Legal

    Privacy Policy

    Effective: 22 March 2026·Controller: RetailBiz.tech Pty Ltd·Covers GDPR · CCPA/CPRA · PIPEDA · LGPD · PDPA

    1. Who We Are

    RetailBiz.tech Pty Ltd ("RetailBiz.tech", "we", "us", or "our") is a retail technology consulting and systems integration firm. We act as the data controller for personal data collected through our website, marketing activities, and client engagement processes.

    Our registered address is: 123 Tech Avenue, Innovation City, CA 94025, United States. Our Data Protection contact is reachable at privacy@retailbiz.tech.

    2. Information We Collect

    We collect personal data in the following categories:

    Contact & Enquiry Data

    • Full name, work email address, company name, job title
    • Phone number (if voluntarily provided)
    • Content of messages submitted via our contact form
    • Annual revenue range and area of interest (for engagement scoping)

    Marketing & Engagement Data

    • Email open rates, click-through data, and campaign interaction history
    • Newsletter subscription preferences and opt-in timestamps
    • Source and medium of initial engagement (Google, LinkedIn, referral, etc.)
    • UTM parameters and advertising attribution data

    Technical & Usage Data

    • IP address, browser type, operating system, and device identifiers
    • Pages visited, time on site, scroll depth, and session recordings
    • Referral URLs and search queries that led to our site
    • Cookie identifiers and tracking pixel data (where consent is given)

    Client Engagement Data

    • Business information shared during discovery calls, workshops, or audits
    • Project documentation, scope of work, and deliverables
    • Billing and payment information (processed by Stripe — we do not store card data)
    • Communications via email, Slack, or other collaboration tools

    3. How We Use Your Information

    We use collected personal data for the following purposes:

    • Responding to enquiries submitted via our contact form or email
    • Scheduling and conducting discovery calls and client engagements
    • Delivering consulting services, project deliverables, and advisory outputs
    • Sending marketing communications where you have opted in or where legitimate interest applies
    • Measuring and improving our website, content, and marketing performance
    • Processing invoices and payments for services rendered
    • Complying with legal obligations and enforcing our terms of service
    • Fraud prevention, security monitoring, and abuse detection

    4. Marketing Communications

    We send marketing emails, insights newsletters, and service updates. You may receive these if:

    • You have explicitly subscribed via our newsletter form (consent-based, GDPR lawful basis: consent)
    • You submitted an enquiry and have not opted out (legitimate interest basis for B2B contacts)
    • You are an existing client receiving relevant service or product updates

    Every marketing email contains an unsubscribe link. You may also opt out at any time by emailing privacy@retailbiz.tech. We will process opt-out requests within 5 business days and you will receive no further marketing communications after that point.

    Where we rely on legitimate interest for B2B marketing, we have conducted a Legitimate Interest Assessment (LIA) and determined our interests do not override the fundamental rights of business contacts. You retain the right to object at any time (see Section 9).

    5. Legal Bases for Processing (GDPR)

    For individuals in the European Economic Area, United Kingdom, or Switzerland, we process personal data under the following lawful bases under Article 6 of the GDPR:

    PurposeLawful Basis
    Responding to contact form enquiriesContract (Art. 6(1)(b)) / Legitimate Interest
    Delivering consulting servicesContract (Art. 6(1)(b))
    Newsletter & marketing to subscribersConsent (Art. 6(1)(a))
    B2B marketing to business contactsLegitimate Interest (Art. 6(1)(f))
    Website analytics and performance measurementLegitimate Interest / Consent (cookie-dependent)
    Payment processingContract (Art. 6(1)(b))
    Legal compliance and record-keepingLegal Obligation (Art. 6(1)(c))
    Security and fraud preventionLegitimate Interest (Art. 6(1)(f))

    6. Sharing & Third-Party Subprocessors

    We do not sell personal data. We share data only with trusted subprocessors who assist us in operating our business and delivering services. All subprocessors are contractually bound by data processing agreements (DPAs) and are required to protect data to at least the standard required by applicable law.

    Our current subprocessors are listed below:

    SubprocessorPurposeLocationTransfer Basis
    Google WorkspaceEmail, calendar, document collaborationUnited StatesSCCs + Adequacy
    Google Analytics 4Website analytics and behaviour measurementUnited StatesSCCs
    HubSpotCRM, contact forms, marketing automationUnited StatesSCCs
    ZoomDiscovery calls and client video meetingsUnited StatesSCCs
    SlackInternal team communicationsUnited StatesSCCs
    NotionProject management and client documentationUnited StatesSCCs
    StripePayment processing and invoicingUnited StatesSCCs
    VercelWebsite hosting and content deliveryUnited StatesSCCs
    CloudflareCDN, DDoS protection, and securityUnited StatesSCCs
    HotjarSession recording and heatmap analyticsIreland (EU)Adequacy
    SentryApplication error monitoring and alertingUnited StatesSCCs
    KlaviyoEmail marketing platform (where consented)United StatesSCCs
    LinkedIn AdsB2B retargeting and lead generation adsUnited StatesSCCs
    Meta BusinessAd performance tracking (where consented)United StatesSCCs

    We will update this list when subprocessors are added or removed, with at least 14 days' advance notice for material changes that affect your rights.

    7. International Data Transfers

    RetailBiz.tech operates internationally. Where personal data is transferred outside of the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions, we rely on one or more of the following safeguards:

    • Standard Contractual Clauses (SCCs) approved by the European Commission (2021 versions)
    • UK International Data Transfer Agreements (IDTAs) where applicable
    • Adequacy decisions issued by the European Commission or relevant national authority
    • Binding Corporate Rules (BCR) where maintained by the receiving organisation

    You may request a copy of the relevant transfer mechanisms by contacting us at privacy@retailbiz.tech.

    8. Data Retention

    We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law:

    Data CategoryRetention Period
    Enquiry and contact form data2 years from last interaction, or until deletion requested
    Client engagement data7 years from project completion (legal/audit requirements)
    Marketing subscription dataUntil unsubscribe or deletion request, then 30 days
    Payment and invoicing records7 years (tax and accounting obligations)
    Website analytics (anonymised)14 months (Google Analytics default)
    Session recordings (Hotjar)365 days
    Security and access logs90 days

    9. Your Rights

    Depending on your jurisdiction, you may have the following rights regarding your personal data:

    • Right of Access — request a copy of the personal data we hold about you
    • Right to Rectification — request correction of inaccurate or incomplete data
    • Right to Erasure ('Right to be Forgotten') — request deletion of your data where no legal basis for retention exists
    • Right to Restriction — request we limit processing of your data in certain circumstances
    • Right to Data Portability — receive your data in a structured, machine-readable format
    • Right to Object — object to processing based on legitimate interest, including direct marketing
    • Right to Withdraw Consent — withdraw consent at any time where consent is the lawful basis
    • Right not to be subject to automated decision-making with legal or significant effects

    To exercise any of these rights, contact us at privacy@retailbiz.tech with the subject line "Data Rights Request". We will respond within 30 days (extendable to 60 days for complex requests with notification).

    If you are in the EEA or UK and believe we have mishandled your data, you have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or your national DPA in the EU).

    10. California Residents (CCPA/CPRA)

    If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you additional rights:

    • Right to Know — the categories and specific pieces of personal information we have collected about you in the past 12 months
    • Right to Delete — request deletion of personal information we have collected, subject to certain exceptions
    • Right to Correct — request correction of inaccurate personal information
    • Right to Opt-Out of Sale or Sharing — we do not sell or share personal information for cross-context behavioural advertising
    • Right to Limit Use of Sensitive Personal Information — we do not process sensitive personal information for purposes beyond what is necessary
    • Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA/CPRA rights

    To submit a verifiable consumer request, email privacy@retailbiz.tech with "CCPA Request" in the subject line. We will respond within 45 days, extendable by a further 45 days with notice.

    In the preceding 12 months, we have collected the following categories of personal information: identifiers (name, email), commercial information (service enquiries), internet activity (website usage), and professional information (company, role). We have not sold personal information.

    11. Cookies & Tracking

    Our website uses cookies and similar tracking technologies. We categorise them as follows:

    • Strictly Necessary — required for the website to function (session management, security). No consent required.
    • Analytics & Performance — Google Analytics 4, Hotjar. Activated only with your consent.
    • Marketing & Advertising — LinkedIn Insight Tag, Meta Pixel. Activated only with your consent.
    • Functional — remembering preferences and settings. Activated with consent.

    You can manage or withdraw your cookie consent at any time using the cookie preference centre accessible from the footer of our website, or by clearing cookies in your browser settings. Note that disabling certain cookies may affect site functionality.

    12. Children's Privacy

    Our services are directed exclusively at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. If you believe we have collected data from a minor, contact us at privacy@retailbiz.tech.

    13. Changes to This Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

    • Update the Effective Date at the top of this page
    • Notify subscribed users by email at least 14 days before the changes take effect
    • Display a prominent notice on our website for 30 days following a material change

    Continued use of our website or services after the effective date of a revised policy constitutes your acknowledgement of the changes.

    14. Contact & Data Requests

    For all privacy-related enquiries, data subject requests, or complaints, please contact our Data Protection Officer:

    RetailBiz.tech Pty Ltd

    Email: privacy@retailbiz.techAddress: 123 Tech Avenue, Innovation City, CA 94025, United StatesResponse time: Within 30 days of receipt

    You also have the right to contact the relevant supervisory authority in your jurisdiction if you are unsatisfied with our response.