; and (e) the right not to be discriminated against for exercising your privacy rights. To exercise any of these rights, please submit a verifiable request by contacting our Privacy Officer at [email protected]. We will respond to your request within the timeframes required by applicable law. Where we are unable to verify your identity or your request falls within a permitted exception, we will inform you of the reason. To opt out of the sale or sharing of your personal information to third parties for cross-context behavioural advertising or analytics purposes, please email [email protected] with the subject line “Do Not Sell or Share My Personal Information” or use the opt-out mechanism available on our website.

‍

Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.

Data breach notification: In the event of a data breach affecting personal information held on our Australian servers, we will comply with the notification requirements under the Notifiable Data Breaches (NDB) scheme in the Privacy Act 1988 (Cth). For U.S. customers, we will also notify affected individuals in accordance with the breach notification requirements of their state of residence, including any applicable timelines (for example, 72 hours under certain state laws, or 30 days under others). We will provide notification as soon as reasonably practicable and will include the nature of the breach, the categories of personal information affected, and the steps we recommend you take to protect yourself.

‍

‍

How long we keep personal data

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal or contractual obligations. Retention periods vary depending on the type of data and the context of its processing.

Our Data Retention Policy outlines how long different categories of data are kept and the criteria used to determine those timelines. For more details or to request a copy of this policy, please contact us using the information provided in the Contact Us section of this Privacy Policy.

‍

Children’s Privacy

Linkby Pty Ltd does not knowingly collect personal data from minors. Our services—including the Linkby platform and website—are designed for business-to-business contexts and professional audiences. Accordingly, we expect individuals interacting with us to be adults acting in their business or professional capacity.

• If we learn or have reason to believe that we have unintentionally collected personal data from someone under the age of 16, we will act promptly to delete that information from our systems.
• If you become aware that your minor child has shared personal data with us without your consent, please contact us immediately using the details in the Contact Us section. We will take appropriate steps to delete the data without undue delay

‍

Cookies

We may use cookies on our website from time to time. Cookies are text files placed in your computer's browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online website and allow third parties, such as Google and Facebook, to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online website with personal information, this information may be linked to the data stored in the cookie.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

‍We use different types of cookies, including essential cookies (necessary for core site operation), analytical or performance cookies (to improve website performance), functional cookies (to remember your preferences), and advertising or targeting cookies (to deliver relevant ads based on your browsing activity).

For more information about these cookies and how to manage your preferences, please refer to our Cookie Policy.

‍

Links to other websites

Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

‍

Amendments

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy. 

For any questions or notices, please contact us at:‍

Our dedicated Privacy Officer can be contacted directly at [email protected] for all privacy-related enquiries, including requests to exercise your rights under applicable Australian, EU, UK, or U.S. privacy laws.

‍

Linkby Pty Ltd (ABN 88 630 191 927)

Email: [email protected]

Last update: March 6, 2026

APPENDIX 1: ADDITIONAL RIGHTS AND INFORMATION FOR INDIVIDUALS LOCATED IN THE EU OR UK

‍