Pawshare Club Privacy policy
Effective Date: 6 October 2025
Last Updated: 6 October 2025
INTRODUCTION AND COMMITMENT TO PRIVACY
Pawshare Club Pty Ltd (ABN: 84685619443 ("we", "us", "our", "Pawshare Club", “Pawshare”) is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) ("Privacy Act") as amended by the Privacy and Other Legislation Amendment Act 2024, the Australian Privacy Principles (APPs), and all applicable Australian consumer protection laws; and overseas legislation including United States and European Union regulations as in force and amended from time to time
This Privacy Policy explains how we collect, use, store, disclose and destroy your personal information when you use our mobile application, website, and related services ("Services"). By using our Services, you consent to the collection and use of your personal information as described in this policy.
Privacy Officer Contact: privacy@pawshareclub.com
General Inquiries: info@pawshareclub.com
MailingAddress: 328 Swanston St, Melbourne VIC 3000
OAIC Complaint Process: Available at www.oaic.gov.au | Phone: 1300 363 992
Regulatory Compliance: The design of this Policy has been informed by the Office of the Australian Information Commissioner (OAIC) 2025-26 regulatory priorities and prepares for the Children’s Online Privacy Code requirements (effective December 2026).
1. INFORMATION WE COLLECT
(APP 3 - COLLECTION OF SOLICITED PERSONAL INFORMATION)
We collect personal information that is reasonably necessary for our business functions and activities. This includes, but is not limited to:
1.1 Personal Information Categories
We collect different types of personal information depending on how you use our services. The categories below include data we currently collect, as well as types of information we may collect in the future to support new features, service improvements, or to meet legal obligations. We will notify you of any significant changes in our data collection practices.
Account Information: Name, email address, phone number, residential address
Identity Verification: Government-issued ID documents you upload (e.g. via secure web forms) for verification purposes. At present, we process this information internally if provided and do not use third-party services or automatic de-identification. In future, we may use secure third-party services and de-identification methods, which will be reflected in updated versions of this policy.
Pet Information: Pet names, breeds, ages, veterinary records, vaccination certificates, behavioral assessments, dietary requirements, medical conditions, emergency veterinary contact details
Service Information: Pet care preferences, service history, ratings and reviews, booking details, payment information
Location Data: Precise location data for service matching (only when app is active and with explicit consent if applicable)
Communications: Messages between users, support communications, review content
Payment information and financial details (processed securely through third-party providers including Stripe and other providers as notified from time to time)
1.2 Technical Information
(APP 3.3 - Unsolicited Information)
Device Information: Device type, operating system, IP address, browser type
Usage Analytics: App interaction patterns, session duration, feature utilization
Security Information: Login timestamps, security incident logs, fraud prevention data
1.3 Third-PartyAnalytics
Google Analytics: We use Google Analytics with anonymised IP settings and data retention limits as assigned by Google from time to time Tracking Disclosure: This includes pixel tracking for advertising optimization.e.g. Meta pixel, hotjar, and others (you may opt-out via your device settings or our preference center or by contacting us)
2. LEGAL BASIS FOR COLLECTION
(APP 3.2 - COLLECTION MUST BE REASONABLY NECESSARY)
We only collect personal information that is reasonably necessary for our core functions:
Primary Purposes
Facilitating pet care service connections between users
Ensuring pet safety and welfare through verification and matching when applicable
Processing payments and maintaining service records
Providing basic customer support and dispute resolution
Complying with legal obligations (taxation, consumer protection, safety)
Secondary Purposes (with your consent):
Marketing communications about new features and services Personalized service recommendations
Community features and social interactions
Research and development for service improvements
3. AUTOMATED DECISION-MAKING TRANSPARENCY (APP 1.4(g) - 2025 REQUIREMENTS)
Important Notice: Our platform may use automated systems to make decisions that may significantly affect you.
Automated Processes May Include:
Service Matching Algorithm: Automatically matches pet owners with suitable carers based on location, availability, pet requirements, and user ratings
Risk Assessment System: Evaluates booking requests for safety and compliance factors
Dynamic Pricing: Adjusts service pricing based on demand, location, and service complexity
Fraud Detection: Automated monitoring for suspicious account activity or transactions
Your Rights Regarding Automated Decisions:
Request human review of any automated decision
Obtain explanation of the decision-making logic
Challenge decisions that significantly impact your access to services Opt-out of automated marketing decisions
Contact: info@pawshareclub.com to exercise these rights or request human intervention.
4. CONSENT FRAMEWORK
(APP 6 - USE OR DISCLOSURE)
4.1 Explicit Consent Required For:
Collection and use of sensitive information (medical records, precise location data if required or applicable ) Marketing communications via email, SMS, or push notifications Sharing information with third-party service providers beyond core platform functions
Cross-border data transfers to non-adequate countries
Use of information for research and development purposes
4.2 Consent Characteristics
(2025 Privacy Act Standards)
All consent will be:
Freely Given: No coercion or bundled consent for unrelated purposes Specific: Clearly identified purposes with separate consent for each Informed: Plain English explanations with consequences of consenting/refusing
Unambiguous: Clear affirmative action required (no pre-ticked boxes)
4.3 WithdrawingConsent:
You may withdraw consent at any time via:
Account settings dashboard
Email to Info@pawshareclub.com
Phone: 0468 800 261
Written notice to our Privacy Officer
Note: Withdrawal may limit your access to certain platform features.
5. INFORMATION USE& DISCLOSURE
(APPs 6-8)
5.1 PrimaryUse (Original Collection Purpose):
We use personal information primarily for the purposes for which it was collected, which may include:
Platform functionality and service delivery
Safety and security monitoring
Payment processing and transaction management
Customer support and dispute resolution
Legal compliance (taxation, regulatory reporting)
These primary uses reflect the current operation of our services but may evolve to support additional core functions as the platform develops.
5.2 Secondary Use (with consent or legal authorization):
Where permitted by law or with user consent, personal information may also be used or disclosed for secondary purposes, which might include:
Marketing communications (with opt-in consent)
Service improvement research and analytics
Community features and user-generated content
Fraud prevention and platform security
We will notify users of material changes to these uses as required under applicable privacy laws.
5.3 Third-Party Disclosures
We may share information with:
• Payment Processors: Encrypted payment card and transaction data (PCI DSS compliant)
• Identity Verification Services: We may collect the minimum necessary information to verify identity. This information might be deleted after verification, subject to applicable retention policies and legal obligations.
• Cloud Service Providers: Encrypted data storage with Leading global provider including AWS
• LegalAuthorities: When required by law or court order
• Emergency Services: Pet or human safety emergencies (limited to necessary information)
5.4 Marketing Disclosure
(APP 7)
We do not currently sell, rent, or trade your personal information for marketing purposes. However, subject to applicable privacy laws, we may in the future use your personal information — or allow selected third parties to use it — for direct marketing purposes. You will have the option to opt out of receiving such communications at any time, either at the point of collection or through contacting us via info@pawshareclub.com
6. CROSS-BORDER TRANSFERS (APP 8 - DISCLOSURE TO OVERSEAS RECIPIENTS)
6.1 Transfer Locations
Primary data storage: United States (AWS Northern Virginia Region)
Backup storage: United States (adequate protection country) Support services: Canada (adequate protection - if required)
6.2 Safeguards
Adequacy Assessments: All transfers to countries with OAIC recognized adequate protection
Contractual Protection: Standard contractual clauses for any non adequate transfers
Encryption: All data encrypted in transit and at rest using AES-256 encryption
Data Residency: Core platform data remains in Australia unless explicitly consented
6.3 Your Rights:
You may contact our Privacy Officer to express a preference for your data to remain in Australia. While we will consider such requests where practicable, we cannot guarantee that data will not be transferred or stored outside Australia in accordance with applicable privacy laws.
7. DATASECURITY
(APP 11 - SECURITY OF PERSONAL INFORMATION)
7.1 Technical Measures:
The security of personal information is supported by our use of Bubble, a trusted third-party service provider that supplies the underlying infrastructure and hosting environment for our platform. Bubble implements recognised industry-standard security practices across its systems. Relying on this infrastructure, we apply the following technical measures, either directly or through the platform’s capabilities:
Encryption: Data is encrypted during transmission using secure protocols. Stored data is also protected by encryption mechanisms at the infrastructure level to mitigate the risk of unauthorised access.
Access Controls: Access to personal information is managed through application-level permission settings and role-based access controls. These ensure that only authorised users can access sensitive information. Administrative interfaces are further secured through robust authentication methods.
Security Monitoring: The hosting environment maintained by Bubble includes automated systems that continuously monitor for potential security threats. While we do not operate these systems directly, we rely on Bubble’s monitoring capabilities to help safeguard personal data.
Backup and Recovery: Regular data backups are performed by Bubble, with restoration procedures in place to support service continuity in the event of system failure or data loss.
7.2 Organisational Measures:
Staff Training: Mandatory privacy and security training for all personnel
Access Management: Minimum necessary access principle, regular access reviews
Incident Response: 24-hour incident response team with escalation procedures
Third-Party Security: Due diligence assessments for all service providers
7.3 Data Breach Response:
PAWSHARE CLUB PTY LTD is committed to responding swiftly and responsibly to any security incident that may involve personal information. While our platform is hosted on a third-party infrastructure provider, we maintain internal procedures to assess and respond to potential data breaches. Our breach response plan includes the following components:
Containment and Mitigation:
Upon becoming aware of a potential data breach, we will act promptly to contain the incident and prevent further unauthorized access. This may include revoking access credentials, disabling affected features, or engaging with our platform provider to apply necessary technical controls.
Regulatory Notification:
Where required by applicable privacy laws (such as the Australian Privacy Act or GDPR), we will notify the appropriate regulatory authority within the legally mandated timeframe — typically within 72 hours of becoming aware of a notifiable breach.
User Notification:
If the breach is likely to result in serious harm to individuals, we will notify affected users directly as soon as practicable. This communication will include information about the nature of the breach, steps we are taking in response, and recommended actions for the individual.
Investigation and Remediation:
We will investigate the incident to determine its scope, root cause, and impact. Based on findings, we will implement corrective actions to prevent recurrence. External specialists may be engaged to support the investigation and remediation process, where appropriate.
8. YOUR PRIVACY RIGHTS
(APPs 12-13 & 2025 ENHANCEMENTS)
8.1 Access Rights
(APP 12)
Request access to your personal information held by us, including:
Account and profile information
Pet care service history and records
Communications and support interactions
Automated decision-making explanations
Response Time: Within 30 days of verified request
Fee: No charge for first request per year; reasonable costs may apply for extensive requests
8.2 Correction Rights (APP 13):
Request correction of inaccurate, out-of-date, incomplete, or misleading information
Self-Service: Update most information via account dashboard Assisted Correction: Contact Privacy Officer for complex corrections via info@pawshareclub.com
Third-Party Notification: We’ll notify relevant third parties of corrections where required
8.3 Erasure Rights
(Right to be Forgotten - 2025 Amendments)
Request deletion of your personal information when:
Information no longer necessary for original collection purpose You withdraw consent and no other legal basis applies
Information collected unlawfully
Required for legal compliance
Limitations: We may retain information for legal obligations, legitimate interests, or public interest purposes.
8.4 Data Portability
Request your data in a structured, commonly used, machine-readable format for transfer to another service provider.
8.5 Complaint Rights
Internal Complaints: Free complaint handling via Pawshare Privacy Officer
External Complaints: OAIC (www.oaic.gov.au) or Victorian consumer protection agencies
Legal Action: Right to seek compensation under statutory privacy tort (effective June 2025)
9. CHILDREN’S PRIVACY PROTECTION
(IN PREPARATION FOR 2026 CHILDREN’S ONLINE PRIVACY CODE) 9.1 Age Restrictions
Minimum Age: 18 years.
If you are under the required age, you must not create an account, access, or use the service in any way. If we discover that you have provided false information regarding your age, we reserve the right to suspend or terminate your account and delete any associated data.
Age Verification: Required for all account registrations
ParentalControls: Enhanced privacy controls for users under 18 9.2
Enhanced Protections for Minors
Limited DataCollection: Minimum necessary information only No BehavioralAdvertising: Prohibited for users under 18 Parental Access Rights: Parents may access and control minor’s account data
Safety Monitoring: Enhanced monitoring for age-appropriate service matching
9.3 Compliance Preparation:
This policy will be updated to fully comply with the OAIC Children’s Online Privacy Code upon its registration (by December 2026).
10. RETENTION & DELETION
(APP 11.2)
10.1 Retention Periods
We generally retain personal and account information only for as long as it is reasonably necessary for the purposes for which it was collected, or as required to meet legal, regulatory, or operational obligations. The following timeframes reflect our current practice and may be adjusted from time to time, at our discretion, to reflect changing business, technical, or legal requirements:
Account Information: Typically retained for up to 7 years after account closure, primarily for taxation and compliance purposes.
Pet Care Records: Usually kept for up to 5 years after the last related service, or for longer if required to meet insurance, safety, or legal obligations.
Communications (including customer service inquiries): Generally retained for up to 3 years to support dispute resolution and service improvement.
Technical Logs: Typically retained for approximately 12 months for system security, performance, and audit purposes.
Marketing Consent Records: Retained until consent is withdrawn, with an additional 30 days for processing and administrative purposes.
We may securely delete or anonymize data earlier or retain it longer where reasonably necessary to comply with applicable laws, resolve disputes, or enforce our agreements.
10.2 Automated Deletion:
We aim to implement automated or scheduled data deletion and anonymization processes in line with our data retention practices. However, the specific timing and method of deletion may vary depending on operational, legal, and technical considerations.
Our current approach is as follows:
Inactive Accounts: Data is generally anonymized or securely deleted after approximately 4 years of inactivity, where practicable, and subject to prior notification where feasible.
Withdrawn Consent: When a user withdraws consent, we will typically cease processing related data as soon as reasonably possible and endeavour to delete or anonymize such data within around 30 days, subject to technical and legal constraints.
Legal Hold: Where data is subject to an active or potential legal claim, investigation, or regulatory requirement, we may retain such information for as long as reasonably necessary to comply with those obligations.
We may update or adjust these timelines periodically to reflect evolving business needs, regulatory requirements, and technological capabilities.
10.3 Secure Destruction:
All data destruction follows Australian Government Information Security Manual (ISM) standards with certificated destruction for sensitive information.
11. COOKIES&TRACKING TECHNOLOGY
11.1 Cookie Categories:
Essential Cookies: Required for platform functionality (no consent required)
Analytics Cookies: Google Analytics with IP anonymization (consent required)
Preference Cookies: User settings and preferences (consent required)
Marketing Cookies: Currently not used but it might be used in near future (would require explicit consent)
11.2Consent Management
Cookie Banner: Prominent consent request with granular choices Preference Center: Easily accessible via footer link for consent management
Browser Settings: Respect browser Do Not Track settings where technically feasible
13. UPDATES TO THIS POLICY
13.1Change Notification
Material Changes: 30 days advance notice via email and platform notification
Minor Updates: Notice via platform dashboard and policy date update
Regulatory Changes: Immediate implementation with retrospective notification
13.2ContinuedUse
Continued use of our platform after changes constitutes acceptance of updated policy. If you disagree with changes, you may close your account and request data deletion.
14. CONTACT INFORMATION &COMPLAINTS
Privacy Officer: Geunyoung Kim
Email: privacy@pawshareclub.com
Phone: 0468 800 261
Address: 328 Swanston St, Melbourne VIC 3000
General Inquiries: info@pawshareclub.com
Complaints Process:
1. Internal: Contact Privacy Officer (response within 10 business days)
2. External: OAIC at www.oaic.gov.au or 1300 363 992 3. VictorianConsumerAffairs: consumer.vic.gov.au
Legal Rights:
You may have the right to seek compensation for serious privacy breaches under Australian privacy tort laws. Legal advice should be sought regarding specific circumstances.
15. POLICY GOVERNANCE
15.1 Regular Reviews:
This policy is reviewed annually and updated for regulatory changes, technological developments, and business operations changes.
15.2 Privacy ImpactAssessments:
Conducted for all material changes to data processing activities, new technology implementations, and regulatory requirement changes.
15.3 Compliance Monitoring:
Regular internal audits ensure ongoing compliance with Australian privacy laws and this policy’s requirements.