1. About this Privacy Policy

In this Privacy Policy, 'us' 'we', 'our' or ‘SolvingZero’ means SolvingZero Pty Ltd (ACN 652 391 378) and any of our group companies.

This Privacy Policy sets out our commitment to protecting the privacy of your Personal Information provided to us, or otherwise collected, used, stored, handled or disclosed by us when providing our online platforms, website, analysis and quote checker tools, along with other related tools and applications (together, the Services) or when otherwise interacting with you in accordance with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act).

By using our Services, or in providing any Personal Information to us, you consent to our collection, use, storage, handling and disclosure of your Personal Information in accordance with this Privacy Policy and any other arrangements that apply between us.

We may change our Privacy Policy from time to time by publishing changes to it on our website at https://www.solvingzero.com/privacy-policy. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.

2. Definitions

In this Privacy Policy:

CDR Framework means the Consumer Data Right framework established under the Competition and Consumer Act 2010 (Cth) and the Competition and Consumer (Consumer Data Right) Rules 2020 (Cth) (CDR Rules).

CDR Data means consumer data obtained through the CDR Framework, including your half-hourly electricity interval data obtained from your electricity retailer with your consent.

Personal Information has the meaning given in the Privacy Act and includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details.

Sensitive Information has the meaning given in the Privacy Act.

3. What Personal Information do we collect

We only collect Personal Information reasonably necessary to provide you with our Services, or for its functions or activities. We may collect the following types of Personal Information:

• name;

• email address;

• your postcode, mailing or street address, or prospective installation address;

• telephone number and other contact details;

• CDR Data obtained from your electricity retailer through the CDR Framework, including the previous 12 months of electricity interval data (see section 4 below);

• any content or information (including financial information) you or third parties on your behalf upload when using our Services;

• your device ID, device type, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;

• analytics data, such as data from third-party analytics tools to help us understand user interactions;

• any additional information relating to you that you provide to us directly or indirectly through our Services or when making an enquiry with us, or through other websites or accounts from which you permit us to collect information;

• information you provide to us through customer surveys and promotions; or

• any other Personal Information that may be required in order to facilitate your dealings with us.

We may collect these types of Personal Information either directly from you, or from third parties. We may collect this information when you:

• register on our website or online platform;

• use our Services, including our battery analysis and quote checker tools;

• communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites;

• interact with our sites, services, content and advertising; or

• invest in our business or enquire as to a potential purchase in our business.

In addition, when you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history and relevant records checks) from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract. This Privacy Policy does not apply to acts and practices in relation to employee records of our current and former employees, which are exempt from the Privacy Act.

4. Consumer Data Right (CDR)

SolvingZero participates in the Consumer Data Right framework as a CDR representative of Fiskil Pty Ltd (Fiskil).

In addition to this Privacy Policy, CDR Data is collected and handled in accordance with the CDR Framework, including the CDR Rules, and Fiskil’s CDR Policy, available at https://www.fiskil.com/legal/cdr-policy. Fiskil’s CDR Policy explains how CDR Data is collected, used, held, disclosed, accessed, corrected, deleted, de-identified and managed, including their contact details for complaints and consent withdrawal.

Your CDR Data is collected only with your express consent through the CDR consent flow. You may withdraw your CDR consent at any time by contacting Fiskil or through your retailer’s consent management process. If you withdraw consent, we may no longer be able to provide Services that rely on CDR Data, but withdrawal will not affect any analysis already completed.

SolvingZero uses CDR Data only to provide the Services to you and is not disclosed to third parties except as required to operate the CDR consent flow, provide the Services, comply with Fiskil’s CDR Policy or otherwise as permitted under the CDR Rules.

For further information about your rights under the CDR Framework, please visit www.cdr.gov.au.

5. How do we collect, hold, use and disclose Personal Information?

We may collect, hold, use and disclose your Personal Information for the following purposes:

• to enable you to access and use our website and Services;

• to operate, protect, improve and optimise our website and Services, business and our users’ experience, such as to perform analytics, conduct research, develop new features and for advertising and marketing;

• to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;

• to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;

• to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;

• to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and

• to consider your employment application.

Where you use our Services and upload documents to us, we will analyse and compare those documents using automated tools, which may involve disclosure to third-party AI service providers.

We may also disclose your Personal Information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.

De-identified data

In certain circumstances, we may create, retain and use de-identified data derived from your use of the Services, including electricity consumption data and postcode data. We only use this de-identified data to test, analyse, improve and develop our Services.

De-identified data does not include your name, contact details, full residential address or other information that identifies you or could reasonably identify you. We take reasonable steps to reduce the risk of re-identification and do not use de-identified data to identify you.

6. Do we use your Personal Information for direct marketing?

We and/or our carefully selected business partners may send you direct marketing communications and information about our Services. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (eg an unsubscribe link).

7. To whom do we disclose your Personal Information?

We may disclose Personal Information for the purposes described in this Privacy Policy to:

• our employees, contractors and related entities;

• specific third parties authorised by you to receive information held by us, including for the purpose of matching you with suitable suppliers of goods and/or services;

• referrers and other intermediaries;

• third party suppliers, software providers and service providers (including providers of cloud, analytics and AI-enabled tools used to support the operation of our websites and/or our business, and in connection with providing our Services to you);

• marketing or advertising providers;

• IT service providers, data storage, web-hosting and server providers;

• professional advisors, dealers, agents, auditors, business partners, sponsors, business brokers, our insurers and insurance brokers;

• our existing or potential agents, business partners or partners;

• our sponsors or promoters of any competition that we conduct via our Services;

• courts, tribunals, governmental agencies, regulatory authorities and law enforcement agencies, or as required, authorised or permitted by law; and

• AI sub-processors such as Google Gemini and other similar LLM providers.

8. Disclosure of Personal Information outside Australia

We may disclose Personal Information outside of Australia to third party software, cloud, analytics, communications, payment and AI service providers located in the United States and European Economic Area or in any country where we or our service providers operate.

When you provide your Personal Information to us, you consent to the disclosure of your information outside of Australia and acknowledge that we are not required to ensure that overseas recipients handle that Personal Information in compliance with applicable privacy law. We will, however, take reasonable steps to ensure that any overseas recipient will deal with such Personal Information in a way that is consistent with the Australian Privacy Principles.

9. Using our website and cookies

We may collect Personal Information about you when you use and access our website.

While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.

We may also use 'cookies' or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser, but our websites may not work as intended for you if you do so.

We may also use cookies to enable us to collect data that may include Personal Information. For example, where a cookie is linked to your account, it will be considered Personal Information under the Privacy Act. We will handle any Personal Information collected by cookies in the same way that we handle all other Personal Information as described in this Privacy Policy.

10. Security

We may hold your Personal Information in either electronic or hard copy form. We take reasonable steps to protect your Personal Information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your Personal Information. For example:

• encryption of Personal Information both in transit (TLS/HTTPS) and at rest;

• hosting on enterprise-grade cloud infrastructure that maintains recognised security certifications (such as ISO 27001 and SOC 2);

• managed authentication with support for multi-factor authentication, secure (hashed) password storage;

• onshore (Australia) data residency for the most sensitive Personal Information;

• masking or redaction of sensitive fields (such as passwords and payment details); and

• activity logging, monitoring and alerting to help us detect and respond to potential security incidents.

While we take reasonable steps to safeguard Personal Information, we cannot guarantee the absolute security of your Personal Information.

11. Links

Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.

12. Accessing or correcting your Personal Information

You can access the Personal Information we hold about you by contacting us using the information in section 13 below. Sometimes, we may not be able to provide you with access to all of your Personal Information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your Personal Information.

If you think that any Personal Information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.

13. Contacting us

You can make enquiries or complaints regarding this Privacy Policy or the Personal Information we hold about you via the contact details below:

SolvingZero Pty Ltd

Email: privacy@solvingzero.com

We will take reasonable steps to ensure your claims are investigated and a formal response will be provided to you, within a reasonable time, considering the circumstances of your claims. If any corrective action is determined to be required, as a result of that investigation, we will take all reasonable steps to rectify the situation and advise you of such, again within a reasonable time considering the circumstances.

If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, you can contact the relevant regulatory authority, whose contact details are below:

Office of the Australian Information Commissioner

Telephone: 1300 363 992

Email: enquiries@oaic.gov.au

Address: Level 3, 175 Pitt Street, Sydney NSW 2000, Australia