Privacy Policy
Simonds Plus Pty Ltd
Effective Date: 18 June 2025
1. Preamble
1.1 This Privacy Policy (“Policy”) is issued by Simonds Plus Pty Ltd (“Simonds Plus”, “Company”, “we”, “us”, “our”), a company incorporated in Victoria, Australia, operating a digital services platform providing access to residential and commercial trade services, consumer promotions, loyalty offers, job postings, advertising subscriptions, and affiliated ecommerce features through web and mobile interfaces (the “Platform”).
1.2 This Policy governs the collection, handling, processing, use, disclosure, retention, transmission, transfer, and deletion of Personal Information and Sensitive Information by Simonds Plus in accordance with applicable Australian, international, and extra-territorial privacy laws.
1.3 This Policy applies to all individuals who interact with Simonds Plus in any capacity, including but not limited to consumers, subscribers, tradies, platform users, contractors, service providers, promotional entrants, business clients, and website visitors.
2. Legal Frameworks and Regulatory Compliance
2.1 This Policy is intended to ensure compliance with the following legislation and frameworks:
(a) The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs);
(b) The Notifiable Data Breaches (NDB) Scheme, as introduced by the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth);
(c) The General Data Protection Regulation (EU Regulation 2016/679) (“GDPR”), where applicable to data subjects in the European Economic Area (EEA);
(d) The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018;
(e) The California Consumer Privacy Act of 2018 (Cal. Civ. Code § 1798.100) (“CCPA”) and the California Privacy Rights Act of 2020 (“CPRA”), where applicable;
(f) The New Zealand Privacy Act 2020;
(g) Any other privacy statute, code, directive, order, or industry standard that applies to the jurisdictions in which Simonds Plus stores or transfers personal data.
3. Definitions
3.1 “Personal Information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not, and whether recorded in material form or not, as defined in the Privacy Act 1988 (Cth).
3.2 “Sensitive Information” includes information about an individual’s racial or ethnic origin, political opinions, religious beliefs, health, biometric information, sexual orientation, or criminal record.
3.3 “Data Subject” means any natural person whose personal data is collected, stored, or processed.
3.4 “Processing” shall have the meaning ascribed in Article 4(2) of the GDPR and includes any operation performed upon personal data.
3.5 “Controller” and “Processor” are defined respectively under GDPR Article 4(7) and 4(8). For GDPR purposes, Simonds Plus acts as a Data Controller for most data and as a Processor only where explicitly stated.
3.6 “Applicable Law” includes all relevant privacy, data protection, consumer, and telecommunications laws applicable in the jurisdictions in which Simonds Plus operates or to which its data processing activities are subject.
4. Nature of Collected Information
4.1 Simonds Plus collects Personal Information directly from users through:
(a) User registration;
(b) Subscription payments;
(c) Service provider onboarding;
(d) Customer support requests;
(e) Promotional entries;
(f) Analytics, cookies, and tracking technologies.
4.2 Collected Personal Information may include:
(a) Full name, gender, and date of birth;
(b) Residential or business address;
(c) Email address and contact telephone number;
(d) Usernames, passwords, and security credentials;
(e) Professional credentials (e.g. ABN, trade licence);
(f) Payment details and billing history;
(g) IP address, device information, location data, browser metadata;
(h) Marketing preferences and communication logs;
(i) Records of correspondence, complaints, or disputes.
4.3 Simonds Plus does not intentionally collect Sensitive Information unless voluntarily provided by the data subject and required for lawful business purposes, in which case express consent will be obtained and documented in accordance with APP 3 and Article 9 GDPR.
5. Legal Basis for Processing
5.1 Simonds Plus collects and processes personal information on one or more of the following lawful bases:
(a) The individual has given informed, freely given, specific, and unambiguous consent;
(b) The processing is necessary for the performance of a contract with the individual or in order to take steps at the request of the individual prior to entering into a contract;
(c) The processing is necessary for compliance with a legal obligation;
(d) The processing is necessary for the legitimate interests pursued by Simonds Plus or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
5.2 Where consent is relied upon as the basis for processing, Simonds Plus ensures that such consent is capable of being withdrawn at any time by the individual without prejudice.
6. Use and Disclosure of Personal Information
6.1 Simonds Plus uses personal information for the following purposes:
(a) Account creation, user identification, and access management;
(b) Processing and administration of subscriptions and payment transactions;
(c) Verification of professional or trade credentials;
(d) Communication of essential platform updates, policy notices, or technical alerts;
(e) Administration of promotions, competitions, and loyalty campaigns;
(f) Analysis of user behaviour to improve platform functionality;
(g) Compliance with Australian Consumer Law, taxation, and anti-fraud obligations.
6.2 Simonds Plus may disclose personal information to:
(a) Third-party processors, such as cloud providers, CRM platforms, payment gateways, and analytics vendors;
(b) Government agencies, courts, or enforcement authorities pursuant to lawful requests or statutory obligation;
(c) Professional advisers under a duty of confidentiality;
(d) Acquirers or assignees in the event of corporate reorganisation, merger, or asset transfer.
6.3 Where personal data is transferred outside of Australia or the EEA, Simonds Plus shall implement appropriate safeguards, including Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or adequacy mechanisms as required under GDPR Chapter V and APP 8.
6.4 Disclosure to third parties will be subject to written contractual terms requiring those parties to handle the data in accordance with privacy laws and this Policy.
7. Storage, Security, and Retention
7.1 Simonds Plus stores data using secure servers located in Australia and other approved jurisdictions, including where data sovereignty requirements permit transfer. Access is restricted to authorised personnel bound by confidentiality obligations.
7.2 Simonds Plus applies industry best practices for data security, including:
(a) AES-256 encryption for data at rest and TLS 1.2+ for data in transit;
(b) Multi-factor authentication (MFA) for administrative accounts;
(c) Role-based access control (RBAC);
(d) Periodic access audits and penetration testing;
(e) Staff training on privacy compliance and data minimisation principles.
7.3 Data is retained only for as long as necessary to fulfil the purposes for which it was collected, or to comply with legal, regulatory, or operational obligations. Deletion schedules are enforced by internal policy and monitored quarterly.
7.4 Personal information that is no longer required is destroyed or de-identified using methods consistent with NIST SP 800-88 standards or OAIC guidelines, whichever is more stringent.
8. Individual Rights under Applicable Law
8.1 Simonds Plus recognises and upholds the rights of individuals under the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and, where applicable, the General Data Protection Regulation (GDPR), UK GDPR, CCPA/CPRA, and the New Zealand Privacy Act 2020.
8.2 Individuals whose data is collected and processed by Simonds Plus have the right to:
(a) Request access to their personal information held by Simonds Plus and to obtain a copy of that data in a structured, commonly used, and machine-readable format, subject to verification of identity and any lawful exceptions;
(b) Request the correction of any personal information that is inaccurate, out-of-date, incomplete, irrelevant, or misleading;
(c) Request the erasure or deletion of their personal information, where the information is no longer necessary for the purposes for which it was collected or processed, or where processing is based on consent and consent has been withdrawn, subject to lawful exceptions;
(d) Request the restriction of processing of their personal information under certain legal conditions;
(e) Object to processing of their personal data where processing is based on legitimate interests, including profiling or automated decision-making, and Simonds Plus shall cease such processing unless it demonstrates compelling legitimate grounds for continuation;
(f) Withdraw consent at any time in circumstances where processing is based solely on consent, without affecting the lawfulness of processing prior to withdrawal;
(g) Lodge a complaint with a competent supervisory authority in their jurisdiction, such as the Office of the Australian Information Commissioner (OAIC), the UK Information Commissioner’s Office (ICO), a European Union Data Protection Authority (DPA), or the California Privacy Protection Agency (CPPA), as applicable.
8.3 Simonds Plus will respond to all access, correction, restriction, or deletion requests within thirty (30) calendar days, unless extended due to complexity or volume, in which case written notice will be provided.
8.4 Requests may be denied, in whole or in part, where permitted by Applicable Law, including where access would unreasonably impact the privacy of others, the information relates to anticipated or current legal proceedings, or the request is manifestly unfounded or excessive.
9. Cookies and Online Tracking Technologies
9.1 Simonds Plus uses cookies, pixel tags, browser storage, and other tracking technologies on its websites and applications to improve user experience, personalise content, measure campaign effectiveness, and analyse platform usage.
9.2 Cookies used may include:
(a) Session cookies, which expire when the user closes the browser;
(b) Persistent cookies, which remain on the device for a fixed period;
(c) First-party cookies set by Simonds Plus;
(d) Third-party cookies set by analytics or advertising platforms, including but not limited to Google Analytics, Facebook Pixel, and reCAPTCHA.
9.3 Users may manage cookie preferences via browser settings or opt-out mechanisms provided by third-party networks. However, disabling certain cookies may affect the functionality of the Platform.
9.4 By using the Platform, users consent to the placement of cookies and similar technologies in accordance with this Policy and the requirements of the Telecommunications (Interception and Access) Act 1979 (Cth) and, where applicable, the EU ePrivacy Directive (Directive 2002/58/EC).
10. Data Breach Notification Protocol
10.1 Simonds Plus maintains a documented Data Breach Response Plan in compliance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth), and aligns with Article 33 and Article 34 of the GDPR.
10.2 In the event that Simonds Plus becomes aware of an eligible data breach involving personal information that is likely to result in serious harm to an individual, it shall, within thirty (30) calendar days:
(a) Conduct an assessment of the breach to determine its nature, cause, scope, and impact;
(b) Notify affected individuals, providing details of the breach, the information involved, recommended mitigation steps, and contact information for assistance;
(c) Notify the OAIC or relevant supervisory authority in the jurisdiction of the affected data subject, with a formal breach notification including all legally required details;
(d) Document the breach in its internal incident register and conduct a post-incident review to implement appropriate remedial actions.
10.3 Where notification is not required due to effective remedial measures preventing serious harm, Simonds Plus shall maintain a written record of the breach and rationale for non-notification.
11. Complaints and Remedies
11.1 Any individual who believes that their privacy rights have been breached, or that Simonds Plus has failed to comply with this Policy or with Applicable Law, may lodge a written complaint addressed to the Privacy Officer using the contact details set out in Clause 12.
11.2 Simonds Plus shall acknowledge receipt of the complaint within five (5) business days and will investigate the matter in good faith. A written response outlining the outcome and any proposed remedies shall be provided within thirty (30) calendar days unless extended for justifiable reasons.
11.3 If the complainant is not satisfied with the resolution provided by Simonds Plus, they may escalate the matter to the appropriate supervisory authority, including:
(a) The Office of the Australian Information Commissioner (www.oaic.gov.au);
(b) The Information Commissioner’s Office (UK);
(c) A European Union data protection authority (EEA);
(d) The California Privacy Protection Agency (CPPA);
(e) The New Zealand Office of the Privacy Commissioner.
12. Contact Information
12.1 All privacy-related enquiries, access requests, correction requests, complaints, or objections must be directed in writing to:
Legal Officer
Simonds Plus Pty Ltd
Level 1, 168 Cremorne Street
Richmond VIC 3121, Australia
Email: legal@simondsplus.com.au
12.2 Simonds Plus undertakes to respond to all lawful requests in accordance with statutory timeframes and procedural fairness.
13. Revisions to This Privacy Policy
13.1 Simonds Plus reserves the right to amend, revise, or replace this Policy at any time in its sole discretion, subject to compliance with its legal obligations under the Privacy Act, GDPR, and other applicable frameworks.
13.2 Material changes will be communicated via the Platform, email, or other appropriate notice channels. The effective date of the revised Policy shall be clearly stated.
13.3 Continued use of the Platform after publication of the updated Policy shall constitute acceptance of its terms.
14. Incorporation Into Legal Framework
14.1 This Privacy Policy forms an integral part of all contracts, service agreements, and user terms applicable to the use of the Simonds Plus Platform, and shall be read and construed in conjunction with the Simonds Plus Terms and Conditions of Use.
14.2 In the event of a conflict between this Policy and another written agreement entered into by Simonds Plus, the terms of the latter shall prevail to the extent of the inconsistency.
Access Denied
IMPORTANT! If you’re a store owner, please make sure you have Customer accounts enabled in your Store Admin, as you have customer based locks set up with EasyLockdown app. Enable Customer Accounts