Privacy Policy

When we refer to ‘we’, ‘us’, ‘our’ or just ‘Togetha' that means any of the following companies:

Togetha Group includes all entities, employees, and Contractors under Togetha Holdings Pty Ltd, operating in Australia, Hong Kong, and other regions.

Contact (Privacy): privacy@togetha.io
Trust Centre: https://trust.togetha.io/

This Privacy Policy explains how we collect, use, disclose, store, handle and protect your Personal Information across digital (eg. websites, email, sms, webinars, social media and apps) and in-person events, phone calls, video conferences, etc.

Read this together with any agreement we have with you (e.g., EULA) and the controls visible in our Trust Centre. We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and other applicable privacy laws.

By interacting with us, you acknowledge you understand and agree with our use of your Personal Information and your rights in relation to your data.

User Data

All information collected from our customers that is not Personal Information.

Personal Information

(Australia): Information or an opinion about an identified individual or an individual who is reasonably identifiable(as defined in the Privacy Act).

Personal Data

(EU/UK/Vietnam and similar): Any information relating to an identified or identifiable natural person (GDPR Art. 4(1)). We use Personal Information and Personal Data interchangeably in this policy.

Sensitive Information

Sensitive information is defined as information or an opinion about an individual’s:

We collect data depending on how you interact with us. Common items include:

We do not knowingly collect Personal Information from individuals under 18. If we become aware that we hold information about a minor, we will delete it.

Browsing our website: We log technical data(e.g., IP address, browser, date/time) and use analytics (e.g., GoogleAnalytics).

Making enquiries: If you contact us, we collect information relevant to the enquiry and any details you provide.

Purchasing from us: We collect billing/shipping details and product/license information.

Support via our portal: We may collect usage information, system information, and logs necessary to diagnose issues.

Subscriptions: We store preferences, opt‑in consent, and tracking for statistics.

Use of our applications: Our cloud apps store only meta/config data with anonymised user IDs and write back to your Atlassian Cloud tenancy.

Directly: Where possible, we collect Personal Information from you.

Service Providers and Subprocessors: We may collect Personal Information from Atlassian, service providers, or legitimate promotional activities.

Unsolicited information: If you provide unsolicited Personal Information we could not have collected, we will destroy or de‑identify it as soon as practicable.

Technical information: We periodically gather technical metadata to provide updates, measure usage, and issue security/technical notices.

Cookies and Tracking technolgies: We also use cookies and similar tracking technologies to collect certain information automatically when you use our website or services.

What Are Cookies?
Cookies are small text files placed on your device when you visit our websites or use our applications. They help us remember your preferences, improve your experience, and analyze how our services are used. Cookies may be set by us (“first-party cookies”) or by third parties (“third-party cookies”) such as analytics providers or advertising partners.

Types of Cookies:
We use the following categories of cookies:

- Strictly Necessary Cookies: Essential for the operation of our website and services (e.g., to enable logins, secure areas, or shopping carts). These cannot be switched off in our systems.

- Performance/Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously (e.g., Google Analytics).

- Functionality Cookies: Allow us to remember your preferences  such as language or region) and provide enhanced, more personalized features.

- Targeting/Advertising Cookies: Used by us or third parties to deliver relevant advertising and track the effectiveness of our marketing campaigns.

Third Party Cookies
Some cookies are set by third-party services that appear on our pages, such as analytics providers (e.g., Google Analytics), advertising networks, or embedded content. These third parties may use cookies to collect information about your online activities across different websites. We do not control these cookies; please refer to the third parties’ privacy and cookie policies for more information.

Legal Basis for Using Cookies:
Strictly necessary cookies are used based on our legitimate interest in providing a secure and functional website. All other cookies (analytics, functionality, advertising) are only used with your explicit consent, in line with GDPR requirements.

Cookie Consent and Control:
‍When you first visit our website, you will see a cookie banner or pop-up requesting your consent for non-essential cookies. You can accept or reject different categories of cookies, except those strictly necessary for the site to function. You can change or withdraw your consent at any time by accessing our [Cookie Preferences Center] or adjusting your browser settings. Instructions for managing cookies in your browser can be found at http://www.allaboutcookies.org .

How to Manage Cookies Browser Settings:
Most browsers allow you to refuse or delete cookies. Please note that disabling cookies may affect the functionality of our website. Cookie Preferences Center: You can update your cookie preferences at any time via the link in our website footer or cookie banner.

Contact Us:
If you have any questions about our use of cookies or this policy, please contact us at privacy@togetha.io.

Children’s Privacy:
Our Products and Services are not directed to children under 18. We do not knowingly collect Personal Information from children under 18. If we become aware of such collection, we will delete the information within 30 days of being aware. We are committed to complying with the Australian Children’s Online Privacy Code.

Automated Decision-Making

We do not use automated decision-making (including profiling) that produces legal or similarly significant effects on individuals, unless required or permitted by law and with appropriate safeguards. If such processes are introduced, we will provide clear information about the logic involved, the significance and consequences, and your rights to request human intervention, express your view, or contest the decision.

Direct marketing communications

We send marketing where you have consented. You can unsubscribe at any time. If you receive a message purporting to be from us without signing up, treat it with caution and notify us.

Service Providers and Subprocessors

We may disclose date to;

- Related companies within our corporate group
- Service providers who assist us in operating our business and  delivering our products and services (for example, marketing agencies, delivery companies, consultants, IT support, and professional advisers)
- Potential purchasers in connection with a sale or proposed sale of our business;
- Legally Authorised organisations or parties you authorise;
- Others as required or permitted by law (such as regulatory authorities or to comply with legal obligations).
- Subprocessors (including cloud service providers such as Atlassian, AWS, and others) who process personal data on our behalf as part of delivering our products or services.
- These subprocessors are contractually required to implement appropriate data protection measures, either through our agreements or their own published Data Processing Addenda (DPAs).

For more information and a current list of our subprocessors and their DPAs, visit https://trust.togetha.io/

We include suitable privacy and confidentiality clauses in our agreements with service providers and subprocessors where practicable. Service providers may access or handle personal information only as necessary to perform their contracted functions and are required to protect such information in accordance with our privacy requirements.

All subprocessors are contractually required to implement appropriate data protection measures, either through our agreements or their own published Data Processing Addenda (DPAs). DPAs are available in https://trust.togetha.io .

Cross-border transfer of Data

Using our Products/Services may involve international transfers of Personal Information.

We share Personal Information globally(Asia‑Pacific, Europe, North America, other locations) and implement measures to ensure compliance with applicable privacy laws.

Personal Information may be handled and stored by service providers in the United States, Australia, EU countries, Asia‑Pacific, and other jurisdictions where service providers or we operate.

Compliance statement: We comply with applicable privacy laws; if local laws grant additional rights, we honor them.
‍

We implement reasonable measures to protect your Data. Trust Centre: https://trust.togetha.io/

‍We will notify you of security breaches as soon as reasonably practicable.

Online transmissions cannot be guaranteed secure; exercise care and notify us of suspected unauthorised activity.

Liability exclusions apply to the maximum extent permitted by law, subject to non‑excludable consumer rights.

How long do we keep your Personal Information?

We retain Personal Information only as long as necessary unless longer retention is required by law or reasonably necessary.

Choosing not to disclose: You may remain anonymous or use a pseudonym for general enquiries.

Access & correction: Request access/corrections; identity verification may be required; limited exceptions apply.

Right to be forgotten: Request deletion subject to law; we verify identity, assess feasibility, and delete where approved.

GDPR rights (EU/UK): Access, rectification, erasure, restriction, objection, portability; response within one month.

Contact privacy@togetha.io We may refuse to delete due to legal obligations (eg. Australian Tax Office requirement).

Data Processing Officer: Brian Hill,brian.hill@togetha.group, +61 2 6190 1554

Unsubscribe or contact privacy@togetha.io

Supervisory Authorities:

‍Australia— OAIC: GPO Box 5218, Sydney NSW 2001; 1300 363992; https://www.oaic.gov.au/; enquiries@oaic.gov.au

‍United Kingdom — ICO: Wycliffe House, Wilmslow, CheshireSK9 5AF; +44 1625 545 700; https://ico.org.uk/;icocasework@ico.org.uk

‍European Union — Contact your Member State authority.

‍United States — Contact the relevant state authority.

Contractors: Freelance contractor, a very small business, engaged by Togetha to perform specific tasks or projects as part of our delivery team. Contractors are not employees, but work under a contract for services, often on a temporary or project basis.

‍Personal Information / Personal Data: As defined by applicable law.

‍Data Subject: The individual the Personal Information relates.

‍Service Provider: An external organisation engaged by Togetha to deliver a specific set of services, often as part of their regular business operations. Service providers usually operate as independent businesses with their own staff, processes, and infrastructure.

‍Subprocessor:A type of service provider that processes personal data on our behalf as part of delivering our products or services. Subprocessors include cloud service providers (such as Atlassian, AWS, and others) and other organisations who process, store, or transmit personal data for us. Data Processing Agreements are available in our Trust Centre.
‍
Related Companies: Is any company that is partially owned by Togetha Group Holdings Pty Ltd.