Privacy Policy

Forfos Pty Ltd ("Forfos", "we", "us", or "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at forfos.com, use our services, or interact with us in any way. We operate across multiple jurisdictions including Australia, the United States, the United Kingdom, Canada, and Singapore. This policy is designed to comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, the EU General Data Protection Regulation (GDPR) 2016/679, and the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA). Please read this policy carefully. If you disagree with its terms, please discontinue use of our site and services. If you have questions, contact us at hello@forfos.com.

We use the information we collect for the following purposes: Service Delivery: To provide, operate, and improve our e-commerce operations services; to respond to enquiries and fulfil service requests; to process job applications and communicate with candidates. Business Operations: To manage our client relationships; to send invoices and process payments; to maintain our internal records and business administration. Marketing & Communications: To send you information about our services, case studies, and industry insights (where you have opted in or where we have a legitimate interest); to personalise your experience on our website; to conduct surveys and gather feedback. Legal & Compliance: To comply with applicable laws and regulations; to enforce our terms and agreements; to protect the rights, property, and safety of Forfos, our clients, and others; to respond to legal requests and prevent fraud. Analytics & Improvement: To understand how visitors use our website; to measure the effectiveness of our marketing; to improve our website, services, and user experience. We will only use your personal information for the purposes for which it was collected, or for compatible purposes that you would reasonably expect.

For individuals in the UK, EU, and EEA, we process your personal data under the following legal bases: Contractual Necessity (Art. 6(1)(b)): Processing necessary to perform a contract with you or to take steps at your request before entering a contract — e.g., delivering our services, processing your job application. Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate business interests, provided these are not overridden by your rights — e.g., improving our services, B2B marketing to existing clients, fraud prevention, website analytics. Consent (Art. 6(1)(a)): Where you have given clear, specific consent — e.g., subscribing to our newsletter, accepting non-essential cookies. You may withdraw consent at any time. Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with a legal obligation — e.g., tax and accounting requirements, responding to lawful requests from authorities. Where we process special category data (e.g., health information in a job application), we rely on explicit consent or another applicable condition under Art. 9 GDPR.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information in the following circumstances: Service Providers: We engage trusted third-party vendors who assist us in operating our website and delivering our services. These include cloud hosting providers, email delivery platforms, CRM software, analytics tools, and payment processors. All service providers are contractually bound to handle your data securely and only for the purposes we specify. Professional Advisors: We may share information with lawyers, accountants, auditors, and insurers where necessary for professional advice or compliance. Business Transfers: If Forfos is involved in a merger, acquisition, asset sale, or restructuring, your information may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy. Legal Requirements: We may disclose your information if required to do so by law, court order, or government authority, or if we believe disclosure is necessary to protect our rights, prevent fraud, or ensure the safety of any person. With Your Consent: We may share your information for any other purpose with your explicit consent. We do not share personal information with third parties for their own direct marketing purposes without your consent.

Forfos operates globally with team members and infrastructure in Australia, the Philippines, the United States, the United Kingdom, and Canada. As a result, your personal information may be transferred to and processed in countries outside your country of residence. For transfers from the UK or EEA: We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or UK Information Commissioner's Office (ICO), adequacy decisions, or other lawful transfer mechanisms. For transfers from Australia: We take reasonable steps to ensure overseas recipients handle your information in a manner consistent with the Australian Privacy Principles. For transfers involving US residents: We comply with applicable US state privacy laws including the CCPA/CPRA. By using our services, you acknowledge that your information may be transferred internationally as described above.

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Contact form submissions: Retained for up to 3 years to manage our business relationship and for follow-up purposes. Job applications: Retained for 12 months after the position is filled or the application is closed, unless you consent to longer retention for future opportunities. Client data: Retained for the duration of the engagement plus 7 years to comply with tax and legal obligations. Website analytics data: Typically retained for 26 months in aggregated or anonymised form. Marketing data: Retained until you unsubscribe or withdraw consent, plus a reasonable period thereafter. When your data is no longer required, we will securely delete or anonymise it. You may request earlier deletion — see Section 9 (Your Rights) for details.

Our website uses cookies and similar tracking technologies to enhance your experience and gather analytics data. Essential Cookies: Necessary for the website to function properly. These cannot be disabled. Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics). These are only set with your consent where required by law. Marketing Cookies: Used to deliver relevant advertising and track campaign performance. These are only set with your consent. You can control cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing ones. Note that disabling certain cookies may affect website functionality. For UK and EU visitors, we obtain your consent before setting non-essential cookies in accordance with the UK PECR and EU ePrivacy Directive. To opt out of Google Analytics tracking, you can use the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout.

To exercise any of the rights described above, please contact us at: Email: hello@forfos.com Subject line: "Privacy Request – [Your Right]" We will respond to your request within: • 30 days for GDPR / UK GDPR requests (extendable by a further 2 months for complex requests) • 45 days for CCPA requests (extendable by a further 45 days) • A reasonable period for Australian Privacy Act requests (generally within 30 days) We may need to verify your identity before processing your request. We will not charge a fee for reasonable requests, but may charge a reasonable fee for manifestly unfounded or excessive requests.

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include: • Encryption of data in transit (TLS/SSL) and at rest • Access controls and authentication requirements for our systems • Regular security assessments and staff training • Vendor due diligence for all third-party processors • Incident response procedures However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by applicable law (e.g., within 72 hours under GDPR, or as soon as practicable under the Australian Notifiable Data Breaches scheme).

Our website and services are not directed to individuals under the age of 16 (or 13 in the United States). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@forfos.com and we will promptly delete such information.

Our website may contain links to third-party websites, plugins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email or a prominent notice on our website. We encourage you to review this policy periodically to stay informed about how we protect your information. Your continued use of our website after any changes constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Forfos Pty Ltd Email: hello@forfos.com Phone (AU): +61 494 670 786 Phone (PH): +63 915 694 6540 For UK/EU GDPR enquiries, you may also contact our representative or lodge a complaint with: • UK: Information Commissioner's Office — ico.org.uk • EU: Your local data protection authority For Australian privacy complaints: • Office of the Australian Information Commissioner — oaic.gov.au We take all privacy concerns seriously and will respond promptly to your enquiry.