Policy

Privacy

Arkhi Pty Ltd

Privacy Policy

1. Introduction

At Arkhi Pty Ltd A.B.N. 68 117 774 071 (“we”, “us”, “our”), we respect your privacy and are committed to handling personal information responsibly, transparently, and in compliance with applicable privacy laws. This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with our business activities.

We are a commerce agency headquartered in Australia, providing strategy, marketing, design, and development services to clients across Australia and internationally. We interact with clients, prospective clients, suppliers, contractors, and visitors to our website and digital platforms.

This policy applies to all personal information we handle, whether collected online, offline, or through our service delivery activities. It covers:

  • personal information collected from individuals who visit our website or interact with our digital channels,
  • personal information provided to us during client onboarding and service delivery,
  • personal information exchanged in the course of business communications and meetings, and
  • personal information processed on behalf of our clients in connection with the services we provide.

 

We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where we handle personal information of individuals in the European Economic Area (EEA) or the United Kingdom, we also comply with the UK and EU General Data Protection Regulations (collectively, “GDPR”). Where other applicable privacy laws apply, we take reasonable steps to comply with those laws as well.

If you have questions about this policy or our privacy practices, please contact us using the details in Section 12.

2. Information We Collect

We collect personal information that is necessary for our business operations, service delivery, and legal obligations. We do not collect more personal information than we need.

2.1 Information you provide directly

When you engage with us, you may provide personal information including:

  • Contact details such as name, job title, employer, email address, phone number, and business address;
  • Account or profile information created when you register for our services or communications;
  • Information shared in the course of client onboarding, project briefs, and service delivery;
  • Payment and billing details, including information required to process invoices and transactions;
  • Communications you send to us via email, contact forms, telephone, video conferencing, or other messaging channels;
  • Survey responses, feedback, or information provided when you participate in research or events; and
  • Information provided in job applications or during a recruitment process.

2.2 Information collected automatically

When you visit our website or use our digital platforms, certain information is collected automatically through cookies, web beacons, and similar tracking technologies, including:

  • Technical identifiers such as IP address, browser type and version, operating system, and device type;
  • Usage data such as pages visited, links clicked, time spent on pages, and navigation paths;
  • Referring website or search terms that led you to our website; and
  • General location data derived from your IP address (typically at city or country level).

 

We describe how we use these technologies in more detail in Section 11 (Cookies and Tracking Technologies).

2.3 Information received from third parties

We may also receive personal information about you from third parties in limited circumstances, such as:

  • From clients who share the personal information of their customers, employees, or stakeholders as part of a project or service engagement;
  • From publicly available sources such as company registers, professional directories, or social media platforms in connection with business development activities; and
  • From our commercial partners or referral sources where you have indicated your interest in our services.

 

Where we receive personal information from clients for the purpose of delivering services, we act as a data processor (or service provider) in respect of that information, and handle it in accordance with our contractual obligations and applicable law.

3. How We Use Your Information

We use personal information only for purposes that are relevant, reasonable, and disclosed to you. The primary purposes for which we use personal information include:

Service delivery and client management

  • Delivering, managing, and improving the services we provide to clients;
  • Communicating with clients, contractors, and suppliers about projects and service-related matters;
  • Preparing proposals, contracts, invoices, and reports;
  • Managing supplier and contractor relationships.

Business development and communications

  • Responding to enquiries and requests from prospective clients;
  • Sending relevant updates, insights, or newsletters where you have consented to receive them or where we have a legitimate interest in doing so;
  • Conducting events, webinars, or workshops.

Website and platform operations

  • Operating and improving our website and digital platforms;
  • Monitoring website performance and diagnosing technical issues;
  • Conducting analytics to understand how our website is used and to improve the user experience.

Legal, compliance, and security

  • Meeting our legal and regulatory obligations;
  • Protecting against fraud, misuse, or security incidents;
  • Enforcing our contractual rights and defending legal claims.

Internal operations

  • Recruitment and talent management;
  • Financial administration and accounting;
  • Internal reporting, planning, and quality assurance.

 

We do not sell personal information to third parties. We do not use personal information for automated profiling that produces significant legal or similarly significant effects, except where we have notified you and where applicable law permits.

4. Legal Bases for Processing (GDPR)

For individuals in the EEA or UK, we are required to identify a legal basis for each use of personal information. The legal bases we rely on are:

Contract performance

We process personal information where it is necessary to enter into or perform a contract with you, or to take steps at your request before entering into a contract. This applies when we are delivering services, processing payments, or responding to pre-contractual enquiries.

Legitimate interests

We process personal information where we have a legitimate interest in doing so, provided that interest is not overridden by your rights and interests. Our legitimate interests include maintaining and growing our business, communicating with clients and prospects, improving our services, securing our systems, and managing our operations effectively. Where we rely on legitimate interests, we carry out an assessment to ensure the processing is proportionate and does not unduly impact your privacy.

Legal obligation

We process personal information where we are required to do so by law, including tax, corporate, financial reporting, and regulatory requirements.

Consent

We rely on consent in limited circumstances, such as sending direct marketing to individuals who are not existing contacts, or using certain non-essential cookies and tracking technologies. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of any processing that occurred before withdrawal.

Vital interests

In rare circumstances, we may process personal information to protect the vital interests of an individual, for example in an emergency situation.

 

Where we act as a data processor on behalf of a client (for example, processing personal information in the course of delivering a project), the client is the data controller and is responsible for establishing the legal basis for processing.

5. Disclosure of Your Information

We do not share your personal information except in the following circumstances.

5.1 Service providers and technology vendors

We engage third-party service providers who perform functions on our behalf. These may include providers of cloud infrastructure and hosting, project management and collaboration platforms, communication tools, financial and accounting software, analytics services, various SAAS products and cybersecurity solutions. These providers access personal information only to the extent necessary to provide their services to us, and are bound by confidentiality obligations and data protection agreements consistent with applicable law.

5.2 Contractors and freelancers

We work with independent contractors and specialist freelancers who may be involved in delivering services to clients. Where those individuals require access to personal information to perform their work, we ensure they are subject to appropriate confidentiality obligations.

5.3 Professional advisers

We may share personal information with our legal, financial, insurance, and other professional advisers where necessary in connection with their professional services to us.

5.4 Clients

Where we process personal information on behalf of a client as part of delivering services, we may provide outputs, reports, or project deliverables that include personal information back to that client, in accordance with our contractual arrangements.

5.5 Business transfers

If we are involved in a merger, acquisition, restructure, or sale of all or part of our business, personal information may be disclosed to prospective purchasers or successors subject to appropriate confidentiality protections. We will notify you if such a transaction results in a material change to how your personal information is handled.

5.6 Legal and regulatory requirements

We may disclose personal information where we are required to do so by law, court order, or regulatory requirement, or where disclosure is necessary to protect the rights, property, or safety of our business, our clients, or the public.

 

In all cases, we share only the minimum personal information necessary for the relevant purpose, and take reasonable steps to ensure that recipients handle personal information responsibly.

6. International Transfers of Personal Information

As a business that operates internationally and uses globally distributed technology services, personal information may be transferred to, and processed in, countries other than Australia or your country of residence. These countries may not have equivalent privacy protections to those in Australia or the EEA.

Where we transfer personal information outside Australia, we take reasonable steps to ensure the overseas recipient handles the information in a manner consistent with the Australian Privacy Principles, as required by APP 8.

Where we transfer personal information from the EEA or UK to countries outside those regions, we rely on appropriate transfer mechanisms, which may include:

  • Standard Contractual Clauses approved by the relevant authority;
  • Adequacy decisions recognising the destination country as providing an adequate level of data protection;
  • Other approved transfer mechanisms under applicable law.

 

If you would like more information about the safeguards we rely on for international transfers of your personal information, please contact us using the details in Section 12.

7. Data Retention

We retain personal information for as long as is necessary to fulfil the purposes for which it was collected, or as required by law or legitimate business needs. We do not retain personal information indefinitely or beyond what is necessary.

In determining how long to retain personal information, we consider:

  • the nature and purpose of the information;
  • the reasonable expectations of the individual;
  • our legal and contractual obligations, including limitation periods for potential claims;
  • the risk of harm associated with retaining or deleting the information;
  • whether the individual has requested deletion; and
  • any applicable regulatory guidance on retention periods.

 

As a general guide:

  • Personal information related to client engagements and services is retained for a period consistent with applicable contract law limitation periods and any regulatory requirements for our industry;
  • Financial and tax records are retained in accordance with Australian tax and corporate law requirements;
  • Website analytics and usage data are retained for a limited period sufficient to support analytics and security monitoring;
  • Marketing contact information is retained until you request removal or we determine the information is no longer relevant;
  • Recruitment information for unsuccessful applicants is retained for a reasonable period in case further opportunities arise, unless you request earlier deletion.

 

When personal information is no longer required, we take reasonable steps to destroy or de-identify it securely.

8. Security

We take the security of personal information seriously and implement reasonable administrative, technical, and organisational measures to protect it from unauthorised access, disclosure, alteration, or destruction.

Our security practices include, among other things:

  • Restricting access to personal information to authorised personnel on a need-to-know basis;
  • Using encrypted channels for the transmission of personal information where appropriate;
  • Storing personal information in secure, access-controlled environments;
  • Conducting regular reviews of our security practices;
  • Providing privacy and security awareness training to staff; and
  • Requiring our service providers to maintain appropriate security standards.

 

Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of personal information, and we encourage you to take reasonable steps to protect any information you share with us.

If we become aware of a data breach that is likely to result in serious harm to individuals, we will notify affected individuals and the relevant regulatory authority as required by law.

9. AI-Assisted Tools and Automated Processing

9.1 Our use of AI-powered tools

We use AI-assisted tools in the course of our business operations. These tools support activities such as drafting and editing content, summarising information, conducting research, assisting with analysis, improving workflows, and enhancing the quality and efficiency of our service delivery. The categories of AI tools we use include general-purpose language and productivity tools, automated content and creative assistance tools, and data analysis and pattern recognition tools.

We take a considered approach to AI use in our business. Human oversight is maintained for all material decisions and outputs. AI-generated content or analysis is reviewed by qualified team members before being relied upon or delivered to clients.

9.2 Personal data and AI tools

We apply data minimisation principles when using AI-powered tools. This means we avoid inputting unnecessary personal information into AI systems, and we use anonymised, aggregated, or de-identified data wherever practicable.

Where personal information is processed by an AI tool, we take reasonable steps to ensure that:

  • the tool is used in accordance with our data protection obligations;
  • the provider of the AI tool is subject to appropriate data processing agreements;
  • personal information is not used by the AI provider to train their publicly available models without appropriate consent or legal authority; and
  • confidential client information is protected through appropriate access controls and usage restrictions.

 

We do not permit our AI tool providers to use client personal data or confidential project information to train or improve their publicly accessible AI models. All AI processing of client data occurs under terms that prohibit such use.

9.3 Automated decision-making

We do not currently make decisions about individuals that are solely based on automated processing and that produce legal or similarly significant effects, without human involvement. If this changes, we will update this policy accordingly and, where required by law, provide individuals with the right to object to or request human review of such decisions.

10. Your Privacy Rights

10.1 Rights under the Australian Privacy Act

If you are located in Australia, you have the right to:

  • Access the personal information we hold about you;
  • Request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading;
  • Make a complaint about how we have handled your personal information (see Section 10.4 below); and
  • Opt out of direct marketing communications at any time.

10.2 Rights under GDPR (EEA and UK individuals)

If you are located in the EEA or the UK, you have the following additional rights:

  • Right of access: to receive a copy of the personal information we hold about you and information about how we use it;
  • Right to rectification: to have inaccurate or incomplete personal information corrected;
  • Right to erasure: to request deletion of your personal information in certain circumstances, such as where it is no longer necessary for the purpose for which it was collected;
  • Right to restriction of processing: to request that we limit how we use your personal information in certain circumstances;
  • Right to data portability: to receive your personal information in a structured, machine-readable format and to have it transferred to another controller where technically feasible;
  • Right to object: to object to processing based on our legitimate interests or for direct marketing purposes;
  • Right to withdraw consent: to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing; and
  • Rights related to automated decision-making: to not be subject to decisions based solely on automated processing that produce significant effects, and to request human review of any such decisions.

10.3 How to exercise your rights

To exercise any of your privacy rights, please contact us using the details set out in Section 12. We will respond to your request within the timeframes required by applicable law. In most cases, we will respond within 30 days.

We may need to verify your identity before processing your request. We do not charge a fee for reasonable requests, though we may charge a reasonable administrative fee where requests are manifestly excessive or repetitive.

Some rights are subject to exceptions or qualifications under applicable law. Where we are unable to fulfil a request, we will explain the reason.

10.4 Complaints

If you have a concern about how we have handled your personal information, we encourage you to contact us directly in the first instance so we can work to resolve your concern.

If you are not satisfied with our response, you may lodge a complaint with the relevant privacy regulator:

  • Australia: Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au;
  • UK: Information Commissioner’s Office (ICO) at ico.org.uk;
  • EEA: The data protection authority in your member state of residence.

11. Cookies and Tracking Technologies

When you visit our website, we and our service providers may use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your visit. These technologies help us understand how visitors use our website, improve our website’s functionality, and, where applicable, deliver relevant content.

Cookies are small data files stored on your device. We use different types of cookies for different purposes:

Strictly necessary cookies

These cookies are required for the website to function correctly. They cannot be disabled without disrupting the way the website works. They do not collect personal information for marketing purposes.

Performance and analytics cookies

These cookies collect information about how visitors use our website, such as which pages are visited most often and whether visitors receive error messages. This information is aggregated and used to improve the website. These cookies do not identify you as an individual.

Functionality cookies

These cookies allow the website to remember choices you make (such as language preferences) and provide enhanced, personalised features.

Marketing and targeting cookies

These cookies may be set by our advertising or analytics providers. They track your browsing activity across websites to help deliver advertising that is relevant to your interests. They are only placed with your consent.

 

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling cookies may affect the functionality of our website and other websites you visit.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact our Privacy Officer:

 

Privacy Officer

Arkhi Pty Ltd

Postal address: 4/46 Junction Road, Burleigh Heads QLD 4220, Australia

Email: info@arkhi.com.au

Telephone: 07 5634 9593

 

We aim to acknowledge your contact within 5 business days and resolve your query or request as promptly as possible.

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or the services we provide. When we make material changes, we will update the effective date at the top of this policy and, where appropriate, notify you by email or through a prominent notice on our website.

We encourage you to review this policy periodically. Your continued engagement with us after any update constitutes your acknowledgement of the revised policy.

This policy is designed to remain accurate as our underlying technology and service providers evolve. We deliberately describe our data handling practices at a principles level to avoid requiring updates each time we change a specific tool or vendor. Substantive changes to how we collect, use, or share personal information will always be reflected in an updated version of this policy.

Privacy Policy last updated on 13 June 2026.