Privacy Policy

Last update: February 2025

We respect your privacy and are committed to protecting your Personal Information. This policy is intended to provide you with clear information about why and how we collect, use, disclose and protect Personal Information.

This policy applies to Aether Group Limited (together us, we, or our). Please refer to the “Definitions” section at the end of this policy to understand the meaning of some of the terms used in this policy.

1. Applicable Data Protection Laws

This policy explains how we handle Personal Information and comply with the requirements of applicable Data
Protection Laws.

Where we process, use or disclose personal information for our own purposes, or for purposes related to our
business, we will be an “agency” governed by the Privacy Act or a “data controller” under the GDPR.

Where we process or hold personal information solely on behalf of another organisation, we do so as an "agent"
under the Privacy Act or a “data processor” under the GDPR (in which case that organisation is the “agency” or
“data controller” who determines why and how your Personal Information is processed).

2. Collecting your Personal Information

We process Personal Information from actual and prospective customers, authorised users (of a customer’s
account on our services), suppliers, employees, job applicants, contractors and other individuals. We only seek to
collect Personal Information that is necessary for us to provide our services or for our necessary business
purposes.

Generally, the types of Personal Information we may collect, hold and process includes:

  • ‍The contact information of our actual and prospective customers, suppliers and other business contacts. Typically, this includes names, addresses, telephone numbers, email addresses and job titles. To the extent permitted by applicable law, we may collect this information from publicly available sources.
  • Personal Information collected in the course of providing our services to our customers. For example:
    • when you sign up for a service provided by us, we may require your name, email address, role, company address and phone number;
    • customers or other users of the services may provide us with your Personal Information, including when identifying the authorised users of their account on the services;
    • we collect information about your interactions with our services, including the content you view and engaged with. How much information we collect depends on the type and settings of the device you use to access the services. For example we may collect your IP address, device information, approximate geographic location, web browser and/or device type, the web pages or sites visited just before or just after using the service, the pages or other content you view or interact with on the service, and the dates and times of the visit, access, or use of the services;
    • if a customer links or connects their account on the services with a third party service, the third party service may send us Personal Information about you or others (the categories of PersonalInformation shared with us varies and will be controlled by the settings and permissions within the third party service); and
    • we collect financial information (like billing and GST number information, date, time, amounts charged) when customers make payments to us for the services.
  • Personal Information collected when individuals communicate with us (including via in-app messenger, email or telephone). If you contact us, we may keep a record of our correspondence with you. Where we intend to record a telephone conversation (or any part of a telephone conversation) we will advise you at the appropriate time.
  • Personal Information about your preferences in receiving marketing from us, and your communication preferences.
  • Personal Information collected from job applicants when they apply for a job with us and individual contractors when performing a role for us (in some instances this may include Sensitive Information such as health information if related to the role being applied for or being performed).
  • Personal Information collected from our employees during the course of carrying out our duties and activities as an employer (in some instances this may include Sensitive Information such as health information if related to the employee's role).
  • Personal Information collected from people who attend events we run, sponsor or are otherwise involved in.
  • We may also capture IP details when you use our website and we also use "cookies". These "cookies" may collect anonymous information from your computer and our website may use and combine such passively collected information and allows us to remember important information that will make future visits to the site more useful and promote our products or services to you by way of targeted advertising. You may use the various options on your browser to warn you each time a "cookie" is being sent. You can also turn "cookies" off at any time. However, in doing so you will restrict the access you might have to many features available on our website.
  • If we collect information about you from third parties, we will take reasonable steps to ensure the third party has first obtained your permission or has a lawful basis to share the information with us. This includes de-identified data we collect from research partners to enable our market research as part of our services. This data cannot be linked to you individually and we will not make any attempts to reidentify you.

We collect most Personal Information from you directly, when we deal with you.

We generally do not intend to collect, and we ask you not to submit, any Sensitive Information to our services. If
you choose to provide Sensitive Information about yourself to us for any reason, the act of doing so constitutes
your explicit consent, (where such consent is necessary), for us to collect and use that information as necessary in
the ways described in this policy or as described at the point you choose to disclose this information.

‍3. Our legal grounds for processing your Personal Information

For the purposes of the GDPR, we rely on one or more of the following conditions to justify processing your
Personal Information if you are a resident in the EEA:

  • ‍our legitimate interests in the effective delivery of our services to our customers, in the lawful operation of our business, and the legitimate interests of our customers in receiving services from us (provided these do not interfere with your fundamental rights);
  • ‍our legitimate interests in developing and improving our business and services and in developing new offerings (provided these do not interfere with your fundamental rights);
  • ‍our legitimate interests in maintaining the security of our and our customer's data and in ensuring the quality of our services;
  • ‍to satisfy any requirement of applicable law, including Data Protection Laws, regulation or code;
  • ‍to perform our obligations under a contractual relationship with you; or
  • ‍where no other processing condition is available, if you have agreed to us processing your Personal Information for the relevant purpose.
4. Using your Personal Information

The primary purposes for which we collect, hold and process Personal Information are:

  • ‍Dealing with your enquiries and requests;
  • Creating and maintaining a relationship with you as a customer;
  • To provide you with products and services;
  • To conduct research and statistical analysis using Anonymous Data;
  • To improve the products and services that we provide to you;
  • To keep our services safe and to protect the rights of you, third parties or us, including detecting andpreventing fraud, spam, abuse, security incidents, and other harmful activity;
  • To comply with any requirement of applicable law, including Data Protection Laws, regulation or code;
  • To market our products and services to you;
  • Keeping you updated and informed about the products and services we offer.
  • For recruitment purposes; and
  • For purposes related to the employment of our personnel and providing internal services to ourpersonnel.

If you choose not to provide us with Personal Information which we have requested from you, we may be unable tofulfil any of the above purposes, including providing services, responding to your requests, or processing yourapplication for employment.

If we process Personal Information in ways other than as stated in this policy, we will ensure we do so pursuant tothe requirements of the applicable Data Protection Laws.

5. Sharing Personal Information

Besides our personnel, we may share your Personal Information with our third party service providers for the
purposes set out in section 4, including:

  • CRM software providers;
  • website, application development, hosting, maintenance providers;
  • cloud-storage providers;
  • marketing providers;
  • invoicing providers;
  • data analytics or research providers; and
  • our consultants, lawyers, accountants, insurers, and professional advisors.

Each service provider’s access to Personal Information is limited to the information needed to perform tasks onour behalf, and they are contractually obliged to use your Personal Information consistently with this policy.

We may also disclose Personal Information under the following circumstances:

  • when explicitly requested by you, including if you authorise our services to integrate with a third partyservice;
  • to courts, law enforcement, government agencies, or third parties for the purposes of protecting rightsand interests, to the extent we believe that disclosure is appropriate or permitted by the applicable DataProtection Laws;
  • to entities partly or fully owned by us, wherever incorporated, which are governed by this policy; or
  • to facilitate a proposed or actual sale or other disposition of our business as a going concern. We willensure that the transferee (or proposed transferee) will be bound by this policy.

We may also share Anonymous Data for research or promotional purposes. Except as set out in this policy, we donot sell to or trade Personal Information with third parties.

6. Transferring Personal Information outside New Zealand

Some of our third party service providers are located outside of New Zealand and may not be subject to the
Privacy Act. We use a commercially reasonable selection process, set out in section 5, to confirm that the
provider can protect Personal Information in a way that, overall, provides comparable safeguards to those under
the Privacy Act.

‍7. Transferring Personal Information outside European Economic Area

If you are a resident of the EEA, your Personal Information may be transferred to us and our third party serviceproviders located outside the EEA, and to countries that may not have laws that provide the same degree ofprotection for Personal Information as the GDPR. We use a commercially reasonable selection process, set out insection 5, to facilitate the adequate protection of any Personal Information so transferred.

‍8. Retention

We will retain Personal Information for so long as is necessary for the purpose for which it was collected. To
determine the appropriate retention period for Personal Information, we consider:

  • ‍the amount, nature and sensitivity of the Personal Information;
  • the potential risk of harm from unauthorised use or disclosure of the Personal Information; and
  • the purposes for which we process the Personal Information and whether we can achieve thosepurposes through other means.

Personal Information may be held for longer periods where required by law or regulation and as necessary in
order to defend our legal rights.

9. Security

We are committed to protecting the Personal Information we receive, whether electronically or in hard copy. We also require our personnel and third party service providers to respect the confidentiality of any PersonalInformation held by us, and comply with applicable Data Protection Laws.

We have put in place generally accepted industry standards to prevent your Personal Information from being
accidentally lost, used or accessed in an unauthorised way, altered or disclosed. This includes firewalls, encrypted
data transfers, password protection and other access and authentication controls. We regularly review the
appropriateness of these measures to keep the Personal Information we hold secure.

We would notify you and any applicable privacy regulatory in accordance with Data Protection Laws if a breach of
your Personal Information did occur.

‍10. Access and correction of Personnel Information

It is important that the Personal Information we hold about you is up to date and accurate. Please keep us
informed of any changes to your Personal Information.

Under the Privacy Act, you are entitled to:

  • access your Personal Information; and/or
  • request that your Personal Information be corrected

Please contact us at if you would like to do so. You will find our contact details further below.

We will provide access to Personal Information upon request by an individual, except in the limited circumstances in which it is permitted for us to withhold this information.

Sometimes we'll need to charge an administrative fee to cover the cost of access. For example, if the request is very broad and the Personal Information requested is likely to take significant time and resources to find and prepare. In these situations, we'll get in touch to discuss your request and give you an estimate of the cost before doing anything.

11. Residents in the European Economic Area

If you are a resident in the EEA, you have the following rights in relation to your Personal Information we are processing about you as a “data controller” (as defined in the GDPR):

  • Access: You have the right to request a copy of the Personal Information.
  • Rectification: You have the right to have incomplete or inaccurate Personal Information that we process about you rectified.
  • Deletion: You have the right to request that we delete Personal Information that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
  • Restriction: You have the right to restrict our processing of your Personal Information where you believe such data to be inaccurate; our processing is unlawful; or that we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.
  • Portability: You have the right to obtain Personal Information we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) PersonalInformation which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you.
  • Objection: Where the legal justification for our processing of your Personal Information is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing.
  • ‍Withdrawing Consent: If you have consented to our processing of your Personal Information, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us.

To make a request to exercise any of these rights in relation to your Personal Information, please contact us. You
will find our contact details below.

12. Contact information

If you would like to exercise your privacy rights, make a complaint, or if you have any questions or concerns
about this policy, please contact us via email at: hello@theaether.com.

13. Complaints

You are welcome to contact us if you have any complaints or concerns about anything covered in this policy. We
will endeavour to deal with any complaints or concerns as quickly as possible, but in any event, in accordance
with the timeframes and procedures set out in the applicable Data Protection Laws.

If you are not satisfied with our handling of your problem or complaint you may make a complaint to the relevant
privacy regulator, for example the Office of the Privacy Commissioner (https://www.privacy.org.nz/aboutus/contact/).

14. Changes to this privacy policy

Transparency is an ongoing responsibility, so we keep this privacy policy under regular review. We may need to update or amend this policy from time to time to reflect changes in our business or Data Protection Laws by publishing an updated version here.

So you know when we make changes, we will amend the revision date at the top of this policy. The newly
amended policy will apply from that revision date. Therefore, we encourage you to review this policy periodically
to stay informed about how we are protecting your Personal Information.

Any amended policy will apply between us whether or not we have given you specific notice of any change.

15. Third party websites

Our services may contain links to third party websites or services. We don’t own or control those websites or
services or endorse them in any way and, if you interact with them, you may be providing Personal Information
directly to the third party concerned. We encourage you to review their privacy policies accordingly.

16. Definitions

In this policy, the following terms have the meaning given below:

Anonymous Data means Personal Information that has been processed such that no specific individual can be
identified from the information;

Data Protection Laws means the data protection laws applicable to the Personal Information that we collect,
hold and process, including as applicable the Privacy Act 2020 (Privacy Act) and the General Data Protection
Regulation 2016/679 (GDPR);

EEA means the European Economic Area;

Personal Information is information about an identifiable living person and has the meaning given to it underthe Privacy Act, and is similar to the meaning of “Personal Data” or “Data” under the GDPR. Personal Informationdoes not include Anonymous Data;

Processing or process is how we sometimes refer to the collecting, handling, storing and protecting of yourPersonal Information;

Sensitive Information includes information about your race or ethnic origin; political opinions or political affiliations; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data that uniquely identifies someone; sexual life or sexual orientation; and criminal records; and

You or your means the relevant individual who is the subject of the Personal Information.