This policy explains how Adaps (“we,” “us,” or “our”) collects, uses, discloses, and safeguards personal information in line with applicable laws and standards.

1. Introduction

Adaps is committed to protecting the privacy and security of personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard personal data in compliance with applicable data protection laws and regulations, including:

  • General Data Protection Regulation (GDPR) — European Union
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Australian Privacy Act 1988 and Australian Privacy Principles (APPs)
  • Other applicable U.S. state privacy laws
  • ISO/IEC 27001:2022 Information Security Management Standards

This policy applies to all personal data we process, regardless of the means of collection or storage.

2. Scope and Application

This Privacy Policy applies to:

  • All users of Adaps services, products, and platforms
  • Visitors to our websites and mobile applications
  • Customers, clients, and business partners
  • Job applicants and employees
  • Any individual whose personal data we process

3. Data Controller Information

Adaps is the data controller responsible for your personal information. For inquiries regarding this Privacy Policy or our data practices, please contact:

Data Protection Officer
Adaps
Email: privacy@adaps.com
Address: Level 18, 1 Nicholson Street, East Melbourne, Australia
Phone: +03 7068 5800

4. Personal Information We Collect

4.1 Categories of Personal Information

4.1.1 Identification Information

  • Full name, date of birth, and government-issued identification numbers
  • Contact details (email address, phone number, postal address)
  • Username and password credentials
  • Authentication information and security credentials

4.1.2 Financial Information

  • Payment card details and banking information
  • Transaction history and billing records
  • Tax identification numbers where required

4.1.3 Technical Information

  • IP address, device identifiers, and browser type
  • Operating system and software information
  • Cookies, web beacons, and similar tracking technologies
  • Log files and usage data

4.1.4 Usage and Behavioral Information

  • Service usage patterns and preferences
  • Search queries and interaction history
  • Communication records and customer service interactions

4.1.5 Special Categories of Personal Data (Sensitive Data)

Where permitted by law and with explicit consent, we may process:

  • Health information (where relevant to our services)
  • Biometric data for authentication purposes
  • Information revealing racial or ethnic origin, political opinions, religious beliefs (only where necessary and lawful)

4.2 Children’s Personal Information

Our services are not directed to children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without appropriate parental consent, we will take steps to delete such information promptly. In compliance with the Children’s Online Privacy Protection Act (COPPA), we implement age-appropriate privacy protections.

5. How We Collect Personal Information

  • Direct interactions: Information you provide when registering, purchasing, subscribing, or communicating with us
  • Automated technologies: Cookies, server logs, and similar technologies that automatically collect technical data
  • Third-party sources: Business partners, data brokers, public databases, and social media platforms
  • Service usage: Information generated through your use of our services

6. Purposes and Legal Basis for Processing

6.1 Purposes of Processing

  • Service delivery: To provide, maintain, and improve our products and services
  • Account management: To create and manage user accounts and authentication
  • Payment processing: To process transactions and prevent fraud
  • Communication: To respond to inquiries, provide customer support, and send service updates
  • Marketing: To send promotional materials and personalized offers (with consent where required)
  • Analytics: To understand usage patterns and improve user experience
  • Security: To protect against fraud, unauthorized access, and security threats
  • Legal compliance: To comply with legal obligations and respond to lawful requests
  • Business operations: To conduct audits, data analysis, and business development

6.2 Legal Basis for Processing (GDPR)

  • Consent: Where you have given explicit consent for specific processing activities
  • Contract performance: Where processing is necessary to fulfill our contractual obligations
  • Legal obligation: Where processing is required to comply with applicable laws
  • Legitimate interests: Where processing is necessary for our legitimate business interests, balanced against your rights
  • Vital interests: Where processing is necessary to protect life or physical safety

7. Data Sharing and Disclosure

7.1 Categories of Recipients

  • Service providers: Third-party vendors who perform services on our behalf (cloud hosting, payment processing, analytics)
  • Business partners: Partners with whom we jointly offer services or products
  • Corporate affiliates: Our parent company, subsidiaries, and affiliated entities
  • Professional advisors: Lawyers, accountants, auditors, and other professional consultants
  • Government authorities: Law enforcement, regulators, and courts when legally required
  • Business successors: In connection with mergers, acquisitions, or asset sales

7.2 International Data Transfers

We may transfer personal data to countries outside your jurisdiction. For transfers from the EU/EEA, we ensure adequate protection through:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules
  • Other approved transfer mechanisms

For transfers involving Australian personal information, we comply with APP 8.1 requirements and ensure overseas recipients handle data in accordance with the Australian Privacy Principles.

8. Data Security and ISO 27001 Compliance

8.1 Information Security Management System

We maintain an Information Security Management System (ISMS) aligned with ISO/IEC 27001:2022 standards. Our security framework includes:

  • Risk assessment and treatment
  • Access controls (role-based access, MFA, least privilege)
  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Network security (firewalls, IDS/IPS, segmentation)
  • Vulnerability management (assessments, pen-testing, patching)
  • Incident response procedures
  • Business continuity and disaster recovery
  • Security awareness training
  • Supplier security due diligence
  • Continuous monitoring and logging

8.2 Data Breach Response

  • Notify affected individuals without undue delay (within 72 hours for GDPR, and as required by CCPA and Australian law)
  • Report to relevant supervisory authorities where required
  • Document the breach (facts, effects, remedial actions)
  • Mitigate harm and prevent future incidents

9. Data Retention

We retain personal information only as long as necessary for the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Retention periods are determined based on:

  • The nature and sensitivity of the data
  • Legal and regulatory retention requirements
  • Business and operational needs
  • Contractual obligations
  • Potential for legal claims

Upon expiration of retention periods, we securely delete or anonymize personal data in accordance with our data retention and destruction policies.

10. Your Privacy Rights

10.1 Rights Under GDPR (EU/EEA Residents)

  • Right of access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object (including to direct marketing)
  • Rights related to automated decision-making
  • Right to withdraw consent
  • Right to lodge a complaint

10.2 Rights Under CCPA/CPRA (California Residents)

  • Know what we collect and how it’s used
  • Delete personal information
  • Correct inaccurate personal information
  • Opt-out of sale or sharing of personal information
  • Limit use/disclosure of sensitive personal information
  • Non-discrimination for exercising rights

We do not sell personal information as defined by CCPA.

10.3 Rights Under Australian Privacy Act (Australian Residents)

  • Access personal information we hold
  • Request correction of inaccurate, incomplete, or out-of-date information
  • Complain to us or the Office of the Australian Information Commissioner (OAIC)
  • Deal with us anonymously or using a pseudonym where practicable

10.4 Exercising Your Rights

To exercise any rights, contact us using the details in Section 3. We typically respond within the legally required timeframes (generally 30 days for GDPR, 45 days for CCPA, and 30 days for the Australian Privacy Act). We may need to verify your identity before processing requests.

11. Cookies and Tracking Technologies

11.1 Types of Cookies We Use

  • Strictly necessary cookies
  • Performance cookies
  • Functional cookies
  • Targeting/advertising cookies

11.2 Managing Cookies

You can control cookies through your browser settings and our cookie preference center. Disabling certain cookies may affect functionality. For more information, visit www.allaboutcookies.org.

12. Marketing Communications

We may send marketing communications about our products and services. You can opt out at any time by:

  • Clicking the “unsubscribe” link in any marketing email
  • Adjusting communication preferences in your account settings
  • Contacting us using the details in Section 3

We comply with applicable marketing laws, including CAN-SPAM and the ePrivacy Directive.

13. Third-Party Links and Services

Our services may contain links to third-party websites, applications, and services. We are not responsible for the privacy practices of these third parties and encourage you to review their privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated policy on our website with a new effective date
  • Sending email notifications for significant changes
  • Displaying prominent notices on our services

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

15. Supervisory Authorities

  • EU/EEA: Your local Data Protection Authority or the lead supervisory authority
  • California: California Attorney General’s Office
  • Australia: Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au

16. Definitions

Personal Information / Personal Data
Information that identifies, relates to, or could reasonably be linked with a particular individual or household.
Processing
Any operation performed on personal data, including collection, storage, use, disclosure, and deletion.
Data Controller
The entity that determines the purposes and means of processing personal data.
Data Processor
An entity that processes personal data on behalf of the data controller.
Sensitive Personal Information
Personal data revealing racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, genetic data, sexual orientation, or other specially protected categories.

17. Contact Information

Data Protection Officer
Adaps
Email: privacy@adaps.com
Address: Level 18, 1 Nicholson Street, East Melbourne, Australia
Phone: +03 7068 5800
Website: https://www.adaps.com/privacy-policy/

Acknowledgment

By using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Last Updated: July 01, 2025

Back to top ↑

© 2025 Adaps. All rights reserved.