Privacy Policy

Last Updated: March 2026

This Privacy Policy of Count For Me Trading Pty Ltd (ACN 695 883 633) trading as Countfor.Me (us, we, our) sets out our procedures regarding the handling of Personal Information, including the collection, use, disclosure and storage of information, as well as the rights available to your organisation to access and correct that information. We operate an IT solutions business, providing technology and data collection, management and reporting services (Services) through our web platform’s interface (the Platform).

Such Services are usually provided remotely through our Platform, but, may or may not be provided on-site from time to time, and may include, from time to time, the provision of technical support and professional services.

We may collect Personal Information in order to conduct our business, to provide and market our services and to meet our legal obligations. By using the website or our services, or by providing any Personal Information to us, you consent to the collection, use and disclosure of your Personal Information as set out in this Privacy Policy. When visiting our website or engaging our Services, we handle Personal Information in accordance with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs) and the General Data Protection Regulation (GDPR) for the European Union (EU).

From time to time, we may revise or update this Privacy Policy or our information handling practices. If we do so, the revised Privacy Policy will be published on our website.

---

Definitions – Personal Information

Personal Information has the meaning given to it under the Privacy Act.

Sensitive Information has the meaning given to it under the Privacy Act.

GDPR specific declarations

• We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.
• We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
• We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.
• We will only collect your personal information where we have a lawful basis to do so, including with your express consent for a specific purpose, and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
• We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
• We do not intend to collect or process any personal information from you that is considered "Special Categories of Personal Data" under the GDPR, such as personal information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, unless it is being collected subject to and in accordance with the GDPR. However, its collection may be incidentally included.
• You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.

---

The types of Personal Information we collect and hold

The types of Personal Information we may collect and hold include (but are not limited to) Personal Information from your organisation, such as:

• Visitors:
  • Usage data: device identifiers, log data, IP address, and cookie/analytics data as described below
• Enquirers:
  • Business name and contact details, including contact name, address, telephone number and other contact details such as your email address
• Users:
  • Account information, including usernames, emails, role assignments, authentication details and account permissions
  • POS data, including sales transactions, timestamps, product names, categories, SKUs, pricing, historical sales data (where applicable), modifiers, add-ons, discounts or refunds (where supported)
  • Accounting data, including invoices, invoice line items, and credit notes, supplier names, IDs, and contact references, tax amounts, account codes, and chart of accounts structures, historical invoice data (where available)
  • Supplier and order management data, including product catalogues and pricing, order frequency, delivery dates and statuses (where available)
  • Usage analytics and logs, including device type, browser information, and IP address, pages viewed, features used, session durations, error logs, diagnostics, and performance metrics
  • Communications and support interactions, including messages, attachments, screenshots, explanations of issues, email communications, chat logs and metadata related to your request
  • Optional file uploads, including product lists, pricing sheets, supplier catalogues and historical data exports
  • where AI-enabled matching or comparison features are used, product and item information that you provide through the Platform or via Integrations
  • Other Personal Information required to provide our services in specific cases

You are not obliged to provide Personal Information to us. However, in many cases, if you do not provide Personal Information to us, we may not be able to supply our Services to you.

In some circumstances, you may provide to us, and we may collect from you, Personal Information about a third party. Where you provide the Personal Information of a third party, you must ensure that the third party is aware of this Privacy Policy, understands it and agrees to accept it. If you are providing us with Personal Information on behalf of a person who is under the age of 18 that you are the parent or guardian of, you understand that you are consenting to this Privacy Policy on their behalf as their legal guardian.

Where we need to collect Sensitive Information to provide specific Services, such as:

• security credentials;
• access logs; or
• identity verification materials,

we will only do so with your consent or as otherwise permitted by law. We will not use or disclose Sensitive Information for any purpose other than the purpose for which it was collected unless required or authorised by law.

Anonymity and Pseudonymity

Where lawful and practicable, you may choose to remain anonymous or use a pseudonym when dealing with us. For example, you may browse our website without identifying yourself. However, if you do not provide certain Personal Information, we may not be able to provide you with our Services, respond to your enquiries, or otherwise engage with you in a meaningful way.

---

How Personal Information is collected and held by us

We collect Personal Information in the following ways:

• when you submit Personal Information through our website or its associated tools, account set up processes, configuration settings, or provide it in correspondence by email or telephone;
• in person, for example, when you engage with our employees, agents, or customer service representatives;
• integration with external systems such as accounting platforms, POS systems and supplier ordering systems, and (where enabled) AI-enabled matching and comparison processing, which is designed to use product and item information and minimise transfer of Personal Information;
• automatically via cookies, pixels, automated syncing and similar technologies;
• from third parties such as, but not limited to, referees, service providers and public sources; and
• in the course of providing our services to you.

We store Personal Information in computer storage facilities. We take steps to protect your Personal Information against loss, unauthorised access, use, modification or disclosure.

Some examples of the steps we take to protect your Personal Information include:

• ensuring strong computer and network security protocols, including firewalls, encrypted connections, identification codes, access privileges, and password protection measures to control access to our IT systems;
• implementing continuous maintenance and monitoring of security systems to ensure Personal Information remains secure during transmission and storage;
• requiring any third parties engaged by us to provide appropriate assurances to handle your Personal Information in a manner consistent with Australian law; and
• taking reasonable steps to destroy or de-identify Personal Information after we no longer need it for our business or to comply with the law.

Data Breaches

We are required to comply with the Notifiable Data Breaches scheme under the Privacy Act. If we experience an eligible data breach involving your Personal Information, we will take reasonable steps to investigate the breach, and where required, notify you and the Office of the Australian Information Commissioner of the circumstances and the steps you can take to protect your information.

Collection of Personal Information through activity

Information that may identify you as a user may be gathered during your access of our website and use of our Services.

The website may include pages that use ‘cookies’. A cookie is a unique identification number that allows the server to identify and interact more effectively with your computer or device. The cookie assists us in identifying what our visitors find interesting on our website.

A cookie may be allocated each time you use our website. Cookies do not generally identify you personally on their own, but they may identify your device and may become associated with you when linked with other information we hold. Cookies allow us to understand how visitors interact with our website and to improve functionality and performance.

You can configure your access to our website to refuse cookies. If you do so, you may not be able to use all or part of our website.

Analytics and Anonymisation

We may use analytics services provided by third-party service providers to help us analyse how visitors and enquirers use our website. Although the service providers record data such as your geographical location, device, internet browser and operating system, this information does not generally identify you to us directly, but it may be treated as Personal Information where it can reasonably identify an individual.

The information generated about your use of our website may be transmitted to and stored on servers operated by our analytics service providers, which may be located in Australia or overseas (including the United States or the European Union), depending on the provider. The service providers will use the information on behalf of us for the purpose of evaluating your use of our website and Services, compiling reports on activity for us and providing us with other services relating to activity and internet usage. The IP address collected will not be associated with any other data held by the service provider.

---

The purposes for which we collect, hold, use and disclose Personal Information

We collect, hold, use and disclose Personal Information for a variety of business purposes, including:

• Providing and supporting our services: to operate and improve the functionality of the website and the dashboard, process and respond to enquiries, analyse supplier costs and price changes, generate insights and forecasts, support and integrate POS features, provide supplier benchmarking and comparisons, perform AI-enabled product and item matching and comparison (using product/item information and minimising transfer of Personal Information), create aggregated, anonymised datasets, communicate and provide support to users, and any other ancillary function to provide our services;
• Quality and safety: fraud prevention, abuse monitoring, troubleshooting, performance and security;
• Improving our business, products and services: including analytics, research, testing, diagnostics, product development and updates;
• Marketing by us: to promote our business, products and services;
• Enquiries and complaints: to handle and respond to enquiries, complaints and feedback;
• Disclosures to:
  • Integrated platforms: including Xero, POS and supplier systems, where a feature requiring such sharing is explicitly enabled by the user, required by the platform’s API rules or limited write-back is required by the integration to function;
  • Suppliers: including limited insights relating to their own products or pricing, only if enabled, noting that supplier access can be revoked at any time
  • Service providers: including hosting, storage, communications, payments and analytics providers, noting that these providers are contractually restricted in their data access and use who assist us and are bound by appropriate confidentiality, privacy and security obligations;
• Legal, safety and corporate transactions: to comply with laws, detect/prevent fraud or security incidents, enforce our terms, and in connection with mergers, acquisitions or reorganisations.

We use your information for the purpose we collected, outlined above, or a related purpose you’d reasonably expect, or as permitted or required by law. Otherwise, we will ask for consent or rely on another APP exception.

Direct marketing

We also collect, hold, use and disclose your Personal Information to:

• notify you about the details of new services and products offered by us;
• send you our newsletters and other marketing publications;
• administer our databases for client service, marketing and financial accounting purposes;
• otherwise promote our business; and
• to comply with our legal requirements regarding the collection and retention of information concerning the products and services that we provide.

We will only send you direct marketing communications where you have consented or where you would reasonably expect to receive such communications from us. We will not disclose your Personal Information to third parties for their own marketing purposes unless you expressly opt in.

You may opt out of receiving direct marketing communications from us at any time and at no cost by using the unsubscribe facility in our communications or by contacting us using the details set out below. We will action your opt-out request as soon as reasonably practicable.

Disclosures to Third Party Service Providers

We may disclose your Personal Information to third parties who work with us in our business to promote, market or improve the services that we provide, including:

• cloud hosting providers;
• cybersecurity and monitoring partners;
• software vendors;
• consultants, payment processors;
• data storage providers;
• analytics providers; and
• professional advisers who assist us in operating our business and delivering our Services.

We use third-party payment service providers to process transactions securely. These providers may collect and store your payment details in accordance with their own privacy policies.

We may also combine your Personal Information with information available from other sources, including the entities mentioned above, to help us provide better services to you.

Where we do share information with third parties, we require that there are contracts in place that only allow use and disclosure of Personal Information to provide the service and that protect your Personal Information in accordance with Australian law. Otherwise, we will disclose Personal Information to others if you've given us permission, or if the disclosure relates to the main purpose for which we collected the information and you would reasonably expect us to do so.

Overseas Disclosure of Personal Information

We may disclose your Personal Information to overseas recipients, including our cloud hosting providers, analytics service providers, email and communications platforms, payment processors, and other technology service partners who assist us in providing our Services. These recipients may be located in countries including, but not limited to, the United States, the United Kingdom, member states of the European Union, Singapore and other jurisdictions in which our service providers operate.

Where we disclose Personal Information to an overseas recipient, we take reasonable steps to ensure that the recipient complies with the Australian Privacy Principles or is otherwise bound by privacy protections that are substantially similar. This may include contractual arrangements, technical safeguards, and due diligence on the recipient’s privacy and security practices.

By providing your Personal Information to us, you acknowledge that, despite such protections, overseas recipients may not be subject to Australian privacy laws and that, where permitted by law, we are not liable for any breach of the Australian Privacy Principles by those recipients.

Where practicable, we seek to store and process certain business documents (including invoices and related records) in-region (for example, within Australia for Australian customers), noting that some processing or storage may occur in other jurisdictions depending on the service providers used and the locations from which the Platform is accessed.

If we change our service providers or storage locations in a way that materially affects where Personal Information is handled, we will update this Privacy Policy and, where required by applicable law, provide you with notice.

Data Retention

We store, process, and retain Personal Information for as long as necessary to provide our Services and to comply with our legal obligations, including obligations under taxation, corporate and record-keeping laws. After the applicable retention period has expired, we will take reasonable steps to destroy or de-identify the information unless we are required or authorised by law to retain your information for a longer period. For clarity, deletion requests and account closure do not apply to anonymised and/or aggregated datasets that cannot reasonably be used to identify an individual.

---

Your rights under the GDPR

If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. We will comply with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU.

Except as otherwise provided in the GDPR, you have the following rights:

• to be informed how your personal information is being used;
• access your personal information (we will provide you with a free copy of it);
• to correct your personal information if it is inaccurate or incomplete;
• to delete your personal information (also known as "the right to be forgotten");
• to restrict processing of your personal information;
• to retain and reuse your personal information for your own purposes;
• to object to your personal information being used; and
• to object against automated decision-making and profiling.

Please contact us at any time to exercise your rights under the GDPR at the contact details in this Privacy Policy.

We may ask you to verify your identity before acting on any of your requests.

How we handle requests to access your Personal Information

You have a right to request access to your Personal Information which we hold about you and to request its correction. You can make such a request by contacting us using the contact details set out in this policy.

We will respond to any such request for access as soon as reasonably practicable. Where access is to be given, we will provide you with a copy or details of your Personal Information in the manner requested by you where it is reasonable and practicable to do so.

We will not charge you a fee for making a request to access your Personal Information. However, we may charge you a reasonable fee for giving you access to your Personal Information.

In some cases, we may refuse to give you access to the information you have requested or only give you access to certain information. If we do this, we will provide you with a written statement setting out our reasons for refusal, except where it would be unreasonable to do so.

Before providing access to Personal Information or making any corrections, we may need to verify your identity to ensure the security of your information. We aim to respond to all access and correction requests within 30 days, or otherwise within a reasonable period.

How we handle requests to correct your Personal Information

We will take such steps (if any) as are reasonable in the circumstances to make sure that the Personal Information we collect, use or disclose is accurate, complete, up to date and relevant.

If you believe the Personal Information we hold about you is inaccurate, irrelevant, out of date or incomplete, you can ask us to update or correct it. To do so, please contact us using the contact details listed below.

Where we correct Personal Information that we previously disclosed to another entity, we will take reasonable steps to notify that entity of the correction, unless it is impracticable or unlawful to do so.

---

How to contact us or make a complaint

If you have any questions about this Privacy Policy, if you wish to correct or update information we hold about you or if you wish to request access or correction of your Personal Information or make a complaint about a breach by us of our privacy obligations (including the way we have collected, disclosed or used your Personal Information), please contact:

We will acknowledge your complaint promptly and will respond to you in writing within 30 days, or such longer period as may be agreed with you, outlining the outcome of our investigation and any steps we will take to address your concerns. We will take reasonable steps to remedy any failure to comply with our privacy obligations. If we agree that your complaint is well founded, we will, in consultation with you, take appropriate steps to rectify the problem.

If you are not satisfied with our response, you have the right under Section 36 of the Privacy Act to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at: