Care & Co Match – Privacy Policy

Effective Date: 1 October 2025

Last Updated: 1 October 2025

Care & Co | Match Pty Ltd (ABN 61 663 701 906) (“Care & Co”, “we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, disclose, and otherwise manage personal information when you use our website, services, tools (e.g. quizzes, matching, concierge), or interact with us.

By using our Site or services, you consent to the practices described in this policy (as updated from time to time).

This policy is intended to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. What kinds of personal information we collect

We may collect the following types of personal information, depending on how you interact with us:

Category — Examples / Details

Identity & contact: Name, email address, phone number

Demographic: Age (but not date of birth), state or region of residence

Account & login data: Username, password

Service / care preferences: Information about your care needs, support preferences, location, budget, provider preferences

Usage & technical data: IP address, device type, browser, operating system, pages visited, timings, analytics logs, cookies

Payment & transaction: Payment details for paid services (processed securely via our payment provider). We do not collect or store billing addresses or card details.

Third-party / referral info: If you were referred by a third party (e.g. employer, adviser), we may collect referral details.

Other information you provide: Any additional details you choose to share in forms, enquiries, or communications.

We do not collect date of birth, postal addresses, billing addresses, or medical/health conditions.

2. How we collect personal information

We collect personal information in a number of ways, including:

- When you register an account or profile on our Site

- When you fill out forms (e.g. quizzes, enquiries, concierge service forms)

- When you browse or interact with our Site (analytics, cookies, tracking)

- When you make payments or sign up for paid services

- From third parties (e.g. employer benefit programs, advisers, or publicly available sources)

- Through communications (email, phone, support requests)

We will notify you (or you will see notices) at the point of collection about the purpose of collection, especially when collecting directly from you.

3. Purposes for which we use personal information

We use your personal information for the following core purposes:

- To provide our services — matching you with care providers, facilitating concierge services, generating shortlists, etc.

- To manage your account — registration, authentication, communications, billing, support

- To communicate with you — service updates, confirmations, newsletters (if you opt in), marketing (if permitted)

- To improve our services and user experience — analytics, feedback, product development, testing

- To ensure security and compliance — detecting fraud, unlawful use, enforcing our Terms of Use

- To satisfy legal or regulatory obligations — e.g. responding to lawful requests, data retention laws

We will not use your data for purposes incompatible with those for which it was collected, unless you consent or we are otherwise permitted by law.

4. Disclosure and sharing of personal information

We may disclose your personal information to:

- Payment providers (to process transactions securely)

- Care providers or organisations (only with your consent) when matching or facilitating referrals

- Employers, advisers, or benefit program operators (where your access is facilitated via them)

- Legal, regulatory, or government authorities (when required by law)

- Business successors in the event of a sale, merger, or restructure

We do not share your personal information with hosting companies or IT providers for their own use. Any technical partners we use only handle data on our behalf under strict privacy and security agreements.

5. Data storage, security, and retention

We store personal information in secure systems and take reasonable steps to protect it from misuse, interference, loss, unauthorized access, modification or disclosure.

We may retain data for as long as needed to fulfil the purposes it was collected, to comply with legal obligations, resolve disputes, enforce agreements, or prevent fraud.

When data is no longer required, we will securely destroy or de-identify it, unless retention is required by law.

6. Cookies, tracking, and analytics

We use cookies and similar technologies to collect usage data about how you interact with our Site (pages visited, click paths, session duration).

This helps us improve our platform, personalise content, and better serve you.

You may control or restrict cookies through your browser settings (e.g. reject third-party cookies), but some features of the Site may not function correctly if cookies are disabled.

We may use third-party analytics providers (e.g. Google Analytics) and advertising networks. They may set their own cookies and tracking technologies; their practices are governed by their own privacy policies.

7. Access, correction, and deletion

You have rights under the APPs to:

- Request access to personal information we hold about you

- Request correction of incorrect or out-of-date information

- Request deletion (in certain circumstances)

- Withdraw your consent to some uses (where consent is the basis for processing)

To make such a request, contact us (see “Contact Us” below). We will respond within a reasonable timeframe and in accordance with applicable law.

In some cases, we may refuse access or deletion requests (for example, where retaining the information is necessary to comply with legal obligations). If that happens, we will provide reasons.

8. Direct marketing and opt-out

We may, with your consent (or where permitted by law), use your contact information to send you marketing or promotional messages (email, SMS, etc.).

You may opt out of such communications at any time by using the unsubscribe link in emails or contacting us directly.

Even after unsubscribing, we may still send you service-related messages (e.g. confirmations, updates) that are necessary for use of the platform.

9. Cross-border transfers

As mentioned, we may disclose or transfer personal information to recipients outside Australia (e.g. offshore cloud storage, IT service providers).

Before doing so, we will take reasonable steps to ensure:

- The overseas recipient is bound by privacy protections materially similar to the APPs

- You are informed of such transfers

- You have provided consent, if required

10. Data breaches and notification

If a data breach occurs that is likely to result in serious harm, we will comply with our obligations under the Notifiable Data Breach scheme (Part 3C of the Privacy Act) and notify affected individuals and the Office of the Australian Information Commissioner (OAIC).

We will also take steps to contain the breach, mitigate harm, and review systems to prevent recurrence.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time (for example, when our practices or applicable laws change).

If changes are material, we may notify you (e.g. by email or site notice). Your continued use of our Site or services after