This Privacy Policy explains how Moonshooters ABN 75 685 145 920 trading as WasteConnect ("we", "us", "our", "WasteConnect") collects, uses, discloses, and protects your personal information when you use our WasteConnect platform and services.

We are committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Information We Collect

1.1 Information You Provide

Account Information:

• Name, email address, phone number

• Company name, ABN, business address

• Job title and role within your organisation

• Payment information (processed through Stripe)

Business Data:

• Waste collection job details and schedules

• Customer contact information for waste pickups

• Waste manifests and material classifications

• Route planning and scheduling data

• EPA compliance and reporting data

Communications:

• Support requests and correspondence

• Feedback and survey responses

• Phone call recordings (with notice)

1.2 Information We Collect Automatically

Usage Data:

• IP address and browser type

• Pages visited and time spent on the platform

• Features used and actions taken

• Login times and session duration

Technical Data:

• Device information and operating system

• Location data (for route planning features)

• Cookies and similar tracking technologies

• Error logs and diagnostic information

Third-Party Data:

• Google Maps location and geocoding data

• Payment processing information from Stripe

• Email delivery confirmations

2. How We Use Your Information

2.1 Primary Purposes

Service Provision:

• Provide and maintain the WasteConnect platform

• Process and manage waste collection jobs

• Generate route plans and schedules

• Create EPA compliance reports

• Process payments and maintain billing records

Account Management:

• Create and manage user accounts

• Authenticate users and maintain security

• Provide customer support and assistance

• Communicate service updates and changes

2.2 Secondary Purposes

Service Improvement:

• Analyse usage patterns to improve features

• Develop new platform capabilities

• Optimise performance and user experience

• Conduct product research and development

Business Operations:

• Maintain business records and accounts

• Comply with legal and regulatory requirements

• Protect against fraud and security threats

• Enforce our Terms of Service

Marketing (with consent):

• Send newsletters and product updates

• Notify you of new features and services

• Conduct customer satisfaction surveys

• Provide relevant industry information

3. Information Sharing and Disclosure

3.1 We May Share Information With:

Service Providers:

• Google (Maps API for location services)

• Stripe (payment processing)

• Cloud hosting providers (Google Cloud Platform)

• Email service providers

• Customer support tools

Business Partners:

• With your consent for specific integrations

• EPA or regulatory bodies (when required by law)

• Auditors and professional advisors

Legal Requirements:

• When required by law or court order

• To protect our rights or property

• To investigate fraud or security incidents

• In emergency situations to protect safety

3.2 We Do Not:

• Sell personal information to third parties

• Share customer waste data with competitors

• Use your data for purposes unrelated to our services

• Retain information longer than necessary

4. Data Security and Protection

4.1 Security Measures

Technical Safeguards:

• Industry-standard encryption (in transit and at rest)

• Secure data centres with physical access controls

• Regular security audits and vulnerability assessments

• Multi-factor authentication for admin access

• Automated backup systems with redundancy

Operational Safeguards:

• Staff privacy and security training

• Access controls based on role requirements

• Regular review of data access permissions

• Incident response and breach notification procedures

4.2 Data Breach Response

In the event of a data breach that may cause serious harm, we will:

• Notify the Office of the Australian Information Commissioner within 72 hours

• Notify affected individuals as soon as practicable

• Provide clear information about the breach and remedial actions

• Take immediate steps to secure the affected systems

5. Your Privacy Rights

5.1 Access and Correction (APP 12 & 13)

You have the right to:

• Access your personal information we hold

• Request correction of inaccurate or incomplete information

• Receive information about how we use and disclose your data

• Request a copy of your information in a portable format

5.2 Withdrawal of Consent

You may:

• Opt out of marketing communications at any time

• Withdraw consent for optional data uses

• Update your communication preferences in your account

• Request deletion of your account and data (subject to legal requirements)

5.3 Complaints Process

If you have concerns about our privacy practices:

1. Contact our Privacy Officer using the details below

2. We will investigate and respond within 30 days

3. If unsatisfied, you may complain to the Office of the Australian Information Commissioner (OAIC)

6. Data Retention and Deletion

6.1 Retention Periods

Active Accounts:

• Personal information: Retained while account is active and for compliance purposes as described below

• Business data: Retained as long as needed for service provision and regulatory compliance

• Usage data: Retained for up to 7 years for service improvement and business analysis

Compliance and Legal Requirements:

• EPA compliance data (including personal information of waste handlers): Retained for minimum 7 years or as required by environmental regulations

• Financial and tax records: Retained for 7 years as required by Australian tax law

• Safety and incident records: Retained permanently for public safety and environmental protection

• Regulatory correspondence: Retained for 10 years or as required by relevant authorities

Closed Accounts:

• Personal information: Retained for minimum 7 years for compliance purposes, then anonymised or deleted

• Business and compliance data: Retained for 7-10 years depending on regulatory requirements

• EPA compliance records: Retained permanently or as required by environmental regulations

• Financial records: Retained for 7 years for tax and legal compliance

6.2 Deletion Process

When you close your account:

• Personal information is retained for compliance purposes as outlined above

• You can export your business data before closure

• Non-compliance related personal information may be anonymized after retention periods

• Compliance and regulatory data is retained as required by law

• Deletion confirmations provided upon request (subject to legal retention requirements)

7. International Data Transfers

7.1 Data Location

Primary Storage:

• Data is stored in Google Cloud Platform data centres in Australia

• Some service providers may process data outside Australia

Cross-Border Transfers:

• Google Cloud Platform (global infrastructure with Australian data residency)

• Stripe payment processing (may involve overseas processing)

• Email services (may route through overseas servers)

7.2 Transfer Safeguards

When data is transferred overseas, we ensure:

• Adequate privacy protections are in place

• Service providers comply with privacy laws equivalent to Australian standards

• Contractual protections for data security and handling

• Regular review of overseas service provider arrangements

8. Cookies and Tracking Technologies

8.1 Types of Cookies

Essential Cookies:

• User authentication and session management

• Security and fraud prevention

• Core platform functionality

Performance Cookies:

• Analytics on platform usage and performance

• Error tracking and diagnostic information

• Feature usage measurement

Functional Cookies:

• User preferences and settings

• Location data for route planning

• Interface customisation

8.2 Cookie Management

You can:

• Control cookies through your browser settings

• Opt out of non-essential cookies in your account

• Clear existing cookies at any time

• Note: Disabling essential cookies may affect platform functionality

9. Children's Privacy

WasteConnect is designed for business use by adults. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child, we will take steps to delete it promptly.

10. Third-Party Services and Subprocessors

10.1 Service Providers

We use various third-party service providers to deliver our services. Details about these providers are available in our list of Subprocessors.

10.2 External Links

Our platform may contain links to external websites. We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies.

Our platform may contain links to external websites. We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies.

11. Updates to This Policy

11.1 Policy Changes

We may update this Privacy Policy to reflect:

• Changes in our practices or services

• Updates to privacy laws and regulations

• Feedback from users and privacy authorities

• Business changes or new features

11.2 Notification Process

When we update this Privacy Policy:

• Updated policy will be posted on our website with the new "Last Updated" date

• For material changes that significantly affect how we handle your personal information, we will provide reasonable notice via email or prominent notice in the platform

• Changes take effect 30 days after notification (unless legally required to take effect sooner)

• Continued use of our services after the effective date constitutes acceptance of the updated policy

12. Contact Information

12.1 Privacy Officer

For privacy-related questions, requests, or complaints:

Email: hello@wasteconnect.com.au

12.2 General Support

Email: hello@wasteconnect.com.au
Business Hours: 9 AM - 5 PM AEST, Monday-Friday

12.3 Regulatory Contact

Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au

13. Specific Industry Considerations

13.1 EPA Compliance Data

Regulatory Requirements:

• Some waste data may be subject to EPA reporting requirements

• We assist with compliance but you remain responsible for accuracy

• EPA may have access rights to certain environmental data

Data Sharing:

• EPA reporting data may be shared with regulatory authorities

• Only data necessary for compliance purposes is shared

• You will be notified of any regulatory data requests

13.2 Waste Industry Confidentiality

Commercial Sensitivity:

• We understand the competitive nature of waste collection data

• Customer lists and pricing information are kept strictly confidential

• Route and operational data is protected as trade secrets

14. Emergency Situations

In genuine emergencies involving public safety or environmental hazards, we may disclose relevant information to:

• Emergency services and first responders

• Environmental protection authorities

• Public health officials

• Other relevant authorities

Such disclosures will be limited to information necessary to address the emergency.

Privacy Policy Version: 1.0

This Privacy Policy is designed to be read alongside our Terms of Service and list of Subprocessors. Together, these documents govern your use of WasteConnect services and our handling of your information.