Privacy Policy

What Information We Collect

When you interact with hyrmaraexo, we collect different types of information depending on what you're doing. Some of it you give us directly, and some we gather automatically as you use our platform.

Information You Provide Directly

• Contact details: your name, email address, phone number, and business address
• Account credentials: username, password, and security question responses
• Business interests: industry preferences, budget range, location requirements
• Financial information: bank details for transactions, tax file numbers when required
• Communication records: emails, phone calls, and messages you send us
• Documentation: identity verification papers, proof of funds, business experience history

Information We Collect Automatically

• Device information: IP address, browser type, operating system
• Usage data: pages visited, time spent on site, search queries
• Location data: general geographic location based on IP address
• Cookies and tracking: information stored on your device to improve your experience

How We Use Your Information

We don't collect information just to have it. Everything we gather serves a specific purpose in helping you find and purchase a business.

We analyze usage patterns to understand what works and what doesn't. This helps us make the platform more useful for everyone looking to buy a business in Australia.

Sharing Your Information

We're selective about who sees your information. We never sell your data to third parties. Here's who might access your information and why:

• Business sellers: when you express interest in a specific business, we share relevant contact details
• Payment processors: financial institutions that handle transactions securely
• Legal advisors: when you engage our legal support services
• Service providers: companies that help us run our platform (hosting, analytics, customer support)
• Government agencies: when legally required for tax, compliance, or law enforcement purposes

Your Rights Under Australian Privacy Law

The Privacy Act 1988 gives you specific rights regarding your personal information. You're not just handing over your data and hoping for the best.

1. Access: Request a copy of the personal information we hold about you. We'll provide this within 30 days unless there's a valid reason for delay.
2. Correction: Ask us to fix information that's wrong or incomplete. We'll update our records promptly.
3. Deletion: Request deletion of your information when it's no longer needed. Some data must be kept for legal reasons, but we'll remove what we can.
4. Restriction: Limit how we use your information in certain circumstances, such as while we verify accuracy.
5. Objection: Object to processing based on legitimate interests, particularly for direct marketing.
6. Data portability: Receive your information in a structured format to transfer to another service.
7. Withdraw consent: Remove permission for activities that require your consent, like marketing emails.

To exercise any of these rights, contact our privacy team using the details at the bottom of this page. We'll respond within 30 days and won't charge a fee unless your request is clearly unreasonable or excessive.

Data Security Measures

Security isn't just a checkbox for us. We've implemented multiple layers of protection because business acquisition involves sensitive financial information.

• Encryption: All data transmitted between your browser and our servers uses TLS 1.3 protocol
• Secure storage: Personal information is encrypted at rest using AES-256 encryption
• Access controls: Staff can only access information necessary for their role
• Regular audits: We conduct security assessments quarterly to identify vulnerabilities
• Backup systems: Encrypted backups stored in geographically separate Australian data centers
• Incident response: Documented procedures for handling potential data breaches

Despite our precautions, no system is completely secure. If we detect a data breach that might seriously harm you, we'll notify you within 72 hours and report to the Office of the Australian Information Commissioner as required.

How Long We Keep Your Data

We don't hold onto your information forever. Different types of data have different retention periods based on legal requirements and practical needs.

When retention periods expire, we securely delete or anonymize your information. Anonymized data can't identify you personally and may be retained for statistical purposes.

Cookies and Tracking Technologies

Our website uses cookies to function properly and improve your experience. You have control over most cookies through your browser settings.

Essential Cookies

These are necessary for the website to work. They handle things like keeping you logged in and remembering your search preferences during a session. You can't disable these without breaking core functionality.

Analytics Cookies

We use these to understand how people use our site. They tell us which pages are popular, where people get stuck, and how long they spend reading different sections. This helps us make improvements based on actual behavior rather than guesses.

Marketing Cookies

These track your activity across websites to show relevant ads. We only use these if you've given explicit consent. You can withdraw consent anytime through our cookie preference center.

Third-Party Services

We use several external services to run our platform effectively. Each has its own privacy policy that governs how they handle data.

• Payment processing: Stripe and PayPal handle financial transactions
• Email delivery: Mailchimp manages our communication systems
• Cloud hosting: AWS provides our server infrastructure within Australia
• Analytics: Google Analytics tracks website usage (anonymized IP addresses)
• Customer support: Zendesk manages support ticket systems

We carefully vet all third-party providers and only work with companies that meet Australian privacy standards. When services process data outside Australia, we ensure adequate safeguards are in place.

International Data Transfers

We primarily store and process data within Australia. However, some third-party services may transfer data internationally. When this happens, we ensure appropriate protections are in place.

Children's Privacy

Our services are designed for adults engaged in business acquisition. We don't knowingly collect information from anyone under 18 years old. If we discover we've accidentally collected such information, we'll delete it promptly.

Changes to This Policy

We update this privacy policy occasionally to reflect changes in our practices or legal requirements. When we make significant changes, we'll notify you by email and display a notice on our website.

The "Last Updated" date at the top shows when we last modified this policy. We encourage you to review it periodically, especially if you haven't visited in a while.

Complaints and Disputes

If you're unhappy with how we've handled your personal information, please contact us first so we can try to resolve the issue. We take complaints seriously and investigate them thoroughly.

If you're not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC). They're the independent regulator for privacy matters in Australia.

• OAIC website: www.oaic.gov.au
• Phone: 1300 363 992
• Mail: GPO Box 5218, Sydney NSW 2001