Rezdy Privacy Policy

banner shape curve break

Last updated: 12 September 2022

  1. Purpose of policy
    1. Rezdy is committed to complying with its obligations under Data Protection Laws.
    2. This Policy sets out:
      1. how and why we collect and use personal data about you; and
      2. what controls you have over your personal data in our possession.
    3. This Policy is subject to change at our discretion. The current version will always be available on our Website.
  2. Definitions
    1. In this Policy:
      • Activities means tours, commercialised experiences, entertainment transportation, tickets or other activities provided by our affiliates of customers from time to time in connection with the Services and Activity has a corresponding meaning.
      • Data Protection Laws refers to the laws designed to protect Personal Data and privacy in the location that persons or entities reside. For Rezdy, these include but are not limited to: the Australian Privacy Act 1988 (as amended, the AU Privacy Act); the European General Data Protection Regulation with the long title Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR); the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), the California Consumer Privacy Act (CCPA); the United Kingdom’s retained version of the GDPR (UK GDPR); the United Kingdom Data Protection Act 2018 (DPA) and the New Zealand Privacy Act 2020 (as amended, the NZ Privacy Act). Rezdy is committed to adhering to these Data Protection Laws, and to any other applicable Data Protection Laws.
      • EEA refers to the European Economic Area.
      • OAIC means the Office of the Australian Information Commissioner;
      • Payment Processors and Payment Facilitators refers to third-parties that process your payments for the Services.
      • Personal Data means information about you which personally identifies you or may reasonably be used to personally identify you pursuant to Data Protection Laws. The AU Privacy Act, NZ Privacy Act, PIPEDA and CCPA refer to the comparable concept of ‘Personal Information’, in this Policy, any reference to Personal Data shall include Personal Information.
      • Platform means any platform on which we provide the Services.
      • Processing, including process, refers to the broad terms for collection, storage, transfer, use, or other action related to your Personal Data.
      • Rezdy or we, us or our means Rezdy Pty Limited (ACN 153 242 632) or its associated entities as appropriate.
      • Sensitive information has the meaning given to that term in the AU Privacy Act, including Data Protection Laws where the term holds a corresponding meaning.
      • Services refers to services provided by Rezdy to you, which may include but is not limited to the Rezdy Software, Distribution Services, RezdyPay and associated support services.
      • Website means the Website available at
      • You or your means you as an individual using our Website, Services or otherwise contacting us (on your own behalf, or for another individual or entity).
  3. Types of Personal Data we collect
    1. We collect, hold and process various types of Personal Data that can be grouped together as follows:
      1. Identity Data including your name, domain name, location, gender and date of birth;
      2. Contact Details including billing address, email address for primary and secondary contacts and telephone number;
      3. Financial Data including bank account and payment card details, including credit card number and expiry date and security code (CVC);
      4. Transaction Data including details about payments made to and from you in connection with the Services, identity of customers, resellers or suppliers (as applicable), details of activities listed, booked, or otherwise dealt with through our Services and all other information convenient in relation to the provision of our Services;
      5. Technical Data including internet protocol (IP) address, your login data, browser type and version, access times, webpage you are directed from, webpage(s) or content you historically accessed for us, time zone settings and location, browser plug-in versions and types, operating system and websites, and other technology in devices used to access our Website and/or Services or the users of our Services or Platform;
      6. Portal Data including your username and password, portal preferences, feedback and survey responses;
      7. Usage Data including information about your usage of our Website, Services, and activities including information retrieved from ‘cookies’; and
      8. Marketing and Communications Data including your preference in receiving marketing from us and communicating with us, including our third parties.
    2. Where we solicit Personal Data, we only collect:
      1. non-Sensitive Information, if it is reasonably necessary for our Services;
      2. Sensitive Information, if it is reasonably necessary for or directly related to our Services and you have consented to its collection, or its collection is permitted or authorised by law.
    3. We may collect various other types of Personal Data, including Sensitive Information, in the course of conducting our business where it is provided to the users of the Services or Platform or other persons without being solicited.
  4. How we collect Personal Data
    1. We may collect Personal Data about you through any of the following methods:
      1. Direct interactions where you provide us with Identity, Profile, Contact, Financial and Transaction Data through completing documentation for us or communicating by phone, email, post, via our Website, Platform or otherwise. This includes Personal Data that is provided to us when you:
        1. access or use our Website or Platform;
        2. subscribe to our Services;
        3. request marketing from us;
        4. provide us with feedback; or
        5. otherwise contact us, our employees, or clients in the course of our business.
      2. Automated technology and data where you interact with our Website, Platform and/or Services, we automatically collect Technical, Usage and Marketing or Communications Data. We collect this Personal Data using particular service providers, cookies and server logs/log files.
      3. Third parties or publicly available sources where Personal Data about you is made available as follows:
        1. Technical Data from advertising networks, search information providers and analytics providers;
        2. Contact, Financial and Transaction Data from technical and payment services connected to our Services;
        3. Identity and Contact Data made available from public sources, law enforcement or government entities in other jurisdictions (as applicable); and
        4. Identity and Contact Data from third-party applications where the Services require the import of information about users and their clients to fulfil activities and facilitate payments.
    2. If we solicit Personal Data, we will generally solicit it directly from the person it relates to or their agents, unless it is unreasonable or impracticable for us to do so.
    3. It is generally not practicable for us to deal with persons on an anonymous or pseudonymous basis. If you do not provide us with your Personal Data, we are unlikely able to provide you with our Services.
  5. How we use your Personal Data
    1. We use your Personal Data as permitted by applicable law. Under the GDPR, we are the data processor and data controller for your Personal Data when you access and use our Website and Services, subject to clause 5.2.
    2. If we process your Personal Data because you use our Services as a result of your relationship with a person or entity that we supply our Services to, we are not the data controller for that Personal Data. In this event, we act as a data processor by processing your Personal Data on behalf of our user. Please refer to that user’s privacy policy for guidance on how your Personal Data is processed in this instance.
    3. In accordance with applicable law, we commonly use your Personal Data for various purposes, including:
      1. Performance of contractual obligations and our terms of Service including providing Services or access to our Website, facilitating interactions with you in respect of operating our business, processing payments, billing, or claims, responding to enquiries, requests and feedback technical assistance, sales support, maintaining technical and account history, Service updates, storing information at third-party data centres, assessing the performance of aspects of our business, conducting business processing functions, any other uses identified at the time of Personal Data collection, including necessary steps taken prior to entering a contract with you;
      2. Administrative obligations including marketing (including direct marketing), planning, Service development, quality control, identifying the source of new customers, verifying your identity (in the case of ABNs), monitoring your compliance, complying with reporting requirements, and research for our business and its associated entities, contractors or third-party service providers;
      3. Legitimate interests including where it is necessary for those of a third party and the use of Personal Data does not override your interests or fundamental rights in relation to that Personal Data. We acknowledge that legitimate interests mean interests in conducting or managing our business to allow us to provide you with a high standard of Services and secure experience. We will consider the balance between potential impacts on you and your rights before we process your Personal Data for our legitimate interests. You can obtain further information on our assessment of legitimate interests in respect of your Personal Data by contacting us; and
      4. Compliance with legal obligations includes the AU Privacy Act, NZ Privacy Act, PIPEDA (and other applicable law) which require informed consent from you as the legal basis for our processing of your Personal Data. By submitting your Personal Data to Rezdy, you acknowledge and consent to our use of Personal Data as set out in this Policy. In the event we have processed your Personal Data prior to commencement of Data Protection Laws (or applicable privacy laws in your location), you consent to us continuing to process your Personal Data pursuant to this Policy.
    4. We may disclose your Personal Data to such persons as is necessary to achieve the above purposes. This will often include disclosure to our related bodies corporate, contractors, or other third-party service providers.
    5. We may use or disclose Personal Data for secondary purposes where it would be reasonable to expect us to do so, and that secondary purpose is related (or directly related in the case of Sensitive Information) to the primary purpose.
    6. In addition to clause 5.3, parties using the Platform may have Personal Data provided to the parties in your relevant transactions to give effect to those transactions. We will treat all information collected from suppliers, consumers, agents, or resellers as strictly confidential. We will not rent or lease any customer lists to third parties. Except for clause 5.7, we will not reveal, disclose, sell, distribute, rent, license, share or otherwise pass on to any third party (other than those that are contracted or supply services to Rezdy) any of your Personal Data without your express consent to do.
    7. Rezdy may disclose your Personal Data, without your notice or prior consent, only for:
      1. Good Faith purposes where it is reasonably believed appropriate to disclose information to a party in connection with the deficient provision of our Services to you or users of our Platform;
      2. Adherence to the law where it is required or in good faith reasonably believed that such action is necessary to comply with applicable law, codes of conduct or legal process served on us in relation to our business;
      3. Permitted contractors who provide licensed collection services, payment processing and are compliance with our Privacy Policy;
      4. Sale of business where we entirely, or in part, sell our business; and
      5. Protection of personal safety of users of our Services, Website, our personnel, or the public in circumstances deemed extremely necessary.
    8. Where you refuse to provide Personal Data to us, that is required by law or under the terms of a contract we entered with you, we may cancel your Services with us by notification to you.
    9. Rezdy does not store Financial Data that is collected and processed for billing or payment purposes on servers and equipment it controls. This Personal Data is stored on servers and other equipment managed by the Payment Processors and Payment Facilitators as described under this Policy.
  6. Overseas transfer of Personal Data
    1. We may disclose Personal Information to third parties overseas for the purposes for which we collect and use that information. Any such disclosure will be completed in accordance with a requisite degree of protection. If you are based in the EEA or the UK, we will ensure at least one of the following safeguards is implemented:
      1. we will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for your Personal Data;
      2. if we transfer your Personal Data to any other country that is not subject to an adequacy decision of the UK or the European Commission (as applicable) in relation to an adequate level of protection of Personal Data, we shall ensure that there is a legal basis and, where required, a reasonable safeguard for such data transfer to ensure your Personal Data is dealt with in a manner that is consistent with applicable laws and regulations on data protection in the UK or the EEA (as applicable); or
      3. if we use particular service providers outside of the UK and/or the EEA (as applicable), we may rely on contracts approved for use in the UK and/or the EEA (as applicable) that provide Personal Data with the same protection it holds in the UK and/or the EEA (as applicable).
    2. In the following locations, we will use the safeguards listed that are applicable to your transfer of Personal Data:
      1. United States (California) – Your Personal Data will only be transferred to entities in the United States of America that: (1) have signed agreements with us or have notified us that they are GDPR-compliant; and (2) have concluded standard contractual clauses for the transfer of Personal Data outside the EEA;
      2. Canada – We may transfer your Personal Data to entities in Canada, but Canada has been determined to have an “adequate level of protection” for your Personal Data under European Data Protection Law; and
      3. Australia – We may transfer your Personal Data to entities in Australia, however we rely on binding corporate rules for Rezdy to protect your Personal Data.
    3. We will attempt to ensure that persons to whom the disclosed Personal Data relates have comparable rights in relation to that information once disclosed overseas. Please note you have the right to refuse to have your Personal Data transferred overseas and you must contact our Privacy Officer to make this request. However, you acknowledge that making this request may prevent you from being able to use part or all of our Services (as applicable).
  7. Marketing and Promotional Materials
    1. Under the GDPR, we generally do not rely on consent as our legal basis for processing your Personal Data. You hold the right to withdraw your consent to receive marketing or promotional materials from us by following the “opt-out” instructions in the email you receive. The opt-out instructions will notify you of how to remove your Contact Data from our promotional email list.
    2. If you choose to opt-out or otherwise withdraw your consent to marketing and promotional materials, this will not make our processing of your Personal Data before you withdrew your consent unlawful.
    3. We will require your consent before sending any third-party direct marketing communications to you (as applicable).
  8. Limited purposes for gathering Personal Data
    1. As set out in this Policy, we may automatically collect Technical and Usage Data using third-party service providers (‘Third-Party Analytics’) to assist us in understanding your needs and the needs of Website visitors and users of the Services in the aggregate. Please note that we may receive Technical Data about your equipment, browsing actions and patterns from cookies or similar tracking technologies used on our Website. We use cookies that expire once a visitor leaves our Website and you may elect to adjust your Internet browser to refuse cookies; however, this may reduce the functionality of the Website.
    2. We may also process such Personal Data for statistical purposes to identify the quantity of visits to the Website, particular pages of the Website, and users in consideration of introducing improvements to our business. The Technical Data collected using Third-Party Analytics can be employed to trace any fraudulent or criminal activity, or any activity in violation of our Terms of Use.
    3. Your Personal Data may also be transferred to our email service providers to manage the mailing list for our marketing and promotional materials. As set out in this Policy, we will only permit email service providers to use your Personal Data for specified purposes and in accordance with our instructions. They will not transfer or sell your Personal Data to any other third party. Our emails are designed to be compliant with anti-spam laws including Australia’s Spam Act 2003, New Zealand’s Unsolicited Electronic Messages Act 2007, the American CAN-SPAM Act, and Canada’s Anti-Spam Law (S.C. 2010, c. 23). If you believe you have received mail in violation of these laws or any other anti-spam law, please contact us using the contact information in this Policy.
  9. How we store and protect Personal Data
    1. We may hold Personal Data in physical documents or in electronic form. Physical files are kept securely inside our access-controlled premises. Electronic files are only accessible through our secure network.
    2. We take reasonable steps to:
      1. limit access to your Personal Data to the employees, agents, contractors and other third parties who have a business obligation to know, limiting the processing of such data to our instructions and bound under a duty of confidentiality;
      2. ensure that Personal Data we collect is accurate, up-to-date, complete and relevant for the purpose it is used and disclosed, other than where it is only collected to provide advice in respect of a particular point in time, in which case we will seek to ensure it is accurate, complete and relevant as at that particular point in time;
      3. maintain procedures that protect Personal Data from misuse, interference, and loss, and from unauthorised access, modification, or disclosure where Data Protection Laws require us to do so; and
      4. destroy or de-identify Personal Data which is no longer required for the purposes for which it was collected, except where it is necessary to retain it to maintain ongoing records for our clients.
    3. We cannot guarantee the security of information transmitted via the internet. As such, transmission of Personal Data via the Internet is at your own risk.
    4. Rezdy uses industry standard practices to keep data collected secure (including Personal Data), including 128-bit SSL encryption for all transactions. Secure Sockets Layer (SSL) technology encodes information as it is sent over the Internet to assist in ensuring the information transmitted remains confidential. You can use your browser to check Rezdy’s valid SSL security certificates on the Website. We have selected our third-party vendors for their standards of security.
    5. We use Stripe for processing of secured credit card payments made through the Services. Please refer to Stripe’s Privacy Policy available through their public website for further details of their compliance with Data Protection Laws.
  10. Other disclosure by you
    1. Suppliers, consumers, agents and resellers may provide Personal Data through participation in message boards, email exchanges or other public communication channels provided by Rezdy in connection with our Website, Platform or Services. This information is public, immediately available to anyone available to anyone who has access to such a site and this Privacy Policy does not cover such information.
    2. You are responsible for controlling your password and its security in connection with our Services. If you lose control of your password, you may lose control over your Personal Data and be liable for actions taken on your behalf by third parties using your password and/or personal information.
    3. We take no liability for your dealings with Personal Data you collect.
  11. Your Personal Data legal rights
    1. Unless otherwise provided in this Policy, it is important that your Personal Data is accurate and current. Please keep us notified of changes to your Personal Data during your relationship with our business.
    2. Under the GDPR (and UK GDPR where applicable), certain circumstances will give you the following rights in relation to your Personal Data:
      1. Request access to your Personal Data which enables you to receive a copy of the Personal Data we hold about you and confirm that we are processing it in accordance with the law.
      2. Request correction of your Personal Data. This enables you to correct any incomplete or inaccurate data we hold about you, provided we can verify the accuracy of the new data you provide to us.
      3. Request erasure of your Personal Data. You may ask us to delete or otherwise remove Personal Data where there is no valid reason for us continuing processing it. You also have the right to ask us to delete or remove your Personal Data where you have successfully objected to processing (see below) because we may have processed your information unlawfully or because we are required to erase your Personal Data to comply with local law. Notwithstanding this, we may not always be able to comply with your request of erasure for legal reasons that we will notify you of, if applicable, at the time of your request for erasure.
      4. Objection to processing of your Personal Data in circumstances where we are relying on a legitimate interest (or a third party’s interests) and there is something about your situation which drives you to object to processing because you believe it impacts on your fundamental rights and freedoms. You may object to us processing your Personal Data for direct marketing purposes. In the event we demonstrate compelling legitimate grounds to process your information, this may override your objection to processing.
      5. Requesting restriction on the processing of your Personal Data. You have the right to ask us to suspend the processing of your Personal Data in the following situations:
        1. if our use of the Personal Data is unlawful, but you do not want us to delete it; or
        2. if you require us to hold the Personal Data; even if we no longer require it, because you need it to establish, exercise or defend legal claims; or
        3. if you have objected to our use of your Personal Data but we need to verify whether we have overriding legitimate grounds to use it; or
        4. if you want us to establish the Personal Data’s accuracy.
      6. Request for transfer of your Personal Data to you or to a third party. We shall give you, or a third party you have elected, your Personal Data in a structured, commercially reasonable, machine-readable format. Please note this right only applies to automated information which you initially provided consent for us to use, or where we used the information to complete performance of a contract with you.
      7. Withdrawal of consent at any time when we are reliant on consent to process your Personal Data. Please note, this will not affect the lawfulness of any processing carried out prior to the withdrawal of your consent. Upon withdrawal of consent, we may not be able to supply certain services to you. We will notify you if this occurs at the time you withdraw your consent.
    3. You may also be entitled to the following rights for your Personal Data depending on the applicable Data Protection Laws where you are located:
      1. the right to notification that Personal Data about you is being collected and has been accessed or acquired by an unauthorised person;
      2. the right, at any time, to withdraw your consent for Rezdy to process your Personal Data;
      3. the right to have your Personal Data erased from Rezdy’s records;
      4. the right to access your Personal Data, including relevant information around its processing and use;
      5. the right to be provided with a copy of your Personal Data in an easy-to-read format that you can transfer to another data processor;
      6. the right to have your Personal Data corrected or updated if you determine it is inaccurate or out-of-date;
      7. the right to object, on reasonable grounds for your specific situation, to the processing of your Personal Data;
      8. the right to opt out, at any time, of marketing communications we may send you;
      9. the right to know whether Rezdy sells or shares your Personal Data (and if so, who it is provided to). Please refer to that information elsewhere in this Policy, please note you may contact us if you need further information or clarification;
      10. the right to insist that Rezdy not sell your Personal Data;
      11. the right to limit the processing of your Personal Data if it is inaccurate or if our processing or use of it is not lawful;
      12. the right to reject any Rezdy marketing or advertising targeted at you; and
      13. the right to commence civil proceedings in relation to an alleged interference with the protection of your Personal Data.
    4. Where entitled under this clause 11, you may exercise your rights under this clause without impacting the price you pay to access and use the Services. Notwithstanding this, an exercise of certain rights may impact your ability to use some or all the Services.
    5. Please contact us using the listed contact details in this Policy if you choose to exercise any of the rights listed under clause 11. We may require and request further information to assist us in confirming your identity or clarifying your request under this clause 11. If we refuse a request to access or correct Personal Data, where reasonable, we will provide our reasons for doing so and information about your ability to complain about such refusal.
    6. There is no fee typically charged for access to your Personal Data (or any exercise of the other rights contained under clause 11), however, we retain the discretion to charge you a reasonable fee if your request is clearly repetitive, unfounded, or excessive or refuse to comply with such request.
  12. Children’s privacy statement
    1. Rezdy’s Website and Services are not intended for persons under 18 years of age (‘Children’). We do not knowingly collect and use Personal Data from Children.
    2. In the event we become aware of any inadvertent receipt of Personal Data from Children through the Website or Services, we will delete such information from our records in accordance with applicable law.
  13. Third-party links
    1. Rezdy’s Website and Services may include links to third-party Websites, applications, or plug-ins. If you click on third-party links or enabling third-party connections, you consent to third-party collection or sharing of data about you.
    2. Rezdy does not control third-party links and is not responsible for the privacy statements of third parties. When you are directed away from our Website or Services, we encourage you to read the privacy policy of each third-party website you visit.
  14. Changes to Privacy Policy
    1. Our Privacy Policy is current to the date indicated at the top of the front page. Rezdy reserves the right to update this Policy, from time to time, and provide the most recently updated version on the Website for you.
    2. In the event the Policy is significantly amended, we will publish a notice on our Website, and email you, if you are subscribed to our Services, to acknowledge the important changes.
  15. Complaints
    1. Complaints about our Policy or our collection, processing, use, disposal, or destruction of your Personal Data should first be directed to us at the details set out below. We will promptly investigate and attempt to resolve your complaint.
      • Contact: Privacy Officer
      • Email address:
    2. If we cannot resolve your complaint to your reasonable satisfaction, within a reasonable time, either we or you may refer the complaint to the applicable Privacy Commissioner or supervisory authority as listed in clause 15.3.
    3. You may contact the following applicable supervisory authority if you are not satisfied with the outcome of our investigation or complaints process, or if you would like to make a complaint directly about our Policy:
      1. UK and/or EU data protection regime – if you are in the UK, you should contact the Information Commissioner’s Office (ICO) or if you are in an EU GDPR compliant country, you should contact your local data protection authority;
      2. Australia – you can make a complaint to the Office of the Australian Information Commissioner (OIAC);
      3. Canada – you can make a complaint to the Office of the Privacy Commissioner (OPC);
      4. New Zealand – you can make a complaint to the Office of the New Zealand Privacy Commissioner; and
      5. United States (California) – you can make a complaint to our Privacy Officer using the contact details in this Policy.
section break