HEY COMPONO – PRIVACY POLICY

hey-compono-hero-v1

Last Updated: 17 June 2026

 

About this Policy — This Privacy Policy explains how Compono Australia Pty Ltd (ACN 650 552 373) (“Compono”, “we”, “us”) collects, uses, stores, discloses and protects personal information when You use Hey Compono (the “Service”). This Privacy Policy applies to all Users of Hey Compono, including individual subscribers (B2C), Members and Administrators of Organisations subscribed to Hey Compono Teams (B2B), and Recruiters and Candidates using the Recruiter Hub.

Capitalised terms used but not defined in this Privacy Policy have the meanings given in the Hey Compono Terms and Conditions.

Roles under the Privacy Act — In the B2C context, Compono is the entity responsible for personal information held about You. In the B2B context, the Organisation is generally the entity that determines the purposes for which personal information is handled in the workplace context (the controller in GDPR terminology), and Compono handles personal information on the Organisation’s behalf as a service provider, except where Compono determines purposes itself (for example, in security, billing and fraud prevention).

 

Section 1 — Incorporation into Terms and Conditions

This Privacy Policy is incorporated into the Hey Compono Terms and Conditions. By using the Service, You acknowledge that You have read and understood this Privacy Policy.

 

Section 2 — Data We Collect

We collect and process the following categories of data:

(a) Account Data: Name, email address, password (hashed), preferences (e.g., timezone), optional phone number and profile image;
(b) Professional Data (optional): Role, organization, industry, department, location;
(c) Personality Assessment Data: Responses to assessment questions and resulting personality profile;
(d) Conversation Data: Chat messages, voice inputs and outputs, conversation transcripts and summaries;
(e) Usage Data: Session information, feature usage metrics, timestamps, interaction patterns;
(f) Technical Data: Device information, IP address, browser type, operating system;
(g) Billing Data: Subscription status, payment confirmations (payment card data is handled by our certified payment processor and is not stored by us).
(h) Organisation Data (B2B): where You are a Member of an Organisation, we may collect Your Organisation name, work email, role title, division, job level, manager identity, team membership and reporting structure. This information may be provided by the Organisation via Administrator setup or bulk CSV import;
(i) Personality Visibility Data (B2B): Your Visibility Setting and any request-to-view approvals or refusals You have given;
(j) Manager Dashboard Data (B2B): where You are a Manager, we provide aggregate team-level personality composition and engagement metrics. We do not provide Conversation Content to Managers;
(k) Recruiter Hub Candidate Data: where You are a Candidate invited via the Recruiter Hub, we collect Your invitation status, session count, completion status, and the same Personality Assessment Data, Conversation Data, Usage Data and Technical Data categ ories listed in (c) to (f);
(l) Recruiter Utilisation Data: where You are a Recruiter, we provide Candidate utilisation metrics (invited / active / completed status, session count). Recruiters do not see Candidate Personality Profile or Conversation Content.
(m) Recruiter Notes about Candidates: where a Recruiter is using the Recruiter Hub, the Recruiter may record private notes about Candidates they have invited (for example, prep observations, engagement records, hiring impressions). These notes are visible to the Recruiter and to Group / Sub-group Managers within the Recruiter's branch; they are not visible to the Candidate by default. You may request access to Recruiter Notes about You under Your data-subject rights (Section 9 / APP 12 / GDPR Article 15) by contacting privacy@compono.com.

Section 3 — How We Use Your Data

We use your data to:

(a) Provide, maintain, and improve Hey Compono;

(b) Personalise your experience based on your personality profile and preferences;

(c) Process payments and manage subscriptions;

(d) Communicate with you about the Service, updates, and support;

(e) Analyse usage patterns and improve service performance and reliability;

(f) Ensure security, prevent fraud, and enforce our Terms;

(g) Comply with legal obligations;

(h) Conduct research and development, including training and improving our AI models;

(i) Create anonymised, aggregated analytics and insights.

(j) Where You are a Member of an Organisation, to provision Your Account, link it to the Organisation, configure Your team membership, apply Your Visibility Setting, and provide aggregate analytics to Your Organisation’s Administrators and Managers in accordance with Section 5;

(k) Where You are a Candidate using the Recruiter Hub, to provide the inviting Recruiter with Your utilisation data (but not Your Personality Profile or Conversation Content) for the duration of Your engagement;

(l) Where You have enabled the ‘Share my personality with everyone’ toggle, to display Your Personality Profile to other Users within the same Organisation in accordance with Section 5.


Section 4 — Sharing of Personal Information

4.1 General principle — We do not sell Your personal information. We disclose personal information only as set out in this Privacy Policy, or where required by law.

4.2 Sharing within Your Organisation (B2B) — Where You are a Member or Administrator, we share certain personal information within Your Organisation as set out below:

(a) Account name, work email, role: visible to other Members on Your Team (Yes), Members outside Your Team (Yes — Member directory), Manager (Yes), Administrator (Yes).

(b) Personality Profile: Members on Your Team (Yes — default), Members outside Your Team (only with Your approval via request-to-view, or if You enable the ‘Share with everyone’ toggle), Manager (Yes — Your direct Manager only), Administrator (Yes).

(c) Personality visibility setting: not visible to other Members or Managers; visible to Administrator (configuration only).

(d) Conversation Content: not visible to other Members, Managers or Administrators under any circumstance.

(e) Aggregate utilisation metrics: not visible to other Members; visible to Manager (team-level only) and Administrator (org-wide).

(f) Session metadata (count, duration): not visible to other Members; visible to Manager (team-level only) and Administrator (billing).


4.3  Sharing under the Recruiter Hub — Where You are a Candidate, we share with the inviting Recruiter:

(a) Your utilisation data (invitation status, session count, completion status);

(b) Your Compono Work Personality type name (one of the 8 Compono Work Personalities); and

(c) where You have expressly opted in on a per-session basis, the score, coaching summary and transcript for that specific session.

We do not share Your full Personality Profile sub-scores, extended insight content, or any session content You have not opted in to share. The Recruiter may, in turn, disclose Your Personality type name (and only the type name) to a prospective employer for whom they are sourcing; the Recruiter is contractually prohibited from disclosing any opted-in session content (score, coaching summary or transcript) to a prospective employer or any other third party. The Recruiter may also configure role / job context for a Candidate's coaching session at the point of invitation, which is injected into the Candidate's role-play prompt as part of the coaching experience.

4.4 Sharing with Sub-Processors — As described in Section 10.

4.5 Sharing with Compono parent and Develop products — Hey Compono surfaces certain Compono parent products within the Service:

(a) Compono parent platform (compono.com) — surfaced via an embedded iframe for fully validated psychometric assessments and job applications. We do not directly transmit Your Personality Profile, Conversation Content or other personal information to this product from Hey Compono. Your interactions within the embedded product are governed by the Compono parent platform's own privacy policy.

(b) Compono Develop — surfaced for learning content. After Your external Compono Develop user ID has been established in a separate window outside Hey Compono, Your learning activity and progress are transmitted between Hey Compono and Compono Develop for the purpose of tracking and resuming Your learning. We do not transmit Your Personality Profile or Conversation Content to Compono Develop. Your interactions within Compono Develop are governed by its own privacy policy.

4.6 Compelled disclosure — We will disclose personal information where required by law, in response to a lawful request from a regulator, or to protect the rights, property or safety of Compono, our Users or others.

 

Section 5 — Personality Profile Visibility

5.1 Default visibility — In the B2B (Teams) context, Your Personality Profile is by default visible to other Members on Your Team. This default is designed to support team-coaching use cases (the core promise of Hey Compono Teams).

5.2 Cross-team visibility — Where another User outside Your Team wishes to view Your Personality Profile, they must send You a request-to-view, which You may approve or decline. If You approve, only Your Personality type name (one of the 8 Compono Work Personalities) is shared — not Your full Personality Profile, sub-scores or coaching history.

5.3 Share with everyone — You may opt to share Your Personality type name with all Members of Your Organisation by enabling the ‘Share my personality with everyone’ toggle on the People page. Only the type name is shared, not Your full Personality Profile, sub-scores or coaching history. You may opt out at any time.

5. 4 Pre-populated Personality Profile (B2B onboarding) — Where Your Personality Profile is pre-populated by an Administrator on the basis of an existing Compono assessment You took outside Hey Compono, we will: (a) flag the profile as ‘inferred’ until You confirm or re-take the assessment; (b) notify You at first login that this has occurred; and (c) allow You to clear or update the profile through Your account settings.

5.5 Manager visibility — Your direct Manager (where assigned) sees Your Personality Profile (subject to Your Visibility Setting) and aggregate team dynamics signals. Your direct Manager does not see Your Conversation Content under any circumstance.

5.6 Administrator visibility — Administrators have visibility of every Member’s Personality type name across the Organisation by virtue of their administrative role. Administrators also see the People directory, configuration settings, and aggregate utilisation metrics. Administrators do not see Your Conversation Content under any circumstance. Administrators may also see opted-in Candidate session content (score, coaching summary, transcript) where the Candidate has used the per-session opt-in described in Section 6.4.


Section 6 — Recruiter Hub Candidate Privacy

6.1 Candidate-Recruiter relationship — When a Recruiter invites You to use Hey Compono via the Recruiter Hub, You become a Candidate. The Recruiter is not Your employer, has not engaged You under any contract of employment, and is not a controller of Your personal information for the purpose of this Privacy Policy. Compono remains the entity responsible for Your personal information under this Privacy Policy.

6.2 Information shared with the Recruiter — The Recruiter sees by default:

(a) Your utilisation data (invitation status, session count, completion status); and

(b) Your Compono Work Personality type name (one of Pioneer, Coordinator, Evaluator, Campaigner, Doer, Auditor, Helper, Advisor).

Where You expressly opt in on a per-session basis under Section 6.4, the Recruiter additionally sees the score, coaching summary and transcript for the specific session You have shared.

Without Your per-session opt-in, the Recruiter does not see:

(i) Your Conversation Content;

(ii) Your voice transcripts or summaries from any session;

(iii) Your Personality Profile sub-scores, descriptive insights, or extended profile content;

(iv) Any text You enter into the Service beyond what (a) and (b) describe.

6.3 Information shared with the Recruiter's prospective employer client — Compono does not directly share any of Your personal information with any prospective employer. The Recruiter may disclose to a prospective employer only Your Compono Work Person ality type name (the assigned label, e.g. "Pioneer"). The Recruiter is contractually prohibited from disclosing any other element of Your Hey Compono data — including any session content You have opted in to share with the Recruiter under Section 6.2(c) — to a prospective employer or any other third party.

6.4 Candidate consent — At the point of accepting the Recruiter’s invitation, You will be presented with a dedicated consent prompt — separate from Your acceptance of the Hey Compono Terms and Conditions — covering: (a) the Recruiter receiving Your utilisation data and Your Compono Work Personality type name as described in Section 6.2; and (b) the Recruiter, in turn, disclosing only Your Personalit y type name to a prospective employer for whom they are sourcing. Your consent on that prompt is given freely, specifically, on an informed basis, and unambiguously, and is required to enable the Recruiter Hub experience for the Recruiter. You are not asked to consent to (and the Recruiter is not authorised to receive) Your Conversation Content, voice transcripts, full Personality Profile, or sub-scores. You may withdraw Your consent at any time by contacting privacy@compono.com or via in-product controls; withdrawal will end the Recruiter Hub engagement and stop Recruiter visibility of Your type name immediately. Your consent under this Section 6.4 is independent of any decision the Recruiter or any prospective employer may make about You.

6.5 Per-session opt-in share — In addition to the consent given at invitation acceptance (which covers Recruiter visibility of Your Personality type name), the Recruiter Hub provides a separate, one-tap opt-in at the end of each coaching session and on Your conversation summary page that allows You to share the score, coaching summary and transcript for that specific session with Your Recruiter. This opt-in is per-session, granular, and freely given; You may choose to share for one session and not for another. The shared session content is visible to Your inviting Recruiter and to Group / Sub-group Managers within the Recruiter's branch, but is not onward-shared by Compono to any prospective employer. Withdrawal of a previous opt-in is available by contacting privacy@compono.com — note that once the Recruiter has received the session content, withdrawal cannot retrieve copies already viewed, but no further use or disclosure of the withdrawn session may be made.

6.6 Candidate data retention — At the end of Your Recruiter Hub engagement, You will be given a fourteen (14) day window to export Your Conversation Content, after which Your Conversation Content will be deleted. Your Account may be retained at Your election if You wish to continue using Hey Compono as a B2C subscriber.

6.7 EU and UK Candidates — Where You are a Candidate located in the EEA or UK, You are entitled to the rights set out in Section 12.4 in addition to the rights described in this Section 6. Compono is the controller of Your personal information; the inviting Recruiter is not Your controller and does not direct Compono to handle Your information beyond what is described in this Section 6. As set out in Section 6.2, the Recruiter sees Your utilisation data and Your Compono Work Personality type name. The Recruiter does not see Your Conversation Content, voice transcripts, or the individually-identifiable elements of Your Personality Profile (sub-scores, individual descriptors, or other content specific to You)..


Section 7 – Data Security

(a) We implement industry-standard security measures to protect your data, including:

(i) Encryption in transit (HTTPS/TLS);

(ii) Encryption at rest using industry-standard algorithms;

(iii) Secure password storage using industry-standard hashing;

(iv) Role-based access controls and principle of least privilege;

(v) Regular security monitoring and vulnerability assessments;

(vi) Secure data isolation ensuring your data is only accessible to you.

(b) Despite our security measures, no system is completely secure. We cannot guarantee absolute security of your data. You acknowledge and accept the inherent security risks of internet-based services.


Section 8 – Data Retention

(a) Account data is retained while your account is active or as required by law;

(b) Conversation Content is retained until deleted by You or as required by law. By default, Conversation Content older than twenty-four (24) months will be archived to read-only state and may be deleted thereafter; You will receive in-app notification before this occurs;

(c) You can delete conversation history at any time through your account settings;

(d) Operational and log data is retained for thirteen (13) months for security, reliability and billing purposes, except where a longer retention period is required by law (for example, financial records under the Corporations Act 2001 (Cth));

(e) Upon account deletion, we will delete or anonymise your personal data within a reasonable timeframe, except where retention is required by law.

(f) B2B retention by Organisation: Where Your Account is provisioned by an Organisation, that Organisation may retain Your Personality Profile in its Member directory for the duration of the Organisation’s Teams subscription, subject to Your right to update or delete Your Personality Profile in accordance with Your Visibility Setting;

(g) Candidate retention: where You are a Candidate, Your Conversation Content is retained for the duration of Your Recruiter Hub access. Your access ends at the earlier of (i) the end of the Organisation's then-current Recruiter Hub subscription period, or (ii) the date the Recruiter removes Your access through the Recruiter Hub controls. When Your access ends, Your Conversation Content will be deleted, unless You request earlier deletion or convert Your Account to a B2C subscription.


Section 9 – Your Data Rights

You have the right to:

(a) Access your personal data and download a copy;

(b) Correct inaccurate or incomplete personal data;

(c) Delete your personal data (subject to legal retention requirements);

(d) Export your conversation data in a common format;

(e) Object to or restrict certain processing of your personal data;

(f) Withdraw consent where processing is based on consent;

(g) Lodge a complaint with a supervisory authority (Office of the Australian Information Commissioner).

To exercise these rights, contact us at privacy@compono.com. We will respond within thirty (30) days of a verifiable request, in accordance with APP 12 and APP 13.

 

Section 10 – Third-Party Services

We use third-party Sub-Processors to provide certain functionality. The categories of Sub-Processors we engage are listed below. Our current named Sub-Processor list — including each provider's service, location of processing, the personal information processed, and applicable transfer safeguards — is available to Hey Compono customers on request to privacy@compono.com, and B2B customers receive the list as part of their contracting process. We require all Sub-Processors to handle personal information in accordance with this Privacy Policy and applicable law..

(a) AI model providers for generating responses;

(b) Voice AI and speech services for text-to-speech and speech-to-text;

(c) Telephony services for phone-call features (when enabled);

(d) Payment processing (PCI DSS compliant);

(e) Email delivery for transactional messages;

(f) Cloud hosting and content delivery networks;

(g) Customer support;

(h) Analytics services for service improvement.

(i) Compono parent platform (compono.com): surfaced via an embedded iframe within Hey Compono for fully validated psychometric assessments and job applications. We do not directly transmit Your data to this embedded product from Hey Compono; Your interactions with the Compono parent platform are governed by its own privacy policy.

(j) Compono Develop: surfaced for learning content. After Your external Compono Develop user ID has been established in a sep arate window outside Hey Compono, Your learning activity and progress are transmitted between Hey Compono and Compono Develop for the purpose of tracking and resuming Your learning. Your Personality Profile and Conversation Content are not transmitted to Compono Develop . Your interactions with Compono Develop are governed by its own privacy policy.

These providers may process your data on our behalf in accordance with their own privacy policies and data processing agreements. We select providers that meet our security and compliance standards.

B2B Customers may subscribe to advance notification of new Sub-Processors by emailing privacy@compono.com. Where required by law, B2B Customers will receive at least thirty (30) days' notice of any new Sub-Processor.

 

Section 11 – International Data Transfers

(a) Hey Compono's primary database (Account data and Conversation Content) is hosted in Australia (AWS Sydney region). Front -end delivery and Large Language Model inference are performed by Sub-Processors located outside Australia (including in the United States). Where personal information is transferred outside Australia, the transfer is governed by Australian Privacy Principle 8 mechanisms; for transfers originating from the EEA or UK, We additionally rely on the European Commission's Standard Contractual Clauses (Decision (EU) 2021/914) and the UK International Data Transfer Agreement / UK Addendum to the EU SCCs respectively. Sub-Processors handle personal information under their standard data protection terms, which include no-training defaults for Large Language Model Providers, limited-period retention for abuse-monitoring purposes only (typically up to sixty (60) days for Large Language Model Providers; shorter or immediate-deletion arrangements apply to voice processing where supported by the voice Sub-Processor's standard terms), and encryption and access-control obligations. Further detail is set out in Section 12.4(e).

(b) We implement appropriate safeguards for international data transfers in accordance with applicable laws, including the Australian Privacy Principles;

(c) Where data is transferred outside Australia, we ensure adequate protections are in place through contractual obligations, standard contractual clauses, or other legally approved mechanisms.

 

Section 12 – Australian Privacy Principles Compliance

12.1 We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) in our handling of personal information.

12.2 In the B2B context, where the Organisation is the entity that determines the purposes for which personal information is handled in the workplace context, the Organisation has its own privacy obligations under the Privacy Act, applicable State and Territory laws (including workplace surveillance legislation), and any sectoral regulation applicable to the Organisation (for example, the Health Reco rds Act 2001 (Vic) for healthcare employers). Compono is not responsible for the Organisation’s compliance with its own privacy obligations.

12.3 New Zealand Users — Where You are located in New Zealand, we comply with the Privacy Act 2020 (NZ) in our handling of Your personal information.

12.4 European Economic Area and United Kingdom (GDPR / UK GDPR) — Compono offers Hey Compono, in particular the Recruiter Hub, to Users in the European Economic Area and the United Kingdom. For Users in the EEA, the General Data Protection Regulation (Regulation (EU) 2016/679, the ‘GDPR’) applies; for Users in the UK, the UK GDPR and the Data Protection Act 2018 apply.

(a) Controller — Compono Australia Pty Ltd is the controller for the personal information of B2C Users and Candidates accessing the Service. In B2B contexts, the Organisation is generally the controller and Compono is the processor.

(b) EU and UK Representative — Pursuant to Article 27 GDPR, Compono has appointed idibu as our representative in the European Union. Pursuant to the UK GDPR, Compono has appointed idibu as our representative in the United Kingdom. Their contact details are available on request to gdpr-idibu@compono.com.

(c) Lawful basis for processing — We process Your personal information on the following lawful bases under Article 6(1) GDPR (and the equivalent provisions of UK GDPR):

(i) Performance of a contract (Article 6(1)(b)) — to provide the Service You have subscribed to or accepted (B2C subscriptions, Candidate invitations, Member access under an Organisation’s Teams subscription);

(ii) Legitimate interests (Article 6(1)(f)) — for service improvement, security, fraud prevention and de-identified analytics, balanced against Your fundamental rights and freedoms;

(iii) Consent (Article 6(1)(a)) — for marketing communications, the Recruiter Hub Personality type name sharing flow described in Section 6.4 which uses a dedicated consent screen at invitation acceptance, distinct from Terms and Conditions acceptance), the Recruiter Hub per-session opt-in share described in Section 6.4 (one-tap, per-session, granular), and any cross-border transfer to a jurisdiction without an adequacy decision under Article 49(1)(a);

(iv) Legal obligation (Article 6(1)(c)) — to comply with applicable law.

Where We rely on Your consent, You may withdraw consent at any time by contacting privacy@compono.com. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

(d) Special category data — We do not intentionally collect special category data within the meaning of Article 9 GDPR. Personality assessment results are derived from voluntary responses to workplace-context questions and are not designed to elicit health, political, religious or other Article 9 categories. Where Conversation Content provided by You contains special category data, that data is processed under Article 9(2)(a) (explicit consent) on the basis of Your voluntary disclosure.

(e) International data transfers — Australia does not currently benefit from an adequacy decision under Article 45 GDPR. Where personal information is transferred from the EEA or UK to Australia, or to a Sub-Processor located outside the EEA / UK (including for Large Language Model inference), We rely on:

(i) the European Commission's Standard Contractual Clauses (Decision (EU) 2021/914) for transfers from the EEA;

(ii) the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs for transfers from the UK;

(iii) supplementary measures including encryption in transit and at rest, the Sub-Processors' standard no-training defaults for Large Language Model Providers, limited-period retention for abuse-monitoring purposes only (typically up to sixty (60) days for Large Language Model Providers; shorter or immediate-deletion arrangements apply to voice processing where supported by the voice Sub-Processor's standard terms), and access controls.

(f) Your GDPR / UK GDPR rights — In addition to the rights described in Section 9, You have the following rights:

(i) Right of access (Article 15);

(ii) Right to rectification (Article 16);

(iii) Right to erasure (‘right to be forgotten’) (Article 17);

(iv) Right to restriction of processing (Article 18);

(v) Right to data portability (Article 20);

(vi) Right to object to processing, including processing based on legitimate interests (Article 21);

(vii) Rights in relation to automated decision-making and profiling (Article 22);

(viii) Right to lodge a complaint with a supervisory authority — for EEA Users, the data protection authority of the Member State where You reside, work, or where the alleged infringement occurred; for UK Users, the Information Commissioner’s Office (ico.org.uk).


To exercise any of these rights, contact privacy@compono.com. We will respond within thirty (30) days, except where the request is complex or numerous, in which case We may extend by up to a further sixty (60) days and will notify You of the extension. EU and UK Users may alternatively contact our EU and UK Representatives respectively; their contact details are available on request as set out in Section 12.4(b).

(g) Automated decision-making — Hey Compono uses artificial intelligence to generate personalised coaching content. We do not use Your personal information to make decisions producing legal effects concerning You, or similarly significantly affecting You, within the meaning of Article 22 GDPR. AI-generated guidance is informational and supportive; You retain full responsibility for any decision You take in reliance on it. The Recruiter Hub does not enable Recruiters to make hiring decisions on the basis of Hey Compono outputs (see Section 6 of this Privacy Policy and Clause 7.2 of the Terms and Conditions).

12.5 Other jurisdictions — Where You are located in a jurisdiction not specifically addressed in 12.1 to 12.4 (for example, the United States or Canada), We apply the Australian Privacy Principles as the baseline standard, supplemented by any local requirements that apply by law.


Section 13 – Children's Privacy

13.1 Hey Compono is not intended for use by persons under 18 years of age. We do not knowingly collect personal information from persons under 18.

13.2 Recruiters using the Recruiter Hub are required to verify that each Candidate is at least 18 years of age before issuing an invitation (see clause 5.1 of the Terms and Conditions).

13.3 If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information as quickly as possible. If You believe we have collected information from a person under 18, please contact privacy@compono.com immediately.

13.4 EU and UK minors — Article 8 GDPR sets the digital consent age at 16 (with Member State variations down to 13). Hey Compono’s minimum-age requirement of 18 exceeds the GDPR threshold; We do not knowingly process the personal information of any person under 18 , including in the EEA or UK.


Section 14 – Marketing

We may send you direct marketing communications and information about our service. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (eg an unsubscribe link). If you sign up for free access, you agree that we can contact you and ask you for your feedback on our services.

Where You are located in the EEA or UK, We will only send marketing communications on the basis of Your consent, in compliance with the ePrivacy Directive 2002/58/EC (as transposed in EU Member States) and the Privacy and Electronic Communications Regulations 2003 (PECR) in the UK. You may withdraw Your consent at any time using the unsubscribe link in any communication or by contacting privacy@compono.com.

 

Section 15 — Notifiable Data Breaches

15.1 We comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988 (Cth).

15.2 In the event of an eligible data breach involving Your personal information, we will: (a) notify the Office of the Australian Information Commissioner; (b) notify You and any other affected individuals as soon as practicable; (c) describe the kinds of information involved, the kinds of harm that may result, and the steps we recommend You take in response.

15.3 In B2B contexts, where the breach involves an Organisation’s data, we will also notify the Organisation in accordance with the timing and process set out in any applicable Data Processing Agreement.


Section 16 — Updates to this Privacy Policy

16.1 We may update this Privacy Policy from time to time. Where the change is material, we will notify You by email or in-app notification at least thirty (30) days before the change takes effect, except where the change is required by law to take immediate effect.

16.2 The ‘Last Updated’ date at the top of this Privacy Policy reflects the most recent revision.


Section 17 — Contact Us

Questions about this Privacy Policy or about how we handle Your personal information should be directed to:

Compono Australia Pty Ltd
ACN: 650 552 373

Privacy: privacy@compono.com

Security: security@compono.com

General: hey@heycompono.com

Mailing address: 757 Ann St, Fortutude Valley, Queensland 4006, Australia

If You are not satisfied with our response, You may lodge a complaint with the Office of the Australian Information Commissioner (oaic.gov.au). New Zealand Users may lodge a complaint with the Office of the Privacy Commissioner (privacy.org.nz).