‍

Cruz Tech Privacy Policy

Cruz Tech is committed to ensuring the confidentiality and security of your personal
information. This policy outlines why we need to collect personal information and how we
manage the personal information we collect about individuals.
In this policy, “Cruz Tech”, “Cruz”, “We”, “Us” refers to all staff, representatives, and
associated entities of the following companies:

• Cruz Tech Pty Ltd, ABN 76 664 631 038
• Cruz Money Holdings Pty Ltd, ABN 48 656 662 154
• Cruz Money Pty Ltd, ABN 89 627 532 718
• Cruz Money IP Pty Ltd, ABN 36 656 662 921

“You” means an individual whose personal information we hold, and “your” has a
corresponding meaning.
We are bound by the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy
Principles (APPs) set out in Schedule 1 of the Privacy Act, in our handling of personal
information. The Privacy Act protects ‘personal information’, which means ‘information or an
opinion about an identified individual, or an individual who is reasonably identifiable, whether
the information is true or not and whether the information is recorded in a material form or
not.’
‍
This Policy details our treatment of personal information that we gather, including any
personal information that we gather from you when you authorise us to gain the right to
transfer money between bank accounts in real-time. We undertake to collect and handle
your personal information lawfully, respect your privacy, and be transparent about how we
handle personal information.
‍
Collection of Your Personal Information
We may collect the following types of personal information about you:

• Identification and contact information: This includes your name, address, phone
  number, email address, username, and identification documents.
• Financial information: This includes your financial credentials, bank account
  information, transaction history, account balances, limits, and other payment-related
  information.
• Customer service information: This includes any messages you submit to us
  regarding inquiries about Cruz Tech or requests for technical support.
• Technical information: This includes details such as the IP addresses, devices, and
  locations used to access Cruz Tech.

How We Collect Personal Information

We may collect personal information in the following ways:

Directly from you: When money is transferred to or from your account or when you
contact us directly with any queries.

• From third-party services: This includes technologies and service providers that
  enable the operation of Cruz Tech, such as identity verification services and payment
  technologies that facilitate financial transactions on your behalf
  ‍

Use and Purposes of Personal Information
We may use your personal information for the following purposes:

• To operate and maintain the services provided by Cruz Tech, such as facilitating
  financial transactions on your behalf.
• To provide you with the features, functions, and benefits of Cruz Tech, such as
  displaying information regarding your financial accounts.
• To verify your identity through third-party service providers.
• For internal purposes, such as tracking usage trends, developing and improving our
  services, and performing research and analytics.
• To send you notifications, emails, and respond to your inquiries.
• To comply with our legal obligations towards our payment infrastructure providers,
  regulators, and license holders.

Disclosure of Personal Information
We may disclose your personal information in the following circumstances:

• To third-party technologies and data processors for the purpose of performing
  services through Cruz Tech, such as identity verification checks and financial
  information.
• To business partners and suppliers for the purpose of providing services through
  Cruz Tech.
• To third parties as part of a sale or change of control of our business, ensuring
  continuity by the buyer or controller.
  We do not disclose personal information to overseas recipients.

Security of Personal Information
We take reasonable steps to ensure that the personal information we collect, use, and
disclose is accurate, complete, up to date, and securely stored in cloud-based facilities
located in Australia. We protect your information from misuse, interference, loss, and
unauthorised access.

Destruction of Personal Information
We will delete or de-identify personal information when it is no longer needed for the
purposes for which it was collected, or upon request, unless a specified retention period is
required by applicable laws.

How You Can Access and Update Your Personal Information
If you wish to access or correct the personal information we hold about you, please contact
our Privacy Officer by emailing privacy@cruz.tech.
Notifiable Data Breach (NDB) Scheme
As required by the NDB Scheme under the Privacy Act, if there is any loss, unauthorized
access, or disclosure of your personal information likely to result in serious harm, we will
investigate and notify both you and the Australian Information Commissioner as soon as
practicable.
‍
Complaints
If you are not satisfied with how we handle your personal information or this policy, please
contact our Privacy Officer at privacy@cruz.tech.
Our Privacy Officer will work to understand your concerns and discuss potential resolutions.
If you remain unsatisfied, you may contact the Office of the Australian Information
Commissioner (OAIC). Visit the OAIC website or call 1300 363 992 for further assistance.
‍
Privacy Policy Changes
We may update this Privacy Policy from time to time, providing additional notice as required
by applicable laws. Please refer back to this policy regularly for updates.
‍
Contact Information
If you have any queries about this policy or wish to access your personal information, please
contact our Privacy Officer at privacy@cruz.tech.