MOSHIE PRIVACY POLICY

Privacy Policy

Version: 1.2 Effective Date: March 30th 2026 Last Reviewed: March 30th 2026

1. Introduction and Our Commitment

Moshie Australia Pty Ltd (referred to in this policy as "Moshie", "we", "us", or "our") is a consulting and training business operating across multiple industries throughout Australia. We are committed to protecting the privacy of every individual whose personal information we collect, hold, use, or disclose in the course of our operations.

This Privacy Policy explains how we manage personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) contained in Schedule 1 of that Act. We take our obligations under Australian privacy law seriously, and this policy reflects our genuine commitment — not merely our legal obligations.

By engaging with Moshie's services, using our website, entering into a contract or agreement with us, or providing us with your personal information in any form, you acknowledge that you have read and understood this Privacy Policy.

2. Definitions

For the purposes of this policy:

  • "Personal information" has the meaning given to it in the Privacy Act 1988 (Cth) — that is, information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in material form or not.

  • "Sensitive information" means a subset of personal information that includes health information, biometric information, and other categories listed in the Privacy Act 1988 (Cth), which attract a higher level of protection.

  • "Confidential business information" refers to commercially sensitive data belonging to client organisations, including but not limited to financial records, pricing structures, profit and loss statements, and credit information, which we handle with strict confidentiality obligations in addition to our privacy obligations.

  • "Client" means any individual, sole trader, or organisation that engages Moshie for consulting, training, or related services.

  • "Participant" means any individual who attends, takes part in, or is otherwise involved in a workshop, training session, event, or on-site consulting engagement facilitated by Moshie.

  • "We", "us", "our" refers to Moshie Australia Pty Ltd.

3. What Personal Information We Collect

We collect personal information that is reasonably necessary for the proper conduct of our consulting and training services. The types of personal information we may collect include, but are not limited to:

3.1 Identity and Contact Information

  • Full name

  • Job title and organisation name

  • Business and personal email addresses

  • Phone numbers (business and/or personal)

  • Business and/or residential address

3.2 Financial and Payment Information

  • Invoicing details and billing addresses

  • Credit card and payment information (processed via third-party payment platforms)

  • Banking information where required for direct transfer arrangements

  • Business financial information including costs, pricing structures, profit and loss statements, and credit information provided by clients in the course of a consulting engagement

3.3 Visual and Biometric Information

  • Photographs taken during workshops, training sessions, events, or site visits

  • Video recordings made during workshops, training sessions, events, or on client premises

  • Any other visual material captured in the course of delivering our services

3.4 Engagement and Interaction Data

  • Records of correspondence via email, phone, or other communication channels

  • Notes, reports, and assessments produced during or after consultations

  • Attendance records and participation details for training and workshop programs

  • Feedback, survey responses, and evaluations

3.5 Website and Technical Information

  • IP address and browser type when visiting our website

  • Pages viewed, time spent on site, and referring URLs

  • Cookie data and analytics information (see Section 13 for our Cookies policy)

3.6 Website Tools and Calculators

Our website hosts a range of interactive tools and calculators. Depending on the tool, we may collect:

  • Name and contact details — where a tool requires you to identify yourself to receive results, a report, or follow-up communication

  • Business and financial data — including revenue figures, cost inputs, and industry or role information entered into calculators or assessment tools

  • Anonymous financial inputs — some calculators process financial data to produce a result without asking for your name or contact details. While we do not seek to identify you through these tools, please be aware that stored inputs may in some circumstances be capable of identification when combined with technical data such as your IP address. We store this data solely to improve our tools and do not use it to identify or contact you.

  • Event and ticket registration details — where we offer ticketed events or programs through our website, we will collect name, contact details, and payment information for the purpose of processing your registration. This is handled in accordance with Section 3.2 of this policy.

We do not sell data collected through any of our website tools or calculators.

3.7 Sensitive Business Information (Confidential)

Where clients engage us for business consulting services, we may be entrusted with confidential and commercially sensitive business information, including financial performance data, pricing strategies, organisational structures, and credit-related information. While some of this information may not constitute "personal information" under the Privacy Act (where it relates to a company rather than an identifiable individual), we treat it with the same level of care, discretion, and security as personal information, and our obligations of confidentiality apply in full.

4. How We Collect Personal Information

We collect personal information through a variety of channels depending on the nature of our engagement. These include:

4.1 Directly From You

We primarily collect personal information directly from the individual or client organisation it relates to, through:

  • Online forms and our website — including enquiry forms, registration forms, booking systems, and interactive tools and calculators

  • Contracts and service agreements — information provided when entering into a formal engagement with Moshie

  • In-person consultations — information shared during face-to-face meetings, site visits, or discovery sessions

  • Workshops and training sessions — information provided by participants before, during, or after training programs

  • Email and telephone communications — information shared in the ordinary course of business correspondence

  • Invoicing and payment systems — information collected when processing payments for services rendered

4.2 Indirectly

In some circumstances, we may collect personal information about an individual from a third party, such as:

  • From an organisation (client) that provides details about their employees or representatives in the course of arranging training or consulting services

  • From referrers, affiliates, or business partners who introduce prospective clients to Moshie

Where we collect personal information indirectly, we will take reasonable steps to ensure the individual is made aware of this collection in accordance with APP 5.

4.3 Photography and Video Recording

We may take photographs and/or video recordings during workshops, training sessions, events, and on-site consulting engagements. All photographs and video recordings of individuals are treated as sensitive information regardless of the context in which they are captured.

Consent is obtained as follows:

  • Clients and direct contracting parties — Consent is formalised through our contractual agreements, which include explicit provisions regarding the capture and use of visual material.

  • Workshop and training participants who are not direct signatories (for example, employees or representatives sent to a Moshie program by a client organisation) — Consent is obtained verbally at the beginning of the session. Following the session, participants will receive a follow-up communication providing an opportunity to opt out of the use of any visual material in which they appear. Opt-out requests will be honoured promptly and the relevant material will not be used.

If you wish to withdraw consent previously given, or to opt out of the use of any visual material in which you appear, please contact our Privacy Officer at any time (see Section 16).

5. Why We Collect Personal Information (Purposes of Collection)

We collect personal information for purposes that are directly related to our consulting and training activities. These purposes include:

  • Delivering services — to provide consulting advice, training programs, workshops, facilitation, coaching, and related services to clients and participants

  • Administration and operations — to manage client relationships, maintain accurate records, schedule engagements, and administer our business

  • Invoicing and financial management — to issue invoices, process payments, manage accounts, and meet our financial and tax obligations

  • Communications — to respond to enquiries, provide updates, deliver training materials, and maintain ongoing client relationships

  • Improvement of services and de-identified insights — to evaluate the effectiveness of our programs, gather feedback, and improve our service offering. We may also analyse usage data across our website tools, calculators, and events to identify trends and publish aggregate insights (for example, which industries engage most with particular tools or programs). Any insights published externally are de-identified — meaning no individual is identifiable from the information we share.

  • Marketing and business development — to promote our services, where permitted and subject to your ability to opt out (see Section 10)

  • Compliance and legal obligations — to meet our obligations under applicable laws and regulations, including tax laws, and to respond to lawful requests from government bodies and regulators

  • Documentation and evidence of service delivery — photographs and videos may be used as records of program delivery, for promotional purposes (with consent), or for training and quality review purposes

We will not use your personal information for a purpose that is unrelated to the reason it was collected, except where you have consented to that additional use, or where we are required or authorised to do so by law.

6. Sensitive Information and How We Handle It

6.1 What Counts as Sensitive Information

Under the Privacy Act 1988 (Cth), sensitive information includes health information, biometric information (which can include certain photographs and facial recognition data), and other prescribed categories. We treat this information with heightened care.

6.2 Visual and Biometric Data

All photographs and video recordings of individuals collected by Moshie are treated as sensitive biometric information under the Privacy Act 1988 (Cth). We do not distinguish between contexts — any visual material in which an individual is identifiable is handled with the highest level of care. We adhere to the following practices:

  • Visual material is only collected with prior consent, obtained either through our client and participant contracts, or verbally at the time of the relevant session with a subsequent written opt-out opportunity

  • Visual material is stored securely and is not shared publicly or used for promotional purposes without explicit consent

  • Individuals may withdraw consent or opt out of the use of visual material at any time by contacting our Privacy Officer (see Section 16), and we will act on such requests promptly

6.3 Financial and Credit Information

Financial information, including credit-related details, is collected only to the extent necessary for invoicing, payment processing, and the delivery of financial consulting services. This information is stored securely, shared only with relevant third-party platforms (such as our accounting and payment providers), and is never disclosed to unauthorised parties.

6.4 Confidential Business Data

Confidential business information provided by clients (such as P&L statements, pricing data, and credit information) is held under strict confidentiality and is used solely for the purpose of delivering the consulting services for which it was provided. Such information is not disclosed to third parties except as strictly necessary to perform those services, and only where the client has been made aware of such disclosure.

7. Disclosure of Personal Information

7.1 Who We May Share Information With

We may disclose personal information to the following categories of third parties, for the purposes described in this policy:

  • Cloud storage and productivity providers — We use cloud-based platforms (which may include services provided by Google and/or Microsoft) to store documents, communications, and records. These providers are contractually bound to handle data securely and in accordance with applicable laws.

  • Industry bodies and research purposes — We may share de-identified, aggregated data with industry bodies or publish it for the benefit of the broader industry (for example, sharing insights about which sectors engage most with particular tools or training programs). This data is stripped of all identifying information before disclosure — no individual or organisation is identifiable from what we share. We do not receive payment for this disclosure. The purpose of such sharing is to contribute to industry knowledge and development.

  • Accounting and payment platforms — We use third-party accounting software (such as Xero) and payment processing services (such as Stripe) to manage invoicing and payments. These platforms operate under their own privacy policies and are bound by Australian and/or international data protection standards.

  • Event and ticketing platforms — We use Humanitix to manage event registrations and ticket sales. When you purchase a ticket or register for an event through our website, your name, contact details, and payment information will be collected and processed by Humanitix in accordance with their privacy policy. Humanitix is an Australian-based platform committed to data privacy and security.

  • Project management and CRM platforms — We use Monday.com to manage client relationships, projects, and internal workflows. Personal information such as your name, contact details, and engagement history may be stored within Monday.com. Monday.com operates under its own privacy policy and is bound by international data protection standards. Data stored in Monday.com may be held on servers located outside Australia; we have taken reasonable steps to ensure it is handled in accordance with the Australian Privacy Principles.

  • Government bodies and regulators — We will disclose personal information to government agencies, regulatory bodies, or law enforcement authorities only where we are required to do so by law. Where a product or service we provide involves a legal disclosure obligation to a government body, we will make this clear to you in the relevant contract or agreement prior to collection.

  • Our staff and contractors — Personal information may be accessed by Moshie staff and, where applicable, engaged contractors or associates, on a strict need-to-know basis for the purposes of service delivery.

7.2 What We Will Not Do

We will not:

  • Sell, rent, or trade your personal information to any third party

  • Disclose your personal information to third parties for their own marketing purposes

  • Disclose confidential business information to any third party without your authorisation, except where required by law

8. Cross-Border Disclosure

Our primary operations are based in Australia. However, the cloud storage and productivity platforms we use (such as Google Workspace or Microsoft 365) may store and process data on servers located outside Australia.

Where personal information is stored or processed by overseas cloud service providers, we take reasonable steps to ensure those providers handle the information in a manner consistent with the Australian Privacy Principles. These steps include selecting providers that maintain internationally recognised data security certifications, entering into data processing agreements with those providers, and reviewing their privacy and security practices. Our obligations under APP 8 are not transferred to or displaced by the involvement of these third-party providers — we remain responsible for taking reasonable steps to protect your information regardless of where it is processed.

9. Data Security

We take the security of personal information seriously and implement a range of reasonable technical and organisational measures to protect it from misuse, loss, unauthorised access, modification, or disclosure. These measures include:

  • Secure access controls and password policies for all systems holding personal information

  • Use of reputable, industry-standard cloud platforms with built-in security features

  • Restricted internal access to personal and confidential information on a need-to-know basis

  • Secure transmission of payment information via accredited third-party payment processors

  • Physical security measures where hard-copy records are maintained

We will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in the event of an eligible data breach, in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth).

If you become aware of any security concern relating to your personal information held by us, please contact our Privacy Officer immediately (see Section 16).

10. Direct Marketing

We may use your contact information to send you information about our services, upcoming training programs, events, or other communications that we believe may be relevant to you, where you have consented to receive such communications or where permitted under the Spam Act 2003 (Cth).

You may opt out of receiving marketing communications from us at any time by:

  • Clicking the unsubscribe link in any marketing email you receive from us

  • Contacting our Privacy Officer directly (see Section 16)

We will process opt-out requests promptly and will not use your personal information for direct marketing purposes after you have opted out.

11. Retention of Personal Information

We retain personal information for as long as is necessary to fulfil the purposes for which it was collected, or as required by law, whichever is longer.

As a general guide:

  • Financial and invoicing records are retained for a minimum of 7 years in accordance with Australian taxation and business law requirements

  • Client engagement records are retained for a reasonable period following the end of an engagement to allow for follow-up, dispute resolution, or regulatory compliance

  • Photographs and video recordings are retained in accordance with the consent provided and the purpose for which they were taken

  • Marketing contact information is retained until an individual opts out, after which it will be removed from active marketing lists within a reasonable timeframe

When personal information is no longer required, we will take reasonable steps to destroy or de-identify it securely.

12. Access to and Correction of Personal Information

12.1 Your Right to Access

Under APP 12, you have the right to request access to the personal information we hold about you. To make an access request, please contact our Privacy Officer in writing (see Section 16). We will respond to your request within 30 days. In some circumstances, we may be unable to provide access (for example, where doing so would unreasonably impact the privacy of another individual, or where an exception under the Privacy Act applies), in which case we will explain our reasons in writing.

We may charge a reasonable fee to cover the administrative cost of providing access, and we will advise you of any applicable fee before processing your request.

12.2 Your Right to Correction

Under APP 13, if you believe that personal information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you have the right to request that we correct it. Please contact our Privacy Officer (see Section 16). We will take reasonable steps to correct the information within 30 days of receiving your request.

13. Cookies and Website Tracking

Our website may use cookies and similar tracking technologies to improve your browsing experience, analyse website traffic, and understand how visitors interact with our site.

Cookies are small text files stored on your device when you visit our website. We may use:

  • Essential cookies — required for the website to function properly

  • Analytics cookies — to understand website usage (e.g. via Google Analytics)

  • Preference cookies — to remember your settings and preferences

You can control or disable cookies through your browser settings. However, disabling certain cookies may affect the functionality of our website.

By continuing to use our website, you consent to our use of cookies in accordance with this policy.

14. Third-Party Websites

Our website may contain links to third-party websites. This Privacy Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party site you visit. We are not responsible for the privacy practices of external sites.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. When we make material changes, we will update the "Last Reviewed" date at the top of this policy and notify clients and users of those changes via email or a prominent notice on our website prior to the changes taking effect. Where a material change affects how we handle sensitive information, we will seek fresh consent where required. We encourage you to review this policy periodically.

16. Contact Us — Privacy Enquiries and Complaints

16.1 Privacy Officer

If you have any questions about this Privacy Policy, wish to make an access or correction request, wish to raise a privacy concern, or wish to make a complaint, please contact our Privacy Officer:

Privacy Officer Moshie Australia Pty Ltd 📧 info@moshie.com.au 📬 PO BOX 5276 Burnley VIC 3121 🌐 www.moshie.com.au

We take all privacy complaints seriously. Upon receiving a complaint, we will:

  1. Acknowledge receipt of your complaint promptly

  2. Investigate the matter thoroughly and in good faith

  3. Respond to you with the outcome of our investigation within 30 days

16.2 Office of the Australian Information Commissioner (OAIC)

If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

🌐 www.oaic.gov.au 📞 1300 363 992 📬 GPO Box 5218, Sydney NSW 2001

17. Governing Law

This Privacy Policy is governed by the laws of Australia. Our privacy practices are designed to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where other industry-specific obligations apply, we commit to meeting those obligations in addition to the baseline requirements of the Privacy Act.

This Privacy Policy was prepared for Moshie Australia and is intended for use on the Moshie website and as a reference document in client-facing contracts and agreements as well as when clients are using Moshie tools and portals..

© 2026 Moshie Australia. All rights reserved.