PRIVACY
POLICY

Overview

PlumbCheck Group Pty Ltd ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By engaging our services or using our website, you acknowledge that you have read and understood this policy. If you have questions, contact us using the details at the end of this document.

What Information We Collect

We collect personal information that is reasonably necessary to provide our plumbing services and support your needs. This may include:

Contact & Identity Information

• Full name and preferred name
• Phone number/s (mobile and landline)
• Email address
• Postal and property address

Property & Service Information

• Property address and type (residential, commercial, strata)
• Description of plumbing issues, damage or works required
• Photographs and video footage of plumbing systems or damage
• Compliance and inspection records relating to your property

Insurance & Claims Information

• Insurer name and policy number
• Claim reference numbers and incident details
• Loss adjuster or assessor contact information
• Scope of works, damage assessments and repair history

Financial Information

• Billing name and address
• Payment records (we do not store full card numbers)
• ABN (for trade clients)

Website & Analytics Information

• Pages visited and referring domains (hostname only — no full URL)
• Device category (mobile, tablet, desktop) and viewport dimensions
• Session token (random, tab-scoped, not persistent across sessions)
• IP address — anonymised before storage (last octet zeroed, e.g. 203.45.12.0)

Our internal analytics system does not use cookies. No persistent identifiers are written to your browser. No personal information is transmitted to any third-party analytics service.

How We Collect Information

We collect personal information directly from you unless it is unreasonable or impractical to do so. Collection occurs through:

• Website forms — service requests, enquiries, insurance claims, report requests and contact forms on plumbcheckgroup.com
• Phone and email — conversations with our team, including after-hours dispatchers
• On-site attendance — plumbers recording site conditions, photographs and inspection data
• Third parties — insurers, loss adjusters, strata managers or legal representatives who engage us on your behalf (we will notify you when this occurs)
• Client portal — when you access claim documents or upload supporting materials

We will always tell you why we are collecting your information at the time of collection, or as soon as practicable afterwards.

How We Use Your Information

We use personal information only for the purposes for which it was collected, or for directly related purposes you would reasonably expect. These include:

• Providing plumbing, gas and drainage services and responding to enquiries
• Scheduling appointments and dispatching technicians
• Preparing technical and compliance reports for you, your insurer or your legal representative
• Processing payments and maintaining accurate service and billing records
• Managing insurance claims and communicating with insurers on your behalf (with your consent)
• Complying with legal and regulatory obligations, including VBA licence reporting
• Improving our services, website and internal systems using anonymised analytical data
• Sending you appointment confirmations, service updates or follow-up communications

Direct Marketing

We do not use your personal information for direct marketing without your explicit consent. If you have consented and wish to opt out, contact us using the details at the end of this policy or click "unsubscribe" on any marketing communication we have sent you.

Information Sharing

We do not sell, rent or trade your personal information. We may disclose your information to the following categories of recipient, only to the extent necessary for the relevant purpose:

Service Delivery

• Licensed subcontractors and trade staff — for interstate or specialist works conducted on our behalf, under equivalent confidentiality obligations
• Suppliers and material providers — address details only, for material delivery to your site

Insurance & Legal

• Insurers and loss adjusters — with your consent, to support a claim you have initiated or authorised us to manage
• Legal representatives — solicitors, barristers or VCAT in connection with a dispute, expert witness engagement or legal proceeding
• Government bodies and regulators — the VBA, local councils, Energy Safe Victoria (ESV) and other authorities when required by law

Business Operations

• Professional advisers — accountants and legal counsel, under strict confidentiality
• Cloud service providers — hosting and email infrastructure providers who process data on our behalf under data processing agreements

Form Submissions

When you submit a form on our website, your data is transmitted to our server via an encrypted (HTTPS) connection and processed by our PHP-based email system. Form data is not transmitted to any third-party form processing service.

Overseas Data Transfers

We primarily store and process your data within Australia. Some of our infrastructure and service providers may be located overseas, including:

• Cloud hosting — our website may be served via infrastructure with points of presence in Singapore, Japan or the United States. All data at rest is stored within Australia where possible.
• Email delivery — outbound email notifications may transit overseas servers operated by our email service provider.
• AI tools — if you use our AI for Tradies platform or AI-assisted features, queries may be processed by AI providers operating outside Australia. We use API-level access only and do not authorise these providers to store your data for training purposes.

Where we disclose personal information to an overseas recipient, we take reasonable steps to ensure that recipient does not breach the APPs. By using our services you consent to this disclosure in circumstances where it is necessary to deliver the service.

Cookies & Web Analytics

Our Internal Analytics

Our website uses a lightweight, self-hosted analytics system that we built specifically to avoid third-party data sharing. It:

• Does not set cookies or use any form of browser storage
• Does not track individual users across sessions
• Does not transmit any data to Google, Facebook or any other third party
• Records only: page path visited, referring domain (hostname only), device category, viewport size, and a random session token that is discarded when you close your browser tab
• Anonymises IP addresses before storage (last octet zeroed)

Third-Party Cookies

Our website loads fonts from Google Fonts. Google may set cookies or collect data in accordance with their own privacy policy. We load these fonts to improve readability and visual quality of our website.

We do not use any advertising, remarketing, social media tracking or behavioural targeting cookies.

Managing Cookies

You can control cookie settings through your browser. Disabling cookies will not affect your ability to use our website or submit service requests.

How We Protect Your Information

We implement a range of technical and organisational measures to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure:

• Encryption in transit — all data transmitted between your browser and our server is encrypted using TLS (HTTPS). We enforce HTTPS site-wide with HSTS headers.
• Access controls — administrative systems and databases are accessible only to authorised staff, secured with strong passwords and role-based access.
• Database security — client claim data is stored in a password-protected MySQL database on a private server, not accessible from the public internet.
• Email security — email addresses on our website are obfuscated using JavaScript to prevent automated scraping by spam harvesters.
• Staff training — staff who handle personal information are aware of their obligations under the Privacy Act 1988.
• Incident response — in the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the OAIC in accordance with the Notifiable Data Breaches scheme.

No method of data transmission over the internet is completely secure. We cannot guarantee absolute security but are committed to industry-standard protection.

How Long We Retain Your Information

We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by law:

• Service and compliance records — retained for a minimum of 7 years to satisfy legal, taxation and insurance obligations (consistent with ATO and VBA requirements).
• Insurance claim documentation — retained for the duration of any potential legal proceedings and for a minimum of 7 years from completion of the claim.
• Website enquiry form data — retained for 2 years from the date of submission, then securely deleted.
• Website analytics data — aggregated anonymous data retained indefinitely; session-level data purged after 12 months.
• Photographs and inspection footage — retained as part of the service record for 7 years, then securely deleted unless a longer period is required by law.

When personal information is no longer required, we destroy or de-identify it in a secure manner.

Your Rights

Under the Privacy Act 1988 and the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you (subject to limited exceptions such as information that would affect another person's privacy or is legally privileged)
• Correct inaccurate, out-of-date, incomplete, irrelevant or misleading personal information we hold
• Request deletion of your personal information, subject to our legal retention obligations
• Withdraw consent to direct marketing communications at any time
• Complain to us about a suspected breach of the APPs
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you are unsatisfied with our response

To exercise any of these rights, contact our Privacy Officer using the details below. We will respond within 30 days of receiving your request.

Privacy Complaints

If you believe we have mishandled your personal information, we encourage you to contact us first. We take privacy complaints seriously and will investigate your concern promptly.

If you are unsatisfied with our response, or if we have failed to respond within 30 days, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Policy Updates

We review and update this Privacy Policy periodically to reflect changes in our practices or in applicable law. The current version will always be available at plumbcheckgroup.com/legal/privacy.

Continued use of our services after a policy update constitutes acceptance of the revised policy. For significant changes, we will provide more prominent notice.

Contact Our Privacy Officer

For all privacy-related enquiries, access requests, correction requests or complaints, please contact: