OUR PRIVACY POLICY

INTRODUCTION

Here at Kepler Analytics Pty Ltd (ABN 25 603 763 300) (we, us, our, or Kepler Analytics) protecting your privacy and treating your personal information with care is of paramount importance to us. This Privacy Policy explains why we collect personal information and how we collect, use, disclose, store and protect your personal information and the personal information of your Customers when you use our Kepler Analytics Products (our retail analytics, store foot traffic counting and conversion tracking products and anything we add from time to time).

It also explains how to contact us to correct, update or delete any personal information provided to us, or make a complaint if you have concerns.

We will only collect and process personal information about you where we have a lawful basis to do so. Lawful basis includes consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you) and legitimate interests (including security threats or frauds, compliance with applicable laws, and enabling us to administer our business).

This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and Kepler Analytics Product users; in other words, where we determine the purposes and means of the processing of that personal data.

We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and to the extent applicable, the EU General Data Protection Regulation (GDPR).

CHANGES THAT WE MAKE TO OUR PRIVACY POLICY

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy.

WHICH ENTITIES DOES THIS PRIVACY POLICY COVER?

This Privacy Policy applies to Kepler Analytics and all related entities of Kepler Analytics around the world with respect to the Kepler Analytics Products.

WHAT IS PERSONAL INFORMATION?

Personal information is information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

WHAT PERSONAL INFORMATION DO WE COLLECT?

Personal Data

Demographic and other personally identifiable information that you give to us when choosing to use the Kepler Analytics Products. The types of personal information we may collect about you include:

• your name;
• your contact details, including email address, street address and/or telephone number;
• your employer and job title;
• your business information, including customer-to-staff ratios and point-of-sale data;
• information you provide us through feedback, customer surveys or otherwise;
• details about payments from you to us and other details of Products and services we have provided to you and/or that you have enquired about, and our response to you;
• your preferences in receiving marketing from us and our third parties and your communication preferences;
• support requests submitted to us and our response to you; and
• any other personal information requested by us and/or provided by you or a third party.

WHY DO WE COLLECT YOUR PERSONAL INFORMATION?

We may collect your personal information when required by law but generally we collect personal information from you (or about you) to allow us to:

• supply you with the Kepler Analytics Products;
• supply you with tailored service offerings that may benefit you;
• communicate more effectively with you about our services and your care;
• ensure your experience with us is a positive one;
• notify you about our new service or product offerings, discounts, promotions or upcoming events;
• provide analytics and solutions for your business;
• if you have applied for employment with us; to consider your employment application; and
• to comply with our legal obligations and resolve any disputes we may have.

Personal information collected or received by us will only be used for the stated purpose for which it was provided.

When you access the Kepler Analytics Products, we may collect certain information automatically, including, but not limited to, your operating system, the type of Internet browser you use, unique device identifiers and other diagnostic data (Usage Data).

WHEN DO WE DISCLOSE YOUR PERSONAL INFORMATION?

Your personal information may be disclosed to third parties in the following circumstances:

• for the purpose it was collected;
• if we merge with or are acquired by another company, or sell our business assets;
• to work with you as a customer or supplier of our business;
• to contact and communicate with you about our business, including in response to any support requests you lodge with us or other enquiries you make with us;
• for internal record keeping, administrative, invoicing and billing purposes;
• for analytics, market research and business development, including to operate and improve our business, associated applications and associated social media platforms;
• with your consent, to create case studies for marketing purposes;
• to allow service providers to provide their services to us, including (without limitation) IT service providers, data storage, web-hosting and server providers, email marketing providers, debt collectors, couriers, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;
• to enable the function of our employees, contractors and/or related entities;
• to our existing or potential agents or business partners;
• to third parties to collect and process data, such as Google Analytics, Meta Pixel or other relevant analytics businesses;
• to prevent actual or potential fraud or illegal activity; or
• if we are otherwise required to do so by law.

If personal information is disclosed to a third party, we will take reasonable steps to ensure your personal information is treated in accordance with the laws that apply to personal information in that country.

OVERSEAS DISCLOSURE
We may store personal information overseas, including in the United States, Europe or the United Kingdom. Where we disclose your personal information to third parties, these third parties may also store, transfer or access personal information outside of Australia.

Before disclosing your personal information overseas, we take reasonable steps to ensure that the recipient treats your information in accordance with applicable law by only sending what is necessary, requiring recipients to protect your information through contractual agreements which require the recipient to comply with the privacy standards in applicable law or through other mechanisms that provide comparable safeguards and by monitoring how recipients handle your information.

WHEN AND HOW DO WE COLLECT YOUR PERSONAL INFORMATION?

Personal Information: We collect your personal information from you in a variety of ways, including:

• when you provide it directly to us, including face-to-face, over the phone, over email or online;
• when you make an enquiry about Kepler Analytics or purchase Kepler Analytics Products from us;
• when you complete a form, such as registering for any events or newsletters, or responding to surveys;
• when you use any software or website we operate and make available to you (including from any analytics and cookie providers or marketing providers. See the “Cookies” section below for more detail on the use of Cookies);
• if you are an end user of one of our Customers, or
• from publicly available sources.

WHAT IF YOU DON’T WANT US TO COLLECT YOUR PERSONAL INFORMATION?

You are not obligated to provide us with your personal information. You may choose whether you receive communications from us. Whilst it is your choice not to provide your personal information to us this may impede our ability to provide you with all of the functionality of our Kepler Analytics Products.

WHAT IF YOU DON’T WANT TO RECEIVE FURTHER COMMUNICATIONS FROM US?

Should you wish to remove yourself from our contact database you may do so at any time by contacting our Privacy Officer via our website at www.keplerusa.wpenginepowered.com.

HOW CAN I ACCESS, CORRECT AND/OR UPDATE PERSONAL INFORMATION YOU HAVE COLLECTED?

At any time you may contact our Privacy Officer and request your personal information be modified. We will make all efforts to correct data once we have proven your identity.

We will deal with all requests for access to personal information as quickly as possible, but no later than 30 calendar days from the date of your request (unless any complexities arise). Requests for a large amount of information, or information which is not currently in use, may require further time before a response can be given.

We will provide you your personal information in a structured, commonly used, machine-readable format.

In some cases, we may be legally permitted to withhold access to the personal information we hold about you.

If we refuse to give you access we will provide you with reasons for our refusal, unless doing so would be unreasonable in the circumstances. We will also take reasonable steps to give you access in a way that meets your needs without giving rise to the reasons of our refusal. Further, we will provide details of how you may make a complaint about our decision.

Please note that the access and correction requirements under this Privacy Policy operates alongside and do not replace other informal or legal procedures by which an individual can be provided access to, or correction of, their personal information.

HOW DO WE STORE AND PROTECT YOUR PERSONAL INFORMATION?

For us to provide excellent service we are required to store some personal information and take the greatest of care to ensure this information is treated as private and confidential. Transmitting personal data via the internet does have inherent risks associated with it. We will however take all reasonable steps to ensure the security of this data. Note that no information transmitted over the Internet can be guaranteed to be completely secure. While we will endeavour to protect your personal information as best as possible we cannot guarantee the security of any information that you transmit to us, or receive from us. The transmission and exchange of information is carried out at your own risk.

Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

We have taken the necessary measures and put in place suitable physical, electronic and managerial procedures to safeguard and secure personal information (including the financial information about yourself) and protect it from misuse, interference, loss and unauthorised access, modification and disclosure. In accordance with and as permitted by applicable law and regulations we will retain your information as long necessary to serve you, to maintain your Kepler Analytics account or as otherwise need to operate our business.

Where we employ data processors to process personal information on our behalf, we only do so on the basis that such data processors comply with the requirements under the country in which your information is stored, including Australian privacy laws and the GDPR and that have adequate technical measures in place to protect personal information against unauthorised use, loss and theft.

It is important that you protect your privacy by ensuring that no one obtains your personal information and you must contact us directly if your details change. Should your information be erroneously provided to us or no longer remain valid within the constraints of this Privacy Policy we will securely destroy or de-identify it as soon as practicable, as long as it is lawful to do so.

END USER PERSONAL INFORMATION

You may provide us with access to your Customers’ (the end user) personal information to allow you to access analysis and data from our Products. The types of End User personal information that you may provide us access to and we may collect include:

• name;
• contact details, including street address, email address and/or telephone number;
• credit card, transaction or other payment details including items purchased from you, billing and invoice details;
• preferences and/or opinions provided to you;
• details of products and services purchased, enquired about, and your response;
• communication information including feedback, messaging, reviews or otherwise;
• device information including browser session and geo-location data, device and network information, statistics on customer page views and sessions, acquisition sources, search queries and/or browsing behaviour;
• dispute related information including any dispute case numbers, status, chargeback information and/or order cancellations that may be provided to you;
• information about access to your services, including time and physical locations spent in stores, spaces, or otherwise; and
• additional personal information that is provided to you, directly or indirectly, through the use of your services, associated applications, associated social media platforms and/or accounts where you collect End User information.

How we collect end user personal information

We require our clients and third parties to comply with the relevant privacy laws and, if required by law, to gather any consents or follow relevant requirements when obtaining end user personal information. We may collect and access end user personal information from clients and third parties through our Products and services.

GOOGLE ANALYTICS

We use Google Analytics to understand how people use our website. This involves cookies that collect information about your browsing activity. You can opt out of Google’s advertising features through your Google account settings, browser add-ons, or your device’s privacy settings. Google provides various tools and options to control how your data is used for advertising purposes. You can learn more about how Google uses your data and your available options on Google’s privacy pages.

META ADVERTISING TOOLS

We use Meta’s advertising tools (such as Meta Pixel) to understand how our ads perform and to show you more relevant advertisements on Meta platforms like Facebook and Instagram when you visit our website or app. You can manage whether we connect information from our website with your Meta account for advertising purposes by adjusting your settings within your Meta account preferences.

USE OF ARTIFICIAL INTELLIGENCE (AI)

Overview: We may use artificial intelligence and machine learning technologies, including AI Technologies provided by third parties (AI Technologies) in our business operations and the provision of our services. We will only use AI Technologies when legally permitted and necessary for our business operations.

How we use AI Technologies: We may use AI Technologies for the following purposes:

●  to conduct analysis and processing;
●  to generate and modify content and coding;
●  to improve and optimise our services and operations;
●  to automate certain processes and communications, such as routine tasks;
●  to personalise your experience with our services;
●  for quality assurance purposes; and
●  to assist with customer support and queries.

Data Protection and Security: Where we use service providers who provide AI Technologies to us, we will take reasonable steps to ensure that such service providers handle your personal information according to privacy law, including by ensuring that we have contracts in place requiring the service provider to protect personal information.

COOKIES

Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology.

Insofar as those cookies are not strictly necessary for the provision of our website and services, we will ask you to consent to our use of cookies when you first visit our website.

HOW DO WE USE COOKIES?

We use cookies in a range of ways to improve your experience on our website, including:

• Keeping you signed in
• Understanding how you use our website
• Providing you with a personalised service

WHAT TYPES OF COOKIES DO WE USE?

There are a number of different types of cookies, however, our website uses:

Functionality – we use these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.

Advertising – we use these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. Sometimes we share some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.

HOW TO MANAGE COOKIES

You can set your browser not to accept cookies. Each browser has their own way to remove cookies from your browser. However, the proper functionality of our services may not work without having cookies enabled.

THIRD PARTY SITES

Our site may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that we are not responsible for the privacy practises of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.

ADDITIONAL RIGHTS AND INFORMATION FOR INDIVIDUALS LOCATED IN THE EU OR UK 

Under the GDPR individuals located in the EU and the UK have extra rights which apply to their personal information. Personal information under the GDPR is often referred to as personal data and is defined as information relating to an identified or identifiable natural person (individual). This section sets out the additional rights we give to individuals located in the EU and UK, as well as information on how we process the personal information of individuals located in the EU and UK. Please read the Privacy Policy above and this section carefully and contact us at the details at the end of the Privacy Policy if you have any questions.

WHAT PERSONAL INFORMATION IS RELEVANT?

This Appendix applies to the personal information set out in the Privacy Policy above. This includes any Sensitive Information also listed in the Privacy Policy above which is known as ‘special categories of data’ under the GDPR.

PURPOSES AND LEGAL BASES FOR PROCESSING

We collect and process personal information about you only where we have legal bases for doing so under applicable laws. We have set out below, in a table format, a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please reach out to us if you need further details about the specific legal ground.

DATA TRANSFERS

The privacy protections available in the countries to which we send data for the purposes listed above may be less comprehensive that what is offered in the country in which you initially provided the information. Where we transfer your personal information outside of the country in which you initially provided the information. Where we transfer your personal information outside of the country where you are based, we will perform those transfers using appropriate safeguards in accordance with the requirements of applicable data protection laws and we will protect the transferred personal information in accordance with this Privacy Policy and Appendix 1. This includes:

• only transferring your personal information to countries that have been deemed by applicable data protection laws to provide an adequate level of protection for personal information; or
• including standard contractual clauses in our agreements with third parties that are overseas.

DATA RETENTION

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

EXTRA RIGHTS FOR EU AND UK INDIVIDUALS

You may request details of the personal information that we hold about you and how we are process it (commonly known as a “data subject request”). You may also have a right in accordance with applicable data protection law to have your personal information rectified or deleted, to restrict our processing of that information, to object to decisions being made based on automated processing where the decision will produce a legal effect or a similarly significant effect on you, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to you or another organisation.

If you are not happy with how we are processing your personal information, you have the right to make a complaint at any time to the relevant Data Protection Authority based on where you live. We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Authority, so please contact us in the first instance using the details set out below in the Complaints section.

CALIFORNIA PRIVACY RIGHTS

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us by submitting your request to helpdesk@kepleranalytics.com.
If you are under 18 years of age, reside in California, and have a registered account with the Application, you have the right to request removal of unwanted data that you publicly post on the Application. To request removal of such data please contact us via your app under “General Enquiries & Feedback” and confirm the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Application, but please be aware that the data may not be completely or comprehensively removed from our systems.

COMPLAINTS

How to contact us about your rights or to make a complaint and what happens next.

Step 1: Contact our privacy officer

• Email: info@kepleranalytics.com
• Phone: +61 1800 300 892
• Post: Level 4, 34 Queen Street, Melbourne Vic 3000, Australia

What to include:

Your full name, contact details, clear details about your request or complaint, and any relevant dates or reference numbers.

Step 2: Our response

We will:

• Verify your identity before processing your request
• Investigate thoroughly (for complaints) or process your request (for rights)
• Respond to you in writing within reasonable timeframes
• Explain what actions we will take and keep you updated on progress
• Not charge you for making a request (except for reasonable access fees if applicable)
• Help you understand and exercise your rights

Step 3: If you’re not satisfied (complaints only)

If you’re not satisfied with our response to your complaint, you can:

• Ask for a review by our senior management, or
• Australian residents: Office of the Australian Information Commissioner (Phone: 1300 363 992, Website: www.oaic.gov.au)

Last Updated: 5 September 2025