Privacy Policy

This policy explains how RZKI collects, uses, stores, and discloses personal information. It is prepared to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

RZKI is committed to protecting your privacy. If you have any questions about this policy or how we handle your information, please contact our Privacy Officer at info@rzki.com.au.

1. Who we are

In this policy, “RZKI”, “we”, “us”, and “our” refer to:

We operate rzki.com.au and all subpages (including rzki.com.au/grow and rzki.com.au/case-study). We provide digital consulting services to Australian hospitality businesses.

2. What personal information we collect

We collect the following kinds of personal information:

• Information you provide to us directly — when you book a call, enquire by email, or become a client: your name, email address, phone number, business name, preferred appointment time and time zone, and any message you include.
• Information collected automatically when you visit our website — your IP address, device and browser type, referring page, the pages you view, and the approximate time spent on each page.
• Advertising and campaign attribution data — if you arrive via a paid advertisement, campaign parameters contained in the URL (including utm_source, utm_campaign, utm_content, utm_medium, and utm_term), identifiers set by the Meta Pixel (such as _fbp and _fbc), and events recording when you arrived, scrolled, or completed a booking.

We do not collect sensitive information (as defined in s6 of the Privacy Act 1988) — such as health, biometric, racial, political, religious, or sexual-orientation data — and we do not ask you to provide it.

3. How we collect personal information

We collect personal information:

• Directly from you, when you submit a booking form or email us.
• Through our booking platform, Cal.com, which handles our calendar and collects the details you enter on its embedded form.
• Through server logs maintained by our hosting provider (Vercel), which record standard web-access metadata.
• Through tracking technologies placed on our website — specifically the Meta Pixel, Meta Conversions API, and Google Analytics 4 — as described in Section 8 below.

4. Why we collect and use your personal information

We use personal information for the following purposes:

• To respond to your enquiry, confirm bookings, and conduct the consultation call.
• To provide services to you if you become a client, and to invoice and maintain records of the engagement.
• To measure the effectiveness of our advertising campaigns and understand which creative and messages perform best.
• To deliver remarketing advertisements to visitors who have not yet booked a call (see Section 8).
• To operate and secure the website, including detecting fraud and preventing misuse.
• To comply with our legal and regulatory obligations (for example, financial record-keeping under the Corporations Act 2001).

We will not use your personal information for any secondary purpose that you would not reasonably expect unless we have your consent or are required or authorised by law.

5. Who we disclose your personal information to

We disclose personal information to the following third parties who provide services that help us operate our business. Each is bound by its own privacy terms and, where appropriate, by a data processing agreement with us.

• Cal.com, Inc. — booking platform. Receives your name, email, phone number, and the details of your appointment.
• Meta Platforms, Inc. (Facebook, Instagram) — advertising and analytics. Receives Pixel event data about your visits, including identifiers and, when available, a hashed version of your email address via the Conversions API to measure conversions.
• Vercel, Inc. — website hosting. Holds server access logs and serves the site through its global content delivery network.
• Google LLC — (a) calendar infrastructure used through Cal.com, which may process booking metadata; and (b) Google Analytics 4, which receives anonymous pseudo-identifiers (a randomly generated client ID) and event metadata such as page paths, referrer, device type, and the same standard events we send to Meta (page view, CTA click, booking). We do not pass email, phone, or name to Google Analytics. We do not currently run Google Ads.

We do not sell your personal information. We do not share it for any purpose other than those listed in this policy.

6. Overseas disclosure

Several of the service providers listed above store or process personal information outside Australia. The countries in which your information is likely to be disclosed are:

• United States — Meta, Vercel, Cal.com, Google (primary data processing).
• Ireland, Sweden, and Denmark — Meta sub-processors within the European Union.
• Singapore — Meta and Vercel sub-processors in the Asia-Pacific region.

Before disclosing your personal information overseas, we take steps that are reasonable in the circumstances to ensure the recipient does not breach the APPs, as required by APP 8.1. You should be aware that, under s16C of the Privacy Act 1988, an act done by an overseas recipient that would breach the APPs is treated as having been done by us.

7. Security of your information

We take reasonable steps, as required by APP 11, to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These steps include encryption of data in transit (HTTPS), access controls on our systems, vendor due diligence, and limiting access to personal information to those who need it to perform their role.

8. Direct marketing, tracking pixels, and cookies

We use tracking technologies, including the Meta Pixel, the Meta Conversions API, and Google Analytics 4, to measure the effectiveness of our advertising, understand how visitors use our website, and to show you further advertisements on Facebook and Instagram (“remarketing”). Under APP 7, you have the right to opt out of direct marketing at any time.

How to opt out:

• Email info@rzki.com.au with the subject line “Opt out” — we will stop any direct marketing we send you and take reasonable steps to exclude you from our Meta audiences.
• Adjust your Meta ad preferences directly at accountscenter.facebook.com/ad_preferences.
• Block or delete cookies in your browser settings, and install a general ad-tracker blocker extension if you wish.

Cookies and similar technologies we use:

• _fbp, _fbc — set by Meta, used to attribute ad conversions and build advertising audiences.
• _ga, _ga_* — set by Google Analytics 4, used to assign a randomly generated client ID so we can distinguish unique visitors and measure aggregated site usage. These cookies do not contain identifying information about you.
• Session storage (rzki_utm) — stores campaign parameters from your visit so bookings can be attributed to the correct campaign. Cleared when you close the browser tab.

Opting out of remarketing will not affect your ability to book a call or use our website.

9. How long we keep personal information

We retain personal information only for as long as is reasonably necessary for the purposes described in this policy, or as required by law. Our default retention periods are:

• Client records — kept for the duration of the engagement, plus 7 years after the final invoice, to comply with financial record-keeping requirements under s286 of the Corporations Act 2001.
• Unsuccessful enquiries — if you book a call but do not become a client, we delete or de-identify your contact record within 24 months of the last contact.
• Website and advertising analytics — event-level data is retained for up to 26 months; aggregated or de-identified data may be retained longer.
• Server access logs — kept by Vercel for a rolling period consistent with their standard retention (typically 30 days for security logs).

10. Accessing, correcting, or deleting your information

Under APP 12 and APP 13 you have the right to:

• Ask what personal information we hold about you;
• Ask us to correct personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading; and
• Ask us to delete your personal information, where we are no longer required by law to retain it.

To make a request, email info@rzki.com.au. We will respond within 30 days. There is no charge for making a request, and we will only ask for reasonable proof of identity before acting on it.

11. Data breaches

If we become aware of a data breach affecting your personal information, we will assess whether it is likely to result in serious harm. In accordance with Part IIIC of the Privacy Act 1988 (the Notifiable Data Breaches scheme), we will take all reasonable steps to complete that assessment within 30 calendar days. If the breach is an “eligible data breach,” we will notify both the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable.

12. Complaints

If you believe we have breached the Australian Privacy Principles or mishandled your personal information, please contact our Privacy Officer first:

Email: info@rzki.com.au
Subject line: “Privacy complaint”

We will acknowledge your complaint within 7 days and provide a substantive response within 30 days. If we need longer to investigate, we will tell you why and give you an updated timeframe.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner:

Website: oaic.gov.au/privacy/privacy-complaints
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Post: GPO Box 5288, Sydney NSW 2001

13. Visitors from the European Union

RZKI provides services to businesses in Australia. We do not target goods or services to, or intentionally monitor the behaviour of, individuals located in the European Union, and we do not consider ourselves subject to the General Data Protection Regulation (GDPR). If you are located in the EU and you have concerns about how we are handling your personal information, please contact us at info@rzki.com.au.

14. Changes to this policy

We may update this policy from time to time. If we make material changes, we will update the “Last updated” date at the top of the page and, where appropriate, notify clients directly. We recommend reviewing this page periodically.

15. Contact

For any privacy-related request, question, or complaint, contact our Privacy Officer:

Email: info@rzki.com.au
N.C Ansorie & M.S Mohamad Rasid, trading as rzki
ABN: 45 931 820 113
Victoria, Australia