Privacy Policy

Effective date: 2 April 2026
Last updated: 7 April 2026

1. About This Policy

Zero Footprint Pty Ltd(ABN 96 105 673 649) (“Zero Footprint”, “we”, “us”, “our”) is committed to protecting the privacy of personal information we collect and handle.

This policy explains how we collect, hold, use, and disclose personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Notifiable Data Breaches (NDB) scheme, and, where applicable, the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

Zero Footprint is an Australian-based AI logistics consultancy providing technology, analytics, and consulting services. We process personal information as both a data controller (for our own personnel, candidates, and business contacts) and, where engaged by clients, as a data processor on their behalf.

This policy is freely available to any individual upon request and is published on our website.

2. What Personal Information We Collect

“Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not (Privacy Act 1988, section 6).

“Sensitive information” is a subset of personal information that includes health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, biometric data, and trade union membership. We only collect sensitive information where required by law or with your explicit consent.

Depending on your relationship with us, we may collect:

Employees, contractors, and candidates

Name, date of birth, gender, nationality, and contact details
Tax file number (TFN), superannuation, and bank account details for payroll
Employment history, qualifications, and professional references
Police check results (where required for specific client engagements)
Working rights documentation (visa status, passport details)
Performance, leave, and attendance records

Clients and business contacts

Contact details and organisational information
Project-related personal information provided by or on behalf of clients
Contractual and billing information

Website visitors

IP address and device identifiers
Browser type, operating system, and screen resolution
Cookies and similar tracking data (see Section 10)
Website usage data and analytics

Mobile application users (Freight Delivery Tracking)

Precise location data(GPS coordinates) collected via your device’s location services while the application is in use (foreground) and, where you have granted permission, while the application is running in the background during active deliveries
Route and trip data, including origin, destination, waypoints, and timestamps
Device identifiers and mobile operating system information
Delivery status updates and proof-of-delivery records

Location data is classified as sensitive information and is only collected with your explicit consent via your device’s permission prompt. See Section 10A for full details on how location data is used, shared, and controlled.

3. How We Collect Information

Directly from you

Employment applications, onboarding forms, and contracts
Website contact forms, email, telephone, and video conferences
Face-to-face meetings

From third parties

Recruitment agencies and referees
Clients providing information about their personnel for project delivery
Background check providers (police checks, qualification verification)
Publicly available sources (professional networking sites, company registers)

Automatically

Cookies, analytics tools, and server logs when you visit our website (see Section 10)
Device location sensors (GPS, Wi-Fi, cell tower triangulation) when you use our Freight Delivery Tracking mobile application and have granted location permission (see Section 10A)

Consent

We obtain consent for the collection of personal information through:

Signed employment agreements and contractor agreements
Website cookie consent banners and privacy notices
Verbal or written consent for specific collection purposes

You may withdraw consent at any time by contacting us. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

4. Why We Collect and Use Your Information

We collect and use personal information for the following purposes:

Employment administration, payroll, and workforce management
Recruitment and candidate assessment
Delivery of technology and consulting services to our clients
Managing client relationships and contractual obligations
Complying with legal and regulatory obligations (including taxation, employment law, and privacy law)
Security monitoring and incident response
Improving our services and website
Communicating with you about our services

Lawful basis for processing (GDPR)

Where GDPR applies, we process personal data on the following legal bases:

Contract: processing necessary for the performance of a contract (employment, service agreements).
Legal obligation: processing necessary to comply with applicable laws (taxation, employment, privacy).
Legitimate interests: processing necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include workforce management, service delivery, business development, and security. We conduct a balancing test before relying on this basis and document our assessment.
Consent: where we rely on consent, you have the right to withdraw it at any time.

5. Who We Share Your Information With

We may disclose personal information to the following categories of recipients:

Service providers who assist us in delivering our services (see Section 11).
Client organisations, where we provide services on their behalf and the disclosure is necessary for service delivery.
Legal and regulatory bodies, where required by law or to protect our legal rights (e.g., the Australian Taxation Office, the Office of the Australian Information Commissioner, courts, and tribunals).
Professional advisors, including lawyers, auditors, and insurers.

We do not sell personal information to third parties.

6. Cross-Border Disclosure

Zero Footprint is an Australian-based company. In the course of our operations, personal information may be disclosed to recipients located overseas, including in the Philippines, the United States, and other countries where our service providers operate.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the recipient handles information in accordance with the Australian Privacy Principles. These steps include contractual arrangements, due diligence on the recipient’s privacy and security practices, and verification of relevant security certifications.

Zero Footprint remains accountable for the handling of personal information by its overseas recipients.

If you would like to know the specific countries to which your personal information may be disclosed, please contact us using the details in Section 17.

7. Direct Marketing

Zero Footprint does not currently use personal information for direct marketing purposes. If this changes in the future, we will update this policy and ensure that:

You are informed that your information may be used for direct marketing.
You can easily opt out of receiving direct marketing communications at any time.
We comply with the Spam Act 2003 (Cth).

If you are a subscriber to any Zero Footprint communications and wish to unsubscribe, you may do so by using the unsubscribe link provided in each communication or by contacting us using the details in Section 14.

8. Anonymity and Pseudonymity

You have the option of dealing with Zero Footprint anonymously or by pseudonym where it is lawful and practicable.

However, this may not always be possible. For example, we cannot process an employment application or provide services under a client agreement without verifying your identity. Where anonymity or pseudonymity is not practicable, we will explain why.

9. How We Protect Your Information

Zero Footprint takes reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure.

Our security measures include:

Encryption of data at rest and in transit (AES-256, TLS 1.2 or higher).
Multi-factor authentication (MFA) for all systems.
Role-based access controls and the principle of least privilege.
Endpoint detection and response on all company devices.
Regular security awareness training for all personnel.
Incident response procedures for security events and data breaches.
Regular review of access permissions and security controls.

10. Cookies and Tracking Technologies

Our website may use cookies and similar technologies to improve your experience and to collect usage data.

What we use

Essential cookies: required for core website functionality (e.g., session management). These cannot be disabled.
Analytics cookies: used to understand how visitors interact with our website. These collect anonymised usage data including pages visited, time on site, and referral source.

Your choices

You can manage cookie preferences through your browser settings. Disabling non-essential cookies will not affect core website functionality. Where we use analytics cookies, data is collected in aggregate and is not used to identify individuals.

10A. Mobile Application & Location Data

Our Freight Delivery Tracking mobile application collects location data to provide real-time fleet visibility, delivery tracking, and route optimisation services to the freight and logistics operators we serve. This section describes how location data is collected, used, shared, retained, and controlled.

What location data we collect

Precise (GPS) location:latitude and longitude coordinates from your device’s location services.
Foreground location: collected while the application is open and actively in use.
Background location:collected while the application is running in the background during active delivery runs, only where you have explicitly granted background location permission via your device’s operating system prompt.
Route and trip metadata: timestamps, speed, distance travelled, origin, destination, and waypoints.

Why we collect location data

To provide real-time delivery tracking and estimated arrival times to dispatchers and consignment recipients.
To optimise delivery routes and reduce fuel consumption and emissions.
To verify proof of delivery, including confirmation that a delivery was made at the correct location.
To support driver safety monitoring and compliance with Chain of Responsibility obligations under the Heavy Vehicle National Law.
To generate operational analytics and reporting for the freight operator (your employer or contracting organisation).

Who we share location data with

Your employer or contracting organisation: the freight operator who has engaged Zero Footprint to provide the tracking platform. They can view your location while you are on active delivery runs.
Consignment recipients: estimated arrival time and delivery status only (not continuous location tracking).
Zero Footprint: as the technology provider operating the platform, we process location data on behalf of the freight operator.

We do not sell location data to third parties. We do not share location data with advertisers.

How long we retain location data

Location data associated with completed deliveries is retained for up to twelve (12) months to support operational reporting, dispute resolution, and regulatory compliance. After this period, location data is de-identified or deleted. Your employer or contracting organisation may have specific retention requirements as set out in their service agreement with us.

Your controls

Permission prompts:the application will request location permission when you first use it. You must explicitly grant permission via your device’s operating system prompt before any location data is collected.
Background location: a separate permission prompt is displayed if background location access is required. You may grant foreground-only access and decline background access.
Revoking permission:you may revoke location permission at any time via your device’s Settings > Apps > [App Name] > Permissions > Location. Revoking location permission will prevent the application from collecting location data, which may affect delivery tracking and route optimisation features.
Account deletion: you may request deletion of your account and associated location data by contacting your employer or by contacting us directly using the details in Section 17.

11. Service Providers

We engage third-party service providers to assist in delivering our services. These providers may process personal information on our behalf in the following categories:

Identity and access management
Human resources and payroll administration
Cloud infrastructure and hosting
Email and workplace collaboration
Endpoint security and device management
Project management and work tracking
Security awareness and training
Password and credential management

All service providers are subject to contractual obligations regarding the handling of personal information, including data security requirements and restrictions on use and disclosure. We conduct due diligence on service providers before engagement and review arrangements periodically.

A detailed register of our current service providers is available on request by contacting us using the details in Section 17.

12. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. When personal information is no longer needed, we destroy or de-identify it in accordance with the Australian Privacy Principles.

General retention periods:

Employee and contractor records: seven (7) years after the end of the employment or engagement relationship.
Candidate records (unsuccessful applicants): twelve (12) months.
Client and project records: in accordance with contractual requirements, or seven (7) years where no contract specifies.
Website analytics data: de-identified and retained for the purposes of trend analysis.
Mobile application location data: twelve (12) months from completion of the associated delivery (see Section 10A).

13. Your Rights

Access

You have the right to request access to the personal information we hold about you. We will respond to access requests within thirty (30) days. There is generally no charge for accessing your personal information, although we may charge a reasonable fee for administrative costs if a request is manifestly excessive or repeated.

Correction

You have the right to request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading. There is no charge for requesting a correction. We will respond within thirty (30) days.

Erasure / Deletion

Under the GDPR (where applicable), you have the right to request deletion of your personal data where it is no longer necessary for the purpose it was collected, you withdraw consent, or there is no overriding legitimate interest. Under the Privacy Act, we will destroy or de-identify personal information that is no longer needed in accordance with the Australian Privacy Principles.

Restriction of processing

Under the GDPR (where applicable), you may request restriction of processing in certain circumstances, including where you contest the accuracy of the data.

Data portability

Under the GDPR (where applicable), you have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to object

Under the GDPR (where applicable), you may object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, processing will cease immediately.

To exercise any of these rights, please contact us using the details in Section 17.

14. Automated Decision-Making

Zero Footprint does not currently use automated decision-making (including profiling) that produces legal effects or similarly significantly affects individuals.

We are aware of forthcoming Australian obligations regarding automated decision-making under forthcoming Privacy Act amendments (expected to take effect from December 2026). In preparation, we commit to:

Maintaining an inventory of any AI or automated systems that process personal information.
Conducting impact assessments before deploying any automated decision-making system that may significantly affect individuals.
Providing clear disclosure of any automated decision-making practices, including the logic involved and the envisaged consequences.
Ensuring individuals can request human review of any decision made solely by automated means.

15. Notifiable Data Breaches

Zero Footprint complies with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988.

If we become aware of a data breach that is likely to result in serious harm to individuals, we will:

Complete an assessment within thirty (30) days (or sooner where practicable).
Notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable.
Provide affected individuals with details of the breach, the kinds of information involved, and recommended steps they should take.

16. Complaints

If you believe we have breached the Australian Privacy Principles or mishandled your personal information, you may lodge a complaint with us.

How to complain

Our process

Acknowledgement: we will acknowledge your complaint within five (5) business days.
Investigation: your complaint will be investigated by a person with appropriate authority and independence.
Response: we will provide a written response within thirty (30) days, outlining the findings and any remedial actions taken.
Review: if you are not satisfied with the outcome, you may request a review by senior management.

External resolution

If you are not satisfied after our internal process, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Online: www.oaic.gov.au/privacy/privacy-complaints
Telephone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001

Where GDPR applies, individuals may also lodge a complaint with the relevant supervisory authority in the European Economic Area.

17. Contact Us

For privacy enquiries, access or correction requests, or complaints:

Privacy Officer
Zero Footprint Pty Ltd
Email: privacy@zerofootprint.com.au
Post: PO BOX 4077, Wishart, VIC 3189, Australia

18. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices, applicable laws, or organisational structure. When we make material changes, we will update the “last updated” date at the top of this policy.

We encourage you to review this policy periodically.