PRIVACY POLICY

This Privacy Policy explains how Apextra Pty Ltd (ABN 65 671 712 824) ("Apextra", "we", "us" or "our") handles personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By visiting our website, interacting with us, applying for a role with us or providing personal information to us, you agree that we may collect, hold, use and disclose your personal information in accordance with this Policy.

In some engagements we handle personal information solely on behalf of a business client (for example, when we run campaigns for organisations in property, conveyancing, legal, financial services or healthcare sectors). In those cases, our client's privacy policy will also apply and we handle personal information strictly in line with their written instructions.

Apextra Pty Ltd is an Australian marketing and sales agency that designs, builds and operates growth systems for businesses. Our services include, for example:

• Digital advertising and demand generation (e.g. Google Ads, Meta, TikTok and other platforms).
• CRM management, marketing automation and outbound sequences using platforms such as Go High Level (GHL) and similar tools.
• Sales development and closing services, including SDR and Sales Closer teams via phone, SMS and email.
• Database reactivation, appointment setting and calendar management on behalf of our clients.
• AI-assisted call review, coaching and optimisation services to improve campaign performance and compliance.

The types of personal information we collect depend on who you are and how you interact with us. We may collect information about:

We do not intentionally collect sensitive information (such as health or financial details) unless it is reasonably necessary for a particular campaign or engagement and you have provided it to us, or we are otherwise permitted or required by law to collect it.

We use personal information for purposes that are reasonably necessary for our business activities, including to:

• Plan, deliver and optimise marketing, sales and appointment‑setting campaigns for our clients.
• Contact customers and prospects on behalf of our clients, including by phone, SMS, email and digital advertising, in line with applicable laws.
• Provide, operate and improve our websites, landing pages, CRM systems and AI‑enabled tools.
• Review, monitor and improve call quality, compliance and performance (including by recording and transcribing calls and using AI‑assisted analysis to flag potential issues, coaching opportunities and patterns).
• Prepare aggregated or de‑identified reports and insights for clients to help them understand campaign performance.
• Respond to enquiries, provide support and manage our relationship with clients and suppliers.
• Recruit, onboard and manage staff and contractors.
• Comply with legal and regulatory obligations, including under the Privacy Act, Spam Act 2003 (Cth), Do Not Call Register Act 2006 (Cth) and sector‑specific requirements (for example health and advertising guidelines).

Where we use AI tools to assist with call review or campaign optimisation, we configure those tools so that personal information is used only for our purposes or our client's purposes and is not used to train public AI models or to create unrelated marketing audiences.

We do not sell personal information or rent contact lists to third parties. Where possible, we use de‑identified or aggregated data for analytics and reporting.

Apextra may share information with trusted partners who help us deliver services, such as:

• White-label marketing teams
• Media-buying partners
• Google, Meta, TikTok and other advertising platforms
• CRM and automation tools (including GHL)
• Analytics, IT, and support providers

Some partners operate overseas. Where this occurs, Apextra ensures they follow Australian Privacy Principles.

For most campaigns we act as a service provider to business clients. This means we handle personal information about their customers and prospects only to provide the services they have engaged us to deliver, such as lead generation, appointment setting, database reactivation and sales support.

When we act in this capacity, we treat our client as the primary controller of that personal information. We only use and disclose the information in line with our contract and their documented instructions, and we do not use it to market unrelated products or services or to build profiles for other clients.

Many of our clients operate in regulated and relationship‑driven sectors such as property and conveyancing, legal and financial services, and healthcare and clinics. We work with those clients to align our practices with their specific privacy, security and compliance requirements.

We may disclose personal information to third parties where reasonably necessary for the purposes described in this Policy, including to:

• Our business clients, where the information relates to campaigns or services we are running on their behalf.
• Service providers who help us deliver our services, such as cloud hosting providers, communication platforms, call recording and transcription tools, AI‑analysis and analytics providers, payment processors and IT support.
• Professional advisers such as lawyers, auditors, accountants and insurers.
• Regulators, government authorities, dispute resolution bodies or law‑enforcement agencies where required or authorised by law, or to protect our rights or the rights of others.

Some of these third parties may be located outside Australia. This may include, for example, service providers and team members based in countries such as the Philippines, Ethiopia, the United States, the United Kingdom or member states of the European Union, depending on the tools and resources used for a particular campaign.

Where we disclose personal information overseas, we take reasonable steps to ensure the recipient will handle it in a way that is consistent with this Policy and the APPs, for example by using reputable providers and incorporating privacy and security obligations into our contracts.

We may use personal information to send marketing and campaign communications on our own behalf or on behalf of our clients, where this is permitted by law or where you have provided your consent.

All marketing communications include an option to opt out or unsubscribe. If you tell us you no longer wish to receive marketing communications, we will act on your request as soon as reasonably practicable and will add your details to our suppression lists.

Our website and campaign pages use cookies, pixels and similar technologies to understand how people use our content, measure performance and improve user experience. You can usually control or disable cookies through your browser settings, although some features of our website may not work properly if you do so.

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. Measures we use include:

• Role‑based access controls and "need‑to‑know" permissions within our systems.
• Use of reputable cloud platforms with security features such as encryption in transit, encrypted backups and audit logging where available.
• Password and device‑security practices, including multi‑factor authentication on key systems where supported.
• Staff training on privacy, security and campaign‑specific compliance obligations.
• Internal processes for onboarding and offboarding staff and contractors, including revoking access when it is no longer required.

No method of transmission or storage is completely secure. While we work hard to protect personal information, we cannot guarantee absolute security. If we become aware of a data breach that is likely to result in serious harm, we will assess it and, where required, notify affected individuals and the Office of the Australian Information Commissioner (OAIC).

We keep personal information only for as long as it is reasonably necessary for the purposes described in this Policy, or as required by law. This may include retaining certain records for a period after a campaign or relationship ends in order to meet legal, tax, accounting or reporting obligations.

For data we process on behalf of a client, our retention period will usually be set out in our agreement with that client. We can de‑identify or delete campaign data on request from the client, where it is no longer required and where we are not legally obliged to retain it.

You may request access to the personal information we hold about you, or ask us to correct information that you believe is inaccurate, out‑of‑date, incomplete, irrelevant or misleading.

To make a request, please contact us using the details in section 13 below. We may need to verify your identity before we can provide access or make changes. We will respond to your request within a reasonable time and, where practicable, within 30 days.

Access to your personal information will generally be provided free of charge, although we may charge a reasonable administrative fee where permitted by law if your request is complex or resource‑intensive. If we are unable to provide access or make a correction, we will explain why and outline the steps you can take.

If you have any questions about this Privacy Policy, or if you wish to make a complaint about how we have handled your personal information, please contact us using the details below. Please provide as much detail as you can about your concern so that we can investigate it properly.

We will acknowledge your complaint and aim to investigate and respond within 30 days. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):

If you would like to contact us about this Privacy Policy or our handling of personal information, please use the following details:

We may update this Privacy Policy from time to time to reflect changes in our business, technologies, legal requirements or best practice. The most current version will always be available on our website at apextra.io/privacy-policy (or a replacement URL notified by us). By continuing to use our website or services after an updated Policy is posted, you agree to the revised terms.