Privacy Policy

Waterform Technologies Pty Ltd ("Waterform", "we", "us", or "our") respects your privacy. This Privacy Policy explains how we handle personal information in connection with our websites, products and services (together, the Services).

Key point up‑front: We collect, use and disclose personal information as broadly as permitted by Australian law and applicable local laws, while offering you practical controls to opt out of certain uses (such as direct marketing). If anything in this Policy conflicts with the law, we will follow the law.

Who we are

  • Entity: Waterform Technologies Pty Ltd

  • Registered office: 31 Coonooer St, Golden Square VIC 3555

This Policy applies to Waterform in Australia. Our Services are primarily intended for Australian users. If you access the Services from outside Australia, you do so at your own initiative and are responsible for compliance with your local laws.

Our legal framework

We handle personal information to the extent required by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If and when other privacy laws apply to particular activities (for example, the Notifiable Data Breaches (NDB) scheme, or the Health Records Act 2001 (Vic) where we handle health information), we will comply with those requirements. To the extent we are not legally required to comply (for example, because of small business exemptions), we may choose to follow comparable practices, at our discretion.

Personal information we collect

We collect information that identifies, relates to, describes, or could reasonably be linked to you (Personal Information). The categories depend on how you interact with us and may include (without limitation):

  • Identifiers & contact details (name, job title, employer, postal address, email, phone, device IDs, online identifiers).

  • Commercial & account data (order details, quotes, invoices, payment method tokens, credit applications, warranty claims, support tickets).

  • Technical & usage data (IP address, device and browser data, cookie IDs, log files, pages viewed, links clicked, time on page, referrers, approximate geolocation, error reports).

  • Marketing & communications data (preferences, consents, opt‑outs, survey responses, event registrations, call recordings where allowed).

  • Professional data (industry, site details, utility accounts, project specifications and constraints, trade waste parameters and sampling results where provided by you or your enterprise).

  • Sensitive information (only where reasonably necessary for our functions and permitted by law), such as health and safety information for site access. We will seek consent where legally required.

You may interact with us anonymously or use a pseudonym where it is lawful and practicable (for example, general website browsing). For most business dealings, identification is necessary.

How we collect information

We may collect Personal Information:

  • Directly from you (forms, emails, calls, meetings, events, tenders, proposals, purchase orders, site access, social media messages).

  • Automatically when you use our Services (cookies, pixels, SDKs, analytics tools, server logs).

  • From third parties (your employer or colleagues, contractors, utilities, consultants, publicly available sources, data partners, referral partners, advertising platforms, credit providers and agencies where permitted).

We may combine information from different sources for the purposes described below.

Why we collect, use and disclose information

We handle Personal Information for purposes including (without limitation):

  1. Providing and improving Services (quoting, designing, supplying, installing, commissioning, maintaining and supporting systems; training; customer service; troubleshooting; warranty).

  2. Business operations (planning, forecasting, safety, quality assurance, compliance, audits, insurance, incident management, risk management, record‑keeping, fraud prevention).

  3. R&D and product development (testing, modelling, analytics, benchmarking, de‑identification, aggregated reporting, training algorithms or tools we use).

  4. Marketing and communications (newsletters, promotions, event invitations, remarketing/retargeting, lookalike audiences, surveys, testimonials, case studies). You can opt out of direct marketing at any time (see Direct marketing controls below).

  5. Recruitment and HR (evaluating applicants; managing personnel—note: employee records may be exempt under the Privacy Act when related to current/former employees).

  6. Legal and safety (complying with laws and regulatory requests; enforcing contracts; protecting people, property and systems; investigating suspected unlawful activity).

  7. Corporate transactions (due diligence, financing, mergers, acquisitions, restructures or sale of assets; information may be transferred as part of such transactions).

We may rely on your consent where the law requires it. Otherwise, we handle Personal Information as permitted by law, including on the basis that it is reasonably necessary for our functions and activities.

Cookies, analytics and ad tech

We use cookies and similar technologies (pixels, tags, local storage) to operate and improve the Services, remember your settings, and measure and personalise marketing. We may allow analytics and advertising partners to set cookies or receive information from your browser or device to provide services such as analytics, audience measurement, interest‑based ads and cross‑device linking.

Your controls: You can block or delete cookies in your browser or device settings; use platform controls provided by Google, Meta and others; and opt out of direct marketing from us (see below). Blocking cookies may impact functionality.

We do not respond to Do Not Track signals.

Direct marketing controls (Spam Act compliant)

We may send you commercial electronic messages about our Services and related offerings, consistent with the Spam Act 2003 (Cth). You can opt out at any time by using the unsubscribe link in our emails or by contacting us (see Contact). We may also conduct telemarketing in compliance with applicable law, including the Do Not Call Register Act 2006 (Cth).

Disclosing information to third parties

We may disclose Personal Information (including to recipients outside Australia) to:

  • Service providers (hosting, cloud, data storage, analytics, marketing, billing, logistics, payment processing, identity verification, professional advisers, insurers, auditors, technicians, security providers).

  • Business partners and referral partners where you engage or are introduced.

  • Your organisation and its representatives (if your dealings with us occur in a business capacity).

  • Regulators, law enforcement and courts where required or permitted by law, or to establish, exercise or defend legal claims.

  • Prospective or actual purchasers, investors or financiers of all or part of our business.

We take reasonable steps to ensure third parties handle Personal Information in accordance with applicable law and our directions. Where we disclose information overseas, likely recipient countries may include New Zealand, the United States, Canada, the United Kingdom, member states of the European Union, Singapore, India and the Philippines. This list may change from time to time.

Overseas disclosures (APP 8)

If we disclose Personal Information to an overseas recipient, we will take reasonable steps to ensure they do not breach the APPs in relation to the information or that another exception applies (for example, where you expressly consent, or disclosure is required or authorised by law). By providing your information to us or using the Services, you consent to such overseas disclosures where permitted by law.

Sensitive information

We only collect sensitive information (for example, health and safety information for site access) where reasonably necessary for our functions and with your consent or as otherwise permitted by law.

Security

We implement reasonable safeguards designed to protect Personal Information from misuse, interference and loss, and from unauthorised access, modification or disclosure. However, no method of transmission or storage is completely secure and we cannot guarantee absolute security.

Retention and de‑identification

We retain Personal Information for as long as reasonably necessary for the purposes described in this Policy (including to comply with legal, taxation, accounting or insurance requirements) and then take reasonable steps to destroy or de‑identify it. We may retain de‑identified or aggregated information for analytics and business purposes.

Access and correction (APP 12 & 13)

You may request access to the Personal Information we hold about you, and you may ask us to correct it if you believe it is inaccurate, out‑of‑date, incomplete, irrelevant or misleading. We may need to verify your identity and we may charge a reasonable fee for access (but not for making a request). In certain circumstances we may refuse access or correction as permitted by law; if so, we will provide written reasons and information on how to complain.

Requests should be sent to hello@waterform.com.au

Notifiable data breaches

If we experience a data breach that is likely to result in serious harm, we will assess and, where required by the Privacy Act 1988 (Cth), notify affected individuals and the Office of the Australian Information Commissioner (OAIC) under the NDB scheme.

Third‑party sites and services

The Services may link to or integrate with third‑party websites, apps and services. We are not responsible for their privacy practices. We encourage you to read their privacy policies.

Children

Our Services are intended for business use. We do not knowingly collect Personal Information from children under 15 without appropriate consent.

Changes to this Policy

We may update this Policy at any time by posting the revised version on our website. The updated Policy will take effect on posting unless otherwise stated. Your continued use of the Services after any changes constitutes acceptance of the updated Policy.

Contact and complaints

Contact us:

  • Email: hello@waterform.com.au

Complaints: If you have a privacy concern or complaint, please contact us first. We will acknowledge your complaint and aim to respond within a reasonable period. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):

  • Web: www.oaic.gov.au

  • Tel: 1300 363 992 (Australia)

  • Mail: GPO Box 5218, Sydney NSW 2001

Effective date

9 September 2025

Important notices

  • This Policy is a general statement and does not create any right or obligation beyond those required by applicable law.

  • Where we are not legally required to comply with a particular privacy obligation, we may elect whether to follow an equivalent practice at our discretion.

  • If this Policy is translated, the English version prevails to the extent of any inconsistency.