Privacy Policy

1. Overview

Zap Cat Pty Ltd is committed to protecting your privacy and handling your personal information and Consumer Data Right (CDR) data in a transparent, secure and lawful manner.

We comply with:

  • the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth); and
  • the Privacy Safeguards and CDR Rules under the Consumer Data Right (CDR) Privacy Safeguards.

This policy explains how we collect, use, disclose and manage your personal information and CDR data.

2. Types of Information We Collect

We may collect:

Personal Information

Information that identifies you, including:

  • name, address, email and phone number
  • household and property information
  • service preferences and interactions

CDR Data

With your consent, we may collect CDR data from accredited data holders, including:

  • energy account and meter details
  • billing and tariff information
  • energy usage and consumption data

3. Data Minimisation

We only collect:

  • personal information that is reasonably necessary for our functions; and
  • CDR data that is strictly required to provide the services you have consented to.

We do not collect or retain unnecessary data.

4. How We Collect Information

We collect information:

  • directly from you (forms, phone, email, website);
  • via digital tools (cookies, analytics);
  • from third parties (e.g. installers); and
  • from accredited data holders via the CDR framework (with your consent).

5. CDR Consent

We only collect and use CDR data with your valid consent. This means your consent must be:

  • voluntary
  • express and informed
  • specific to the purpose
  • time-limited
  • easily withdrawn

At the time of consent, we clearly explain:

  • what data will be collected
  • the purpose of collection
  • how the data will be used and disclosed
  • how long the data will be retained

6. Consent Dashboard

Where required under the CDR regime, we provide a consumer dashboard that allows you to:

  • view active consents
  • withdraw consents at any time
  • manage data sharing preferences

Withdrawal of consent will stop future data collection and trigger deletion requirements where applicable.

7. Use of Information

We use personal information and CDR data to:

  • provide energy advice and related services
  • analyse energy usage and recommend improvements
  • connect you with relevant service providers (with consent)
  • improve our services
  • meet legal and regulatory obligations

We do not use CDR data for direct marketing unless explicitly permitted and consented to.

If you have questions on the data we collect about you or how it is used email hello@zapcat.com.au

8. Disclosure of Information

We may disclose information:

  • to third-party service providers (e.g. installers) with your consent
  • to accredited CDR service providers as permitted
  • to regulators or authorities where required by law

We do not sell personal information or CDR data.

9. Overseas Disclosure

If we disclose information overseas, we:

  • take reasonable steps to ensure appropriate protections are in place; and
  • obtain consent where required (particularly for CDR data).

10. Data Security

We implement robust safeguards including:

  • role-based access controls
  • encryption in transit and at rest
  • secure cloud infrastructure
  • staff training and access restrictions

We regularly review and update our security controls.

11. Data Retention and Deletion

We:

  • retain personal information only as long as necessary;
  • retain CDR data only in accordance with CDR Rules; and
  • securely delete or de-identify data when:
    • it is no longer required; or
    • you withdraw consent (for CDR data)

12. Access and Correction

You may request access to or correction of your personal information or CDR data by emailing hello@zapcat.com.au

We will:

  • respond within required timeframes;
  • provide access unless a legal exception applies;
  • not charge for requests (except reasonable admin costs for copies).

13. Data Quality

We take reasonable steps to ensure your information is accurate, complete and up to date.

14. Notifiable Data Breaches

We comply with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).

If an eligible breach occurs, we will:

  • assess the breach promptly
  • notify affected individuals
  • notify the Office of the Australian Information Commissioner

15. Complaints

If you have a complaint, contact us:

Zap Cat Pty Ltd
Level 6, 150 George St, Parramatta NSW 2150
hello@zapcat.com.au

We will respond within a reasonable timeframe.

If you are not satisfied, you may escalate your complaint to the Office of the Australian Information Commissioner.

16. Policy Updates

We may update this policy from time to time. The latest version will be available on our website.