Privacy Policy

 

1. Background

Nisha Appointments Pty Ltd ACN 689 373 662 (We, us) recognise and value:

      1. the protection of your personal information; and
      2. that you have an interest in our collection and use of your personal information.

We have implemented this Privacy Policy in accordance with the Privacy Act 1988 (Cth) (Privacy Act), Australian Privacy Principles (APP) and other data protection rules in order to be open and transparent about how we collect, hold, and use your personal information, and under what circumstances we may disclose or transfer it.

This Privacy Policy forms part of our terms and conditions of our various agreements with you (if any). It applies to all users of the NISHA mobile application, websites and related services (Platform).

While your privacy is very important to us, nothing in this privacy policy constitutes a voluntary opt-in to any privacy laws, anywhere in the world, which we are not bound by law to comply with.

 

2. Personal Information

2.1 What personal information do we collect?

We only collect personal information that is reasonably necessary for operating our services. This may include:

(a) for business owners and account holders:

        1. full name;
        2. email address;
        3. telephone numbers;
        4. business name;
        5. business address;
        6. Australian Business Number (ABN);
        7. login credentials;
        8. subscription and billing information, including bank account or credit card details (processed by third parties); and
        9. Platform usage data and analytics.

(b) for the employees, contractors and agents of account holders who are added to accounts:

          1. full name;
          2. email address;
          3. telephone numbers;
          4. rosters, availability, and working hours;
          5. pay rates and employment-related information; and
          6. performance and operational metrics.

(c) for the customers of account holders:

            1. full name;
            2. email address;
            3. telephone numbers;
            4. appointment history;
            5. notes created by the business; and
            6. payment history (excluding full details of bank accounts or credit cards).

You must not upload, submit or otherwise make available to the Platform any personal information relating to your customers, employees, contractors, agents or other individuals unless you have first obtained all necessary consents, authorities and permissions required under applicable Privacy Law to do so.

2.2 Sensitive Information

The Platform may allow businesses to enter sensitive information relating to individuals, including:

      1. health-related notes;
      2. allergies; and
      3. pregnancy or other personal circumstances.

It is optional for account holders to enter such sensitive information. Account holders must only enter such sensitive information to the extent reasonably required to support their business operations.

You must not upload, submit or otherwise make available to the Platform any sensitive information relating to your customers, employees, contractors, agents or other individuals unless you have first obtained all necessary consents, authorities and permissions required under applicable Privacy Law to do so.

2.3 Why we collect personal information

We may collect personal information when you use our Platform, including (without limitation) when you:

      1. create an account;
      2. complete an online contact form to contact us or any third party;
      3. provide information to us by telephone or through marketing forms; or
      4. send us an email or other communication;

Where possible, we collect this information directly from you.

2.4 IP addresses

We may collect Internet Protocol (IP) addresses of visitors to our Platform. IP addresses are assigned to devices on the internet to uniquely identify them within the global network. We collect and manage IP addresses as part of our services, Platform and for security purposes. We may also collect and use web log, device and connection information for security purposes and to help prevent and detect any misuse of, or fraudulent activities involving, the Platform and any services.

2.5 Use

The personal information you provide is used for purposes related to our primary business operations. Examples of when your information may be used include:

      1. administration needs, including with respect to your account (if any);
      2. for the purposes of providing and operating the Platform;
      3. enabling bookings, rostering, payroll insights, and financial tracking;
      4. dealing with requests, enquiries or complaints and other related activities;
      5. generating artificial intelligence-powered insights, forecasts, and recommendations;
      6. verifying your identity where required;
      7. processing any purchases of subscriptions that you may make through the Platform, including charging, billing and collecting debts;
      8. conducting appropriate checks for creditworthiness and for fraud;
      9. preventing and detecting any misuse of, or fraudulent activities involving the Platform;
      10. conducting research and development in respect of our services;
      11. gaining an understanding of your information and communication needs or obtaining your feedback or views about the Platform and our services in order for us to improve them;
      12. providing updates and notices;
      13. maintaining and developing our business systems and infrastructure, including testing and upgrading of these systems,
      14. marketing products and services generally; and
      15. carrying out any activity in connection with a legal, governmental or regulatory requirement imposed on us or in connection with legal proceedings, crime or fraud prevention, detection or prosecution;

and for any other purpose reasonably considered necessary or desirable by us in relation to the operation of our business.

We may also use personal information for purposes (as would be reasonably expected by you) in connection with those activities described above. We will not use your information for purposes other than as described in this privacy policy unless we have your consent, or there are specific law enforcement, public health or safety reasons.

3. Our use of Cookies and third-party integrations 

3.1 What are cookies?

This site and our products and services may use "cookies" to help personalise your online experience. A Cookie is a text file or a packet of information that is placed on your hard disk by a web page server to identify and interact more effectively with your device. There are two types of cookies that may be used by us: a persistent cookie and a session cookie.

A persistent cookie is entered by your web browser into the "Cookies" folder on your device and remains in that folder after you close your browser and may be used by your browser on subsequent visits to this site. A session cookie is held temporarily in your device’s memory and disappears after you close your browser or shut down your device.

Cookies cannot be used to run programs. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. In some cases, cookies may collect and store personal information about you. We extend the same privacy protection to your personal information, whether gathered via cookies or from other sources.

You can configure your internet browser to accept all cookies, reject all cookies or notify you when a cookie is sent. Please refer to your internet browser’s instructions to learn more about these functions. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of this site.

3.2 Why we use cookies

This site and our other services may use cookies in order to:

      1. remember your preferences;
      2. recognise you as logged in while you remain so (if applicable). This avoids your having to log in again every time you visit a new page;
      3. show relevant notifications to you (e.g., notifications that are relevant only to users who have, or have not, created an account or subscribed to newsletters or email or other subscription services); and
      4. remember details of data that you choose to submit to us (e.g., through online contact forms or by way of comments, forum posts, chat room messages, reviews, ratings, etc).

Many of these cookies are removed or cleared when you log out, but some may remain so that your preferences are remembered for future sessions.

3.3 Third party cookies

In some cases, third parties may place cookies through this site. For example:

      1. Google Analytics, one of the most widespread and trusted website analytics solutions, may use de-identified data about how long users spend on this site and the pages that they visit;
      2. Google AdSense, one of the most widespread and trusted website advertising solutions, may use cookies to serve more relevant advertisements across the web and limit the number of times that a particular advertisement is shown to you; and
      3. Third-party social media applications (e.g., Facebook, YouTube, TikTok, Instagram, LinkedIn, X, Bluesky etc.) may use cookies in order to facilitate various social media buttons and/or plugins in this site. Log files track actions occurring on the websites, and collect data including your IP address, browser type, internet service provider, referring/exit pages, and date/time stamps.

 

3.4 Our use of Google Analytics 

In the case of Google Analytics information generated by the cookie about your use of the Platform (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the Platform, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.

Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.

By using this Platform, you consent to the processing of data about you by Google in the manner described in Google's Privacy Policy and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google.

 

4. Interacting with Us

If you contact us with a general question, we may interact with you anonymously or through the use of pseudonyms.

However, you are required to provide true and accurate details when requesting services or in connection with updating your account details. You agree you will provide accurate information if so required. 

 

5. Direct Marketing

From time to time, we may send you marketing or promotional material.  Marketing and promotional material will only be sent to you if you have opted into receiving marketing material.

We (or an appointed third party) may also conduct surveys or market research and may seek other information from you on a periodic basis. These surveys will provide us with information that allows improvement in the type, quality and the manner in which those products and services are offered to you.

To opt-out of receiving certain marketing material, you may contact us or select the “unsubscribe” link provided in the email, SMS or by adjusting your preferences in the mobile application. Essential service communications will still be sent.

 

6. Sharing your Personal Information

We may disclose your personal information to:

      1. our employees, contractors and related entities who have a need to know that information;
      2. professional advisors such as our lawyers;
      3. law enforcement agencies to assist in the investigation and prevention of criminal activities;
      4. payment processors;
      5. credit-reporting and fraud-checking agencies;
      6. credit providers (for credit-related purposes such as creditworthiness, credit rating, credit provision and financing);
      7. government and regulatory authorities and other organisations, as required or authorised by law;
      8. organisations who manage our business strategies, including those involved in a transfer/sale of all or part of our assets or business (including accounts and trade receivables) and those involved in managing our business risk and funding functions; and
      9. third party contractors or service providers with whom we have a business association, including:
        1. integration providers;
        2. communication providers;
        3. marketing service providers;
        4. accounting service providers; and
        5. information technology service providers including cloud application providers.

Third-party service providers include Stripe, Afterpay, Square, Amazon Web Services (AWS), Google and Twilio.

We will not disclose or sell your personal information other than in accordance with this privacy policy without your consent. Unless necessary for our business purposes, we will de-identify your information where it is shared with third parties under clause 6(i).

 

7. Overseas Disclosure

We may disclose your personal information to third party contractors, service providers or customers with whom we have a business association.   

While we do not otherwise actively disclose your personal information to overseas entities (unless provided for in a separate agreement with you), we do engage service providers (such as cloud data services or communications providers) who may have international data centres, hardware and disaster recovery sites. Consequently, these providers may have access to your information.

We rely solely on reputable organisations for such cloud services.

 

8.Security of your Personal Information

We take data security seriously. We store your personal information using servers which have built-in measures to combat unauthorised access, modification or disclosure. We also have procedures in place to identify, assess and respond to data breaches.

If we become aware of a data breach involving your personal information, we will take reasonable steps to contain and assess the incident. Where required under the Privacy Act or APP, we will notify the Office of the Australian Information Commissioner and affected individuals. We may also provide you with recommendations about steps you can take to protect yourself or mitigate the effects of the breach.

New digital threats are emerging all the time, and the online environment is more hostile than ever. To protect your data online, including any data or material transmitted by you to us, we recommend reading, implementing and observing any relevant procedures and safety tips recommended by the Department of Industry, Innovation and Science (see https://www.business.gov.au/Risk-management/Cyber-Security) and the Australian Cyber Security Centre (see https://cyber.gov.au) from time to time.

 

9. Disposal of personal information

If we hold personal information about you, and we do not need that information for any purpose, we will take reasonable steps to destroy or de-identify that information, in accordance with the APP and (if applicable) the European Union General Data Protection Regulation (GDPR), unless we are prevented from doing so by law.

You may make a request to us in writing to remove your personal information and, where permitted, we will do so in accordance with the APP and the GDPR.

You acknowledge that we may be required to retain your personal information to the extent required to comply with applicable law, regulatory requirements, tax and audit obligations, to resolve disputes, enforce our agreements, or maintain standard business records and system backups. Under Australian law, financial records, such as those relating to financial transactions, must be retained for 7 years after the transactions contemplated by those records are completed.

 

10. How to access or correct your Personal Information

Upon your request and after satisfying ourselves of your identity, we will provide access to your personal information we hold except in certain prescribed circumstances which include, where:

      1. we believe giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
      2. giving you access would be unlawful;
      3. granting that access would have an unreasonable impact on the privacy of other individuals;
      4. we would be in breach of our obligations under a Technical Assistance Notice, Technical Capability Notice or Computer Access Warrant from an Australian Government agency;
      5. the request for access is frivolous or vexatious; or
      6. there are anticipated legal proceedings.

We will amend any personal information about you that is held by us and that is inaccurate, incomplete or out of date if you request us to do so. If we disagree with your view about the accuracy, completeness or currency of a record of your personal information that is held by us, and you ask us to associate with that record a statement that you have a contrary view, we will take reasonable steps to do so.

 

11. Third Party Websites

You may click-through to third party websites from the Platform, in which case we recommend that you refer to the privacy statement of the websites you visit. This Privacy Policy applies to the Platform only and we assume no responsibility for the content of any third-party websites.

 

12. GDPR

We welcome the General Data Protection Regulation (GDPR) of the European Union (EU) as an important step forward in streamlining data protection globally.  Although we do not operate an establishment within the EU and do not target any offering of services towards clients in the EU specifically, we intend to comply with the data handling regime laid out in the GDPR in respect of any personal information of data subjects in the EU that we may obtain.

The requirements of the GDPR are broadly similar to those set out in the Privacy Act and include the following rights:

      1. you are entitled to request details of the information that we hold about you and how we process it.  For EU residents, we will provide this information for no fee;
      2. you may also have a right to:
        1. have that information rectified or deleted;
        2. restrict our processing of that information;
        3. stop unauthorised transfers of your personal information to a third party;
        4. in some circumstances, have that information transferred to another organisation; and
        5. lodge a complaint in relation to our processing of your personal information with a local supervisory authority; and
      3. where we rely upon your consent as our legal basis for collecting and processing your data, you may withdraw that consent at any time.

If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.  However, please be aware that:

      1. such objection or withdrawal of consent could mean that we are unable to provide our services to you, and could unduly prevent us from legitimately providing our services to other clients subject to appropriate confidentiality protections; and
      2. even after you have chosen to withdraw your consent, we may be able to continue to keep and process your personal information to the extent required or otherwise permitted by law, in particular:
        1. to pursue our legitimate interests in a way that might reasonably be expected as part of running our business, and which does not materially impact on your rights, freedoms or interests; and
        2. in exercising and defending our legal rights and meeting our legal and regulatory obligations.


13. Complaints procedure

Your privacy is important to us. If you have a complaint or concerns about our information handling processes as they relate to your personal information, we ask that you first contact our privacy officer whose contact details are listed below.

If, after we have conducted our investigations, you are still not satisfied then we ask you consult with:

The Office of the Australian Information Privacy Commissioner

GPO Box 5218

Sydney NSW 2001

Telephone: 1300 363 992

Email: enquiries@oaic.gov.au

 

14. How to contact us

If you have any queries, questions, concerns or wish to make a complaint regarding how we deal with your personal information please contact us:

Privacy Officer

13 Jenyor Street

Coolum beach QLD 4573

Email: support@nisha.com.au

 

15. Amendments to this Privacy Policy

We are obligated to regularly review and update this policy. We therefore reserve the right to amend this Privacy Policy at any time. Should any significant amendments occur, notification will be provided on the Platform after the changes have been made. Your continued use after you receive the notification indicates your consent to be bound by the amended Privacy Policy.

For further information about privacy in general, please refer to the Office of the Australian Information Commissioner’s website located at http://www.oaic.gov.au.

Alternatively, please contact our Privacy Officer using the details provided above.

Last amendment date: 30th March, 2026.