Privacy Policy

Effective Date: December 2024

Last Updated: December 2024

1. About This Policy

This Privacy Policy explains how DEBO LABS PTY LTD (trading as Fika CTO) ("we", "us", "our") collects, uses, discloses, and manages personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

Our Details:

  • Company: DEBO LABS PTY LTD (trading as Fika CTO)
  • ACN: 681 007 036
  • ABN: 45 681 007 036
  • Address: 2/483 Ocean Beach Road, Umina Beach, NSW 2257
  • Email: hello@fikacto.com
  • Website: https://fikacto.com

2. What Personal Information We Collect

2.1 Information We Collect Directly From You

When you engage our services or interact with our website, we may collect:

Contact Information:

  • Name and title
  • Email address
  • Phone number
  • Business address
  • Company name and ABN/ACN

Service-Related Information:

  • Project requirements and specifications
  • Technical information about your business
  • Meeting notes and session recordings
  • Feedback and communications
  • Payment and billing information

Website Usage Information:

  • IP address and device information
  • Browser type and version
  • Pages visited and time spent
  • Referring websites
  • Cookies and similar technologies

2.2 Information We May Collect From Third Parties

  • Professional references and recommendations
  • Publicly available business information
  • Information from our business partners (with appropriate consents)

2.3 Sensitive Information

We do not routinely collect sensitive information as defined under the Privacy Act. If we need to collect sensitive information for specific purposes, we will seek your explicit consent.

3. How We Collect Personal Information

We collect personal information through:

  • Our website (fikacto.com) and contact forms
  • Email communications
  • Phone calls and video conferences
  • Face-to-face meetings
  • Client onboarding processes
  • Service delivery platforms (Slack, Microsoft Teams, etc.)
  • Payment processing systems

4. Why We Collect and Use Personal Information

4.1 Primary Purposes

We collect and use personal information to:

  • Provide fractional CTO services as outlined in our service agreements
  • Communicate with you about projects and services
  • Process payments and maintain billing records
  • Improve our services and develop new offerings
  • Comply with legal and regulatory requirements

4.2 Secondary Purposes (Related to Primary Purpose)

  • Send you updates about our services and industry insights
  • Invite you to relevant events or webinars
  • Conduct client satisfaction surveys
  • Maintain professional relationships post-engagement

4.3 Marketing Communications

We may use your contact information to send you:

  • Service updates and newsletters
  • Industry insights and technical content
  • Invitations to events and webinars
  • Information about new services

You can opt-out of marketing communications at any time by:

  • Clicking the unsubscribe link in emails
  • Contacting us directly at hello@fikacto.com
  • Updating your preferences through our website

5. How We Disclose Personal Information

5.1 When We May Disclose Your Information

We may disclose your personal information to:

Service Providers:

  • Cloud hosting and storage providers
  • Communication platform providers (Slack, Microsoft Teams)
  • Payment processors and financial institutions
  • Professional advisors (lawyers, accountants, auditors)
  • IT support and cybersecurity providers

Legal Requirements:

  • Government agencies when required by law
  • Courts and tribunals in legal proceedings
  • Law enforcement agencies for investigation purposes

Business Operations:

  • Subcontractors and specialist consultants (with your consent)
  • Professional references and testimonials (with your consent)
  • Business partners for joint service delivery (with your consent)

5.2 We Do Not Sell Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Overseas Disclosure

6.1 Countries Where Information May Be Disclosed

Your personal information may be disclosed to recipients in:

  • United States (cloud storage and communication platforms)
  • European Union (software tools and platforms)
  • Other countries where our service providers operate

6.2 Safeguards for Overseas Disclosure

We take reasonable steps to ensure overseas recipients:

  • Comply with privacy laws equivalent to Australian standards
  • Have contractual obligations to protect your information
  • Implement appropriate security measures

Major Overseas Service Providers Include:

  • Microsoft (Office 365, Teams) - Global
  • Google (Gmail, Drive) - Global
  • Slack Technologies - United States
  • Various cloud infrastructure providers

7. Data Security and Storage

7.1 Security Measures

We implement reasonable technical and organisational measures to protect personal information from:

  • Unauthorised access, modification, or disclosure
  • Misuse, interference, and loss
  • Cyber security threats and data breaches

Our security measures include:

  • Encrypted data transmission and storage
  • Access controls and user authentication
  • Regular security assessments and updates
  • Staff training on privacy and security
  • Incident response procedures

7.2 Data Retention

We retain personal information for as long as:

  • Required to provide our services
  • Necessary for business record-keeping
  • Required by law (typically 7 years for business records)
  • Reasonable for potential legal proceedings

7.3 Data Destruction

When personal information is no longer needed, we securely destroy or de-identify it in accordance with our data retention policy.

8. Your Privacy Rights

8.1 Access Your Personal Information

You have the right to request access to personal information we hold about you. We will provide access unless legally restricted.

8.2 Correct Your Personal Information

You can request correction of inaccurate, incomplete, or out-of-date personal information.

8.3 Restrict Processing

You may request that we limit how we use your personal information in certain circumstances.

8.4 Data Portability

You may request a copy of your personal information in a commonly used format.

8.5 Withdraw Consent

Where we rely on your consent, you can withdraw it at any time (though this may affect our ability to provide services).

To Exercise Your Rights:

  • Email us at hello@fikacto.com
  • Write to us at our postal address above
  • Include sufficient information to verify your identity

Response Times:

  • We respond to requests within 30 days
  • Complex requests may take longer (we'll keep you informed)
  • We don't charge fees for reasonable requests

9. Cookies and Website Analytics

9.1 Cookies We Use

Our website uses cookies to:

  • Remember your preferences and settings
  • Analyze website traffic and usage patterns
  • Improve user experience and website functionality
  • Provide secure access to client portals

9.2 Third-Party Analytics

We use Google Analytics to understand how visitors interact with our website. This helps us improve our content and user experience.

9.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

10. Data Breach Notification

10.1 Our Response to Data Breaches

If a data breach occurs that may result in serious harm, we will:

  • Notify the Office of the Australian Information Commissioner within 72 hours
  • Notify affected individuals where required by law
  • Take immediate steps to contain and remediate the breach
  • Provide updates on our investigation and remedial actions

10.2 What We'll Tell You

If we notify you of a data breach, we'll include:

  • Description of the incident
  • Types of information involved
  • Steps we're taking to address the breach
  • Steps you can take to protect yourself
  • Our contact information for questions

11. Children's Privacy

Our services are designed for businesses and we do not knowingly collect personal information from children under 13. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Policy

12.1 Policy Updates

We may update this Privacy Policy to reflect:

  • Changes in our business practices
  • New legal requirements
  • Technology improvements
  • Feedback from clients and regulators

12.2 Notification of Changes

We will notify you of significant changes by:

  • Posting the updated policy on our website
  • Emailing clients about material changes
  • Updating the "Last Updated" date above

12.3 Your Continued Use

Continued use of our services after policy changes constitutes acceptance of the updated terms.

13. Complaints and Contact

13.1 Privacy Complaints

If you believe we have breached your privacy, you can lodge a complaint by:

Contacting Us Directly:

  • Email: hello@fikacto.com
  • Mail: 2/483 Ocean Beach Road, Umina Beach, NSW 2257

Complaint Process:

  1. We'll acknowledge your complaint within 5 business days
  2. We'll investigate and respond within 30 days
  3. If the matter is complex, we'll keep you informed of progress
  4. We'll work with you to resolve the issue fairly

13.2 External Complaints

If you're not satisfied with our response, you can lodge a complaint with:

Office of the Australian Information Commissioner (OAIC)

13.3 General Privacy Questions

For general questions about privacy or this policy:

  • Email: hello@fikacto.com
  • Include "Privacy Inquiry" in the subject line

14. Business Transfers

In the event of a merger, acquisition, or sale of business assets, personal information may be transferred to the new entity. We will notify affected individuals and ensure the new entity is bound by equivalent privacy protections.

15. Governing Law

This Privacy Policy is governed by Australian privacy law, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles.