For All Platform Users, Event Hosts, Providers, and Visitors
Privacy Policy
Effective Date: 28 May 2026 · Version 1.0
Governing Legal Frameworks
- Australia: Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs 1–13)
- Australia: Notifiable Data Breaches Scheme (Part IIIC, Privacy Act 1988)
- Australia: Spam Act 2003 (Cth)
- New Zealand: Privacy Act 2020 (NZ) and Information Privacy Principles (IPPs 1–13)
- New Zealand: Notifiable Privacy Breaches scheme (Privacy Act 2020, Part 6)
- New Zealand: Unsolicited Electronic Messages Act 2007
Legal Review Notice
This Privacy Policy has been drafted with reference to the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles, the NZ Privacy Act 2020, and associated guidance from the Office of the Australian Information Commissioner (OAIC) and the New Zealand Privacy Commissioner.
1. Introduction
1.1 EliteSource.com.au ("EliteSource", "we", "us", "our") operates the event procurement marketplace at elitesource.com.au (the "Platform"). We are committed to protecting the privacy of every individual who uses or interacts with our Platform.
1.2 This Privacy Policy explains how EliteSource collects, uses, holds, discloses, and manages your personal information. It applies to all users of the Platform, including event hosts ("Event Hosts"), registered event providers, venues, and organisers ("Providers"), and any other visitors to the Platform.
1.3 EliteSource is an Australian Privacy Act entity bound by the Privacy Act 1988 (Cth) ("Privacy Act") and the thirteen (13) Australian Privacy Principles ("APPs") contained in Schedule 1 of that Act. We also comply with the New Zealand Privacy Act 2020 ("NZ Privacy Act") in respect of personal information collected from New Zealand residents.
1.4 By using the Platform, submitting an event request, registering as a Provider, or otherwise providing your personal information to us, you acknowledge that you have read this Privacy Policy and consent to our handling of your personal information as described herein.
1.5 If you do not agree with any part of this Privacy Policy, you must cease using the Platform and may request deletion of your personal information by contacting us as described in Section 19.
2. Definitions
In this Privacy Policy, unless the context otherwise requires:
| Term | Meaning |
|---|---|
| Personal Information | Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not. This has the same meaning as in the Privacy Act 1988 (Cth) and the NZ Privacy Act 2020. |
| Sensitive Information | A subset of personal information including health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, and biometric data. Sensitive information attracts a higher level of protection under the APPs. |
| Event Host | An individual or organisation that accesses the Platform to submit an event request and receive proposals from Providers. |
| Provider | An event organiser, venue, caterer, production company, or other event service professional registered on the Platform to receive event requests. |
| Event Request | The structured event brief submitted by an Event Host through the Platform, containing details of the event to be organised. |
| OAIC | The Office of the Australian Information Commissioner, the independent statutory agency responsible for privacy regulation in Australia (oaic.gov.au). |
| NZ Privacy Commissioner | The Privacy Commissioner of New Zealand, the independent statutory officer responsible for privacy regulation in New Zealand (privacy.org.nz). |
| APP | An Australian Privacy Principle as set out in Schedule 1 of the Privacy Act 1988 (Cth). |
| IPP | An Information Privacy Principle as set out in Schedule 1 of the New Zealand Privacy Act 2020. |
| Notifiable Data Breach | A data breach that is likely to result in serious harm to one or more individuals, as defined in Part IIIC of the Privacy Act 1988 (Cth) (Australia) and Part 6 of the NZ Privacy Act 2020 (New Zealand). |
3. What Personal Information We Collect
3.1 Information Collected from Event Hosts
3.1 When you use the Platform as an Event Host, we collect the following categories of personal information:
| Category | Specific Data | How Collected |
|---|---|---|
| Contact Information | Email address | Provided directly when entering email for verification code |
| Contact Information | Phone number | Optionally provided in your event request submission (not required) |
| Event Request Data | Event type, date, location, headcount, budget range, additional requirements and preferences | Provided directly in event request submission form |
| Verification Data | Four-digit verification code usage and timestamp | Generated automatically by the Platform upon email entry |
| Technical Data | IP address, browser type and version, operating system, device type, time zone | Collected automatically when you access the Platform |
| Usage Data | Pages visited, time spent on pages, links clicked, referring URL, Platform navigation patterns | Collected automatically via analytics tools |
| Communications Data | Content of any email correspondence with EliteSource, including support or complaint enquiries | Provided directly by you when contacting us |
3.2 Information Collected from Providers
3.2 When you register or interact with the Platform as a Provider, we collect the following:
| Category | Specific Data | How Collected |
|---|---|---|
| Business Information | Business name, ABN (Australian) or NZBN (New Zealand), business address, website URL | Provided during Provider registration |
| Contact Information | Contact person name, business email address, phone number | Provided during Provider registration |
| Service Information | Event specialisations, service locations, typical event types and sizes | Provided during profile setup |
| Subscription Data | Tier status (Free or Premium), subscription history, billing contact details | Provided and generated through subscription management |
| Quote and Response Data | Proposals and quotes submitted in response to Event Requests, timestamps of responses | Created by Provider on the Platform |
| Technical Data | IP address, browser, device, login timestamps | Collected automatically |
| Communications Data | Support enquiries, complaints, email correspondence with EliteSource | Provided directly |
3.3 Information We Do Not Collect
3.3 EliteSource does not intentionally collect sensitive information as defined in the Privacy Act, including health information, racial or ethnic origin, political opinions, religious beliefs, or sexual orientation. If any sensitive information is inadvertently included in an Event Request brief submitted by an Event Host, that information will be treated with the same protections afforded to sensitive information under APP 3.3.
3.4 EliteSource does not collect credit card details or financial account information directly. Payment processing for Provider subscriptions is handled by a third-party payment processor, and EliteSource does not store payment card data on its own systems.
3.5 EliteSource does not collect personal information from individuals it knows to be under the age of 18. See Section 16 for our children's privacy position.
4. How We Collect Personal Information
4.1 EliteSource collects personal information through the following methods:
Directly from You
- When you enter your email address to receive a verification code to submit an Event Request;
- When you complete and submit an Event Request form, including any optional contact information such as a phone number;
- When you register as a Provider and complete your Provider profile;
- When you contact EliteSource by email, through the Platform, or by any other means; and
- When you subscribe to Provider premium services and provide billing and contact details.
Automatically
- When you visit or navigate the Platform, we automatically collect technical and usage data through server logs, analytics tools, and cookies and similar tracking technologies, as further described in Section 13 of this Policy;
- When verification codes are issued, we record the time of issuance and the associated email address; and
- When Providers interact with event requests, we record response times and activity timestamps.
From Third Parties
- EliteSource may receive limited technical information from email delivery service providers (such as delivery status and open rate data) in connection with emails sent to you;
- We may receive information from analytics service providers regarding Platform usage patterns; and
- We may receive information from payment processors confirming subscription status, without receiving underlying payment card data.
4.2 In accordance with APP 3.1, EliteSource only collects personal information that is reasonably necessary for one or more of its functions or activities as described in this Policy. We do not collect personal information by unlawful means.
4.3 Where we receive unsolicited personal information that we did not request and that is not information we would be permitted to collect under APP 3, we will, if lawful and reasonable to do so, destroy or de-identify that information as soon as practicable in accordance with APP 4.
5. Why We Collect and Use Personal Information
5.1 EliteSource collects and uses personal information for the following primary and secondary purposes:
| Purpose | Applies To | Legal Basis (APP 6) |
|---|---|---|
| Processing and distributing Event Requests to relevant Providers | Event Hosts | Primary purpose of collection, consent given on submission |
| Sending a four-digit verification code to confirm your email address | Event Hosts | Primary purpose of collection, necessary to provide the service |
| Sending confirmation emails and service notifications relating to your Event Request | Event Hosts | Primary purpose, service delivery |
| Enabling Providers to contact you in response to your Event Request | Event Hosts | Primary purpose, consented to on submission |
| Managing Provider accounts, profiles, and subscription services | Providers | Primary purpose, service delivery |
| Distributing Event Requests to matched Providers | Providers | Primary purpose, service delivery |
| Conducting Platform analytics and improving the Platform's matching and distribution systems | All users | Secondary purpose, reasonably expected |
| Responding to enquiries, complaints, and support requests | All users | Secondary purpose, reasonably expected |
| Contacting Event Hosts for feedback on their experience or on Providers | Event Hosts | Secondary purpose, reasonably expected, opt-out available |
| Sending marketing communications about EliteSource services | All users | Secondary purpose, consent required under APP 7 / Spam Act |
| Complying with legal and regulatory obligations | All users | Legal obligation |
| Investigating and resolving complaints or disputes | All users | Legitimate interest / legal obligation |
| Preventing fraud, misuse of the Platform, and other unlawful activity | All users | Legitimate interest |
5.2 In accordance with APP 6, EliteSource will not use or disclose personal information for a secondary purpose unless: (a) you would reasonably expect us to use it for that purpose, and the purpose is related (or directly related for sensitive information) to the primary purpose; or (b) you have consented to the secondary use; or (c) an exception under the Privacy Act applies.
6. Disclosure of Personal Information
6.1 Disclosure to Providers
6.1 The core function of the Platform requires EliteSource to disclose your personal information to Providers. Specifically, when you submit an Event Request, EliteSource will disclose the following information to Providers who receive your request:
- Your email address;
- Your phone number, if you have elected to include it in your Event Request submission;
- The full content of your Event Request brief, including event type, date, location, headcount, budget range, and any additional requirements you have described; and
- Any other personal information you have chosen to include in your Event Request.
6.2 By submitting an Event Request, you explicitly consent to this disclosure as described in EliteSource's Terms of Use. This disclosure is the primary purpose for which your personal information is collected.
6.3 Once your personal information has been disclosed to a Provider in accordance with Section 6.1, that Provider's subsequent use and handling of your personal information is governed by that Provider's own privacy policy, not this Policy. EliteSource is not responsible for the privacy practices of Providers after disclosure has occurred.
6.4 EliteSource uses reasonable endeavours to ensure that Providers on its Platform are legitimate businesses. However, EliteSource does not verify Providers' compliance with applicable privacy law and cannot guarantee the privacy practices of any Provider.
6.2 Disclosure to Service Providers and Processors
6.5 EliteSource engages third-party service providers who process personal information on its behalf in order to operate the Platform. These providers act as data processors under contract with EliteSource and are subject to obligations to keep personal information confidential and secure. They include:
| Category of Service Provider | Purpose of Disclosure | Data Disclosed |
|---|---|---|
| Email delivery providers (e.g. transactional email services) | Sending verification codes, confirmation emails, and notifications | Email address, email content |
| Cloud hosting and infrastructure providers | Hosting and storing Platform data | All data stored on the Platform |
| Analytics service providers | Platform usage analysis and improvement | Technical and usage data (typically anonymised or aggregated) |
| Payment processing providers | Processing Provider subscription payments | Billing contact name and email; no card data passes through EliteSource |
| Customer support tools | Managing support tickets and communications | Name, email, content of support communications |
6.6 EliteSource will not sell, rent, or trade your personal information to third parties for their own marketing or commercial purposes.
6.3 Disclosure Required by Law
6.7 EliteSource may disclose personal information where it is required or authorised to do so by law, including where:
- Required by a court order, subpoena, or other legal process;
- Required by a request from a law enforcement agency or regulatory authority with lawful authority to compel disclosure;
- Necessary to prevent or investigate suspected fraud, illegal activity, or a serious threat to the health or safety of any person; or
- Required to enforce EliteSource's legal rights or protect EliteSource from legal liability.
6.8 Where permitted by law, EliteSource will take reasonable steps to notify you before disclosing your personal information in response to a legal compulsion.
6.4 Disclosure in Business Transactions
6.9 If EliteSource is involved in a merger, acquisition, restructure, sale of assets, or similar business transaction, your personal information may be disclosed to the prospective or actual acquirer as part of that transaction. EliteSource will take reasonable steps to ensure that any acquirer is bound by privacy obligations consistent with this Policy. You will be notified of any such transaction that materially affects the handling of your personal information.
7. How Event Request Data is Shared, Summary
The following table summarises the specific data sharing that occurs when an Event Host submits an Event Request on the Platform. This is provided as a clear reference to the disclosure practices described in Sections 5 and 6.
| What Happens | Data Shared | With Whom | When |
|---|---|---|---|
| Verification code issued | Email address | Email delivery provider (processor) | Immediately on email entry |
| Confirmation email sent | Email address, event request summary | Email delivery provider (processor) | Immediately after submission |
| Stage 1 distribution | Full Event Request including contact details | Up to 5 Priority Tier Providers | Immediately after verification |
| Stage 2 distribution | Full Event Request including contact details | Standard Tier Providers | 48 hours after submission (if not stopped) |
| Data stored for reference | Full Event Request and any proposals received | EliteSource's cloud hosting provider (processor) | 12 months from submission |
| Analytics processing | Usage data (typically anonymised) | Analytics service provider (processor) | Ongoing |
Important
Once your Event Request has been distributed to a Provider, EliteSource cannot prevent that Provider from contacting you.
You should review the privacy policy of any Provider you choose to engage before sharing additional personal information with them. The Provider's use of your personal information after receipt is governed by that Provider's own privacy policy.
8. Direct Marketing
8.1 EliteSource may use your personal information for direct marketing purposes, subject to the requirements of the Privacy Act 1988 (Cth), APP 7, the Spam Act 2003 (Cth), and, for New Zealand residents, the Unsolicited Electronic Messages Act 2007.
8.2 EliteSource will only send you commercial electronic messages (including promotional emails and newsletters) where you have provided your express consent to receive them. Consent may be provided at the time of submitting an Event Request, registering as a Provider, or at any subsequent time.
8.3 Every marketing communication sent by EliteSource will:
- Clearly identify EliteSource as the sender;
- Include EliteSource's registered business address;
- Contain a clear and functional unsubscribe mechanism; and
- Not use false or misleading subject lines, sender details, or claims.
8.4 You may withdraw your consent to receive marketing communications at any time by:
- Clicking the "Unsubscribe" link contained in any marketing email from EliteSource;
- Contacting EliteSource at support@elitesource.com.au; or
- Updating your communication preferences through any preference mechanism provided on the Platform.
8.5 EliteSource will process unsubscribe requests within five (5) business days in accordance with the Spam Act 2003 (Cth). After this period, EliteSource will not send further marketing communications to the unsubscribed email address.
8.6 Withdrawal of consent to marketing does not affect your receipt of mandatory service communications such as verification codes, event request confirmations, and account-related notifications. These communications are necessary to provide the service and are not commercial electronic messages within the meaning of the Spam Act 2003 (Cth).
8.7 EliteSource does not disclose personal information to third parties for their direct marketing purposes.
9. Cross-Border Disclosure of Personal Information
9.1 EliteSource operates primarily in Australia and New Zealand. However, some of the third-party service providers we use to operate the Platform may store or process personal information outside Australia and New Zealand, including in the United States, the European Union, and other jurisdictions.
9.2 In accordance with APP 8, before disclosing personal information to an overseas recipient, EliteSource takes reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to that information. This is typically achieved by:
- Entering into data processing agreements with overseas service providers that incorporate obligations equivalent to the Australian Privacy Principles;
- Selecting service providers that are certified under recognised international privacy frameworks such as the EU-US Data Privacy Framework or ISO 27001; and
- Assessing the adequacy of privacy protections in the destination jurisdiction before engaging overseas providers.
9.3 By using the Platform and providing your personal information, you consent, where required under APP 8.2(b), to the disclosure of your personal information to overseas recipients engaged by EliteSource as described in this section.
9.4 Where overseas disclosure occurs, EliteSource will identify the countries or regions to which your data may be transferred in a supplementary schedule to this Policy, updated as providers change. Current data processing regions include: United States of America, European Union member states, and Singapore. This list may be updated from time to time.
9.5 For New Zealand residents, the same cross-border disclosure safeguards apply in accordance with Information Privacy Principle 12 of the NZ Privacy Act 2020. EliteSource will only transfer personal information of New Zealand residents to countries or organisations that provide comparable privacy protections.
10. How Long We Retain Personal Information
10.1 EliteSource retains personal information only for as long as is necessary to fulfil the purposes for which it was collected, to comply with legal obligations, or to resolve disputes.
10.2 When personal information is no longer required, EliteSource will take reasonable steps to destroy it or ensure it is de-identified in a manner consistent with APP 11.2, such that the information can no longer be used to identify an individual.
10.3 You may request early deletion of your personal information by contacting EliteSource at support@elitesource.com.au. EliteSource will assess deletion requests in accordance with APP 11 and will comply unless retention is required by law or is necessary to protect EliteSource's legitimate interests, such as the resolution of an ongoing dispute.
11. Security of Personal Information
11.1 In accordance with APP 11.1, EliteSource takes reasonable steps to protect the personal information it holds from misuse, interference, and loss, as well as from unauthorised access, modification, and disclosure. The security measures employed by EliteSource include:
| Security Measure | Description |
|---|---|
| Encryption in transit | All data transmitted between your device and the Platform is encrypted using Transport Layer Security (TLS 1.2 or higher). All connections are HTTPS only. |
| Encryption at rest | Personal information stored in EliteSource's databases is encrypted at rest using industry-standard encryption protocols. |
| Access controls | Access to personal information held by EliteSource is restricted to employees and contractors who require access to perform their duties. Role-based access controls are enforced. |
| Verification codes | Verification codes are single-use, time-limited (10 minutes), and not stored after expiry. They are transmitted via encrypted email. |
| Third-party processor security | EliteSource assesses the security practices of all third-party processors before engagement and maintains data processing agreements requiring appropriate security standards. |
| Security monitoring | EliteSource's infrastructure is subject to ongoing monitoring for anomalous access, suspicious activity, and known vulnerability signatures. |
| Incident response | EliteSource maintains a data breach response plan, including procedures for containment, assessment, notification, and remediation. |
| Staff training | Employees and contractors with access to personal information receive training on privacy obligations and security practices. |
11.2 Despite the security measures described above, no data transmission over the internet or data storage system can be guaranteed to be completely secure. EliteSource cannot guarantee the absolute security of personal information and does not accept liability for unauthorised access that is beyond its reasonable control.
11.3 You are responsible for maintaining the security of your own email account, which is used to receive verification codes. EliteSource is not liable for unauthorised access to your personal information resulting from a compromise of your email account.
12. Notifiable Data Breaches
Australia, Notifiable Data Breaches Scheme
12.1 EliteSource is subject to the Notifiable Data Breaches (NDB) Scheme under Part IIIC of the Privacy Act 1988 (Cth). Where EliteSource becomes aware of a data breach that is likely to result in serious harm to one or more individuals, it will:
- Conduct a prompt assessment of the breach to determine whether notification is required;
- Notify affected individuals as soon as practicable if the breach is assessed as likely to result in serious harm; and
- Notify the Office of the Australian Information Commissioner (OAIC) in accordance with the requirements of the NDB Scheme.
12.2 Notifications to affected individuals will include: the identity and contact details of EliteSource; a description of the data breach; the kinds of personal information involved; and recommended steps that individuals can take to reduce the risk of harm.
New Zealand, Notifiable Privacy Breaches
12.3 EliteSource is also subject to the Notifiable Privacy Breaches scheme under Part 6 of the New Zealand Privacy Act 2020 in respect of personal information held about New Zealand residents. Where a privacy breach occurs that it is reasonable to believe has caused, or is likely to cause, serious harm to affected individuals, EliteSource will:
- Notify the affected New Zealand individuals as soon as reasonably practicable; and
- Notify the New Zealand Privacy Commissioner as required under the NZ Privacy Act 2020.
How to Report a Suspected Breach
12.4 If you believe your personal information held by EliteSource has been subject to a data breach, unauthorised access, or misuse, you should contact EliteSource immediately at support@elitesource.com.au with as much detail as possible about the suspected breach.
13. Cookies and Tracking Technologies
13.1 EliteSource uses cookies and similar tracking technologies to operate and improve the Platform. A cookie is a small text file placed on your device by a website server when you visit a website.
13.2 The Platform uses the following categories of cookies:
| Cookie Type | Purpose | Duration | Can Be Disabled? |
|---|---|---|---|
| Strictly Necessary | Required for the Platform to function, including session management and security features. These cookies do not collect personal information beyond what is technically necessary. | Session | No, disabling these will prevent the Platform from functioning |
| Functional | Remember your preferences and settings to improve your experience on the Platform. | Up to 12 months | Yes, via browser settings (may affect functionality) |
| Analytics | Collect aggregated and anonymised data about how users interact with the Platform, used to improve Platform performance, navigation, and content. | Up to 24 months | Yes, via browser settings or cookie consent tool |
| Marketing | Used to track the effectiveness of EliteSource's own marketing campaigns. Not used to track you across third-party websites. | Up to 12 months | Yes, via consent withdrawal |
13.3 On your first visit to the Platform, a cookie consent notice will be displayed. You may accept or decline non-essential cookies at that time. You may update your cookie preferences at any time through the cookie settings tool available on the Platform.
13.4 Most web browsers allow you to control cookies through browser settings. However, restricting strictly necessary cookies may impair the functionality of the Platform. Instructions for managing cookies in common browsers are available at aboutcookies.org.
13.5 EliteSource does not use cookies to engage in cross-site tracking or to build personal profiles used for third-party advertising.
14. Quality of Personal Information
14.1 In accordance with APP 10, EliteSource takes reasonable steps to ensure that the personal information it collects, uses, and discloses is accurate, up-to-date, complete, and relevant, having regard to the purpose for which it is used or disclosed.
14.2 EliteSource relies on you to provide accurate personal information and to inform us if your information changes. You may request correction of your personal information at any time under Section 15 of this Policy.
14.3 EliteSource will not take steps to verify the personal information provided by Event Hosts beyond the email verification process described in its Terms of Use. Event Hosts are responsible for the accuracy of the information contained in their Event Requests. EliteSource is not liable for inaccurate, incomplete, or misleading information provided by Event Hosts in their Event Requests.
15. Your Rights, Access, Correction, and Anonymity
Right to Access Your Personal Information (APP 12 / IPP 6)
15.1 You have the right to request access to the personal information EliteSource holds about you. To make an access request, contact EliteSource at support@elitesource.com.au with:
- Your full name and email address;
- A description of the personal information you wish to access; and
- Any relevant dates or Event Request references that may assist EliteSource in locating your information.
15.2 EliteSource will respond to access requests within thirty (30) days of receipt. EliteSource may extend this period by a further thirty (30) days in complex cases, in which case you will be notified of the extension and the reason for it.
15.3 EliteSource will provide access in the format requested where it is reasonable to do so, subject to applicable law. EliteSource may charge a reasonable fee to cover the cost of providing access where permitted under the Privacy Act.
15.4 EliteSource may decline to provide access in limited circumstances prescribed by the Privacy Act, including where providing access would pose a serious threat to the health or safety of any person, or would unreasonably impact the privacy of another individual. If access is refused, EliteSource will provide written reasons for the refusal.
Right to Correct Your Personal Information (APP 13 / IPP 7)
15.5 If you believe that personal information EliteSource holds about you is inaccurate, out-of-date, incomplete, irrelevant, or misleading, you may request correction at any time by contacting support@elitesource.com.au.
15.6 EliteSource will take reasonable steps to correct the information within thirty (30) days of receiving your request. If EliteSource declines to correct the information, it will provide written reasons and inform you of your right to make a complaint to the OAIC or NZ Privacy Commissioner.
Anonymity and Pseudonymity (APP 2)
15.7 Where it is lawful and practicable, EliteSource provides individuals with the option to interact anonymously or pseudonymously. However, the nature of the Platform's core service, receiving an email verification code and submitting an Event Request that is distributed to Providers, requires you to provide an email address. It is not practicable to offer anonymity for the Event Request submission function.
15.8 You may contact EliteSource's support team and make general enquiries without providing your name, subject to the enquiry not requiring identification.
16. Children's Privacy
16.1 The Platform is not directed at, designed for, or intended for use by children under the age of 18. EliteSource does not knowingly collect personal information from individuals under the age of 18.
16.2 If EliteSource becomes aware that it has inadvertently collected personal information from a person under 18, it will take reasonable steps to delete that information from its systems as soon as practicable.
16.3 If you are a parent or guardian and believe that EliteSource has collected personal information from a person under 18 in your care, please contact EliteSource at support@elitesource.com.au immediately.
17. Third-Party Websites and Provider Privacy Practices
17.1 The Platform may contain links to websites operated by third parties, including Providers' own websites. This Privacy Policy does not apply to third-party websites. EliteSource has no control over the privacy practices of any third-party website and is not responsible for the content, privacy policies, or practices of any third-party site.
17.2 As noted in Section 6.3, once your personal information has been disclosed to a Provider in connection with your Event Request, that Provider's collection, use, and storage of your information is governed by that Provider's own privacy policy and applicable law. EliteSource strongly recommends that you review the privacy policy of any Provider you intend to engage before sharing additional personal information with them.
17.3 EliteSource is not liable for the privacy practices of any Provider or any third-party website.
18. Additional Rights for New Zealand Users
18.1 If you are located in New Zealand or are a New Zealand resident, the New Zealand Privacy Act 2020 applies to EliteSource's handling of your personal information in addition to the Australian Privacy Act 1988 (Cth). EliteSource complies with the Information Privacy Principles (IPPs) contained in Schedule 1 of the NZ Privacy Act 2020.
18.2 Under the NZ Privacy Act 2020, New Zealand residents have the following rights in addition to those set out elsewhere in this Policy:
| Right | NZ Privacy Act Basis | How to Exercise |
|---|---|---|
| Right to access personal information held about you | IPP 6 / s23 | Contact support@elitesource.com.au |
| Right to correct personal information | IPP 7 / s24 | Contact support@elitesource.com.au |
| Right to know what personal information is held | IPP 6 | Contact support@elitesource.com.au |
| Right to complain about a privacy breach | Part 5 / s69 | Complaint to NZ Privacy Commissioner at privacy.org.nz |
| Right to be notified of a notifiable privacy breach causing serious harm | Part 6 / s128 | EliteSource will notify you directly if applicable |
18.3 EliteSource has designated a Privacy Officer responsible for New Zealand privacy compliance. Enquiries or complaints from New Zealand users should be addressed to support@elitesource.com.au.
18.4 If EliteSource transfers personal information of New Zealand residents outside New Zealand, it will comply with IPP 12 of the NZ Privacy Act 2020 and take reasonable steps to ensure the overseas recipient provides comparable privacy protections.
New Zealand Privacy Commissioner
New Zealand residents may make a complaint about EliteSource's handling of their personal information directly to the New Zealand Privacy Commissioner. You should first attempt to resolve your complaint with EliteSource directly before contacting the Privacy Commissioner.
Phone: 0800 803 909 (NZ free call)
19. Privacy Complaints
19.1 If you have a complaint about the way EliteSource has handled your personal information, or believe EliteSource has breached the Privacy Act 1988 (Cth), the Australian Privacy Principles, or the NZ Privacy Act 2020, you may lodge a complaint with EliteSource using the process described below.
19.2 To lodge a privacy complaint with EliteSource:
- Send your complaint in writing to support@elitesource.com.au;
- Include your name and contact details, a clear description of the conduct you are complaining about, the personal information involved, and what outcome you are seeking; and
- Attach any relevant supporting documentation.
19.3 EliteSource will acknowledge receipt of your complaint within five (5) business days and will provide a substantive written response within thirty (30) days. For complex complaints, this period may be extended to sixty (60) days, and you will be notified of the extension.
19.4 If you are not satisfied with EliteSource's response to your privacy complaint, or if EliteSource fails to respond within the required timeframe, you may escalate your complaint to:
| Regulator | Jurisdiction | Contact |
|---|---|---|
| Office of the Australian Information Commissioner (OAIC) | Australia | oaic.gov.au | 1300 363 992 | GPO Box 5218, Sydney NSW 2001 |
| New Zealand Privacy Commissioner | New Zealand | privacy.org.nz | 0800 803 909 | PO Box 10094, Wellington 6143 |
19.5 Filing a complaint with EliteSource does not affect your right to contact the OAIC or the NZ Privacy Commissioner at any time. The OAIC requires that you first attempt to resolve a complaint directly with EliteSource before it will typically investigate the matter.
20. Changes to This Privacy Policy
20.1 EliteSource reserves the right to update or amend this Privacy Policy at any time to reflect changes in its privacy practices, applicable law, or Platform functionality. Amended policies will be published on the Platform with a revised effective date.
20.2 For material changes to this Privacy Policy, EliteSource will provide notice by email to known users and by a prominent notice on the Platform at least fourteen (14) days before the amended Policy takes effect.
20.3 Your continued use of the Platform following the effective date of an amended Privacy Policy constitutes your acceptance of the amended Policy. If you do not agree to the amended Policy, you must cease using the Platform and may request deletion of your personal information.
20.4 The current version of this Privacy Policy will always be available at elitesource.com.au/privacy-policy.
21. Contact Us, Privacy Enquiries
For all privacy-related enquiries, access requests, correction requests, complaints, or questions about this Privacy Policy, please contact:
| Privacy Officer | EliteSource Pty Ltd |
| Postal Address | [INSERT REGISTERED ADDRESS BEFORE PUBLISHING] |
| General Privacy Enquiries | support@elitesource.com.au |
| Data Breach Notification | support@elitesource.com.au, mark subject: DATA BREACH |
| Access / Correction Requests | support@elitesource.com.au, mark subject: ACCESS REQUEST |
| Marketing Opt-Out | support@elitesource.com.au |
| General Support | support@elitesource.com.au |
| ABN | [INSERT ABN BEFORE PUBLISHING] |
| Governing Jurisdiction | New South Wales, Australia |
| OAIC (Australia) | oaic.gov.au | 1300 363 992 |
| NZ Privacy Commissioner | privacy.org.nz | 0800 803 909 |
This Privacy Policy was last updated on 28 May 2026.
© EliteSource Pty Ltd. All rights reserved.