SeedShield – Privacy & Cookies Statement
Effective Date: October 2025
ABN: 54 630 813 428
This Privacy & Cookies Statement (“Statement”) describes how SeedShield and its affiliates (“SeedShield”, “we”, “us”, “our”) collect, use, share and otherwise process information about identified or identifiable individuals (“Personal Data”). It applies to Personal Data we obtain in connection with providing our products and services and operating our business (“Services”) about:
- Visitors to our websites, mobile apps, and other online properties (“Sites”);
- Individual customers and prospects; and
- Business contacts for our customers, prospects, partners, distributors, vendors, guarantors and suppliers (or their representatives).
SeedShield may share Personal Data between its affiliates (subject to applicable law) and, in some jurisdictions, with authorised third-party agents that assist us in serving customers.
Excluded: this Statement does not cover job applicants, employees or contractors. Separate notices apply to those groups.
We endeavour to comply with privacy laws in each jurisdiction where we operate. Practices may vary to reflect local legal requirements.
Summary of Key Points
- Collection: we collect names, contact details and other Personal Data related to our Sites and commercial relationships.
- Use: we use Personal Data to provide and secure the Services, respond to enquiries, run our operations, improve our offerings (including analytics/AI), and meet legal obligations.
- Sharing: we share Personal Data with service providers and other recipients to deliver the Services.
- Marketing choices: you can opt out of direct marketing at any time.
- Cookies: we use cookies (including third-party analytics/advertising cookies) and provide controls.
- Rights: depending on your location, you may have rights to access, correct, delete, port or object to processing.
- Security: we maintain technical and organisational measures to protect Personal Data.
- Cross-border transfers: where data moves internationally, we apply appropriate safeguards.
- Other issues: this Statement explains our legal bases, consequences of not providing data, automated decision-making (if any), do-not-track signals, retention, links to third parties, and updates.
- Contact: see Section 10.
1. Collection of Personal Data
We collect the following categories of Personal Data:
- Basic Data: name, date of birth, title, company, role, phone, address, email, and general location.
- Device/Usage Data: IP address, device identifiers, cookie IDs, browser/user-agent, pages viewed, interactions with our Sites and emails, error logs; data generated by equipment or third-party tools you connect to our Services (e.g., boundaries, images, telemetry) where applicable.
- Financial/Commercial Data: purchase history, payment details (tokenised by our payment providers), transaction records.
- Government Identifiers: ABN/ACN, tax identifiers or licence numbers where legally required.
- Marketing/Preference Data: event participation, interests, preferences.
- Registration Data: account usernames, hashed passwords, newsletter subscriptions.
We collect data directly from you, from your authorised representatives, via our Sites and apps, and from service providers or trusted third parties (e.g., analytics, payment, fraud-prevention, marketing, or address-validation providers).
2. Use of Personal Data
| Purpose | Categories of Personal Data |
|---|---|
| Provide Services as requested (including credit applications, assessing claims/eligibility), respond to enquiries, contact you, and fulfil programs/incentives. | Basic, Device/Usage, Financial/Commercial, Government Identifiers, Registration |
| Account management, access to proprietary systems, and day-to-day operations. | Basic, Financial/Commercial, Government Identifiers, Registration |
| Improve and personalise our Services; build and train analytics/AI models; research & development. | Basic, Device/Usage, Financial/Commercial, Marketing |
| Protect the security and proper functioning of our Sites and IT systems. | Basic, Device/Usage, Registration |
| Analyse trends and usage, run surveys, provide relevant marketing (our own or partners’), and identify opportunities. | Basic, Registration, Device/Usage, Financial/Commercial, Government Identifiers, Marketing |
| Comply with laws and exercise legal rights (including fraud prevention and record-keeping). | Basic, Device/Usage, Financial/Commercial, Government Identifiers, Registration |
3. Sharing of Personal Data
We share Personal Data with:
- Service providers/processors (hosting, security, payments, communications, analytics, support). We require them to use Personal Data only under our instructions and to protect it appropriately.
- Auditors and advisors (legal, accounting, compliance).
- Business reorganisation parties in connection with mergers, acquisitions, asset sales, financing, insolvency or similar events as permitted by law.
- Government and legal recipients where required to comply with law or protect rights, safety and security.
- Partners involved in incentives, rebates, or co-marketing (subject to your choices and law).
4. Marketing Choices
You can opt out of direct marketing at any time via in-email unsubscribe links or by contacting us (Section 10). Transactional and service communications may still be sent.
5. Cookies
We use cookies, web beacons and similar technologies on our Sites and in emails. Third parties we trust may also set cookies for analytics, performance, and advertising.
How we use cookies
- Strictly Necessary: required for core functionality and secure login (session management, CSRF protection).
- Analytics/Performance: to understand usage and improve the Sites (e.g., Google Analytics).
- Functional: remember preferences (e.g., stay signed in, language).
- Targeting/Advertising: tailor content/ads and measure effectiveness.
Cookies specific to our stack (AWS EC2 + CakePHP)
CAKEPHP– session cookie (HttpOnly; Secure on HTTPS; configurableSameSite=LaxorStrict).csrfToken– CSRF token cookie used by CakePHP to protect forms and AJAX (HttpOnly=false by framework design to read it client-side; marked Secure on HTTPS; typicallySameSite=Lax).- Optional security headers we enable at the web server/CDN:
Strict-Transport-Security,Content-Security-Policy,X-Content-Type-Options,Referrer-Policy,X-Frame-Options.
Our Sites are hosted on AWS EC2 infrastructure. AWS may set additional cookies for embedded services (e.g., CloudFront edge caching diagnostics) where applicable.
Your options
You can block or delete cookies in your browser settings. Blocking all cookies (including strictly necessary cookies) may limit Site functionality. You may also control interest-based advertising via industry pages (DAA/NAI/EIDAA, device settings). To opt out of Google Analytics, see: https://tools.google.com/dlpage/gaoptout. We currently do not respond to browser “Do Not Track” signals.
6. Data Subject Rights
Depending on your jurisdiction, you may have rights to access, correct, delete, restrict or object to processing, withdraw consent, and/or request portability. To exercise rights, contact us (Section 10). We may verify your identity before acting on requests and may retain certain data as permitted by law.
7. Data Security
We maintain technical and organisational measures to protect Personal Data from loss, misuse, alteration or accidental destruction. Measures include encryption in transit, hardened AWS security groups, role-based access, multi-factor authentication for administrative access, regular backups, and logging/monitoring. No method is 100% secure; please protect your credentials and notify us promptly if you suspect compromise.
Personal Data is stored on our servers (hosted on AWS EC2 and related services) and, where relevant, in secure physical archives at our premises.
8. Cross-Border Data Transfers
Personal Data may be processed in countries other than where it was collected (including AWS regions selected for reliability and redundancy). Where required, we implement appropriate safeguards for international transfers (e.g., Standard Contractual Clauses, comparable mechanisms). You may request a copy of applicable safeguards where permitted by law.
9. Other Information
(i) Legal bases
Depending on jurisdiction: performance of a contract; compliance with legal obligations; your consent (e.g., certain marketing/cookies); and our legitimate interests (e.g., running secure, reliable Services, B2B relationship management, fraud prevention, analytics and improvement).
(ii) Consequences of not providing data
Certain features require certain Personal Data. If not provided, we may be unable to register you, deliver specific Services, process payments, or offer incentives.
(iii) Automated decision-making
We do not use automated decision-making without human involvement that produces legal or similarly significant effects, except where required for specific financial risk/anti-fraud checks and permitted by law.
(iv) Do Not Track
We do not respond to DNT signals due to industry inconsistency.
(v) Retention
Marketing data is retained while you accept marketing (or until you opt out). Other data is retained only as long as necessary for the purposes described and for tax, accounting, compliance, dispute resolution and security—then securely deleted or anonymised.
(vi) Third-party links & social media
Our Sites may link to third-party sites with their own privacy practices. Social media content you post is public and governed by those platforms’ terms—not this Statement.
(vii) Employees/contractors
Separate internal policies apply to employee/contractor data.
(viii) Updates to this Statement
We may update this Statement as our Services or laws change. We will post the new version with an updated effective date.
10. Contact Us
Email: enquiries@seedshield.com.au
Address: 259 Allen Road, Forrestdale WA 6112
Phone: 0428 989 138
We will review and respond to privacy complaints promptly. You may also have the right to contact your local data protection authority.
Annex – Jurisdiction-Specific Requirements
Australia
We handle Personal Data in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). You may contact the Office of the Australian Information Commissioner (OAIC) if your concern is not resolved.
California (U.S.)
If California privacy law applies, you may have the right to: (i) request access to, or deletion of, your Personal Information; (ii) request details about categories of Personal Information disclosed and/or “sold” (as defined under California law) in the past 12 months; and (iii) opt out of “sales.” We do not knowingly sell the Personal Information of individuals under 16.
Opt-out of cookie-related “sales”/sharing: use the controls in Section 5. For other requests or to designate an authorised agent, contact us (Section 10). We will not discriminate against you for exercising your rights.
New Zealand
If the Privacy Act 2020 applies, you may request access and correction. We may disclose Personal Data to credit reporters for credit-worthiness assessment or debt collection; such reporters may use it for their credit reporting business as permitted by law.