Privacy Policy

1. About This Policy

This Privacy Policy explains how Crowd Box ("we," "our," or "us") collects, uses, stores, and protects your personal information when you engage our digital marketing and data enrichment services.

This Policy applies to:
 
(a) information collected through our Terms and Conditions acceptance process;
(b) data processed during service delivery under Statements of Work (SoWs);
(c) business contact information for ongoing client relationships; and
(d) data handled through third-party platforms in service delivery.
 
We comply with the Australian Privacy Act (Cth) and the Australian Privacy Principles (APPs), and we take reasonable steps to align with global privacy expectations.

2. Information We Collect

2.1 Information You Provide Directly

When you engage our services, we collect:
 
(a) Business contact details: Company name, contact person name, email address, phone number, business address;
(b) Billing information: Payment details and invoicing requirements;
(c) Project-related information such as campaign objectives, target criteria, and service requirements; and
(d) Any system access details you choose to provide for integration or data exchange purposes.
 
We collect and process this information under contractual necessity or legitimate business interests to deliver and support our services.

2.2 Client Data for Service Delivery

You may provide us with data for processing as part of our services, including:
 
(a) Prospect data: Names, business roles, company information, contact details;
(b) Campaign data: Email addresses, LinkedIn profiles, and other professional contact information;
(c) CRM data: Customer and prospect information from your existing systems; and
(d) Performance data: Campaign metrics, engagement statistics, and analytics.
 
We process Client Data only under your documented instructions and do not use it for unrelated purposes or third-party marketing.

2.3 Information Collected Through Third-Party Platforms

We may access, process, or store data through various third-party systems or tools used to deliver our services.

These platforms are selected based on their operational fit and adherence to reasonable privacy and security standards. We regularly review our use of such systems to maintain compliance and data integrity.

3. How We Use Your Information

3.1 Service Delivery

We use your information to:
 
(a) deliver data enrichment, campaign development, and GTM consultancy services;
(b) conduct prospect research and market intelligence;
(c) create and execute marketing campaigns on your behalf;
(d) provide performance reporting and analytics; and
(e) integrate workflows across your preferred platforms.
 
We use only the data necessary to achieve the specific business purpose outlined in your agreement.

3.2 AI-Enhanced Service Delivery

We use artificial intelligence technology to enhance service quality and personalization:
 
(a) We may use artificial intelligence or automation technologies to enhance quality, personalization, and operational efficiency.
(b) All AI use is subject to human oversight, and we apply data minimization principles to prevent unnecessary processing. We do not use client data to train or improve third-party AI models.
(c) All AI processing includes human oversight for quality assurance. We implement data minimization principles, using only information necessary for specific service delivery objectives.
(d) AI assists in creating personalized campaign content, messaging frameworks, and prospect research summaries, subject to human review before delivery.
(e) AI analysis of campaign data and engagement patterns to provide insights and optimization recommendations.
(f) AI-generated outputs undergo systematic review to ensure accuracy and prevent unintended disclosure of personal information.
 
3.3 Business Operations

We use your contact information to:
 
(a) communicate about projects and service delivery;
(b) process payments and maintain billing records;
(c) provide customer support and account management; and
(d) send service updates and important notices.
 
We may also use aggregated or de-identified data for internal analysis and business improvement.

3.4 Legal and Compliance

We may use information to:
 
(a) comply with legal obligations and regulatory requirements;
(b) protect our rights and defend against legal claims; and
(c) investigate suspected fraud or misuse of services.
​
4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We may share information with trusted service providers or partners who assist us in operating, delivering, or supporting our services.

All third parties engaged by us are required to handle data in accordance with applicable privacy standards and confidentiality obligations.
 
4.2 Client Instructions

We process and share Client Data according to your lawful instructions and as necessary to deliver the agreed services under your SoW.

4.3 Legal Requirements

We may disclose information where required by law, court order, or to protect our legal rights.

4.4 Business Transfers

Information may be transferred as part of any merger, acquisition, or sale of business assets, subject to confidentiality obligations.

5. Data Security and Protection

5.1 Security Measures

We implement appropriate technical and organizational security measures including:
 
(a) encrypted data transmission and storage;
(b) access controls and user authentication;
(c) regular security assessments and updates; and
(d) staff training on data protection requirements.
 
5.2 Third-Party Platform Security

Client Data processed through third-party platforms is subject to those platforms' security measures and policies. We select platforms that maintain appropriate security standards.

5.3 Limitations

While we implement industry-standard security measures, no data transmission or storage system is completely secure. You acknowledge this inherent limitation and maintain responsibility for securing systems under your control.

6. Data Breach Notification

If we become aware of an actual or suspected eligible data breach affecting personal information, we will:
 
(a) notify affected clients within a reasonable time frame;
(b) provide information you reasonably request for assessing the breach;
(c) cooperate in any notifications required under the Notifiable Data Breaches scheme; and
(d) take reasonable steps to contain and remediate the breach.
 
7. International Data Transfers

7.1 Overseas Processing

We may store or process data in other countries where our technology providers or business partners operate.

Where international transfers occur, we take reasonable steps to ensure data is handled in accordance with applicable privacy principles and contractual protections.
 
7.2 Safeguards

For international transfers, we ensure appropriate safeguards including:
 
(a) contractual protections with service providers;
(b) selection of providers in countries with adequate privacy protections; and
(c) technical measures to protect data in transit and storage.
 
8. Data Retention

8.1 Retention Periods

We retain information for different periods depending on its purpose:
 
(a) Contact and billing information: Retained for the duration of our business relationship plus years for tax and accounting purposes;
(b) Project deliverables: As specified in individual SoWs (typically until project completion); and
(c) Client Data: Processed only as long as necessary for service delivery, then returned or destroyed as instructed.
 
8.2 Deletion

You are responsible for backing up any deliverables or Client Data from the date of delivery. We have no obligation to retain copies beyond the periods specified in your SoW.

9. Your Privacy Rights

9.1 Your Rights

Under Australian privacy law, you have the right to:
 
(a) access your personal information we hold;
(b) correct inaccurate or incomplete information;
(c) request deletion of your information (subject to legal and contractual obligations);
(d) object to certain processing activities; and
(e) lodge a complaint with the Office of the Australian Information Commissioner.
 
9.2 Exercising Your Rights

To exercise these rights, contact us using the details in Section . We will respond within days and may need to verify your identity before processing requests.

9.3 Limitations

Some rights may be limited by legal or contractual obligations, such as requirements to retain business records or continue processing for legitimate business purposes.

10. Cookies and Website Technologies

If you visit our website, we may use cookies and similar technologies to:
 
(a) improve website functionality and user experience;
(b) analyze website traffic and usage patterns; and
(c) remember your preferences and settings.
 
You can manage or disable cookies through your browser settings. Some features may not function properly if cookies are disabled.

11. Changes to This Policy

We may update this Privacy Policy to reflect:
 
(a) changes in our services or business practices;
(b) updates to privacy laws and regulations; and
(c) improvements in our data protection measures.
 
12. Contact Information

For privacy-related inquiries, complaints, or to exercise your rights:

Privacy Officer
Crowd Box
Email: privacy@CrowdBox.com
Phone: +61426803217
Address:  Lvl 22/180 George Street, Sydney, NSW, 2000

For urgent data breach notifications or security concerns, contact us immediately using the above details.

13. Complaints Process

If you have concerns about our handling of your personal information:

(a) Internal Resolution: Contact our Privacy Officer using the details above; and
(b) External Resolution: If unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Note: This Privacy Policy should be read alongside our Terms and Conditions. In case of any inconsistency, the Terms and Conditions prevail regarding service delivery and commercial arrangements.