Overview & Scope
This Privacy Policy ("Policy") is issued by Kojarame Consulting Pty Ltd ("Kojarame", "we", "us", or "our"), an Australian company and subsidiary of Questwork Limited, Hong Kong. It applies to all personal information collected through:
- Our corporate website at kojarame.com.au
- Our products and platforms including RentBuyGo (hk.rentbuygo.com) and Capatto (capatto.com)
- Our consulting and professional services engagements
- Email communications and business interactions
- Any other service or platform operated by Kojarame
Kojarame complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). For users in Hong Kong, we also respect applicable provisions of Hong Kong's Personal Data (Privacy) Ordinance (Cap. 486).
Australian Privacy Act: As an APP entity, Kojarame is bound by the 13 Australian Privacy Principles. This Policy reflects our obligations under these Principles. If you believe we have not complied, you have the right to make a complaint to the Office of the Australian Information Commissioner (OAIC).
Information We Collect
We collect personal information only when necessary and by lawful means. The types of information we may collect include:
Information You Provide Directly
- Identity information: Name, job title, company name
- Contact information: Email address, phone number, postal address
- Account credentials: Username, password (stored in encrypted form), account preferences
- Communication content: Messages sent through contact forms, emails, or support channels
- Payment information: Billing address and payment details (processed securely via third-party payment processors; card details are never stored by us)
- Listing content: Property details, vehicle information, images, and descriptions submitted on RentBuyGo
- Professional information: Details shared in project briefs, proposals, or during engagement scoping
Information Collected Automatically
- Usage data: Pages visited, features used, time spent, click patterns
- Device information: Browser type and version, operating system, screen resolution, device identifiers
- Log data: IP address, access timestamps, referring URLs, error logs
- Location data: General geographic location inferred from IP address (not precise GPS data)
- Cookie data: Session identifiers, preferences, analytics identifiers (see Section 5)
Information from Third Parties
We may receive information from third-party sources including social media platforms (if you connect accounts), business partners, and analytics service providers. We only accept and use such information where we have a lawful basis to do so.
Sensitive Information: We do not intentionally collect sensitive personal information (such as health information, racial or ethnic origin, or religious beliefs) unless specifically required for a contracted healthcare project and with your explicit consent.
How We Use Your Information
We use your personal information only for the purposes for which it was collected, or closely related purposes you would reasonably expect. Specifically, we use your information to:
| Purpose | Legal Basis |
|---|---|
| Provide, operate, and improve our services and products | Contract performance / Legitimate interests |
| Create and manage your account | Contract performance |
| Process payments and billing | Contract performance / Legal obligation |
| Respond to enquiries, support requests, and communications | Legitimate interests / Contract performance |
| Send service-related communications (e.g. account notices) | Contract performance / Legal obligation |
| Send marketing communications (with consent) | Consent (opt-in only) |
| Analyse platform usage and improve user experience | Legitimate interests |
| Comply with legal obligations and enforce our Terms | Legal obligation / Legitimate interests |
| Prevent fraud, abuse, and security incidents | Legitimate interests / Legal obligation |
We will not use your personal information for any purpose inconsistent with this Policy without obtaining your prior consent.
Sharing Your Information
We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:
Service Providers
We engage trusted third-party service providers to assist in delivering our services. These include cloud hosting providers, payment processors, email delivery services, and analytics platforms. All service providers are contractually bound to process your data only on our instructions and in accordance with applicable privacy law.
Business Group
As a subsidiary of Questwork Limited (Hong Kong), we may share information within our corporate group for operational and administrative purposes, subject to appropriate protections.
Legal Requirements
We may disclose your information where required to do so by law, court order, or at the request of a government or regulatory authority. We will provide notice where legally permitted to do so.
Business Transactions
In the event of a merger, acquisition, or sale of all or part of our business, personal information may be transferred to the relevant third party, subject to equivalent privacy protections.
With Your Consent
In any other circumstances, we will seek your explicit consent before sharing your personal information.
We will never: sell your personal data to data brokers, share your information with advertisers for targeted advertising without consent, or disclose your data in ways inconsistent with this Policy.
Cookies & Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our platforms. Cookies are small text files stored on your device by your browser.
Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Required for the website or platform to function (e.g. session management, login state). Cannot be disabled without affecting functionality. | Session |
| Functional | Remember your preferences and settings (e.g. language, region, layout preferences). | Up to 1 year |
| Analytics | Help us understand how users interact with our platforms (e.g. page views, navigation paths). Data is aggregated and anonymised where possible. | Up to 2 years |
| Marketing | Used only with your consent to deliver relevant communications. Currently limited use. | Up to 1 year |
Managing Cookies
You can control or disable cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our platforms. Most browsers allow you to refuse or accept cookies through their settings menu. You may also opt out of analytics tracking via browser extensions such as Google Analytics Opt-out.
Data Retention
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.
- Account data: Retained for the duration of your account and for up to 7 years after account closure to comply with legal and tax obligations
- Project and engagement data: Retained for 7 years following project completion in accordance with Australian recordkeeping requirements
- Platform listings (RentBuyGo): Active listings retained while active; archived listings retained for 2 years after deactivation
- Marketing data: Retained until you withdraw consent or request deletion
- Server logs: Retained for up to 12 months for security and troubleshooting purposes
- Support communications: Retained for up to 3 years following resolution
When personal information is no longer required, we will securely delete or anonymise it in accordance with our data disposal procedures.
Data Security
We take data security seriously and implement technical and organisational measures appropriate to the sensitivity of the information we hold. Our security measures include:
- Encryption of data in transit using TLS (Transport Layer Security)
- Encryption of sensitive data at rest
- Access controls and role-based permissions to limit data access to authorised personnel only
- Regular security assessments and vulnerability testing
- Secure password hashing using industry-standard algorithms
- Multi-factor authentication for internal systems
- Incident response procedures for data breach detection and notification
Data Breach Notification
In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable and within 30 days of becoming aware of the breach, as required by the Notifiable Data Breaches scheme.
Your responsibility: While we implement robust security measures, you are responsible for maintaining the confidentiality of your account credentials and for notifying us immediately if you suspect any unauthorised access to your account.
International Data Transfers
As a company with offices in both Australia and Hong Kong, and with service providers globally, your personal information may be transferred to, stored, and processed in countries other than your country of residence.
When transferring personal information internationally, we ensure that appropriate safeguards are in place, including:
- Contractual data protection clauses with overseas recipients
- Transfer only to jurisdictions with adequate data protection laws
- Compliance with APP 8 (cross-border disclosure) requirements
Our primary data processing occurs in Australia and Hong Kong. Certain cloud services may process data in other jurisdictions including the United States, Singapore, or the European Union. We take steps to ensure these providers maintain equivalent privacy protections.
Your Privacy Rights
Under the Australian Privacy Act and applicable laws, you have the following rights regarding your personal information:
Right of Access
Request a copy of the personal information we hold about you, along with details of how we use and share it.
Right to Correction
Request correction of inaccurate, incomplete, or out-of-date personal information we hold about you.
Right to Deletion
Request deletion of your personal information where there is no lawful reason for continued processing or retention.
Right to Opt-Out
Withdraw consent for marketing communications at any time. Each email includes an unsubscribe link.
Data Portability
Request your personal data in a structured, machine-readable format where technically feasible.
Right to Complain
Lodge a complaint with us or escalate to the OAIC (oaic.gov.au) if you believe your rights have been violated.
How to Exercise Your Rights
To exercise any of these rights, please contact our Privacy Officer using the details in Section 13. We will respond to your request within 30 days. We may need to verify your identity before processing your request. We will not charge a fee for access requests unless the request is manifestly unfounded or excessive.
Children's Privacy
Our services are not directed at children under the age of 13 (or under 18 for services requiring account registration). We do not knowingly collect personal information from children under these ages.
If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately. We will take prompt steps to delete that information from our systems.
For educational platforms where Kojarame may process student data on behalf of an educational institution, the institution acts as the data controller and is responsible for ensuring appropriate consent and safeguards are in place for student data. Kojarame acts as a data processor in such cases.
Third-Party Links & Integrations
Our websites and products may contain links to third-party websites, platforms, or services. We have no control over the privacy practices of these third parties, and this Policy does not apply to them.
We encourage you to review the privacy policies of any third-party services you access through our platforms. Common third-party services that may be integrated include:
- Payment processing services (for transaction security and billing)
- Analytics platforms (for usage insights)
- Cloud infrastructure providers (for hosting and data storage)
- Communication tools (for customer support and messaging)
Kojarame is not responsible for the privacy practices, content, or security of any third-party services. Your interactions with such services are subject to their respective privacy policies.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes:
- We will update the "Last Updated" date at the top of this page
- For material changes, we will notify you by email (if you have a registered account) and/or by posting a prominent notice on our website at least 30 days before the changes take effect
- Your continued use of our services after the effective date of the revised Policy constitutes your acceptance of the updated Policy
We encourage you to review this Policy periodically. Historical versions are available upon request.
Contact Our Privacy Officer
If you have any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal information, please contact our Privacy Officer:
Privacy Officer — Kojarame Consulting Pty Ltd
We aim to acknowledge all privacy-related enquiries within 5 business days and to fully respond within 30 days.
📧 [email protected]
📧 General: [email protected]
🏢 6/86–90 Pipe Road, Laverton North VIC 3026, Australia
🏢 Room 6, 1/F, Hi Yip Factory Building, Hi Yip St, Yuen Long, Hong Kong
If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) (opens in a new tab) at oaic.gov.au.
Also read our Terms & Conditions →