Australian Privacy Compliance

Last Updated: May 18, 2026 | Effective Date: May 18, 2026 | Version: 1.1

AUSTRALIAN PRIVACY ACT COMPLIANCE

This document outlines RentalTide's compliance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Notifiable Data Breaches (NDB) scheme, and the Australian Consumer Law (ACL). It explains the rights and protections available to Australian residents.

1. Introduction

RentalTide Inc. ("RentalTide," "we," "us," or "our"), a corporation incorporated in Delaware, United States, with additional registration in Canada, is committed to protecting the privacy and personal information of Australian residents in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs).

Australian Privacy Contact: RentalTide Inc. Privacy Officer 110 Didsbury Road, Ottawa, Ontario K2J 4T4, Canada 1111B S Governors Ave STE 48363, Dover, DE 19904, United States Email: privacy-au@rentaltide.com Phone: 888-709-2650

2. Scope and Applicability

2.1 When Australian Privacy Law Applies

The Privacy Act 1988 applies to our processing of personal information when:

You are an Australian resident using our Services
You make bookings with Australian rental operators on our platform
We collect personal information from individuals located in Australia
Australian rental operators use our platform to process customer data

2.2 Our Role Under Australian Privacy Law

RentalTide acts in different capacities:

APP Entity: When we collect and handle personal information directly
Contracted Service Provider: When processing data on behalf of Australian rental operators
Overseas Recipient: As a company based outside Australia receiving personal information

2.3 Key Definitions

Personal Information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable
Sensitive Information: Includes health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, and biometric data
APP Entity: An organization or agency covered by the Privacy Act

3. Australian Privacy Principles (APPs) Compliance

APP 1 - Open and Transparent Management

We maintain a clearly expressed and up-to-date privacy policy that explains:

The kinds of personal information we collect and hold
How we collect and hold personal information
The purposes for which we collect, hold, use, and disclose personal information
How individuals may access and correct their personal information
How individuals may complain about privacy breaches
Whether we disclose personal information to overseas recipients

Our Commitment:

This policy and our main Privacy Policy are publicly available
We provide privacy information at or before the time of collection
We regularly review and update our privacy practices

APP 2 - Anonymity and Pseudonymity

Individuals have the option of:

Not identifying themselves when dealing with us, where practicable
Using a pseudonym instead of their real name

Exceptions:

When we are required by law to identify individuals
When it is impracticable for us to deal with unidentified individuals
For booking and payment processing (identification required)

APP 3 - Collection of Solicited Personal Information

We only collect personal information that is:

Reasonably necessary for our functions and activities
Collected by lawful and fair means
Collected directly from individuals where reasonable and practicable

Sensitive Information: We only collect sensitive information with consent, or where required or authorized by law.

What We Collect:

Identity information (name, date of birth, address)
Contact information (email, phone number)
Financial information (payment details for transactions)
Booking and rental history
Device and usage information
Optional protection product selections

APP 4 - Dealing with Unsolicited Personal Information

If we receive personal information we did not solicit:

We determine whether we could have collected it under APP 3
If not, we destroy or de-identify the information (unless required to retain it by law)

APP 5 - Notification of Collection

At or before the time of collection, we notify individuals of:

Our identity and contact details
The purposes of collection
Whether collection is required by law
The consequences of not providing information
Our disclosure practices, including overseas disclosure
How to access our privacy policy
How to access and correct personal information
How to complain about privacy breaches

APP 6 - Use or Disclosure of Personal Information

We only use or disclose personal information for:

The primary purpose for which it was collected
A secondary purpose if the individual would reasonably expect this and it is related to the primary purpose
With consent for other purposes
As required or authorized by law

We Do NOT:

Sell personal information
Use personal information for direct marketing without consent or an existing relationship
Disclose sensitive information without explicit consent

APP 7 - Direct Marketing

We only use personal information for direct marketing if:

You have consented, or
You would reasonably expect direct marketing and we provide an opt-out mechanism

Your Rights:

Opt-out of direct marketing at any time
Request the source of your personal information
Request we stop using your information for direct marketing

How to Opt-Out:

Click "unsubscribe" in any marketing email
Email privacy-au@rentaltide.com
Update preferences in your account settings

APP 8 - Cross-Border Disclosure

Before disclosing personal information to overseas recipients, we take reasonable steps to ensure they:

Comply with the APPs, or
Are subject to a law or binding scheme substantially similar to the APPs, or
You have consented to the disclosure

Countries Where Data May Be Transferred:

Canada (primary data processing location)
United States (cloud services, payment processing)
Other countries where our sub-processors operate (see Sub-Processors page)

Safeguards We Use:

Standard Contractual Clauses
Data Processing Agreements
Security assessments of overseas recipients
Encryption of data in transit and at rest

APP 9 - Adoption, Use, or Disclosure of Government Identifiers

We do not:

Adopt government identifiers (e.g., tax file numbers, Medicare numbers) as our own identifiers
Use or disclose government identifiers except as required by law

APP 10 - Quality of Personal Information

We take reasonable steps to ensure personal information is:

Accurate
Up-to-date
Complete
Relevant

Your Role: Please update your information if it changes and notify us of any inaccuracies.

APP 11 - Security of Personal Information

We take reasonable steps to protect personal information from:

Misuse, interference, and loss
Unauthorized access, modification, or disclosure

Our Security Measures:

256-bit SSL/TLS encryption for data in transit
AES-256 encryption for data at rest
Multi-factor authentication
Regular security audits and penetration testing
Access controls and employee training
PCI DSS compliance for payment data

Data Destruction: When personal information is no longer needed, we destroy or de-identify it, unless required to retain it by law.

APP 12 - Access to Personal Information

You have the right to access your personal information held by us.

How to Request Access:

Email privacy-au@rentaltide.com
Include proof of identity
Specify the information you want to access

Response Time: Within 30 days of receiving a valid request

Exceptions: We may refuse access if:

Providing access would pose a serious threat to health or safety
Providing access would unreasonably impact others' privacy
The request is frivolous or vexatious
Providing access would prejudice legal proceedings
Providing access would be unlawful

APP 13 - Correction of Personal Information

You have the right to request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading personal information.

How to Request Correction:

Log into your account to make direct corrections
Email privacy-au@rentaltide.com
Specify the information to be corrected and provide evidence

Response Time: Within 30 days

If We Refuse:

We will provide written reasons
We will include information about how to complain to the OAIC

Automated Decision-Making (ADM) and the 2024 Reforms

The Privacy and Other Legislation Amendment Act 2024 introduces new transparency obligations for substantially or solely automated decisions, with full compliance required by December 2026. RentalTide already publishes a complete inventory of every AI-driven feature in our AI Usage and Data Commitment document, including:

A feature-by-feature table of where automated systems produce decisions or recommendations affecting individuals
Our human-in-the-loop posture for each feature
An explicit list of customer outcomes that are NOT decided by automated systems (bookings, refunds, account terminations, waiver decisions)
A confirmation that we do not make solely-automated decisions producing legal or similarly significant effects on individuals
Your right to request a plain-language explanation of any automated output, and to request human review

To exercise your ADM rights as an Australian resident, email privacy-au@rentaltide.com. We will respond within two business days and resolve substantive requests within thirty days.

4. Notifiable Data Breaches (NDB) Scheme

4.1 Our Obligations

Under the NDB scheme, if we experience an eligible data breach, we must:

Assess whether the breach is likely to result in serious harm
Notify the Office of the Australian Information Commissioner (OAIC) if serious harm is likely
Notify affected individuals as soon as practicable
Provide a statement about the breach

4.2 What Constitutes an Eligible Data Breach

An eligible data breach occurs when:

There is unauthorized access to, or disclosure of, personal information
Personal information is lost in circumstances where unauthorized access or disclosure is likely
Serious harm to any individual is likely to result

4.3 Our Response Process

Contain the breach and limit further exposure
Assess the breach within 30 days
Notify the OAIC and affected individuals if required
Review and improve security measures

4.4 Notification Contents

If we notify you of a breach, we will include:

Our identity and contact details
A description of the breach
The kinds of information involved
Recommendations about steps you should take

5. Australian Consumer Law (ACL) Compliance

5.1 Consumer Guarantees

Under the ACL, our services come with guarantees that cannot be excluded:

Services will be provided with due care and skill
Services will be fit for any specified purpose
Services will be provided within a reasonable time

5.2 Your Rights Under ACL

If our services fail to meet a consumer guarantee, you may be entitled to:

A remedy (repair, replacement, or refund) for major failures
Compensation for reasonably foreseeable loss or damage

5.3 Protection Products Disclaimer

IMPORTANT: Optional protection products (damage waivers, tow waivers, liability waivers, cancellation protection) offered through our platform are NOT INSURANCE and are not regulated by the Australian Prudential Regulation Authority (APRA) or the Australian Securities and Investments Commission (ASIC) as insurance products.

These are contractual waivers between you and rental operators. If you require insurance coverage, consult a licensed insurance professional or visit moneysmart.gov.au for guidance.

5.4 Unfair Contract Terms

The ACL protects consumers from unfair contract terms in standard form contracts. We have reviewed our terms to ensure they are not unfair, and we:

Clearly explain all terms before you agree
Do not include hidden or surprising terms
Ensure terms are reasonably necessary to protect our legitimate interests
Balance terms fairly between both parties

6. Your Privacy Rights Summary

Right	Description	How to Exercise
Access	Obtain a copy of your personal information	Email privacy-au@rentaltide.com
Correction	Fix inaccurate or incomplete information	Account settings or email
Opt-out of Marketing	Stop receiving marketing communications	Unsubscribe link or email
Complaint	Lodge a privacy complaint	See Section 7
Anonymity	Deal with us without identifying yourself (where practicable)	Contact us to discuss

7. Complaints

7.1 Complaints to RentalTide

If you believe we have breached the APPs or mishandled your personal information:

Step 1: Contact our Privacy Officer

Email: privacy-au@rentaltide.com
Phone: 888-709-2650
Mail: Privacy Officer, RentalTide Inc., 110 Didsbury Road, Ottawa, Ontario K2J 4T4, Canada

Step 2: We will acknowledge your complaint within 7 days

Step 3: We will investigate and respond within 30 days

7.2 Complaints to the OAIC

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner GPO Box 5218 Sydney NSW 2001 Phone: 1300 363 992 Email: enquiries@oaic.gov.au Website: www.oaic.gov.au

7.3 Other Regulators

For consumer law complaints:

Australian Competition and Consumer Commission (ACCC): www.accc.gov.au
State/Territory Consumer Affairs: Contact your local fair trading office

8. Changes to This Document

We may update this Australian Privacy Compliance document from time to time. We will notify you of material changes by:

Posting the updated document on this page
Updating the "Last Updated" date
Sending email notification for significant changes
Providing notice through your account dashboard

9. Additional Resources

Privacy Act 1988: www.legislation.gov.au
Australian Privacy Principles: www.oaic.gov.au/privacy/australian-privacy-principles
Notifiable Data Breaches: www.oaic.gov.au/privacy/notifiable-data-breaches
Australian Consumer Law: consumer.gov.au
ACCC: www.accc.gov.au

Contact Us:

For Australian privacy inquiries:

Email: privacy-au@rentaltide.com
Phone: 888-709-2650
Mail: Privacy Officer, RentalTide Inc., 110 Didsbury Road, Ottawa, Ontario K2J 4T4, Canada

This document supplements our main Privacy Policy and should be read in conjunction with our Terms of Service, Customer Terms, and other platform policies.